Release Notes
MyQ Central Server 10.2
Minimum required support date: 1st of April 2023
Minimum required version for upgrade: 8.2
What’s New in 10.2
Find details of the improvements in MyQ 10.2 across our full range of solutions here.
MyQ Central Server 10.2 (Patch 2)
4 October, 2024
Security
Updated twig library to 3.14.0.
Improvements
Prices are now rounded to a specific number of decimals according to what is configured in Settings – General; this setting was already used in PDF reports.
PHP updated to version 8.3.12
Added the option to select groups to use for user group memberships in Entra ID user synchronization (on the Groups tab). This does not affect the users that will be synchronized, but includes/excludes groups that these users can be members of.
Smaller adjustments and fixes of inconsistencies in reports of the User category.
Added user-related additional optional columns (Username, Full name) to Total summary reports.
A new option has been added to the Entra ID sync feature, allowing administrators to synchronize groups under a parent group. This enhancement replicates the behavior of LDAP/CSV sync.
You can now select multiple search results while holding the Ctrl/Command key in any multi-item selection widget (users, groups, printers, etc.).
It is now possible to add ID cards with up to 32 characters, accommodating modern methods such as those generated by Apple Wallet.
When the log is filtered, the Generate Support Data option reflects the date selected in the filter. The end date is pre-filled automatically based on the maximum amount for export, and the Type filter has been exchanged with Verbosity.
Azure cloud service connections' Edit/Re-authorize flows were improved to prevent invalid configuration.
The fields Notes and Email have been added to the Entra ID synchronization options and can be now also adjusted. By default, Email uses the "email" user properties; Notes does not use any default.
Added additional user attributes that can be synchronized from Entra ID and LDAP. Those are: Department, Custom (1), Custom (2), and Custom (3), and they can be used to store more user-related information. These fields were also added to reports containing information about users.
REST API When listing users, their groups can also be requested in the
users
endpoints.
Changes
It is now not possible to remove columns that are used for grouping in reports. If those columns were removed, the reports might not be rendered optimally.
Bug Fixes
Users cannot connect to cloud storage on the Site server in some cases and might encounter an “Invalid parameter” error.
Report Meter reading via SNMP does not contain time in Start and End dates.
During mass-generation of PINs for users, it was an infrequent occurrence that some users were not assigned a PIN. This happened because the system, in rare cases, did not attempt to generate a new unique PIN after encountering a duplicate in the batch.
Reports from the Groups category are missing "Single color copy".
Sorting user reports "Daily summary" and "Day of Week" by username is not working properly
Integrated Windows Authentication does not properly work in domain environments with more than two levels in the domain (e.g., "sub.company.com") when the full domain is filled in the Authentication Server's settings.
When searching in groups on the Users page, the results also contain users.
Charges recorded in the Audit log on site (i.e. change of user's PIN) done by a user with administrator rights are displayed on the Central Server as *admin; the user “system” is now used instead.
The "Save as CSV" function on the Users page did not include ID Card and PIN information which helps to see whether users have PINs and ID Cards registered in the system.
MyQ Central Server 10.2 (Patch 1)
7 August, 2024
Improvements
NEW FEATURE MyQ Log interface was largely improved, it now allows saving commonly used filters and reusing them while searching or monitoring live logs.
Introduced the ability to clone an existing report, simplifying the process of creating multiple similar reports.
The user interface of User Synchronization improved. Possible to run longer synchronization than 5 minutes not only via Task Scheduler but also from the User Synchronization page, the log is being shown in real-time, and it is possible to stop synchronization and save the log to the text file.
The speed of synchronization from Entra ID improved, especially in cases when a particular group is filtered.
Filter in LDAP synchronization source settings has been enhanced, raw filtering query can be used, and also objectClass can be changed to allow for more flexibility, e.g. by using a query such as (&(objectClass=person)(|(Attribute=Value)(Attribute=Value))). If some filter existed prior upgrade, it will be converted to the raw format.
MS Visual C++ 2015-2022 Redistributable updated to 14.40.33810.
Option to synchronize multiple ID cards and PIN from Entra ID by selecting multiple attributes or one attribute supporting multiple values.
