PaperCut MF 22.1 release history

Security:

• Various security fixes. See PaperCut NG/MF Security Bulletin (March 2024) for more information. [CDSS-3505], [CDSS-3325], [PO-2080], [PIE-708], [PO-2030]
• This release also includes several pre-emptive security improvements and additions to layers of defense. These improvements were made as a result of code audits, pen tests and security reviews. Changes were made in line with our security uplift initiative.

Fixes:

• Fixed an issue that prevented the [internal users] group from being created when enabling internal users via the global config key. [PO-1531]
• Fixed an issue with integrated scanning where attachments were sent in random order when batch splitting. Files are now attached to the email in the original split order. [PO-1520]
• Fixed the url link to the manual section for user aliases. [PO-1486]
• Added support for displaying Toner levels for Epson printers with two identical black cartridges. [PIE-458]

Print Provider:

• Direct Print Monitor: Fixed an issue that may cause a delay when releasing print jobs if the ‘ServerName’ configuration is set. [PIE-545]
• PDL transforms: Fixed an issue where using the PaperCut Global PostScript printer driver and redirecting to an HP printer could cause squaring of the printed copies of the document. [PIE-546]
• Email to Print: Fixed an issue that caused A4 or Letter size to be chosen when printing to the 11x17 inch page size for the following printer drivers.
  • KONICA MINOLTA C360iSeriesPCL [PIE-283]
  • Kyocera TASKalfa 5500i KX [PIE-260]
  • Kyocera TASKalfa 4054ci KX [PIE-552]
  • Sharp BP-70C36 PCL6 [PIE-554]

Copier / Device Integration:

• Epson: Fixed an issue for Epson Open Platform Solution that showed garbled text when the text is in unicode/utf-8.[CDSS-2447]
• Fujifilm:
  • Improved user experience by reducing the number of taps required to bring up the numeric keypad for logging in to the Fujifilm MF embedded app. [CDSS-2547]
  • Fixed an issue where network instability could cause Fujifilm devices to fail the setup process. [CDSS-2499]
• Fuji Xerox:
  • Fixed an issue where network instability could cause Fuji Xerox devices to fail the setup process. [CDSS-2499]
• HP OXP: Added support for Kofax card reader for HP OXP in default mode.[CDSS-2674]
• Konica-Minolta i-Option:
  • Fixed an issue with Konica Minolta Integrated scanning that incorrectly scans legal-sized pages as A4 size on A4 devices.[CDSS-2503]
  • Improved UI for Konica Minolta by centering the chevron icon to the center of the job description button. [CDSS-2501]
• Lexmark (eSF), OKI (eSF), Toshiba (eSF), Dell (eSF) and Xerox (eSF) v3.1.8*:
  • Fixed an issue on eSF 3.1.1 that causes a blue screen after a timeout during a native or Integrated scan. [CDSS-2602]

Other notes:

• Devices marked with * require installing an updated version of the embedded software to access new features and fixes.

For more information about security improvements and vulnerabilities being addressed in this release, please see our Security Bulletin (July 2023) .

Enhancements:

• Recent accounts are listed at the top of the Shared Account list when selecting accounts on devices connected to Site Servers - matching the current behavior when devices are connected directly to the Application Server. [PO-1264]

• For internal user accounts only, re-introduced honoring of config key min-password-length to allow admins to set minimum password length for users. Admin password length minimum is still 8 characters since 22.1.1. [PO-1465]

• Added Customer Reference Number (CRN) to the About Page. [PO-1376]

• Scan to Fax (Windows):

  • Added a configuration key for the RightFax Scan to Fax connector to only fetch private contacts when displaying the address book. [SC-1710]

Fixes:

