IDL & ENVI License Server Security Patch
Harris Geospatial Solutions (Exelis VIS) was recently made aware of a security vulnerability in the Flexera FlexNet Publisher technology that is utilized for license management of the IDL & ENVI software products. This security vulnerability applies to all current and older versions of our software and applies to scenarios where a license server is utilized which includes network floating (FL) type licenses and some node-locked (SN) type licenses that use a license manager.
The security vulnerability is limited to computers running a license manager server and should not be an issue when the license server components are only exposed on a trusted network. Nevertheless, we recognize the severity of this issue and are committed to making sure our customers can use the IDL & ENVI software in secure fashion. Consequently, to address this vulnerability Harris has acquired the latest FlexNet Publisher (v220.127.116.11) then built new lmgrd and vendor daemon components that are being released as a security patch for the license manager. Harris recommends that all customers using a license manager for IDL & ENVI products update their license server installations by following the instructions delineated in the following help article on our website:
Please note that we are also working diligently on our upcoming IDL 9.0 and ENVI 6.0 software versions for release later this year which will include these license manager component updates in an off-the-shelf / out-of-the-box fashion. We greatly appreciate your business and patience while we produced a software patch to resolve this security vulnerability. If you have questions or need assistance related to this security patch please refer to the Getting Help section of the aforementioned help article for instructions on how to contact our technical support.