EC8.0 (LW80.xx.P251) release notes

IMPORTANT REMINDER!

Please make sure to read:Firmware upgrade remindersbefore upgrading the printer firmware.

Firmware EC8.0 release notes (February 2024)

Changes in LW80.xx.P251 (since LW80.xx.P235):

• Security Issues Addressed:
• CVE-2023-40239 XML external entity vulnerability
• CVE-2023-50735 - Heap corruption vulnerability in the PostScript interpreter
• CVE-2023-50736 - Memory corruption vulnerability in the PostScript interpreter
• CVE-2023-50734 - Buffer overflow vulnerability in the PostScript interpreter
• Updated Java certificates
• Update open-source packages
• Various other security improvements
• Field Issues Addressed and Other Improvements:
• Fix for a 900.15 permanent crash that results from the Fax Logging Level being set too high for too long
• Updates to etherFAX
• Improvements to fax debug logging
• Fix for issue where SNMPv3 queries become unresponsive after 248 days of uptime
• Fix for an issue where policy updates through LDD intermittently fail
• Fixes for various 900 errors
• Fixes for incorrect output or error pages with certain PCL5 and PDF print jobs

Changes in LW80.xx.P235

• Security Issues Addressed:
• Security improvements based on internal testing
• CVE-2023-26063 Postscript Buffer Overflow (type confusion)
• CVE-2023-26064 Postscript Buffer Overflow (out of bounds write)
• CVE-2023-26065 Postscript Buffer Overflow (integer overflow)
• CVE-2023-26066 Postscript Buffer Overflow (improper stack validation)
• CVE-2023-26070 SNMP input validation vulnerability
• Field Issues Addressed and Other Improvements:
• Upgrade Scan to Network application to v4.9.26
• Usability improvements for panel
• Change to increase SMTP's password length to 128 characters
• Multiple fixes for incorrect output when printing certain PDF or PostScript print jobs
• Fix for cipher list failing to update when saved
• Fix to export the printer's settings file
• Fix inability to access the printer's remote operator panel due to an improperly selected certificate
• Add autoLogoutDelay setting to single function printers
• Improve certificate auditing with respect to imported certificates
• Fix for a "PDF Error 119: Missing Font Information" error being generated for certain PDF print jobs
• Fix for an inaccurate "Warning: IllegalMediaSize" PCL-XL error
• Add translations for some EWS labels
• Update Java certificates
• Disable trailing dot to the CN on the certificate subject when the Domain Name field is blank
• Fix inconsistency of button name in "Scan Successful" screen -----> change to "Usability improvements for panel"
• Allow the Email Address field to show email addresses longer than 17 characters
• Fix inconsistent behavior when changing the "Fax Transport" setting from "Analog" to "etherFax" and vice versa
• Fix to ignore the "Auto Answer" setting if the "Fax Transport" setting is "HTTPS Fax”
• Fixes for multiple sources of 900.00 errors, some causes include:
• A potential 900.43 Firmware Error when running out of paper with a PostScript print job
• A potential 900.42 Firmware Error with respect to linked output bins
• A random 900.00 Firmware Error due to an IPP memory leak
• 900 error when performed a specific PDF printing
• 900 Full Page Image Reader error when the user tried to scan on certain MFP model

Changes in LW80.xx.P210

• Security Issues Addressed:
• CVE-2021-44734 Embedded web server input sanitization vulnerability
• CVE-2021-44737 PJL directory traversal vulnerability
• CVE-2021-44738 Postscript Buffer overflow
• Field Issues Addressed and Other Improvements:
• Fix for 900.80 error on MX6500 devices
• Resolve an issue where copy “overlay” did not function correctly when panel language is set to a DBCS language
• Resolve multiple issues with some PDF print jobs resulting in incorrect output
• Fix for a 900.43 error when printing certain postscript print jobs
• Multiple fixes for some PCL5 print jobs resulting in incorrect output
• Fix for various 912.45 errors and 900.00 errors

Changes in LW80.xx.P013

• Security Issues Addressed:
• Cross Site Scripting Vulnerabilities
• CVE-2019-19772
• CVE-2019-19773
• Stored Cross Site Scripting Vulnerabilities
• CVE-2020-10093
• CVE-2020-10094
• TLS Protocol Vulnerability – CVE-2019-1559
• Cross Site Request Forgery Vulnerability – CVE-2020-13481
• Updated Java certificates
• Patched OpenSSL for security improvements
• Field Issues Addressed and Other Improvements:
• Resolved an issue where PKCS12 file import failed due to a leading blank space
• Fix for an issue where remote op panel session was unable to be reopened after the initial session was disconnected
• Mopria Scan Certification on MFP’s
• Remove Google Cloud Print items since it has been decommissioned by Google
• Fixes for various 900.xx crashes
• Wireless stability improvements
• Fix for issues resolving hostnames
• Improvements to Fax, FoIP, and Network Fax functionality
• Multiple translations updates
• Improve keystroke detection on remote operator panel
• Update included Scan to Network version to 4.9.25 for touch screen MFP’s
• Improvements for scan to folder on a DFS share
• Fixes for sending emails to logged-in user (native workflows and apps)
• Multiple card reader behavior improvements
• Improve messaging of MS91x/MX91x devices with high capacity feeders attached that were not able to print after waking from sleep
• Enhanced Device Statistics reporting
• Multiple fixes for PDF errors, missing or incorrect rendering, and 900.xx crashes due to job content
• Multiple fixes for PS errors and 900.43 crashes due to specific print jobs
• Various fixes for PCL5 and PCLXL print job errors, missing characters, incorrect output, and 900.xx crashes
• Improved memory utilization