PaperCut NG 23.0 release history

Fixes:

• Fixed issue with “About > Update contact details” not working in certain circumstances. [PO-2238], [PO-1930]

Print Provider:

• PaperCut Global PostScript Driver: Fixed a driver signing issue that caused the driver installation to fail. [PIE-752]

Security:

• Hardened access control. [PIE-743]
• See PaperCut NG/MF Security Bulletin (May 2024) for more information.

Fixes:

• Fixed an issue that could prevent users that have multiple email addresses from syncing. [PO-2144]
• Web Print: Fixed an issue where the color scheme was not loading in the Web Print user interface. [PO-1974]
• Fixed the UI text layout in PaperCut NG/MF Admin Portal > Options > Advanced tab - Security section, to better match the input field order. [PO-1977]
• Logging: Changed a log ERROR message to WARN in Email to Print as we now better support network connection issues. [PO-2004]
• Payment Gateway: Fixed an issue where Payment Gateway postback fails. KB, manual. [PO-1879]
• Added the ability to delete Google Cloud Directory (GCD) certificate from the administrator UI User/Group Sync page when Google Cloud Directory is the sync source. [PO-2142]
• Fixed an in product documentation link for configuring Single Sign on with Google. [PO-1943]
• Widows Active Directory: Fixed user card PINs being omitted from group user imports. [PO-2188]

Print Provider:

• Windows Direct Print Monitor: Fixed an issue that caused Print Deploy to overwrite manually configured settings in print-provider.conf, for example debug=on/off. [PIE-689]
• Windows Print Provider: Fixed an issue where the Print Provider in rare cases would crash during startup. [PIE-698]
• macOS Print Provider: Fixed an issue that the Print Provider and Direct Print Monitor running on macOS Sonoma 14.4 could not track print jobs on newly added printers. [PIE-720], [PIE-722]
• Use new code signing certificate for all Print Provider executables [PIE-713]
• Print Provider: macOS 10.15 Mojave and earlier are no longer supported. macOS 11 Big Sur or later is required to run. [PIE-654]
• PDL transform: Fixed an issue that caused stapling to fail on Xerox printers when using non-envelope paper sizes. [PIE-636]
• CUPS: Fixed an issue that caused print jobs to be logged as successful when printers did not respond for 10 minutes. [PIE-628]
• CUPS: Fixed an issue where a printer called PaperCut was incorrectly listed under available printers to install. [PIE-702]
• Print analysis: Fixed an issue on large format Canon printers that caused the wrong page size dimensions to be detected. [PIE-638]
• Print analysis: Fixed an issue that caused grayscale printing to be detected as color when using Fujifilm PostScript printer drivers. [PIE-650]
• Hardware Page Count on macOS: Fixed an issue that caused Hardware Page Count to fail when HTTPS is enabled. [PIE-655]
• Hardware Page Count: Added support for printers Kyocera ECOSYS P3055dn, P3051dn, and P5026. [PIE-683]

Web Print and Email to Print:

• Web Print, Email to Print, when using SHARP MX-4070N PCL6 or SHARP MX-4070N PS drivers. Fixed an issue that caused 11x17 inch page size documents to be printed as A4 or Letter size. [PIE-651]
• Web Print, Email to Print: Updated a dependent library that improves security. [PIE-559]
• Web Print, Email to Print: Fixed an issue that in some cases would cause Letter and 11x17 inch documents to be printed in A4 instead. [PIE-662]
• Web Print (Windows): Fixed an issue that caused PDF documents to fail to print when the Web Print service is run as a Group Managed Service Account. [PIE-643]

Security:

• Enhanced the UI for the user and admin login screens to optimize the SSO sign-in experience when enabled. [PO-1965]
• Various 3rd party dependency upgrades. [PO-2170][PO-2168][PO-2166][PO-2130][PO-1886]
• Various security enhancements to improve the overall security of the product.

Fixes:

• Fixed an issue that prevented the application server from starting in some Linux environments. [PO-2119]

Security: 

• Various security fixes. See PaperCut NG/MF Security Bulletin (March 2024) for more information. [CDSS-3505], [CDSS-3325], [PO-2080], [PIE-708], [PO-2030]
• This release also includes several pre-emptive security improvements and additions to layers of defense. These improvements were made as a result of code audits, pen tests and security reviews. Changes were made in line with our security uplift initiative.

