PaperCut NG 23.0 release history

Fixes:

• Fixed an issue that prevented the application server from starting in some Linux environments. [PO-2119]

Security: 

• Various security fixes. See PaperCut NG/MF Security Bulletin (March 2024) for more information. [CDSS-3505], [CDSS-3325], [PO-2080], [PIE-708], [PO-2030]
• This release also includes several pre-emptive security improvements and additions to layers of defense. These improvements were made as a result of code audits, pen tests and security reviews. Changes were made in line with our security uplift initiative.

Fixes:

• macOS: Fixed an issue that, in some cases, when deploying Mobility Print or IPPS print queues via Print Deploy, the Print Deploy client caused the CUPS IPP backend to fail, resulting in any IPP/IPPS/HTTP/HTTPS print jobs failing. This fix will also restore a user’s CUPS IPP backend if Print Deploy previously broke it. See known issue for more information. [PD-1892]

Fixes:

• Email to Print: Improvement to the efficiency of bulk folder operations when using the IMAP protocol. [PO-1735]
• User/Group Sync Source: Added the ability to configure an alternative email address for UPN users with the Standard Azure sync. [PO-949]
• Print Deploy: Allows admins to downgrade the execution privileges of the Print Deploy server. Note that this is applied by default in a fresh installation of 23.0.5, but will need manually applying (if required) for upgrades. See How to downgrade the execution privilege of the Print Deploy server on Linux and macOS for more information. [PD-1690]

Fixes:

• Fixed an issue where client authentication and unauthenticated printers are not working correctly with the 23.0.3 version user client. [PO-1853], [PO-1845]
• PostgreSQL - Fixed an issue that was introduced in 23.0.3 that caused database imports to fail when using postgresSQL. [PO-1855]

New Features:

• Added support for users logging in to the PaperCut NG/MF User Client with Azure credentials & authenticating with Microsoft MFA flow (requires user clients to be upgraded). Find out what’s supported [PO-1643], [PO-1637]
• PaperCut username field now supports up to 255 characters (increased from 50 to 255 characters) to allow better support for customers using UPNs as usernames. [PO-1034]

Security:

• For new installations only, we are changing the default configuration for “Allowed remote provider IP addresses (e.g. secondary print servers)” under Options->Advanced->Security to only allow connections from local IP ranges by default. More details can be found here [PO-1649]
• Introduced the ability for Admins to update their company contact details in the About Page in MF/NG to be alerted in the event of a critical security incident. For more regular PaperCut security notifications please subscribe to security notifications [PO-1670]

Fixes:

• Updates to color contrast of text and elements for enhanced accessibility compliance on MF/NG Admin and User PaperCut web interfaces. [PO-1778]
• Fixed a bug with Email to Print when configured with Gmail over OAuth, which caused email to print to stop working until an Application Server restart. [PO-1672]
• Improved email sending behavior when using Outlook or Gmail connections with OAuth. This should reduce Scan to Email notification failures. [PO-1671]
• Addressed an issue that could cause Windows AD users to lose association with groups following a user sync failure. [PO-648]

Print Provider:

• Windows, Linux: Fixed an issue that caused Hardware Page Count to fail if HTTPS communication was enabled in the Print Provider. See known issues for macOS. [PO-1786]

Other notes:

• A DB upgrade occurs when upgrading to this version.

New Features:

• Added the ability for customers with Azure user/group sync to enable multi factor authentication (MFA) on their tenancy under certain circumstances. This enables MFA login flow across all web based authentication, however does not support the MF User Client. See Overview of synchronizing user and group details with Entra ID (Azure AD) for more information. [PO-1593], [PO-1275]
• Security communications enhancement to allow PaperCut to publish a banner to the Admin web interface to alert customers of any critical security incidents that may arise and guide them to take action to mitigate the issue. [PO-1448]

Security:

• Fixed a potential privilege escalation vulnerability when using the Print Archiving feature (CVE-2023-6006). See our Security bulletin (November 2023) for more information. [PIE-547]
• Security enhancement requiring Admins to re-authenticate their session before updating or assigning the admin rights or admin password. [PO-1558], [PO-1557]
• Security enhancement to comply with GDPR guidelines to redact personably identifiable information in Worldpay (RBS) Payment Gateway logs. [PO-1166]
• Updated several third party libraries. [PIE-625], [PO-30], [PO-858], [PO-859], [PO-862], [PO-947], [PO-963]
• Security enhancement to ensure that all password fields within the configuration files; server.properties and any payment gateway configuration files, are encrypted. These values will then be encrypted automatically after restarting the Application Server service. [PO-1130]

Fixes:

• Fixed a bug that prevented the editing of scheduled reports where the report contained invalid email addresses. [PO-1231]
• Fixed an issue that prevented scheduled reports being sent if any recipient contained an invalid email address. [PO-910]

Print Provider:

• Print Provider: Added options to configure the HTTPS/TLS communication port, cipher suite, TLS version and whether self-signed certificates should be accepted. [PIE-47]
• Print Analysis: Fixed an issue that caused page color to be detected as grayscale when using the Fujifilm Apeos series PCL6 printer driver to print booklets. [PIE-537]
• Email to Print and Web Print: Fixed an issue that caused printing to fail for some drivers when Tabloid page size is used. [PIE-616]

Other notes:

• If you are running v22.1.3 or later, there is NO database upgrade.