BASIS Releases BBj, Barista, and AddonSoftware version 23.01

Marketing Communique

June 26, 2023

MC-23003

Upgrade and install version 23.01 today! Refer to the readme, relnotes, and fixes files for additional details. Also, please read the very important licensing information requiring your action before the end of July 2023.

Licensing Action:

Immediately

Ensure that you have at least installed the terminal version of the BLM (BASIS License Manager), BLM 21, which is coded for the new licensing subdomain, ensuring failsafe license delivery. This also protects you against publicly known denial of service attacks and remote code execution vulnerabilities in the Flex Publisher 3rd-party component of BLM 19 and prior versions. While this does NOT require you to upgrade your interpreters (PRO/5, Visual PRO/5, or BBj), it does require you to have a version 20+ BASIS license.

Medium Term

Plan to upgrade your interpreter to version 22 or greater to enable the BLS (BASIS License Service), which is more secure than BLM 21, has no 3rd-party dependencies and is, therefore, less prone to security attacks, and will be fully supported by BASIS into the future.

Interim (INSECURE) Alternative

Install BLM 19, which is coded for the new licensing subdomain, ensuring failsafe license delivery. However, it does have known 3rd-party vulnerabilities and is therefore NOT recommended.

Read on for more detailed information on your choices for a functional licensing solution.

BASIS Licensing

BASIS’ License System

BASIS’ licensing system requires either a BASIS License Manager (BLM) or a BASIS Licensing Service (BLS) to power any BASIS product. BASIS supports both licensing management mechanisms, dependent on the version of the BASIS product, for an unlimited period of time. However, the 3rd-party FlexNet-based BLM development is now frozen and will receive no updates. Customers should plan in the near future to upgrade to a 22+ version of their BASIS products which uses the BLS, which has no 3rd party dependencies that might be prone to security vulnerabilities.

What’s changed?

BASIS relinquished ownership of the basis.com domain in 2022 and moved most of its operations to the basis.cloud domain. The subdomain that hosts the backend of BASIS’ licensing system moved in 2022 to the license.poweredbybbj.com subdomain; the license.basis.com subdomain redirects to license.poweredbybbj.com until July 31, 2023. After this date, we cannot guarantee that the redirection will continue to be in force.

What do you need to do?

All users of BASIS licensed products, whether enrolled in the BASIS Software Asset Management (SAM) Plan or not, must ensure that by the end of July 2023, they have either:

updated their BLM to the most current and secure BLM 21 or the insecure BLM 19 with known 3rd party FlexNet vulnerabilities, both of which are coded to obtain or update licenses via the license.poweredbybbj.com subdomain or
that they are running the BLS.

Do I need to immediately upgrade my interpreter and pay for a new license?

You do not need to immediately upgrade your interpreter. It is, however, recommended that you upgrade your license in order to get the most secure BLM, BLM 21. The most secure and fully supported licensing solution from BASIS is the BLS, followed by the end-of-life BLM 21 and, finally, the insecure BLM 19; all will enable you to obtain a perpetual license from BASIS. The only component of your system that must be updated by July 31 is the licensing component. The BLMs are available as standalone downloads and do NOT require an upgrade to the BASIS interpreters (BBj or PRO/5 or Visual PRO/5).

Which version does BASIS recommend and why?

The BASIS License Manager (BLM) is no longer being actively developed and, as such, will not receive further security patch updates or new releases. Therefore, BASIS recommends the BASIS Licensing Service (BLS). Benefits of the BLS include the more efficient use of OS resources — fewer socket ports and processes, and more security — a client certificate authenticates a connection to the License Server. Additionally, more licensing metrics are now available in the BLS for administrators to assess their system’s health and performance.

In Summary

Product versions do NOT always have to match license versions:

The license version must always be greater than or equal to the product version

Below is a quick summary table:

pick your
license version from the first column,
the version of your BASIS product from the second column, and then
select the BLS or BLM needed;
Orange is more secure, but development is frozen
Blue is available for older versions but “dangerous”: insecure with known 3rd party FlexNet vulnerabilities,
Red is “dangerous”: insecure with known vulnerabilities and therefore NOT recommended over BLM 21 or the BLS.

As always, the best practice is to run the most updated version of BASIS’ licensing solution, which is the latest version of the BLS.

BBj, BBx, AddonSoftware, and Barista are registered trademarks of BASIS International Ltd.