MENU
We have released a maintenance update to RLM v15.1BL2. This release primarily addresses a critical security vulnerability in the Mongoose web server.
If you have already updated to v15.1, we strongly recommend updating to v15.1BL2.
In addition to addressing this vulnerability we have fixed a number of regressions in v15.1 related to the web interface, as well as closing memory leaks in the client library.
- Fixed OpenSSL memory leaks in client library.
- Fixed empty password causing shutdown when using -nows.
- Fixed issue where password licenses were not shown when entering password in web server.
- Fixed wrong license being checked out when checking out token licenses with a password.
- Fixed modification of transfer definitions in web server.
- Fixed issue where user couldn’t remove checked out license using web server in certain cases.
Some of the new features in v15.1 include:
- The embedded web server has been changed from GoAhead to Mongoose.
- The RLM web server now requires login to access.
- Running RLM as root/administrator is no longer restricted.
- The web interface now supports HTTPS.
- Several additional security improvements.
Important note: Starting in 15.1, passwords for the web interface are now case sensitive. The rlm.pw file will need to be regenerated after updating from v15.0 or earlier.
See the Release Notes for all the details.
Click Here to Get the Updated RLM
If you are not a customer yet, request a Free Trial or contact us at sales@reprisesoftware.com