11/24/2023 0 Comments Papercut ng serial![]() ![]() Please note that these recommendations are listed here for historical purposes. See Run a PaperCut NG or MF Release Station from a Raspberry Pi for the latest image which includes log4j 2.17.1. Release stations (version 20.1.6 or earlier) Release stations (version 21.0.0 up to and including version 21.2.1) Payment gateways (version 206 or earlier) ![]() See the FAQ section for the ‘Do I need to upgrade the Payment Gateway module’ question. Not impacted, but upgrade recommended for versions 207, 210, 213, 214 Site Server (version 21.0.0 up to and including version 21.2.1)Īpply the same Application Server fix to the Site Server. PaperCut Online Services (Scan to Cloud, OCR) PaperCut NG (version 21.0.0 up to and including version 21.2.1) PaperCut MF (version 21.0.0 up to and including version 21.2.1) Product Status Which PaperCut products are impacted? Product This is a rapidly evolving situation, we recommend that you revisit this page often for the most current information. This Knowledge Base article outlines the impact of this vulnerability on PaperCut products. At this point in time our initial triage shows that only PaperCut MF and PaperCut NG have dependencies on the Apache Log4j component. This issue can lead to remote code execution or information disclosure on the system running software containing the log4j component where a malicious actor can control any string that is logged. This issue has been classified by the Apache Logging security team as a critical severity issue. PaperCut is aware of the RCE vulnerability in the Apache Log4j library also known as Log4Shell or CVE-2021-44228. Payment Gateway module version 219 - updated (Jan 27th) version of the Payment Gateway module to install only required if you are currently using version 207, 210, 213 or 214 of the Payment Gateway (see the ‘Do I need to upgrade the Payment Gateway module?’ question in the FAQs). Removal of the legacy Mac client (which contained lingering log4j 1.x files). Removal of all log4j 1.x dependencies from the MF and NG products. To resolve issues with security scanners detecting log4j 1.x dependencies, please update to PaperCut MF or NG version 22.0.8 or later, which includes: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |