Release Notes 2023

Security Highlights

Remediated the following vulnerabilities:

• V-2023-016 — Incorrect Access Control: PHP
• V-2023-021 — Out-of-Date OpenSSL Library
• For more details refer to Security Bulletin.

New Features and Enhancements

Enhancement: New Data Type added to the Data Manager of Printer QR Code URLs.

• Description: A new Data Type has been added to the Data Manager. This type, titled Printer QR Code URLs, is an export only option that will download all generic QR code URLs for printers found within your tree structure. The purpose of these QR codes is to be used with the mobile app as a quick way to release held print jobs by scanning the code at the printer. These downloaded URLs can be used with a QR code generator of your choice to customize the code to include things like an image. For more details refer to QR Code Release.

Fixes

• Resolved the false error of "Unable to test SMTP connection" when the option is selected on the Email Printing tab. PI-47520
• Installation verbiage for CPA v2 updated to accurately reflect the checks occurring. PI-47539
• IdP logins on macOS no longer cause multiple browser tabs to open. PI-47549
• Logos in the top margin on the Admin Console display correctly. PI-48109
• Optimization of the SNMP service to reduce CPU / RAM usage. PI-49013
• Resolved a badging delay when authenticating to the CPA. PI-49835
• Global SNMP settings no longer cause CPA installation failures. PI-50596
• Off-Network Print jobs from Red Hat Clients don't get stuck in the CUPS queue. PI-50719
• An issue when using Direct Email Printing, causing the job to be sent to the printer but not printed and then go back to the release portal and continue to be held, is caused by a specific setting in the Canon Generic Plus PCL6 driver. The particular setting is under the device settings section in the printer's properties. Under other settings, the "Spooling at Host" setting should be set to Disabled. PI-52278
• Global SNMP v3 improvement to resolve errors displayed on the Status tab. PI-51907
• Improvement to folder removal with role assignments. PI-48124
• RBAC roles and their associated buttons work as expected. PI-52258
• Improvement to Entra ID mapped attribute syncs. PI-51800 / PI-52232
• Prompts for being over on Pull Print and Direct Secure Release licensing work as expected. PI-49161
• Network changes no longer impact IdP token validation. PI-51159
• Offline Secure Release Print resolution for missing last pages on print jobs. PI-52048
• Ubuntu Service Clients on v22.04.3 start as expected. PI-51918
• Reports respect when the "Include TCP/IP Printers" box is unchecked. PI-46976
• The Status tab correctly displays lifetime page counts gathered through SNMP. PI-43154
• Resolved app crashes while authenticating on Ricoh CPA v2. PI-51489
• Off-Network Print isn't interrupted by Client updates. PI-51841
• Okta groups display correctly in Quota Management. PI-48439
• Quota Management checks don't cause blank jobs to print. PI-50558

NOTICE: If using Off-Network Printing (ONP) with a self-hosted external gateway, it is a known issue that the Virtual Appliance host version 22.0.818 (released 1/10/23) causes an error of "BadCertificate," causing ONP not to function. - PI-45864

Security Highlights

Remediated the following vulnerabilities:

• V-2023-017 — Cross Site Scripting (XSS)
• V-2023-009 — Server-Side Request Forgery: CPA v1
• V-2023-011 — Password Stored in Process List
• V-2023-010 — Hardcoded Private Key
• V-2023-012 — Preauthenticated Cross Site Scripting (XSS): Badge Registration
• V-2023-013 — Private Keys in Docker Overlay
• V-2023-014 — Server-Side Request Forgery: Elatec
• V-2023-015 — Server-Side Request Forgery: rfIDEAS
• For more details refer to Security Bulletin.

New Features and Enhancements

Enhancement: tree structure Expansion

• Description: Two options are now available to assist with easily viewing the tree structure. First, a slider bar is now at the bottom of the tree structure. Second, you can drag and drop the line separating the tree from the tabbed information horizontally. For more information, visit the Tree Structure topic.