When creating a connector for Entra ID, it is now possible to also have the related Authentication Server and User Synchronization source created automatically when the "manual mode" is selected and the admin provides the app credentials manually.
Apache updated to 2.4.62.
PHP updated to 8.3.9.
MS Visual C++ 2015-2022 Redistributable updated to 14.40.33810.
Changes
Adjustments were made so that the MyQ Desktop Client 10.0 can also be used with a fresh installation of MyQ 10.2; previously, older MDC versions were supported only on upgraded installations.
Adjustments to meet the new requirements for card payments that mandate additional cardholder information during credit recharge with GP Webpay. For customers using GP Webpay, upgrade is strongly recommended.
Bug Fixes
When creating the SQL database, Window Authentication could have been attempted using a different account. The dialogue was also improved to suit the Windows authentication method better when it is selected.
The connection between the Central and Site servers when replicating data missed timeout, and it could block other sites from replicating when paused.
Multiple users with empty e-mail addresses trigger duplicate e-mail address warnings in System Health Check.
User Synchronization from CSV takes significantly longer compared to previous versions; the synchronization performance has been further optimized.
Users might not be correctly registered from the Recharge Terminal.
Upgrade from the previous Central Server versions with SQL database to the latest version 10.2 fails without secured connections.
Report "Print jobs – Daily summary" is missing Document type information.
Cascade deletion of rights in MS SQL database.
In some instances, the original document type (doc, pdf, etc.) of a print job may be incorrectly detected.
Installation of MyQ might fail when the prerequisite software required was already installed before the installation was started.
The Updates widget could incorrectly show "Update available" for the server even when this version is the one currently installed.
Inconsistency in default Accounting group when moving user into and out of group and switching accounting mode.
When generating Data for support, the data provided to our Support team does not contain the support validity date information.
When an HTTP proxy is used, users or admins might not be able to connect to services such as Microsoft Exchange Online, OneDrive for Business, or Sharepoint Online.
Scheduled reports are not sent via email if the recipient is a manually specified email address.
Central Server installed without the Firebird component causes MSSQL database creation to fail and server fails to start.
Scheduled report is generated and sent repeatedly to the same user when the user is a member of multiple user groups.
MyQ Central Server 10.2 RTM
13 June, 2024
Improvements
Added a more flexible option for updating users synchronized from Entra ID onto the same users already existing in MyQ who were previously synchronized from AD; a personal number field that should store a unique identifier of the user in both sources can now be used in Entra ID to pair the user identities.
PHP updated to version 8.3.7.
SQL Database creation process and UI improved.
Changes
After changing the PIN length in Settings, administrators can choose whether to generate new PINs only for users who already have a PIN or all users.
SQL Server 2014 is no longer supported. Minimum supported version of SQL Server is 2016.
Bug Fixes
A user with user right "Delete Cards" is not able to delete cards due to options in the dialogue available on their Web Interface being inactive.
Configured connections (Settings – Connections) could have been invalidated during the upgrade in specific cases such as when the *admin account still used the default password "1234" (note: since MyQ 10.2 RC 4, the *admin does not have any default password set anymore) or when the admin account that created this connector later changed their MyQ password.
Database upgrade between patches can fail in rare cases (The DELETE statement conflicted with the REFERENCE constraint "FK_ACE_TBLORMOBJECTS").
Generating reports or report previews might fail with an error in some cases.
Ineligible PIN could have been sent to users by email if those users were imported from CSV which was exported from older MyQ versions (and when Send PIN via email was enabled).
PIN displayed by the user (i.e. when the user attempts to recover the PIN) is displayed without leading zeros. Example: PIN 0046 is displayed as 46.
Rights for reports and its related scheduled settings are not inherited.
When logging in with the Sign in with Microsoft option, accounts the user is already signed into with Microsoft might not have been detected and offered to be used.
MyQ Central Server 10.2 RC 4
17 May, 2024
Security
Default password for the *admin account is not set for new MyQ installations anymore. Set the password manually in the Easy Config before heading to the MyQ Web Admin Interface. If you are still using the default password at the time of the upgrade, you will be asked to create a new one in the Easy Config.
