This is a bugfix and security release for version 14.1 and includes the following changes. Security change address issues reported by an independent security researcher on 28th March 2014. PaperCut recommends all customers apply this update.
- Fixed web print upload process for some non-English languages.
- Fixed an issue where bulk user operations and batch user import would not work in certain situations.
- Fixed an issue with Web Print file upload when using Internet Explorer 7 (or when using later versions in compatiblity mode).
- Release Station: Fixed certain card swipe scenarios with the Standard Release Station. In particular, a carriage return in the card data will no longer trigger a false key press in subsequent dialogs.
- Improved data security of print release functionality used by embedded MFPs (CVE-2014-2657).
- Added an option to only allow network requests from a specified list of device IPs/subnets. This provides additional security in relation to CVE-2014-2657.
- Fixed potential cross-site request forgery (CSRF) issues in the admin UI (CVE-2014-2659).
- Fixed a potential denial-of-service (DoS) (CVE-2014-2658).
- Include the "X-Frame-Options" HTTP header to mitigate framejacking or clickjacking attacks.
- Details on individual CVE issues will be provided at some future time.
- This release does not contain a database upgrade.