Enhancement: Ricoh CPA v2 Installer

• Updates made to the Ricoh CPA v2 installer for efficiency.

Fixes

• The Edge Chromium extension supports the latest macOS. PI-51775
• Adding groups in Quota Management no longer gives a 500 error. PI-51644
• The About PrinterLogic page loads as expected. PI-51494
• Client installations from the Self-service Portal work on macOS. PI-51061
• Client and CPA settings save correctly. PI-50657 / PI-50625
• Off-Network Print works correctly in RDS environments authentication with an IdP. PI-49889
• Off-Network Print jobs report the source correctly. PI-49004
• The Advanced Settings printing option shows on ChromeOS. PI-48686
• The Printer Apps service no longer crashes if printers aren't assigned to the Service Client object. PI-50969
• Print Job Records filter options display the correct times rather than just department options. PI-49994
• Special character (:) in names works correctly during printer migrations. PI-51052
• Improvement to single sign-on (SSO) for Ricoh CPA. PI-49131 / PI-50500
• Custom Role restrictions to the Tools Menu work as expected. PI-48225
• Terminal server environment Clients respect disabled system tray Client options. PI-47286
• Improved the driver deletion process for recently changed drivers. PI-47845
• Held jobs respect purge times. PI-46974
• Scheduled Reports enhancement for large printer environments. PI-47632
• Uppercase / lowercase changes to SNMP settings are recognized. PI-47932
• Scheduled Reports in PDF format work as expected. PI-47596
• Improvement to the IdP login process. PI-49159

NOTICE: If using Off-Network Printing (ONP) with a self-hosted external gateway, it is a known issue that the Virtual Appliance host version 22.0.818 (released 1/10/23) causes an error of "BadCertificate," causing ONP not to function. - PI-45864

Security Highlights

Remediated the following vulnerabilities:

• Authentication bypass. OVE-20230524-0001
• SQL Injection. OVE-20230524-0002
• Cross-Site-Scripting. OVE-20230524-0003
• Weak password encryption / encoding. OVE-20230524-0007
• Insufficient CSRE protection. OVE-20230524-0008
• Arbitrary content inclusion via iFrame. OVE-20230524-0012
• Remote Network Scanning (XSPA/DoS). OVE-20230524-0013
• OAuth Security bypass. OVE-20230524-0016
• Insufficient Authorization Checks. OVE-20230524-0010
• Cookie Returned in Response Header. OVE-20230524-0017
• Known Vulnerability Components. OVE-20230524-0018
• V-2022-002 — Symbolic Links Allow Unprivileged File Interaction
• V-2023-001 — Client Remote Code Execution
• V-2023-002 — Cross-Site Scripting in Reports
• V-2023-003 — Dead / Insecure PHP Code
• V-2023-004 — Vulnerable OpenID Implementation
• V-2023-005 — Cross-Site Scripting in Badge Registration
• V-2023-006 — Hardcoded IdP Key
• V-2023-007 — Supply Chain Attack
• V-2023-008 — Remote Code Execution
• V-2023-018 — Authentication Bypass
• V-2023-019 — Arbitrary File Write as Root
• V-2023-020 — Remote Code Execution
• For more details refer to Security Bulletin.

New Features and Enhancements

New Support: Red Hat 8 Client.

New Feature: Purge All Historical Print Job Titles From The Database.

• On Tools Settings Printing there is a new button, Purge all historical records of print job titles from the database. When selected, print job titles are purged from the database.

New Setting: Enable "Automatic Self-Service Portal and Release Portal" login

• Description: Enabling this setting allows the Client to automatically log users into the Self-service Portal and Release Portal based on who the Client shows is logged in. Conversely, if the option is deselected, users will be required to log in each time they want to access one of the portals. It is important to note that enabling this feature will prompt you to acknowledge a modal warning before proceeding. For existing customers, current behavior will be the same unless they disable this setting. For new customers, this setting will be disabled by default, with the option to enable it if desired. For more details refer to Portal Security.

Enhancements:

• The Printer Apps service no longer reinstalls all CPAs after upgrading the Host.
• Improved the Authorized Devices window and added a search bar for a better user experience.
• Epic and LPD connections include the options to specify a shared storage location and make failed print jobs available again for release.

Fixes

• The correct port is used for LDP printers with Quota Management. PI-48103
• Resolved a "You are not logged in, or your session has expired" message displaying when running the Print Job Records reports. PI-49723
• Improved the IdP badge self-registration process to remove placeholders that were impacting the registration completion. PI-48957
• Enhancement so the Client no longer removes deployed printers if the IdP server is unreachable. PI-39385
• Improvements to the SNMP service for:
  • A new URL for the service. "agent-api.{VA_INSTANCE_URL}" (modified with your instance URL).
  • Working in large environments (14k+ printers). PI-44409
  • Reflecting updated IP addresses. PI-46410
  • SNMP alerts consistently send to assigned users. PI-45384
  • Data displays in the Admin Console faster. PI-43978 / PI-43515
  • SNMP v3 communication with HP devices. PI-46443
• Print Job Records report contains the Job Type column on CSV files. PI-47200
• Overview report graphs display correctly. PI-47311
• Ricoh CPA service improvement to resolved installation errors. PI-48343
• Quota Management correctly differentiates between LDAP and IdP users. PI-42942
• Quota Management recognizes cost templates using European formats. PI-46985
• Users print quotas display correctly in the Self-service Portal. PI-46324
• Toshiba CPA v2 in single sign-on (SSO) Provider mode adheres to the correct time out. PI-48140
• The Lost Password modal respects changes to password requirement settings. PI-48045
• Data Manager printer deployment inserts work as expected. PI-48145
• Secure Release Print improvement for single and concurrent IdP environments. PI-47290
• The Internal Routing Service test bubble shows the correct color. PI-44673
• Daily Scheduled Reports send at the correct cadence. PI-44938
• Decimal representations used in Quota Management no longer give an error. PI-42824
• ChromeOS improvements for printing to Toshiba e-STUDIO printers. PI-35304
• Updating badges in Okta no longer creates multiple badge entries in Identities. PI-37988
• Active Directory group deployments with Unicode Characters work correctly. PI-38324
• Site Manager roles can edit print object drivers. PI-41753
• Groups can be deleted in Quota Management. PI-46322
• Improved performance to Print Preview when using an iOS device. PI-47443
• Off-Network Print using Red Hat 8 works as expected. PI-48011
• LDAP improvement for environments using multiple child domains. PI-45609
• Automatic Client Update using filtering works as expected. PI-41825
• Using Off-Network Print to a pull printer without a Secure Release printer installed doesn't cause the job to fail. PI-44448
• Edge Chromium browser extension respects the existing default home page. PI-37505
• Off-Network Print with Direct IP Primary set no longer causes pull printers to time out or give false "Print Job Failed" messages. PI-46573 / PI-44129
• Ricoh CPA installation prompts display the correct messaging during the installation process. PI-45008
• IdP logins no longer fail when the email UPN includes an apostrophe. PI-44304
• Off-Network Print service improvement to handle large jobs. PI-39938
• Off-Network Print doesn't print through each gateway assigned if the first is successful. PI-44843
• The path to the LibreOffice executable for printing email attachments cannot include quotations. PI-37108
• Improved the Google Identity Sync auto-renew login process. PI-42790
• Improved the system tray icon IdP login process. PI-46048
• Scheduled Reports using PDF format generate as expected. PI-32155
• Resolved CPA v2 wake up errors on Ricoh devices. PI-45763
• IP Address Range printer deployments using 192.168.128.XXX only deploy to printers within that range. PI-45819
• The Workstations report displays Windows 2019 server and Windows 11 devices correctly. PI-45378
• Self-hosted Off-Network Print external gateways function as expected. PI-45864
• Item-level Client updates work as expected. PI-38631
• Special character (&, é) in the printer name no longer causes problems with syncing changes and installations. PI-37851 / PI-42034
• portal security using IP Address Ranges works correctly for devices and for guests on Chromebook devices. PI-46799 / PI-44939
• Improvement for the Client in IGEL environments to display the icon in the system tray and communicate the correct login information for the user. PI-37006 / PI-49716
• Xerox CPA in single sign-on (SSO) Listener mode works correctly with CAC logins. PI-45203
• You can print from an Off-Network Print enabled device working as a Service Client. PI-38915