Added option to enable/disable *admin account which leads to a new possibility to lock *admin account for login when required. It is recommended to assign specific users desired rights and prevent using a shared account for server administration.Added option to enforce or disable encryption when connecting to the SQL Server in the Easy Config's database configuration step.
Improved logging of login events especially attempts to log in with invalid credentials.
LDAP communication was not validating certificates.
Limited access to data that could be considered sensitive when custom reports are used.
Limited options for well-known clients to request certain operations on users via REST API.
REST API Removed capability to change the authentication server of a user (LDAP) server.
The access of the account for external reporting has been limited, some database tables with data that might be considered sensitive will not be accessible by default by this user.
Unauthenticated Remote Code Execution Vulnerability fixed (resolves CVE-2024-28059 reported by Arseniy Sharoglazov).
Scopes well-known clients (MyQ applications) can request were limited.
Unsuccessful authentications are now limited for security reasons, by default, the client/device is blocked for 5 minutes if more than 5 invalid login attempts are registered in a span of 60 seconds; these periods can be manually adjusted.
Improvements
NEW FEATURE Added support for Integrated Windows Authentication (Windows single sign-on) for Web User Interface and MyQ Desktop Client 10.2, logging in environments where IWA is used can be enabled in Settings – User Authentication and MyQ Desktop Client's Configuration profiles.
NEW FEATURE Added support for MyQ in IPv6 networks, IPv6 addresses can now be used across MyQ to configure authentication servers, SMTP, add printers, communicate with Site servers and more.
NEW FEATURE Entra ID (Azure AD) Joined devices are now supported for Job Authentication; a new option to Entra ID User Synchronization can automatically create compatible user aliases from concatenated Display names (for job submission from local accounts such as AzureAD\displayName).
The connection processes for SharePoint Online and Entra ID were improved, administrators can use the Automatic mode when creating the connector which does not require creating an Azure application manually but uses a MyQ predefined Enterprise application instead.
Added options that allow to automatically create a synchronization source and authentication server for Entra ID in the dialogue for adding a new Entra ID connector.
To strengthen the security of user authentication, manually and automatically generated PINs are now subject to improved complexity standards; weak PINs (with subsequent numbers, etc.) cannot be manually set and are never automatically generated. It is recommended to always use the Generate PINs functionality instead of filling PINs manually.
Default PIN length increased to 6 and minimum PIN length is now 4, resulting in improved security defaults for user authentication; for upgraded installations, if PIN is set to length below 4, it is automatically increased and will be used next time you generate new PINs.
Added options to select the level of synchronization for Groups in Entra ID sources; allowing for more flexibility such as choosing whether full synchronization should be performed or when synchronization should be skipped.
A warning when removing a trial license was added to inform that another trial license cannot be added in case there are accounted jobs from active user sessions existing in MyQ.
Added option to add an additional column "Project code" to reports in the Projects category.
Columns Total, B&W, and Color renamed to Total, B&W, and Color parsed pages in certain reports to clarify that these reports show the number of pages as they arrived in MyQ and not the final printed and accounted pages.
Improved logging of user synchronization issues.
LDAP synchronization options are validated on saving to avoid duplicated Base DNs which could cause errors during user synchronization.
Name or Tenant Domain is displayed of Entra ID is displayed on the Connections page for better recognition when multiple tenants are used.
Password field for SMTP settings can accept up to 1024 characters instead of 40.
The design of the Azure-related connectors (Entra ID, OneDrive for Business, and SharePoint Online) was improved.
REST API Added option to soft-delete users.
REST API Enhanced options for user management by allowing you to set user group memberships.
Firebird upgraded to version 4.
.NET Runtime updated to version 8.
PHP updated to version 8.3.6.
OpenSSL updated to version 3.3.0.
OpenSSL updated to version 3.2.1.
Apache updated to version 2.4.59.
Changes
Correction of project names "No project" and "Without project".
Custom reports have to be signed; in case the installation uses custom reports, backup them before the upgrade to be able to request signing.
Deleted sites are not displayed in "With issue" filter on Sites page.
