Current topics
➨ Disruptions in consolidation apps after update to LucaNet 24
➨ LucaNet.Financial Client does not start properly after updating to macOS 14 Sonoma
➨ Import execution error (Cloud customers working with LucaNet.Financial Warehouse)
Previously published topics:
- Authentication with Kerberos restricted after update to LucaNet 23 LTS
- Error message - "You do not have permission to edit the object with OID '4400'!"
- LucaNet not affected: critical vulnerability in OpenSSL 3.0
- Starting LucaNet.Financial Client version LucaNet 22 LTS and earlier is currently not possible using macOS 13 Ventura
- Repeated Faulty Windows Defender Anti-Virus Definition Released
- Bug report - wrong summary of accounts (as of LucaNet 22 LTS and higher)
- Vulnerability in Spring4Shell Framework (CVE-2022-22965)
- Incorrect Windows Defender antivirus definition
- Critical vulnerability in Log4j
The update to LucaNet 24 resulted in short-term dysfunctions in the consolidation apps “Reclassification of net retained profits in consolidation areas" and " Report on investment relationships".
For this reason, we have decided to suspend the update to LucaNet version 24 for the time being.
A solution is expected to be published overnight from 20.11.2023 to 21.11.2023.
Update to the 09/22/2023 announcement: Before upgrading to MacOS 14 Sonoma please install the latest Software Manager
Before updating to MacOS 14 Sonoma, please download the latest Software Manager, version number 2209+09, from our download pages:
- For 23.1 customers: 23.1 Downloads - LucaNet
- For 23 LTS customers: 23 LTS Downloads - LucaNet
- For 22 LTS customers: 22 LTS Downloads - LucaNet
Please make sure you select the correct operating system!
After installing the new Software Manager, the LucaNet.Financial Client will start as usual.
------------------------------------------------------------
2023-09-22
We strongly advise you not to update to the latest macOS 14 Sonoma. It has been discovered that the LucaNet.Financial Client may not start correctly under this operating system.
In order to avoid possible complications and to ensure the smooth operation of our software, we currently recommend not to update to the latest macOS (Sonoma).
We are working on a fix for this issue and will post updates here as soon as a patch is available.
Import execution error – primarily affecting our Cloud customers working with the LucaNet.Financial Warehouse!
2023-09-20
Following a software update on Monday, 18.09.2023, there were instances where scripts based on the LucaNet.Cloud JDBC driver failed to execute.
The impacted versions are:
- LucaNet 22 LTS - 2111.0.120+5
- LucaNet 23 LTS - 2211.0.51+7
- LucaNet 23.1 - 2305.0.24+7
We have already released a service pack that resolves the issue. It will be installed during the next automatic update of the LucaNet.Financial OLAP Server.
Affected customers do not need to take any action as this process will be carried out automatically.
2022-11-15
After updating to LucaNet 23 LTS, logging on to the LucaNet database via Kerberos may not be possible. However, this only affects customers who use RC4-HMAC encryption for Kerberos, as this encryption type is no longer classified as secure and therefore no longer supported.
In order to be able to log on to the LucaNet database again, please generate a new keytab file with the encryption type AES256-SHA1 and store it in LucaNet.Server Administrator for authentication via Kerberos.
You can find the detailed instructions here: Instructions
UPDATE: A service pack has already been released. The error has been fixed.
2022-11-04
Currently, the message "You do not have permission to edit the object with OID '4400'!" is generated when creating postings. This affects all modules that generate postings of any type. For example, data imports, forms, or LucaNet.Excel-Add-In postings.
Our team is already working at full speed to fix the problem. A service pack will be released later today. We will of course be happy to support you if necessary and keep you up to date on this topic.
2022-11-04
The German Federal Office for Information Security (BSI) informed on November 01, 2022 about an IT threat situation with increased observation of anomalies with temporary impairment of regular operations. A critical vulnerability was discovered in OpenSSL.
The LucaNet software is not affected by the mentioned vulnerability in any way because:
- We do not use OpenSSL in any of our software development projects.
- The JDK we use to run our applications does not use OpenSSL either.