NOTICE: If using Off-Network Printing (ONP) with a self-hosted external gateway, it is a known issue that the Virtual Appliance host version 22.0.818 (released 1/10/23) causes an error of "BadCertificate," causing ONP not to function. This issues has been resolved in this application build.

New Features and Enhancements

New Feature: Purge All Historical Print Job Titles From The Database.

• On Tools Settings Printing there is a new button, Purge all historical records of print job titles from the database. When selected, print job titles are purged from the database.

Fixes

• LDAP improvement for environments using multiple child domains. PI-45609
• Automatic Client Update using filtering works as expected. PI-41825
• Using Off-Network Print to a pull printer without a Secure Release printer installed doesn't cause the job to fail. PI-44448
• Edge Chromium browser extension respects the existing default home page. PI-37505
• Off-Network Print with Direct IP Primary set no longer causes pull printers to time out or give false "Print Job Failed" messages. PI-46573 / PI-44129
• Ricoh CPA installation prompts display the correct messaging during the installation process. PI-45008
• IdP logins no longer fail when the email UPN includes an apostrophe. PI-44304
• Off-Network Print service improvement to handle large jobs. PI-39938
• Off-Network Print doesn't print through each gateway assigned if the first is successful. PI-44843
• The path to the LibreOffice executable for printing email attachments cannot include quotations. PI-37108
• Improved the Google Identity Sync auto-renew login process. PI-42790
• Improved the system tray icon IdP login process. PI-46048
• Scheduled Reports using PDF format generate as expected. PI-32155
• Resolved CPA v2 wake up errors on Ricoh devices. PI-45763
• IP Address Range printer deployments using 192.168.128.XXX only deploy to printers within that range. PI-45819
• The Workstations report displays Windows 2019 server and Windows 11 devices correctly. PI-45378
• Self-hosted Off-Network Print external gateways function as expected. PI-45864

NOTICE: If using Off-Network Printing (ONP) with a self-hosted external gateway, it is a known issue that the Virtual Appliance host version 22.0.818 (released 1/10/23) causes an error of "BadCertificate," causing ONP not to function. - PI-45864

New Features and Enhancements

Enhancements:

• Improved the Authorized Devices window and added a search bar for a better user experience.
• Epic and LPD connections include the options to specify a shared storage location and make failed print jobs available again for release.

Fixes

• Item-level Client updates work as expected. PI-38631
• Special character (&, é) in the printer name no longer causes problems with syncing changes and installations. PI-37851 / PI-42034
• portal security using IP Address Ranges works correctly for devices and for guests on Chromebook devices. PI-46799 / PI-44939
• Improvement for the Client in IGEL environments to display the icon in the system tray and communicate the correct login information for the user. PI-37006 / PI-49716
• Xerox CPA in single sign-on (SSO) Listener mode works correctly with CAC logins. PI-45203
• You can print from an Off-Network Print enabled device working as a Service Client. PI-38915

Security Highlights

Remediated the following vulnerability:

• A security vulnerability has been addressed in client version 25.0.0.688+.
• V-2022-010 — Local Privilege Escalation
• For more details refer to Security Bulletin.