Lotus Domino has been repositioned to the legacy mode; upgraded installations will preserve Lotus Domino integration (it is recommended to test the integration before upgrading production environments), and new installations will not have the option to add a new Lotus Domino connection available by default.
Security settings in Web Interface were renamed from SSL to TLS.
The CASHNet payment provider has been deprecated; the upgrade will also remove the existing CASHNet payment provider, payment history data are preserved and moved under "External Payment Provider", and thus backup of payment history is recommended before the upgrade if CASHNet was used.
The option to allow unsecure communication with Central Server was removed. This means SSL/TLS is always enforced in communication between Central and Sites.
As part of excluding jobs moved by Job Scripting from the Expired and deleted jobs report, a new rejection reason can be seen for such jobs on the Jobs page.
Bug Fixes
"Count it" on the Sites page might result in an error message being displayed.
Cannot generate support data over midnight.
Certificate validation could cause problems with connecting to Google Workspace.
Certificates are not validated during connection to cloud services.
Configured HTTP proxy is not used for connections to Entra ID and Gmail.
Custom Help widget is not displayed on the Dashboard by default.
Easy Config > Log > Subsystem filter: "Unselect all" is present even if all is already unselected.
Installing PS and CS on one server causes error: Error occurred while trying to replace existing file, DeleteFile failed; code 5.
Monthly report containing the Period column has months in incorrect order.
Not possible to authenticate user against LDAP using LDAP authentication server with autoresolved address.
Original jobs moved to different queue by job scripting are included in reports for expired and deleted jobs.
Recharging credit via GP webpay - payment gateway is not loaded when the user's language is set to specific languages (FR, ES, RU).
Replication from all Sites might be paused due to a replication problem with only one Site server.
Report "Projects - User Session details" shows the user's Full name in the User name field.
SMTP test error message contains incomplete information.
Some groups might be considered different if they contain full-width and half-width characters in the name.
The test of connection to Google Workspace in the authentication server settings which did not require credentials previously could have impacted user synchronization and caused problems with authentication to Google Workspace; The Test of connection will now also require user credentials filled in similarly to the synchronization source settings.
Toner level on the Printers page might not be displayed in some cases.
User group is not possible to be a delegate of its own to allow members of the group to be delegates of each other (i.e. members of the group "Marketing" cannot release documents on behalf of other members of this group).
User synchronization from Entra ID can fail when a user is manually created on Print Server but the same user exists also in Entra ID.
User synchronization from LDAP can cause error: Undefined array key "samaccountname" and fail.
MyQ Central Server 10.2 RC 3
13 December, 2023
Security
Hashing of passwords enhanced.
Improvements
NEW FEATURE In addition to permanent PINs, you can now create temporary PINs with limited validity.
NEW FEATURE Ukrainian was added as a new supported language to the MyQ Central Server.
Changed "Azure AD" to "Microsoft Entra ID" to correspond with MS naming.
Optimizations of Entra ID synchronization via Microsoft Graph API connector that should prevent slowdowns and skipping users.
Administrators can create multiple Entra ID instances to synchronize and authenticate users towards more than one tenant.
Added new settings to Entra ID synchronization source that allow setting attributes to synchronize the users' Full name, and Language. New attributes are also available for Aliases, PINs, Cards, and Personal numbers. It is now also possible to manually type in a required Entra ID user attribute to be used for these values.
Added additional options for User synchronization from Microsoft Entra ID (Ignore sync source, deactivate missing users, add new users).
Added report "Servers - User Rights" that groups data per server name.
New permission Delete Cards added, allowing to give users or user groups option to be able to delete ID cards without them having access to other user management features.
List of characters allowed to be used in project code expanded. Upgrade to this patch is required for the replication of projects from Sites to work correctly if any of the new characters is used.
OpenSSL updated to version 3.1.3
PHP updated to 8.2.12
CURL upgraded to 8.4.0
Apache updated to version 2.4.58.
Changes
In newly created user synchronization sources using the Entra ID connector (Microsoft Graph), the User Principal Name is now used as the username. After upgrade, existing username settings are preserved. To transition from old attributes to User Principal Name, users should be synchronized, the synchronization source removed, and created again. Users are also always paired by Entra ID's unique Object ID.
