Release Notes
MyQ Central Server 10.2
Minimum required support date: 1st of April 2023
Minimum required version for upgrade: 8.2
What’s New in 10.2
Find details of the improvements in MyQ 10.2 across our full range of solutions here.
MyQ Central Server 10.2 RTM
13 June, 2024
Improvements
Added a more flexible option for updating users synchronized from Entra ID onto the same users already existing in MyQ who were previously synchronized from AD; a personal number field that should store a unique identifier of the user in both sources can now be used in Entra ID to pair the user identities.
PHP updated to version 8.3.7.
SQL Database creation process and UI improved.
Changes
After changing the PIN length in Settings, administrators can choose whether to generate new PINs only for users who already have a PIN or all users.
SQL Server 2014 is no longer supported. Minimum supported version of SQL Server is 2016.
Bug Fixes
A user with user right "Delete Cards" is not able to delete cards due to options in the dialogue available on their Web Interface being inactive.
Configured connections (Settings – Connections) could have been invalidated during the upgrade in specific cases such as when the *admin account still used the default password "1234" (note: since MyQ 10.2 RC 4, the *admin does not have any default password set anymore) or when the admin account that created this connector later changed their MyQ password.
Database upgrade between patches can fail in rare cases (The DELETE statement conflicted with the REFERENCE constraint "FK_ACE_TBLORMOBJECTS").
Generating reports or report previews might fail with an error in some cases.
Ineligible PIN could have been sent to users by email if those users were imported from CSV which was exported from older MyQ versions (and when Send PIN via email was enabled).
PIN displayed by the user (i.e. when the user attempts to recover the PIN) is displayed without leading zeros. Example: PIN 0046 is displayed as 46.
Rights for reports and its related scheduled settings are not inherited.
When logging in with the Sign in with Microsoft option, accounts the user is already signed into with Microsoft might not have been detected and offered to be used.
MyQ Central Server 10.2 RC 4
17 May, 2024
Security
Default password for the *admin account is not set for new MyQ installations anymore. Set the password manually in the Easy Config before heading to the MyQ Web Admin Interface. If you are still using the default password at the time of the upgrade, you will be asked to create a new one in the Easy Config.
Added option to enable/disable *admin account which leads to a new possibility to lock *admin account for login when required. It is recommended to assign specific users desired rights and prevent using a shared account for server administration.Added option to enforce or disable encryption when connecting to the SQL Server in the Easy Config's database configuration step.
Improved logging of login events especially attempts to log in with invalid credentials.
LDAP communication was not validating certificates.
Limited access to data that could be considered sensitive when custom reports are used.
Limited options for well-known clients to request certain operations on users via REST API.
REST API Removed capability to change the authentication server of a user (LDAP) server.
The access of the account for external reporting has been limited, some database tables with data that might be considered sensitive will not be accessible by default by this user.
Unauthenticated Remote Code Execution Vulnerability fixed (resolves CVE-2024-28059 reported by Arseniy Sharoglazov).
Scopes well-known clients (MyQ applications) can request were limited.
Unsuccessful authentications are now limited for security reasons, by default, the client/device is blocked for 5 minutes if more than 5 invalid login attempts are registered in a span of 60 seconds; these periods can be manually adjusted.
Improvements
NEW FEATURE Added support for Integrated Windows Authentication (Windows single sign-on) for Web User Interface and MyQ Desktop Client 10.2, logging in environments where IWA is used can be enabled in Settings – User Authentication and MyQ Desktop Client's Configuration profiles.
NEW FEATURE Added support for MyQ in IPv6 networks, IPv6 addresses can now be used across MyQ to configure authentication servers, SMTP, add printers, communicate with Site servers and more.
NEW FEATURE Entra ID (Azure AD) Joined devices are now supported for Job Authentication; a new option to Entra ID User Synchronization can automatically create compatible user aliases from concatenated Display names (for job submission from local accounts such as AzureAD\displayName).
The connection processes for SharePoint Online and Entra ID were improved, administrators can use the Automatic mode when creating the connector which does not require creating an Azure application manually but uses a MyQ predefined Enterprise application instead.
Added options that allow to automatically create a synchronization source and authentication server for Entra ID in the dialogue for adding a new Entra ID connector.
To strengthen the security of user authentication, manually and automatically generated PINs are now subject to improved complexity standards; weak PINs (with subsequent numbers, etc.) cannot be manually set and are never automatically generated. It is recommended to always use the Generate PINs functionality instead of filling PINs manually.
Default PIN length increased to 6 and minimum PIN length is now 4, resulting in improved security defaults for user authentication; for upgraded installations, if PIN is set to length below 4, it is automatically increased and will be used next time you generate new PINs.