Error report - starting LucaNet.Financial Client version LucaNet 22 LTS and earlier is currently not possible using macOS 13 Ventura
UPDATE: A service pack with the bug fix has been released. Please perform a software update. Instructions for updating to a new service pack can be found here: Instructions
2022-10-28
LucaNet.Financial Client version LucaNet 22 LTS and earlier cannot be started using macOS 13 Ventura. We therefore recommend NOT to update to macOS 13 Ventura at the moment. If you have already done so, please downgrade to macOS 12. Our development department is already working on a timely solution at full speed.
We will of course be happy to support you if necessary and keep you up to date concerning this topic.
LucaNet Software Falsely Detected as a Threat - affects LucaNet 13 LTS on-premises only
2022-05-04
Anti-virus definitions allow Windows Defender to detect current malicious or unwanted software, as well as prevent the software from being executed on a computer. Due to Microsoft's release of an incorrect anti-virus definition in Windows Defender, Windows Defender is currently incorrectly detecting a file of LucaNet software as a threat.
Since no changes were made to the file a real danger from the file in question can be ruled out.
The problem can be resolved by defining the affected file as harmelss and releasing it from quarantine afterwards.
Here's how your IT department can support you: If your organization uses Office 365 Windows Defender, you can roll out the settings to all clients via an indicator. For this, the hash of the file must be classified as harmless or, alternatively, the LucaNet installation directory must be excluded from the Windows Defender.
If required, we will of course be happy to support you and keep you up to date on this topic.
2022-04-04
In the past few days, values in the balance sheet of a few customers were not displayed correctly or not updated. This can manifest itself in the following ways that we are aware of so far:
- The account value shown on the balance sheet is incorrect.
However, if you go to "Show postings", the transactions and also the balance of the account are shown correctly. - The superordinate item aggregates the values of the accounts it contains incorrectly.
The problem only affects versions LucaNet 22 LTS and higher.
We have technically fixed the issue and provided the solution version via the following service packs dated 2022-04-04:
- LucaNet 22 LTS - 2111.0.35+14 - GA - 4/4/2022
- LucaNet 23.3 - 2203.0.5+11 - EOL - 4/4/2022
- LucaNet 23.4 - 2204.0.1+2 - GA - 4/4/2022
What has to be done if LucaNet is operated locally?
If LucaNet is operated locally, then the software must be updated manually or automatically via job control. Instructions for this can be found in the file Perform software update.
What has to be done if LucaNet is operated on the LucaNet.Cloud?
For LucaNet.Cloud customers, the update will be activated by our TechSupport and performed automatically in the night from April 4, to April 5, 2022.
2022-04-01
A vulnerability in Spring4Shell Framework was reported on 2022-03-30 (Spring4Shell: Zero-Day Vulnerability in Spring Framework - CVE-2022-22965).
Since the LucaNet software does not use Spring4Shell libraries, LucaNet software is not affected by this vulnerability.
We are currently checking all our external service providers and our own infrastructure for this vulnerability and will fix it promptly if necessary.
We will keep you updated on all developments regarding this vulnerability.
LucaNet Software Falsely Detected as a Threat - affects LucaNet 13 LTS only
2022-02-21
Antivirus definitions allow Windows Defender to detect current malicious or unwanted software and prevent it from being executed on the computer. Due to Microsoft's release of an incorrect Windows Defender Antivirus Definition, Windows Defender is currently incorrectly detecting a file of LucaNet software as a threat.
Since no changes were made to the file a real danger from the file in question can be ruled out.
Microsoft has already published a new definition today. Thus, the problem mentioned should no longer occur. In case the problem persists, the update can be triggered manually via Windows. The affected file can be released from quarantine after it has been defined as harmless.
Here's how your IT department can support: if your organization uses Office 365 Windows Defender, you can roll out the settings to all clients via an indicator. For this, the hash of the file must be classified as harmless or, alternatively, the LucaNet installation directory must be excluded from the Windows Defender.
If required, we will of course be happy to support you and keep you up to date on this topic.
On Saturday, December 11, 2021, the German Federal Office for Information Security (BSI) warned all companies in the Federal Republic of Germany about a security vulnerability in the widely used Java library Log4j.