Bug Fixes
Checking uniqueness of user group names is not working properly.
Custom Help widget not displayed for users and cannot be added.
Database creation can fail in some cases on SQL Server 2022 ("Conversion failed when converting the nvarchar value 'oft'").
Database upgrade can fail in some cases ("Error while try to execute Php script version: 10.2.7").
Easy Config is missing Chinese Traditional and Chinese Simplified languages.
Hiding the Price List column on the Printers page renders the Printers page inaccessible.
Is it possible to add the same column multiple times on the Sites page.
Not possible to add groups to Sites user synchronization.
Replication can fail in some cases with error "Class "UserDto" does not exist".
Replication of data can end with warning "Dependency not found" in some cases, causing differences in reports on Site Server and Central Server.
The printer's toner level can be incorrect when the printer was on Site with a lower version than the Central Server.
Toner level information on the Printers page is missing after upgrade from previous versions.
User synchronization results page is not refreshed automatically when synchronization finishes.
User with rights to edit Scheduled report cannot select an attachment file format other than PDF.
Creating a PDF report may fail if a job containing some special characters is present.
Error "-901 Implementation limit exceeded Too many values" can occur during replications to the Central Server, potentially due to a rare device-related error causing wrong user session data reported to the Site.
MyQ Central Server 10.2 RC 2
6 October, 2023
Improvements
Firebird update to version 3.0.11.
PHP updated to version 8.2.11.
OpenSSL updated to version 3.1.3.
Built-in Groups (All users, Managers, Unclassified) are internally moved to new hidden group "Built-in" to avoid conflicts with groups with the same name created by user synchronization.
HTTPS is used for external links from the Web Interface.
Added option to synchronize "onPremisesSamAccountName" and "onPremisesDomainName" from Azure AD via MS Graph and pairing by Object ID to allow update existing users whose usernames changed.
Added option to define regular expression for user synchronization (LDAP and Azure AD) for Aliases, Cards, PINs and Personal numbers.
Added option to exclude specific user(s) from Reports.
Bug Fixes
In Job privacy mode, user running a report is excluded when Exclude filter is not used.
In Job privacy mode, Administrators and users with Manage reports rights can see only their own data in all reports, resulting in the inability to generate organization-wide reports for group accounting, projects, printers, and maintenance data.
Users could lose some Cost Center assignments after user synchronization from Azure AD and LDAP.
Change of user's Accounting Group is not propagated to Site server.
In some cases, Central upgrade fails with the error "No user specified".
Upgrade could fail in some cases (with error violation of PRIMARY or UNIQUE KEY constraint "PK_ACE" on table "ACE").
Login to Central Server's Web Interface fails if the username contains an apostrophe.
Some groups reports are not possible to save when only Accounting group filter is set with error "User may not be empty".
Two groups with identical names are indistinguishable in reports.
Synchronized users who are members of groups with identical names to MyQ built-in groups in the source, are wrongly assigned to these built-in groups due to conflicting names.
User editing own profile on Site server changes user synchronization source on Central server resulting in warnings during user synchronization.
User synchronization takes more time compared to previous MyQ versions.
MyQ Central Server 10.2 RC 1
28 July, 2023
Improvements
Added unique session identifiers to replication data to prevent differences in accounting data between Sites and Central.
PHP upgraded to version 8.2.8.
Improved look of new HTML emails. Footer text in emails can now be translated.
Added options for behavior of PINs and Cards synchronization from LDAP same way as in CSV synchronization.
Administrators do not need to re-type an authorization code when connecting cloud services into MyQ. Authorization is now done automatically.
Bug Fixes
Refresh token for Exchange Online expires due to inactivity in spite of the system is being actively used.
It is possible to save empty email destination for Log Notifier rules.
Missing Scan and Fax columns in report Projects – User Session details.
MyQ Central Server 10.2 BETA 2
29 June, 2023
Improvements
NEW FEATURE Widget "Updates" was added on the admin's Dashboard. When a new version of MyQ Central Server is released, administrators will see a notification in the MyQ Web Interface.