Added options to select the level of synchronization for Groups in Entra ID sources; allowing for more flexibility such as choosing whether full synchronization should be performed or when synchronization should be skipped.
A warning when removing a trial license was added to inform that another trial license cannot be added in case there are accounted jobs from active user sessions existing in MyQ.
Added option to add an additional column "Project code" to reports in the Projects category.
Columns Total, B&W, and Color renamed to Total, B&W, and Color parsed pages in certain reports to clarify that these reports show the number of pages as they arrived in MyQ and not the final printed and accounted pages.
Improved logging of user synchronization issues.
LDAP synchronization options are validated on saving to avoid duplicated Base DNs which could cause errors during user synchronization.
Name or Tenant Domain is displayed of Entra ID is displayed on the Connections page for better recognition when multiple tenants are used.
Password field for SMTP settings can accept up to 1024 characters instead of 40.
The design of the Azure-related connectors (Entra ID, OneDrive for Business, and SharePoint Online) was improved.
REST API Added option to soft-delete users.
REST API Enhanced options for user management by allowing you to set user group memberships.
Firebird upgraded to version 4.
.NET Runtime updated to version 8.
PHP updated to version 8.3.6.
OpenSSL updated to version 3.3.0.
OpenSSL updated to version 3.2.1.
Apache updated to version 2.4.59.
Changes
Correction of project names "No project" and "Without project".
Custom reports have to be signed; in case the installation uses custom reports, backup them before the upgrade to be able to request signing.
Deleted sites are not displayed in "With issue" filter on Sites page.
Lotus Domino has been repositioned to the legacy mode; upgraded installations will preserve Lotus Domino integration (it is recommended to test the integration before upgrading production environments), and new installations will not have the option to add a new Lotus Domino connection available by default.
Security settings in Web Interface were renamed from SSL to TLS.
The CASHNet payment provider has been deprecated; the upgrade will also remove the existing CASHNet payment provider, payment history data are preserved and moved under "External Payment Provider", and thus backup of payment history is recommended before the upgrade if CASHNet was used.
The option to allow unsecure communication with Central Server was removed. This means SSL/TLS is always enforced in communication between Central and Sites.
As part of excluding jobs moved by Job Scripting from the Expired and deleted jobs report, a new rejection reason can be seen for such jobs on the Jobs page.
Bug Fixes
"Count it" on the Sites page might result in an error message being displayed.
Cannot generate support data over midnight.
Certificate validation could cause problems with connecting to Google Workspace.
Certificates are not validated during connection to cloud services.
Configured HTTP proxy is not used for connections to Entra ID and Gmail.
Custom Help widget is not displayed on the Dashboard by default.
Easy Config > Log > Subsystem filter: "Unselect all" is present even if all is already unselected.
Installing PS and CS on one server causes error: Error occurred while trying to replace existing file, DeleteFile failed; code 5.
Monthly report containing the Period column has months in incorrect order.
Not possible to authenticate user against LDAP using LDAP authentication server with autoresolved address.
Original jobs moved to different queue by job scripting are included in reports for expired and deleted jobs.
Recharging credit via GP webpay - payment gateway is not loaded when the user's language is set to specific languages (FR, ES, RU).
Replication from all Sites might be paused due to a replication problem with only one Site server.
Report "Projects - User Session details" shows the user's Full name in the User name field.
SMTP test error message contains incomplete information.
Some groups might be considered different if they contain full-width and half-width characters in the name.
The test of connection to Google Workspace in the authentication server settings which did not require credentials previously could have impacted user synchronization and caused problems with authentication to Google Workspace; The Test of connection will now also require user credentials filled in similarly to the synchronization source settings.
Toner level on the Printers page might not be displayed in some cases.
User group is not possible to be a delegate of its own to allow members of the group to be delegates of each other (i.e. members of the group "Marketing" cannot release documents on behalf of other members of this group).
User synchronization from Entra ID can fail when a user is manually created on Print Server but the same user exists also in Entra ID.
User synchronization from LDAP can cause error: Undefined array key "samaccountname" and fail.
MyQ Central Server 10.2 RC 3
13 December, 2023
Security
Hashing of passwords enhanced.
Improvements
NEW FEATURE In addition to permanent PINs, you can now create temporary PINs with limited validity.
NEW FEATURE Ukrainian was added as a new supported language to the MyQ Central Server.
Changed "Azure AD" to "Microsoft Entra ID" to correspond with MS naming.
Optimizations of Entra ID synchronization via Microsoft Graph API connector that should prevent slowdowns and skipping users.
Administrators can create multiple Entra ID instances to synchronize and authenticate users towards more than one tenant.