New Features and Enhancements

• The Printer Apps service is now a 64-bit service. This improves performance and scalability of the service. It no longer functions on a 32-bit operating system.
• Copy / Scan Tracking supports Lexmark and Ricoh devices, and includes additional Accounting options for Xerox devices.
• Enabling Simple Badge Release on Windows automatically enables Port 31990.
• rf IDEAS badge readers require firmware version 4.01.3.1. For more details refer to the PrinterLogic Knowledge Base.
• Installing CPA v2 removes CPA v1 artifacts.
• Updated Ubuntu to 22.04, and MySQL to 8.0.30.

Fixes

• Internal Service Client enhancement to reduce latency. PI-45009
• Resolved "Unable to process CAC login" error message. PI-44034
• Kyocera CPA v2 improvement to memory usage that resolved login issues. PI-40672
• Print Job Records report exports data as expected. PI-44399
• Improvement to Simple Badge Release in Identity Sync environments. PI-44447
• Printer level Off-Network Print external gateway and Internal Routing Service assignments work as expected. PI-44672
• Client check-in time adjustments display in the Administrative Audit records. PI-37530
• The "Become an Okta member" link functions as expected. PI-41823
• Resolved a "List index out of range" error on Ricoh and Konica Minolta CPA v2. PI-42392 / PI-42089
• Automatic Client Update work as expected during Client check-in. PI-44150
• Selecting the name in Advanced Search correctly opens up the object in the folder. PI-41890
• The soft match setting for LDAP saves correctly. PI-40728
• Badge self-registration for IdP users assigns the correct username. PI-38874
• Windows Client checks in correctly in virtual environments. PI-43420
• IdP logins on the Linux Client work as expected. PI-34826
• Registering a badge on Lexmark devices displays an accurately sized keyboard. PI-42083
• Chromebook IP Address Range portal security works as expected. PI-41744
• The Status tab displays updated data. PI-43515
• Advanced Groups printer deployments no longer give an error. PI-43581
• Removing a user from the Identity Management or Identities tabs clears them from the database and future searches. PI-43375 / PI-42996
• Google Identity Sync provisions small user changes correctly. PI-43957
• Windows Clients show the correct version number. PI-35351
• RBAC works with IdP users and portal security. PI-43959
• Improvement to the CPA v2 installation service. PI-43186
• Simple Badge Release service does not default to IPV6. PI-39423
• Off-Network Print only prints one copy of the job instead of multiple. PI-42314
• Fuji Xerox CPA v2 installs on more models. PI-42140
• Pushing large Okta groups (1k+) works as expected. PI-41810
• Offline Secure Release Print tab only prompts to save changes is a change was made. PI-41887
• Paper sizes specific to Canon were added for reporting. PI-41603
• LDAP placeholders no longer block input fields. PI-41411
• Custom roles work as expected. PI-39634
• LDAP users can add printers on the iOS mobile app. PI-39780
• Badging works as expected on Fuji Xerox CPA v2. PI-41386
• Header images display correction on the Self-service Portal. PI-39856
• HP CPA v2 no longer shows a Job Accounting error. PI-41082
• Off-Network Print from macOS devices works correctly. PI-41879
• Improvements to the Google Identity Sync service. PI-41914 / PI-41653 / PI-41919
• The macOS Client respects hidden Client options. PI-34365
• IdP authentication on Lexmark devices works correctly. PI-39855
• Installing Copy / Scan Tracking on Xerox 8100 series devices doesn't change accounting options. PI-38303
• Simple Badge Release works in PIV/CAC environments. PI-27771
• The Customize button doesn't display on Xerox CPA v2 with single sign-on (SSO) enabled. PI-38803
• IP Address Ranges work as portal security options. PI-40335
• The search filed for drivers / profiles allows backspacing. PI-39635
• Toshiba CPA v2 installs as expected. PI-20907
• Print Job Records auto-complete options are selectable. PI-41214
• Off-Network Print with Direct IP Primary prints jobs as expected. PI-39539