Added support for Romanian language.
User rights changes are logged to Audit log.
Certificates in PHP updated.
PHP updated to v8.2.6.
Changes
Removed support for GPC file format in Bulk credit recharge.
Default time periods for clean-up of jobs, log, and user sessions, performed by System Maintenance, were adjusted.
The default runtime of scheduled tasks was changed to prevent them from running at the same time.
Bug Fixes
Received email opened in Outlook is missing line breaks.
Some rows could be skipped during replication on a Site that had active user sessions. LIMITATION: Site 10.2 BETA is now not compatible with Central Server 10.2 BETA 2 due to differences in communication during replications. Upgrade of the Site to 10.2 BETA 2 is required.
Firebird temporary folder size could grow during large replication.
MyQ Central Server 10.2 BETA
1 June, 2023
Security
Domain credentials were stored in plain text in PHP session files, now fixed.
Added missing security attribute for encrypted session cookie (CWE-614).
Improvements
NEW FEATURE System health check will now report Sites that have not been replicated for some time. This will help to prevent issues with long replication queues that could result in missing or inaccurate data in reports.
NEW FEATURE Administrators can now see a list of errors which occurred during replications on the Replications settings page with help on how to resolve some of them.
NEW FEATURE Option to group Sites on Central was added. It allows administrators to configure Job roaming only among Sites within a selected group. This helps to decrease traffic needed for Job roaming to work.
NEW FEATURE New user's attribute "Alternate email" allows the administrator to add multiple email addresses to a user.
NEW FEATURE Microsoft single sign-on (Sign in with Microsoft) can now be also used to log in to the Central Server, previously available only on the Print Server.
OpenSSL updated to version 3.1.0.
PHP updated to version 8.2.5.
Apache updated to version 2.4.57.
Health check will warn the administrator if their database is using a page size of 8 KB instead of 16 KB which may affect the performance. Page size can be increased by backing up and restoring the database.
The possibility to export users only from selected group(s) into CSV was added.
More errors occurring during replications from Print Server will be now resolved automatically. This should prevent delays in replications and help with accuracy of Central reports.
Purchased Assurance Plan is displayed on the Dashboard of the MyQ Web Interface.
Possible to synchronize user's multiple email addresses. Attributes for email address need to be separated by semicolon and all the next email addresses are imported as alternate email address.
If you modify settings in the MyQ Web Interface and forget to save them, MyQ will now remind you about that.
Minimum TLS version configured for MyQ communication is visible on the Network page in Settings.
The default minimum TLS version has been increased to version 1.2.
You can now see the version of MyQ installed on your Site on the Sites page.
Users no longer need to connect their personal cloud storage on each Site individually. Once the user connects their storage on the first Site, their access is distributed to the rest of the Sites, allowing them to scan to the cloud immediately. Note that after upgrading to 10.2, users will have to re-connect their storage once in order to be connected everywhere.
Accessing Web UI over HTTP is redirected to HTTPS (except when accessing localhost).
Changes
Minimal supported version of Windows Server is 2016.
The following features were deprecated: SQL Server as user synchronization source, custom user synchronization source, schedulable external commands via Task Scheduler.
Email addresses are now a unique property. More users should not have similar email addresses to prevent incorrect pairing of jobs received via email.
User's scan storage now does not accept email addresses, only valid storage paths.
Old License Keys are not supported anymore, they have been replaced by Installation Keys.
Bug fixes
It is not possible to save addresses for site's clients IP range higher than 127.255.255.255 when using MSSQL database.
Aliases are incorrectly escaped in exported users CSV file.
Email that cannot be sent blocks all other emails from being sent.
User selection boxes sometimes do not show build in groups ("All users", "Managers", "Unclassified" options).
Some columns of some reports are showing no values.
User synchronization - LDAP export to CSV after successful import is not working, causing Web Server Error.
History deletion cannot delete old jobs from table Jobs in some cases because of foreign key.
System maintenance's Database sweeping cannot be started when Print Server is installed on the same server as Central Server.
Component Versions
Expand the content to see the version list of used components for the above MyQ Central Server releases.