Added new settings to Entra ID synchronization source that allow setting attributes to synchronize the users' Full name, and Language. New attributes are also available for Aliases, PINs, Cards, and Personal numbers. It is now also possible to manually type in a required Entra ID user attribute to be used for these values.
Added additional options for User synchronization from Microsoft Entra ID (Ignore sync source, deactivate missing users, add new users).
Added report "Servers - User Rights" that groups data per server name.
New permission Delete Cards added, allowing to give users or user groups option to be able to delete ID cards without them having access to other user management features.
List of characters allowed to be used in project code expanded. Upgrade to this patch is required for the replication of projects from Sites to work correctly if any of the new characters is used.
OpenSSL updated to version 3.1.3
PHP updated to 8.2.12
CURL upgraded to 8.4.0
Apache updated to version 2.4.58.
Changes
In newly created user synchronization sources using the Entra ID connector (Microsoft Graph), the User Principal Name is now used as the username. After upgrade, existing username settings are preserved. To transition from old attributes to User Principal Name, users should be synchronized, the synchronization source removed, and created again. Users are also always paired by Entra ID's unique Object ID.
Bug Fixes
Checking uniqueness of user group names is not working properly.
Custom Help widget not displayed for users and cannot be added.
Database creation can fail in some cases on SQL Server 2022 ("Conversion failed when converting the nvarchar value 'oft'").
Database upgrade can fail in some cases ("Error while try to execute Php script version: 10.2.7").
Easy Config is missing Chinese Traditional and Chinese Simplified languages.
Hiding the Price List column on the Printers page renders the Printers page inaccessible.
Is it possible to add the same column multiple times on the Sites page.
Not possible to add groups to Sites user synchronization.
Replication can fail in some cases with error "Class "UserDto" does not exist".
Replication of data can end with warning "Dependency not found" in some cases, causing differences in reports on Site Server and Central Server.
The printer's toner level can be incorrect when the printer was on Site with a lower version than the Central Server.
Toner level information on the Printers page is missing after upgrade from previous versions.
User synchronization results page is not refreshed automatically when synchronization finishes.
User with rights to edit Scheduled report cannot select an attachment file format other than PDF.
Creating a PDF report may fail if a job containing some special characters is present.
Error "-901 Implementation limit exceeded Too many values" can occur during replications to the Central Server, potentially due to a rare device-related error causing wrong user session data reported to the Site.
MyQ Central Server 10.2 RC 2
6 October, 2023
Improvements
Firebird update to version 3.0.11.
PHP updated to version 8.2.11.
OpenSSL updated to version 3.1.3.
Built-in Groups (All users, Managers, Unclassified) are internally moved to new hidden group "Built-in" to avoid conflicts with groups with the same name created by user synchronization.
HTTPS is used for external links from the Web Interface.
Added option to synchronize "onPremisesSamAccountName" and "onPremisesDomainName" from Azure AD via MS Graph and pairing by Object ID to allow update existing users whose usernames changed.
Added option to define regular expression for user synchronization (LDAP and Azure AD) for Aliases, Cards, PINs and Personal numbers.
Added option to exclude specific user(s) from Reports.
Bug Fixes
In Job privacy mode, user running a report is excluded when Exclude filter is not used.
In Job privacy mode, Administrators and users with Manage reports rights can see only their own data in all reports, resulting in the inability to generate organization-wide reports for group accounting, projects, printers, and maintenance data.
Users could lose some Cost Center assignments after user synchronization from Azure AD and LDAP.
Change of user's Accounting Group is not propagated to Site server.
In some cases, Central upgrade fails with the error "No user specified".
Upgrade could fail in some cases (with error violation of PRIMARY or UNIQUE KEY constraint "PK_ACE" on table "ACE").
Login to Central Server's Web Interface fails if the username contains an apostrophe.
Some groups reports are not possible to save when only Accounting group filter is set with error "User may not be empty".
Two groups with identical names are indistinguishable in reports.
Synchronized users who are members of groups with identical names to MyQ built-in groups in the source, are wrongly assigned to these built-in groups due to conflicting names.
User editing own profile on Site server changes user synchronization source on Central server resulting in warnings during user synchronization.
User synchronization takes more time compared to previous MyQ versions.
MyQ Central Server 10.2 RC 1
28 July, 2023
Improvements
Added unique session identifiers to replication data to prevent differences in accounting data between Sites and Central.
PHP upgraded to version 8.2.8.
Improved look of new HTML emails. Footer text in emails can now be translated.
Added options for behavior of PINs and Cards synchronization from LDAP same way as in CSV synchronization.