• Fixed an issue where the Model/Type would not be correct on the Printer/Device details page for certain Fujifilm devices. [PIE-532]
• Admin message: Print Scripting and Device Scripting are enabled by default was still appearing after config had been set to “N”. Fixed issue so that message only appears when required. [PO-1491]
• Fixed an issue that caused some fields under Options > Notifications > SMTP Server Options to show as blank, after upgrading to 22.1.2. [PO-1487]
• Addressed an issue where Email Printing services using Gmail Over OAuth will stop trying to reconnect after encountering a network problem. Now the service will try to reconnect after the configured interval if the problem appears to be network related. [PO-1392]
• Fixed an issue that caused the ‘Balance After’ field to be missing from the Web Cashier Deposit Acknowledgement Slip. [PO-1336]
• Fixed an issue that caused refunds to be refunded to the default account rather than the originating account, when using multiple personal accounts. [PO-1345]

Security:

• Addressed file traversal issues. [CDSS-2495], [PO-1447]
• Hardened internal API Authentication. [PO-1474]
• Updated several third party libraries to recommended patch levels. [PO-1445], [PO-1364], [PO-1359], [PO-1391], [PO-1441]

For more information about these security improvements and vulnerabilities, please see our Security Bulletin (July 2023) .

Print Provider:

• Page analysis: Fixed an issue that caused the print costs to be incorrect for fixed-length charging in Canon/OCE Plotters. [PIE-465]
• Windows: Fixed an issue that caused Print Provider to crash when redirecting print jobs to HTTPS/IPPS target print queues. [PIE-250]
• CUPS: Fixed an issue that caused printing to fail with a ‘filter failed’ error message when processing the print-provider.uuid4 file. [PIE-449]
• PDL transform: Fixed a rare issue that caused the device screen to prompt users to adjust paper orientation when printing multiple copies to certain Ricoh devices via a Find-Me queue with the PaperCut Global PostScript printer driver. [PIE-457]

Copier / Device Integration:

• Lexmark (eSF), OKI (eSF), Toshiba (eSF), Dell (eSF) and Xerox (eSF) v3.1.7*:
  • Added support to append the serial number during device creation. [CDSS-1867]
  • Support new Xerox LeS Devices. New Xerox LeS binary to work on these new models: [CDSS-2418]
    • B400 FO
    • C400 FO
• HP OXP - Improved login time by adding a way to skip HID restart during card swiping. See the embedded guide “User authentication via swipe card” section for configuration details. [CDSS-2485]
• Konica-Minolta i-Option:
  • Improved UI on new KM models by utilizing full width of the device screen. [CDSS-2501]
• Ricoh SmartSDK - Fixed an issue occurring on Ricoh SmartSDK devices when connected to a site server and the site server/primary server connection is lost, which results in devices being unable to successfully restart after being powered off or rebooted. [CDSS-1665]

Other notes:

• Devices marked with * require installing an updated version of the embedded software to access new features and fixes.
• This release contains a database upgrade

New Features:

• Over 50+ contextual links to the online manual added to the Admin UI to assist in configuration. [PO-1270]
• Self signed certificates created using the create-ssl-keystore tool can now have additional values set via a new -rdn parameter, including the ability to set Country (CN) for compatibility with HP Gemstone devices. More information is available in the manual here . [PO-1226]
• Customers using Office 365 or Google email services can now utilise OAuth authentication for SMTP notifications. [PO-1218]
• When using db-tools for database imports and migrations, Added additonal validations to check file paths are correct, and backup zip files are valid. Error messages displayed to the administrator have been improved. [PO-1085]

Integrated Scanning:

• New Scan Actions will be defaulted to Low Compression, favoring quality over file size reduction. Existing scan actions will be unchanged. [SC-1589]

Fixes:

• Changed the wording of the default English language Forgotten Password message. [PO-1278]
• Fixed an issue that prevented changes to the User/Group sync form from being saved when smtp notifications were not configured. [PO-1257]
• Added support for a “back off” response from Office 365 mail servers. PaperCut will now observe a backoff period returned by the mail server. [PO-1102]
• Fixed a problem that could cause the wrong user to be associated to a print job after a Print Deploy client reconnects to the application server. [PO-1031]
• When batch splitting was used in scan to email destinations, only the first file size was being calculated against the system.scan.email-max-job-size-kb key. Fixed issue so that the entire scan batch is checked to confirm if the max job size has been exceeded. [SC-1566]