For more information on this extremely critical threat situation and its assessment as well as corresponding measures, see www.bsi.bund.de (Critical vulnerability published in Log4j).
For LucaNet as a software provider for financial performance management solutions, the protection of our customers' highly sensitive data is a top priority for the LucaNet Group. Our security experts have closely examined the potential impact of the security vulnerability and have been working intensively to install appropriate protective measures in our software. Risks are continuously monitored, thoroughly examined, and updated as necessary.
As a matter of principle, it is imperative to note that
your software is running at the correct patch level. Our latest patch contains the updated Log4j version 2.17.1.
The build date should be the same (or higher version) as your LucaNet software build date. More detailsLucaNet.Software Manager must also be updated. As a rule, this is done automatically. However, in environments without administrator rights, such as Citrix, the update must be performed by in-house IT.
From now on we will inform you continuously about all current developments concerning this topic.
+++ LATEST NEWS CRITICAL VULNERALBILITY IN Log4j +++
2022-01-03
+++ Currently, LucaNet Group is tracking the vulnerability in the open source Apache Log4j2 CVE-2021-44832
+++ As part of the regular patch update, Log4j version 2.17.1 is being delivered today and will be installed during the usual update and maintenance window between 23:00 and 05:00 CET, if you are using LucaNet in the cloud. As an on-premises customer, please perform the server update yourself as usual.
The following new build versions have the Log4j version updated to 2.17.1:
- LucaNet 12 LTS - 1911.0.194+3 - EOL - 2022-01-03
- LucaNet 13 LTS - 2011.0.116+9 - GA - 2022-01-03
- LucaNet 22 LTS - 2111.0.15+11 - GA - 2022-01-03
- LucaNet 23.0 - 2112.0.8+10 - EOL - 2022-01-03 (monthly release train)
- LucaNet 23.1 - 2201.0.1+3 - GA - 2022-01-03 (monthly release train)
+++ The update to V2.17.1 is not mandatory immediately if you are on one of the following build versions which have the Log4J 2.17.0 update already included:
- LucaNet 12 LTS - 1911.0.193+13 - EOL - 2021-12-20
- LucaNet 13 LTS - 2011.0.115+8 - GA - 2021-12-27
- LucaNet 22 LTS - 2111.0.14+9 - GA - 2021-12-27
- LucaNet 23.0 - 2112.0.5+14 - GA - 2021-12-20 (monthly release train)
The vulnerabilities fixed in version 2.17.0 do not affect your product.
*** Please remember to update LucaNet.Software Manager as well. The update is performed automatically together with the software.The update is usually performed automatically and is scheduled for today (2022-01-03) during the usual update and maintenance time window between 23:00 and 05:00 CET, if you are using LucaNet in the cloud. As an on-premises customer, please perform the server update yourself as usual.
In environments without administrator rights, such as Citrix, the update must be performed by the in-house IT. For this purpose, we provide the appropriate MSI installation files in the customer portal. It is not necessary to uninstall the existing LucaNet.Software Manager beforehand. During the installation, the old Log4j libraries remaining on the LucaNet server are automatically deleted.
2021-12-20
+++ Currently LucaNet Group is tracking the vulnerability in the open source Apache Log4j2 CVE-2021-45105.
+++ As part of the regular patch update, Log4j version 2.17.0 is being delivered today and will be installed during the usual update and maintenance window between 23:00 and 05:00 CET, if you are using LucaNet in the cloud. As an on-premise customer, please perform the server update yourself as usual.
+++ The update to V2.17 is not mandatory immediately if you are on one of these build versions:
- LucaNet 12 LTS - 1911.0.192+3 - EOL - 2021-12-15
- LucaNet 13 LTS - 2011.0.112+7 - GA - 2021-12-15
- LucaNet 22 LTS - 2111.0.11+9 - GA - 2021-12-15
- LucaNet 23.0 - 2112.0.4+7 - GA - 2021-12-15 (monthly release train)
The vulnerabilities fixed in version 2.17.0 do not affect your product.
*** Please remember to update LucaNet.Software Manager as well. The update is performed automatically together with the software.The update is usually performed automatically and is scheduled for today (2021-12-20) during the usual update and maintenance time window between 23:00 and 05:00 CET, if you are using LucaNet in the cloud. As an on-premises customer, please perform the server update yourself as usual.
