|
Important Notice: If after upgrading, a CSRF validation error message (HTTP ERROR 403: Problem accessing /app. Reason: CSRF validation) is displayed while attempting to log into the Admin or User web interface, then some additional actions are required. This is related to the CSRF HTTP header origin checks introduced in 17.3.2, in line with OWASP recommendations.
Enhancements:
- Branding customization: Report headers can now be customized with a logo, from the Options > General page.
- User client:
- The color of negative credit balances displayed on the balance window can now be customized.
- Improved the User Client start-up time after a computer has gone to sleep.
- Google Cloud Print: Added support to configure Google Cloud Print via a Proxy Server.
- Standard Release Station: Re-positioned the login fields to prevent them from being obstructed when using an on-screen keyboard.
- Added the ability to sync a user's PIN from AD/LDAP to PaperCut NG (ldap.schema.userpin-field, ldap.2.schema.userpin-field, user-source.ad.user-pin-field).
- User and group sync: Users who are pending deletion are now displayed in the Test Sync Settings window.
- Direct Printing: Significantly reduced the size of the Windows Direct Print Monitor installer for customers using PaperCut without a print server.
- PaperCut NG installer: Added template custom server configuration files (service.conf / launch-app-server.conf) to help customers wanting to change server settings.
- Reports: Users to be included in an User Ad-hoc Report can now be selected from the "User name" drop-down.
- Shared Accounts: Added new methods to the web services API to set the Overdraft mode and value.
- Personal Accounts: Added new methods to the web services API to set the Individual Overdraft mode and value.
- The way in which diagnostics files are provided to PaperCut Support has been improved with an "Upload diagnostics file to PaperCut Support" option on the Options > Advanced page.
- Updated the bundled Java SE Runtime Environment to version 8, update 131, to incorporate the latest security fixes from Oracle.
- Payment Gateway module: The advanced API for on-demand payment now fully supports charging and balance inquiries for shared accounts.
- Security enhancements:
- Improved coverage of HTTP header origin checks in both the Admin and User web interface, in line with OWASP recommendations.**
- Removed unnecessary system and operating environment data (for example, OS version, web server resources, database type) from error messages.
Fixes:
- Windows: Fixed an issue that caused custom memory allocation settings to be ignored. As a result, the Application Server used the standard memory allocation, which is insufficient for some large sites (since 17.3.2).
- Shared Accounts: A warning message is now displayed on the Users > User Details page if the user does not have permission to access the assigned "Default shared account".
- Novell iPrint: Fixed an occasional issue causing print errors when enforcing grayscale or duplex print job settings.
- Direct Printing with Email to Print: Fixed an issue preventing the Printer Details page from being saved during Direct Print setup.
- Epson SureColor large format printers: Fixed a page count issue when using roll paper.
- Web Print: Fixed an issue in the Admin web interface that did not display the number of documents in the Web Print queue.
- Fixed an issue that occasionally caused an error on the Printers > Jobs Pending Release page for non built-in PaperCut Administrator accounts.
- Provided a workaround for a rare issue that caused grayscale conversions to not be applied. A config key has been added to force grayscale conversion for all jobs on a specific print queue.
- Fixed an issue that prevented the PRTG Template Generator from working with the SSL protocol (URLs with HTTPS).
- Improved the layout of the Printers > Charts page.
- Minor usability improvements to the Admin web interface, such as changed button colors and field sizes.
Other Notes:
- **Additional actions are required to retain the CSRF HTTP header origin checks and avoid the CSRF validation error message while attempting to log into the Admin or User web interface. This is based on the way the PaperCut web server has been setup to redirect users to new pages (i.e. the way the proxy configuration handles host headers overrides):
- either the proxy (IIS or Apache) is configured to run in front of PaperCut and override the host header, or
- the proxy is configured to override the host header using the config key server.force-host-header in the server.properties file.
- If you are running v17.2.1 or later, there is NO database upgrade.
|
|