Copier / Device Integration:

• Epson: Fixed an issue in Epson MF which started after MF22.0.8, whereby if the account ID is empty an error message was popping up. [CDSS-2289]

• Fuji Xerox:

  • Fixed an issue where integrated scanning was not working on specific networks for Fuji Xerox devices by adding 2 device config keys scan.max-idle-time-seconds and scan-job-update-wait-time-secs. [CDSS-2427]

• Fujifilm:

  • Fixed an issue where integrated scanning was not working on specific networks for Fujifilm devices by adding 2 device config keys scan.max-idle-time-seconds and scan-job-update-wait-time-secs. [CDSS-2427]
  • Fixed an issue where some custom apps didn’t work as expected, for example, clicking Scan to Email displayed the device’s home screen instead of the Scan to Email screen. Updated the list of custom apps keywords in Fujifilm AIP7 manual to include only keywords that work with ext-device.fujifilm.app-to-destination. [CDSS-1949]

• HP (OXP):

  • Add Support for HP Card Reader 35H11A to HP Devices. [CDSS-228]
  • Applied a fix to HP Kiosk mode whereby users were not being told if they used an invalid card to login. [CDSS-2332]

• Konica Minolta (OpenAPI):

  • Enable the usage of SSL Keystore and Key passwords to prevent confusion and error messaging. [CDSS-2299]

• Lexmark v3.1.6*:

  • Resolved issue where the last page of a duplex copy job was not being counted. [CDSS-2142]
  • Support new Lexmark Devices. The Lexmark binary has been updated to work on these new models:
    • CS63x
    • CX53x
    • CX63x
    • MS632dwe
    • MX53x
    • MX63x

• Kyocera v3.2.4*:

  • Fixed an issue where users were logged out automatically from the Home Screen of the Kyocera Embedded Application v3.2.3. [CDSS-2304]

• Ricoh (SmartSDK) v3.2.4*:

  • Fixed an issue that stopped the auto connection retry from working on some Ricoh devices. [CDSS-2253]
  • Fixed an issue that stopped the display of the refresh button icon on some Ricoh devices. [CDSS-2307]
  • Fixed an issue that caused the Ricoh Remote Operation Client to fail at the Configure SmartSDK connection step when using https or a mixed connection to the device. [CDSS-2279]

• Toshiba:

  • Adjust font size in Toshiba SING20 device login screen to be readable. [CDSS-1696]

Other notes:

• Devices marked with * require installing an updated version of the embedded software to access new features and fixes.

New Features:

Introduced a new security hardening feature designed to uplift default security and provide additional layers of protection. We’ve added configuration and new defaults to make it hard for attackers to initiate a chained attack.

This includes a new security.properties file to separate the configuration of some components from the web administration interface. These include:

• Print Scripting and Device Scripting settings, such as the ability to run executables and unsafe code from scripts
• Explicit granting of permission to run external executables such as those used with custom authentication providers and other plugins

For the vast majority of customers, no action will be required after the upgrade. Please see the PaperCut MF/NG 22.1.1 upgrade checklist for more information. [PO-1327]

Security:

• Addressed a Path Traversal vulnerability in the Application Server and Site Server. Under specific conditions, this could potentially allow an attacker read-only access to the server’s file system. CVE-2023-31046 . [PO-1277]
• Addressed a Cross-Site Request Forgery (CSRF) vulnerability in the Application Server, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes. CVE-2023-2533 . [PO-1366]
• Introduced security hardening layer through security.properties files - as per new features section above.
• Increased the minimum password length requirement for newly created internal users to 8 characters. [PO-1373]

For more information refer to the June Security Bulletin .

Fixes:

• Fixed an issue that caused ancillary PaperCut executables including the PC-Client to crash with an error when run in some Windows environments. [PO-1295]
• Fixed an issue that was causing the Accessible UI for PaperCut 22.0.11 and 22.0.12 to display a blank screen after login. [PO-1400]

Other notes:

• If you are running v22.0.10 or later, there is NO database upgrade.