In environments without administrator rights, such as Citrix, the update must be performed by the in-house IT. For this purpose, we provide the appropriate MSI installation files in the customer portal. It is not necessary to uninstall the existing LucaNet.Software Manager beforehand. During the installation, the old Log4j libraries remaining on the LucaNet server are automatically deleted.
2021-12-15
+++ Information to LucaNet users who also use the SmartNotes solution: SmartNotes is not affected by the security vulnerability.
We have received the following information from our partner AMANA Consulting GmbH:
"We do not use the Log4j library, nor the corresponding .NET equivalent. We are therefore not affected by the security vulnerability.
Unfortunately, however, parts of our infrastructure are affected internally, which is why our SmartNotes documentation is currently not accessible. We apologize for any inconvenience this may cause."
2021-12-13
+++ Creation service pack for version LucaNet 12 LTS. Release 2021-12-13 will be installed during the usual update and maintenance window between 11:00 p.m. and 5:00 a.m. CET.
+++ URGENT: Update to LucaNet 22 LTS recommended for versions older than LucaNet 12 LTS, as no patch is created for versions older than LucaNet 12 LTS. No support for versions LucaNet 11 LTS and below.
+++ All steps for a successful update to LucaNet 22 LTS can be found on our website: Update now
2021-12-10
+++ Relevant Log4j2 libraries identified
+++ Log4j updated to version 2.15.0
+++ Service pack for LucaNet 13 LTS and LucaNet 22 LTS versions successfully created and deployed
How can I ensure that my LucaNet software is running at the correct patch level?
Start LucaNet.Financial Client.
Navigate to the "?" to the right of "Extras" in the menu bar.
Click „About LucaNet“.
The information below the serial number should now look as follows, depending on the LucaNet version:
LucaNet 12 LTS - 1911.0.192+3 - EOL - 2021-12-15
LucaNet 13 LTS - 2011.0.112+7 - GA - 2021-12-15
LucaNet 22 LTS - 2111.0.11+9 - GA - 2021-12-15
LucaNet 23.0 - 2112.0.4+7 - GA - 2021-12-15 (monthly release train)
IMPORTANT: The build date should be the same as your LucaNet software build date.
How do I get the latest service pack of LucaNet software if my build version is older than 2021-12-10 (for LucaNet 13 LTS and LucaNet 22 LTS) or 2021-12-13 (for LucaNet 12 LTS)?
Make sure that you are using a LucaNet version for which service packs are still available (LucaNet 12 LTS, LucaNet 13 LTS, LucaNet 22 LTS).
If this is the case, open LucaNet.Server Administrator and navigate to Settings | Job control | Daily jobs | Restart the server.
Activate the Update to the latest version in the current release train check box and test the connection to the update server using the Test connection action.
After activating the software update, you will receive the service pack during the next maintenance time window between 11:00 p.m. and 5:00 a.m. CET.
Our company uses LucaNet as a cloud customer: Is the AWS infrastructure still secure?
AWS has issued an official statement concerning this: Update for Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Since we operate a virtual, private cloud, each customer has their own virtual instance. This is patched by AWS in a timely manner. In addition, our customers can only connect to the LucaNet cloud app, which runs on a hardened AWS Linux 2 (Amazon Linux 2) operating system. Thus, no customer has access to the operating system.
The services we use to provide a great experience for our customers and partners are "S3 Buckets" and "RDS Instances". The exact AWS statement concerning this is as follows:
S3: S3’s data ingress and egress is patched against the Log4j2 issue. We are working to apply the Log4j2 patch to the S3 systems that operate separately from S3’s data ingress and egress.
RDS: Amazon RDS and Amazon Aurora are actively addressing all service usage of Log4j2 by applying updates. RDS-built relational database engines do not include the Apache Log4j library. Where upstream vendors are involved, we are applying their recommended mitigation. Customers may observe intermittent events during update of internal components.
Assessment of course of action:
LucaNet Group security experts assess the way the AWS infrastructure is used for the LucaNet SaaS solution as secure.