security vulnerabilities not fixed in version 12 and our license won't allow activation on v13?

[eimagine]

Regarding security issues noted on https://www.gonitro.com/nps/security/updates, it appears a security update was finally released last week, but for v13 only. We have Nitro Pro v12 for a few of our users, (licenses which are still active and have been purchased in the past year). Issue is it appears our serial number will not allow v13 to activate. Is Nitro forcing users on v12 to be stuck with these security vulnerabilities even though they have an active license? Please advise. If our serial is unable to activate for v13, or if we are not provided a new license, we will be switching to Adobe Creative Cloud for standalone Acrobat licenses. Thanks!

[Allain Umailin]

Hello @eimagine,

Thank you for reaching out to us through our Community Forums!

You are correct. Our product team released Nitro Pro 13.8.2.140 to address 5/6 Security Vulnerabilities. Kindly note that the other vulnerability will be addressed upon the release of a newer build for Nitro Pro 13 in the next coming days. 

Since your users are still working with Nitro Pro 12, I believe they have received 'The serial number entered does not exist' error message when they attempted to activate Nitro Pro 13 using their Nitro Pro 12 serial number which will not work because for every versions, a new serial number is issued to the user.

If your users are interested, kindly have them visit our Upgrade Portal https://www.gonitro.com/support/upgrade and enter their serial number to upgrade to Nitro Pro 13 with a discounted rate. This applies to single-user licenses that was purchased from our website.

If you have a Business license, please send it to me via private message (hover your mouse on top of my name 'AllainU' and select 'Message') so I could check its status in our system.

I hope this helps and our sincere apologies for this inconvenience.

[eimagine]

@AllainU to clarify, your organization is opting to leave users with current, active licenses purchased within the past year, on a highly vulnerable product instead of allowing them to upgrade?

[MGU]

https://nvd.nist.gov/vuln/detail/CVE-2019-18958

So dangerous issue like this debug.log file thats created whenever a pdf is open and closed is left opened for attackers! People with Nitro Pro 12 licenses are basically out of luck? We just bought these licenses within the last year. This is not good business practice!