PaperCut NG 20.1 release history

Security:

• Various security fixes. See PaperCut NG/MF Security Bulletin (March 2024) for more information. [CDSS-3505], [CDSS-3325], [PO-2080], [PIE-708], [PO-2030]
• This release also includes several pre-emptive security improvements and additions to layers of defense. These improvements were made as a result of code audits, pen tests and security reviews. Changes were made in line with our security uplift initiative.

Fixes:

• Addressed file traversal issues. [CDSS-2495], [PO-1447]
• Hardened internal API Authentication. [PO-1474]
• Updated third party libraries to recommended patch levels. [PO-1441]

Fixes:

• Addressed a Cross-Site Request Forgery (CSRF) vulnerability in the Application Server, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.  CVE-2023-2533 . [PO-1366]
  
  (Note that version 20.x is not impacted by  CVE-2023-31046 )

Fixes:

• Security improvements to address an issue identified as ZDI-CAN-18987 in the NG/MF Application Server and Site Server. [PO-1216]
• Security improvements to address an issue identified as ZDI-CAN-19226 in the NG/MF Application Server. [PO-1219]

Fixes:

• Fixed an issue that could cause an upgrade to fail when using version 20.1.5 with an MS SQL Server database. [PC-18810]

Other Notes:

• Note that this release includes the 3 security improvements listed in the previous release 20.1.5.

Fixes:

• Security improvements to address an issue in the Application Server. More information . [PC-18750]
• Security improvements to address potential Spring4Shell vulnerabilities in the Application Server. More information . [PC-18756]
• Security improvements to the Rhino.js scripting engine used with the Application Server. More information . [PO-816]

Other notes:

• Note that this release has been removed from the website and from release archives, with a fix released in 20.1.6.

Fixes:

• Security improvements to address an issue in the NG/MF Application Server. [PO-480]

Other notes:

• If you are running v20.0.4 or older, there is a database upgrade.

Enhancements:

• Enhanced the Admin UI to display a status message if Universal Print is configured but the MS Universal Print connector is not running. [PO-141]
• Updated the example C# code supplied in ServerCommandProxy.cs to show latest web services API features.
• Updated the build instructions for the C# example code. [PO-120]
• User Web Interface:
  • Added to the “Change Details” description that card/ID numbers can contain numbers, text and symbols. [PO-203]

Fixes:

• Improved the performance of “Sign in with Google” to Mobility Print (especially when synchronizing users from many domains). [PO-199]
• Added a housekeeping job to delete obsolete font files from the temp folder on startup. [PO-205]
• Added sendStringParametersAsUnicode=false to the template SQL Server database URL (to ensure that queries use indexes and run fast) [PO-204]
• Enabled a clean shutdown when stopping the PaperCut service on Linux. [PC-18090]
• Updated Java Runtime Environment to version 11.0.9. [PO-104]
• Fixed an issue that could cause some LDAP group members to not be synced correctly. [PO-102]
• Fixed an issue that caused Windows client dlls to not be included when installing on Mac or Linux. [PO-103]
• Fixed an issue introduced in PaperCut 20.1.1 that prevented PaperCut desktop clients from connecting to the PaperCut server when server.enable-async-requests was set to “Y”. [PO-153]

• Ricoh PCL6 printer driver:
  • Fixed an issue that a grayscale image might be treated as color when printing via Mobility Print [PC-17826]
• Linux with pdftocairo:
  • Fixed an issue that caused incorrect color page number and page size [PO-197]
• Windows Installer:
  • Fixed an issue that caused a site server warning dialog to be displayed when performing automated installations. [PO-100]

Other Notes:

• If you are running v19.2.4 or older, there is a database upgrade.

Enhancements:

• Added a config key (notify.partial-translations=“N”) to disable pop-up warnings for languages with missing translations. [PC-17762]
• Payment Gateways:
  • Added a new metric to record on demand top-up usage. [PC-17391]

Fixes:

• Fixed remaining compatibility issues with MacOS Big Sur. Big Sur is now fully supported. [PC-17585]
• Fixed an issue preventing warning messages from being displayed on the Printer & Device Details pages. [PC-17758]
• Fixed an issue that caused the CUPS pc-event-monitor to restart occasionally. [PC-17756]
• Fixed an issue that could cause Job Ticketing errors when multiple domains pointed to the application server. [PC-17693]
• Fixed an issue with mobile print release that caused the filter to break when using an Oracle DB [PC-17605]
• Fixed an issue that could cause Desktop Clients on MacOS to be logged out when another MacOS Desktop Client logs out. [PC-17820]
• Fixed an issue that caused a browser console warning (IE only) to be logged on the Scan Action Details page. [PC-17680]
• Fixed an issue with HP devices that could cause letter size jobs to be charged as statement size. [PC-17712]
• Konica Minolta bizhub C368 Series PCL and Kyocera TASKalfa 5053ci KX printer driver: Fixed an issue that caused A4 or Letter size to be chosen when printing to the 11x17 inch page size via Mobility Print [PC-17710]
• Device Config Editor:
  • Fixed an issue that caused new config key names to retain leading and trailing spaces. [PC-17705]
• Linux:
  • Fixed an issue with the un-installation process leaving files and directories behind after uninstall. [PC-9248]
• Print Provider:
  • Konica Minolta PostScript and PCL6 printer driver: Fixed an issue that caused incorrect page number and page size calculations when using “Center Staple and Fold”. [PC-17771]
  • Konica Minolta PCL6 printer driver: Fixed an issue that could cause an incorrect number of pages if “collate” was selected when printing multiple copies to a device that HDD was not installed or a Find-Me print queue [PC-17732]

Other notes:

• If you are running v20.0.4 or older, there is a database upgrade.

New Features:

• Data Integration:
  • Global release of the Data Integration platform that enables the export of PaperCut NG usage data for consumption into 3rd party Business Intelligence tool of choice. The platform supports the ability to load multiple integrations and is configured within the PaperCut NG Admin web interface under Reports. Automated export of daily changes for users, printers, print usage (print, copy and scan), accounts and server datasets as well as the ability to export your organizations historical usage data. [PC-17460]
• Print Provider:
  • Added a new option in the PaperCut NG Admin web interface to enable spool file encryption on Windows. This encrypts print job spool files before they are saved to disk on the Print Provider when used with hold/release security. [PC-17444]

Enhancements:

• Active Directory multi-domain support using User Principal Names has been moved out of Percolator and is now a fully supported feature. [PC-17575]
• Options → Advanced → “Trusted Proxy Servers” (X-Forwarded-For header handling for proxies and load balancers) now applies to all relevant connections, rather than just mobile clients. [PC-4953]
• Data Integration:
  • Added deleted users and devices in the initial historical export. Any deletes of users or devices within the historical days period now get exported. [PC-17799]

Fixes:

• Application Server:
  • Fixed user activity rate limiter not taking into account Trusted Proxy Servers setting when considering the X-Forwarded-For header. [PC-17675]
  • Fixed the Trusted Proxy Servers setting not trusting Google Cloud Platform HTTP(S) load balancers, due to their non-standard X-Forwarded-For header format. [PC-17562]
  • Added device ID to external device API for shared Account methods. [PC-15813]
• User Card PIN:
  • User card PINs are now one-way hashed for additional security. [PC-17476]
• Print Provider:
  • Added the capability into Print Provider to append a unique identifier to the operating system job id reported to the Application Server. This is useful in a clustered environment when all secondary servers use the same ServerName. [PC-17583]
• Updated Secondary Server and Direct Print Monitor installer for macOS 11 (Big Sur) compatibility. See the Known Issue for more details. [PC-17642]

Other notes:

• If you are running v20.0.4 or older, there is a database upgrade.
• Devices marked with * require installing an updated version of the embedded software to access new features and fixes.