PaperCut NG 22.1 release history

Security:

• Various security fixes. See PaperCut NG/MF Security Bulletin (March 2024) for more information. [CDSS-3505], [CDSS-3325], [PO-2080], [PIE-708], [PO-2030]
• This release also includes several pre-emptive security improvements and additions to layers of defense. These improvements were made as a result of code audits, pen tests and security reviews. Changes were made in line with our security uplift initiative.

Fixes:

• Fixed an issue that prevented the [internal users] group from being created when enabling internal users via the global config key. [PO-1531]
• Fixed the url link to the manual section for user aliases. [PO-1486]
• Added support for displaying Toner levels for Epson printers with two identical black cartridges. [PIE-458]

Print Provider:

• Direct Print Monitor: Fixed an issue that may cause a delay when releasing print jobs if the ‘ServerName’ configuration is set. [PIE-545]
• PDL transforms: Fixed an issue where using the PaperCut Global PostScript printer driver and redirecting to an HP printer could cause squaring of the printed copies of the document. [PIE-546]
• Email to Print: Fixed an issue that caused A4 or Letter size to be chosen when printing to the 11x17 inch page size for the following printer drivers.
  • KONICA MINOLTA C360iSeriesPCL [PIE-283]
  • Kyocera TASKalfa 5500i KX [PIE-260]
  • Kyocera TASKalfa 4054ci KX [PIE-552]
  • Sharp BP-70C36 PCL6 [PIE-554]

For more information about security improvements and vulnerabilities being addressed in this release, please see our Security Bulletin (July 2023) .

Enhancements:

• For internal user accounts only, re-introduced honoring of config key min-password-length to allow admins to set minimum password length for users. Admin password length minimum is still 8 characters since 22.1.1. [PO-1465]
• Added Customer Reference Number (CRN) to the About Page. [PO-1376]

Fixes:

• Fixed an issue where the Model/Type would not be correct on the Printer/Device details page for certain Fujifilm devices. [PIE-532]
• Admin message: Print Scripting and Device Scripting are enabled by default was still appearing after config had been set to “N”. Fixed issue so that message only appears when required. [PO-1491]
• Fixed an issue that caused some fields under Options > Notifications > SMTP Server Options to show as blank, after upgrading to 22.1.2 [PO-1487]
• Addressed an issue where Email Printing services using Gmail Over OAuth will stop trying to reconnect after encountering a network problem. Now the service will try to reconnect after the configured interval if the problem appears to be network related. [PO-1392]
• Fixed an issue that caused the ‘Balance After’ field to be missing from the Web Cashier Deposit Acknowledgement Slip. [PO-1336]
• Fixed an issue that caused refunds to be refunded to the default account rather than the originating account, when using multiple personal accounts. [PO-1345]

Security:

• Addressed file traversal issues. [CDSS-2495], [PO-1447]
• Hardened internal API Authentication. [PO-1474]
• Updated several third party libraries to recommended patch levels. [PO-1445], [PO-1364], [PO-1359], [PO-1391], [PO-1441]

For more information about these security improvements and vulnerabilities, please see our Security Bulletin (July 2023) .

Print Provider:

• Page analysis: Fixed an issue that caused the print costs to be incorrect for fixed-length charging in Canon/OCE Plotters. [PIE-465]
• Windows: Fixed an issue that caused Print Provider to crash when redirecting print jobs to HTTPS/IPPS target print queues. [PIE-250]
• CUPS: Fixed an issue that caused printing to fail with a ‘filter failed’ error message when processing the print-provider.uuid4 file. [PIE-449]
• PDL transform: Fixed a rare issue that caused the device screen to prompt users to adjust paper orientation when printing multiple copies to certain Ricoh devices via a Find-Me queue with the PaperCut Global PostScript printer driver. [PIE-457]

Other notes:

• This release contains a database upgrade

New Features:

• Over 50+ contextual links to the online manual added to the Admin UI to assist in configuration. [PO-1270], [PO-1259], [PO-1261], [PO-1262]
• Self signed certificates created using the create-ssl-keystore tool can now have additional values set via a new -rdn parameter, including the ability to set Country (CN) for compatibility with HP Gemstone devices. More information is available in the manual here . [PO-1226]
• Customers using Office 365 or Google email services can now utilise OAuth authentication for SMTP notifications. [PO-1218]
• When using db-tools for database imports and migrations, Added additonal validations to check file paths are correct, and backup zip files are valid. Error messages displayed to the administrator have been improved. [PO-1085]

Fixes:

• Changed the wording of the default English language Forgotten Password message. [PO-1278]
• Fixed an issue that prevented changes to the User/Group sync form from being saved when smtp notifications were not configured. [PO-1257]
• Added support for a “back off” response from Office 365 mail servers. PaperCut will now observe a backoff period returned by the mail server. [PO-1102]
• Fixed a problem that could cause the wrong user to be associated to a print job after a Print Deploy client reconnects to the application server. [PO-1031]

New Features:

Introduced a new security hardening feature designed to uplift default security and provide additional layers of protection. We’ve added configuration and new defaults to make it hard for attackers to initiate a chained attack.

This includes a new security.properties file to separate the configuration of some components from the web administration interface. These include:

• Print Scripting and Device Scripting settings, such as the ability to run executables and unsafe code from scripts
• Explicit granting of permission to run external executables such as those used with custom authentication providers and other plugins

For the vast majority of customers, no action will be required after the upgrade. Please see the PaperCut MF/NG 22.1.1 upgrade checklist for more information. [PO-1327]

Security:

• Addressed a Path Traversal vulnerability in the Application Server and Site Server. Under specific conditions, this could potentially allow an attacker read-only access to the server’s file system. CVE-2023-31046 . [PO-1277]
• Addressed a Cross-Site Request Forgery (CSRF) vulnerability in the Application Server, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes. CVE-2023-2533 . [PO-1366]
• Introduced security hardening layer through security.properties files - as per new features section above.
• Increased the minimum password length requirement for newly created internal users to 8 characters. [PO-1373]

For more information refer to the June Security Bulletin .

Fixes:

• Fixed an issue that caused ancillary PaperCut executables including the PC-Client to crash with an error when run in some Windows environments. [PO-1295]
• Fixed an issue that was causing the Accessible UI for PaperCut 22.0.11 and 22.0.12 to display a blank screen after login. [PO-1400]

Other notes:

• If you are running v22.0.10 or later, there is NO database upgrade.