Fixes:

• macOS: Fixed an issue that, in some cases, when deploying Mobility Print or IPPS print queues via Print Deploy, the Print Deploy client caused the CUPS IPP backend to fail, resulting in any IPP/IPPS/HTTP/HTTPS print jobs failing. This fix will also restore a user’s CUPS IPP backend if Print Deploy previously broke it. See known issue for more information. [PD-1892]

Fixes:

• Email to Print: Improvement to the efficiency of bulk folder operations when using the IMAP protocol. [PO-1735]
• User/Group Sync Source: Added the ability to configure an alternative email address for UPN users with the Standard Azure sync. [PO-949]
• Print Deploy: Allows admins to downgrade the execution privileges of the Print Deploy server. Note that this is applied by default in a fresh installation of 23.0.5, but will need manually applying (if required) for upgrades. See How to downgrade the execution privilege of the Print Deploy server on Linux and macOS for more information. [PD-1690]

Fixes:

• Fixed an issue where client authentication and unauthenticated printers are not working correctly with the 23.0.3 version user client. [PO-1853], [PO-1845]
• PostgreSQL - Fixed an issue that was introduced in 23.0.3 that caused database imports to fail when using postgresSQL. [PO-1855]

New Features:

• Added support for users logging in to the PaperCut NG/MF User Client with Azure credentials & authenticating with Microsoft MFA flow (requires user clients to be upgraded). Find out what’s supported [PO-1643], [PO-1637]
• PaperCut username field now supports up to 255 characters (increased from 50 to 255 characters) to allow better support for customers using UPNs as usernames. [PO-1034]

Security:

• For new installations only, we are changing the default configuration for “Allowed remote provider IP addresses (e.g. secondary print servers)” under Options->Advanced->Security to only allow connections from local IP ranges by default. More details can be found here [PO-1649]
• Introduced the ability for Admins to update their company contact details in the About Page in MF/NG to be alerted in the event of a critical security incident. For more regular PaperCut security notifications please subscribe to security notifications [PO-1670]

Fixes:

• Updates to color contrast of text and elements for enhanced accessibility compliance on MF/NG Admin and User PaperCut web interfaces. [PO-1778]
• Fixed a bug with Email to Print when configured with Gmail over OAuth, which caused email to print to stop working until an Application Server restart. [PO-1672]
• Improved email sending behavior when using Outlook or Gmail connections with OAuth. This should reduce Scan to Email notification failures. [PO-1671]
• Addressed an issue that could cause Windows AD users to lose association with groups following a user sync failure. [PO-648]

Print Provider:

• Windows, Linux: Fixed an issue that caused Hardware Page Count to fail if HTTPS communication was enabled in the Print Provider. See known issues for macOS. [PO-1786]

Other notes:

• A DB upgrade occurs when upgrading to this version.

New Features:

• Added the ability for customers with Azure user/group sync to enable multi factor authentication (MFA) on their tenancy under certain circumstances. This enables MFA login flow across all web based authentication, however does not support the MF User Client. See Overview of synchronizing user and group details with Entra ID (Azure AD) for more information. [PO-1593], [PO-1275]
• Security communications enhancement to allow PaperCut to publish a banner to the Admin web interface to alert customers of any critical security incidents that may arise and guide them to take action to mitigate the issue. [PO-1448]

Security:

• Fixed a potential privilege escalation vulnerability when using the Print Archiving feature (CVE-2023-6006). See our Security bulletin (November 2023) for more information. [PIE-547]
• Security enhancement requiring Admins to re-authenticate their session before updating or assigning the admin rights or admin password. [PO-1558], [PO-1557]
• Security enhancement to comply with GDPR guidelines to redact personably identifiable information in Worldpay (RBS) Payment Gateway logs. [PO-1166]
• Updated several third party libraries. [PIE-625], [PO-30], [PO-858], [PO-859], [PO-862], [PO-947], [PO-963]
• Security enhancement to ensure that all password fields within the configuration files; server.properties and any payment gateway configuration files, are encrypted. These values will then be encrypted automatically after restarting the Application Server service. [PO-1130]

Fixes:

• Fixed a bug that prevented the editing of scheduled reports where the report contained invalid email addresses. [PO-1231]
• Fixed an issue that prevented scheduled reports being sent if any recipient contained an invalid email address. [PO-910]

Print Provider:

• Print Provider: Added options to configure the HTTPS/TLS communication port, cipher suite, TLS version and whether self-signed certificates should be accepted. [PIE-47]
• Print Analysis: Fixed an issue that caused page color to be detected as grayscale when using the Fujifilm Apeos series PCL6 printer driver to print booklets. [PIE-537]
• Email to Print and Web Print: Fixed an issue that caused printing to fail for some drivers when Tabloid page size is used. [PIE-616]

Other notes:

• If you are running v22.1.3 or later, there is NO database upgrade.