Administrators do not need to re-type an authorization code when connecting cloud services into MyQ. Authorization is now done automatically.
Bug Fixes
Refresh token for Exchange Online expires due to inactivity in spite of the system is being actively used.
It is possible to save empty email destination for Log Notifier rules.
Missing Scan and Fax columns in report Projects – User Session details.
MyQ Central Server 10.2 BETA 2
29 June, 2023
Improvements
NEW FEATURE Widget "Updates" was added on the admin's Dashboard. When a new version of MyQ Central Server is released, administrators will see a notification in the MyQ Web Interface.
Added support for Romanian language.
User rights changes are logged to Audit log.
Certificates in PHP updated.
PHP updated to v8.2.6.
Changes
Removed support for GPC file format in Bulk credit recharge.
Default time periods for clean-up of jobs, log, and user sessions, performed by System Maintenance, were adjusted.
The default runtime of scheduled tasks was changed to prevent them from running at the same time.
Bug Fixes
Received email opened in Outlook is missing line breaks.
Some rows could be skipped during replication on a Site that had active user sessions. LIMITATION: Site 10.2 BETA is now not compatible with Central Server 10.2 BETA 2 due to differences in communication during replications. Upgrade of the Site to 10.2 BETA 2 is required.
Firebird temporary folder size could grow during large replication.
MyQ Central Server 10.2 BETA
1 June, 2023
Security
Domain credentials were stored in plain text in PHP session files, now fixed.
Added missing security attribute for encrypted session cookie (CWE-614).
Improvements
NEW FEATURE System health check will now report Sites that have not been replicated for some time. This will help to prevent issues with long replication queues that could result in missing or inaccurate data in reports.
NEW FEATURE Administrators can now see a list of errors which occurred during replications on the Replications settings page with help on how to resolve some of them.
NEW FEATURE Option to group Sites on Central was added. It allows administrators to configure Job roaming only among Sites within a selected group. This helps to decrease traffic needed for Job roaming to work.
NEW FEATURE New user's attribute "Alternate email" allows the administrator to add multiple email addresses to a user.
NEW FEATURE Microsoft single sign-on (Sign in with Microsoft) can now be also used to log in to the Central Server, previously available only on the Print Server.
OpenSSL updated to version 3.1.0.
PHP updated to version 8.2.5.
Apache updated to version 2.4.57.
Health check will warn the administrator if their database is using a page size of 8 KB instead of 16 KB which may affect the performance. Page size can be increased by backing up and restoring the database.
The possibility to export users only from selected group(s) into CSV was added.
More errors occurring during replications from Print Server will be now resolved automatically. This should prevent delays in replications and help with accuracy of Central reports.
Purchased Assurance Plan is displayed on the Dashboard of the MyQ Web Interface.
Possible to synchronize user's multiple email addresses. Attributes for email address need to be separated by semicolon and all the next email addresses are imported as alternate email address.
If you modify settings in the MyQ Web Interface and forget to save them, MyQ will now remind you about that.
Minimum TLS version configured for MyQ communication is visible on the Network page in Settings.
The default minimum TLS version has been increased to version 1.2.
You can now see the version of MyQ installed on your Site on the Sites page.
Users no longer need to connect their personal cloud storage on each Site individually. Once the user connects their storage on the first Site, their access is distributed to the rest of the Sites, allowing them to scan to the cloud immediately. Note that after upgrading to 10.2, users will have to re-connect their storage once in order to be connected everywhere.
Accessing Web UI over HTTP is redirected to HTTPS (except when accessing localhost).
Changes
Minimal supported version of Windows Server is 2016.
The following features were deprecated: SQL Server as user synchronization source, custom user synchronization source, schedulable external commands via Task Scheduler.
Email addresses are now a unique property. More users should not have similar email addresses to prevent incorrect pairing of jobs received via email.
User's scan storage now does not accept email addresses, only valid storage paths.
Old License Keys are not supported anymore, they have been replaced by Installation Keys.
Bug fixes
It is not possible to save addresses for site's clients IP range higher than 127.255.255.255 when using MSSQL database.
Aliases are incorrectly escaped in exported users CSV file.
Email that cannot be sent blocks all other emails from being sent.
User selection boxes sometimes do not show build in groups ("All users", "Managers", "Unclassified" options).
Some columns of some reports are showing no values.
User synchronization - LDAP export to CSV after successful import is not working, causing Web Server Error.
History deletion cannot delete old jobs from table Jobs in some cases because of foreign key.
System maintenance's Database sweeping cannot be started when Print Server is installed on the same server as Central Server.
Component Versions
Expand the content to see the version list of used components for the above MyQ Central Server releases.