v2.4.17

The new release 2.4.17 contains the following security fixes:

• CVE-2026-27447: The scheduler treated local user and group names as case-
  insensitive.
• CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS
  directory.
• CVE-2026-34980: The scheduler did not filter control characters from option
  values.
• CVE-2026-34979: The scheduler did not always allocate enough memory for a
  job's options string.
• CVE-2026-34990: The scheduler incorrectly allowed local certificates over the
  loopback interface.
• CVE-2026-39314: Fixed the range check for job password strings.
• CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
• CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.

where the last CVE number is requested from Github for several days now, the number will be corrected once we have one, but we decided to make a release to share the other fixes.

The release includes other fixes as well, listed in CHANGES.md.

Enjoy!

v2.4.16

The hotfix release 2.4.16 includes fix for infinite loop in GTK, which was caused by change of internal behavior in libcups on which GTK depended on, and workaround for stopping the scheduler if configuration includes unknown directives.

The full list of changes is shown in CHANGES.md.

Enjoy!

v2.4.15

The release CUPS 2.4.15 brings two CVE fixes:

• Fix various cupsd issues which cause local DoS (CVE-2025-61915)
• Fix unresponsive cupsd process caused by slow client (CVE-2025-58436)

and several bug fixes described in CHANGES.md.

Enjoy!

v2.4.14

The hotfix release brings fix for installation process of localized templates and CUPS web UI home pages.

Enjoy!

v2.4.13

The release 2.4.13 brings two CVE fixes - fix for important CVE-2025-58060 and fix for moderate CVE-2025-58364, together with several bug fixes.

The release includes a new feature - new attribute for printer and job objects - print-as-raster - which allows enforce rasterization of the file for IPP Everywhere/AirPrint printers, which supports PDF and raster document formats. The feature is useful for working around internal PDF issues in the printer firmware, for example missing diacritic when printing a PDF.

The detailed list of changes is available in CHANGES.md.

Enjoy the release!

v2.4.12

The last planned release of CUPS 2.4.x series (the next will be 2.5.x series) contains several enhancements among set of bug fixes, such following cryptographic policies when using GnuTLS crypto provider and possibility to opt-out from this behavior, logging job debugging history if print queue backends fails, or raising alerts for certificate issues in IPPS backend.

The detailed list of changes is available in CHANGES.md.

Enjoy the new release!

v2.4.11

CUPS 2.4.11 brings several bug fixes regarding IPP response validation, processing PPD values, Web UI support (checkbox support, modifying printers) and others fixes.

Detailed list of changes is available in CHANGES.md

Enjoy!

v2.4.10

CUPS 2.4.10 brings two fixes:

• Fixed error handling when reading a mixed 1setOf attribute.
• Fixed scheduler start if there is only domain socket to listen on (Issue #985)

which the latter is fix for regression after fix for CVE-2024-35235 in scenarios where is no other listeners in cupsd.conf than domain socket created on demand by systemd, launchd or upstart.

Enjoy!

v2.4.9

CUPS 2.4.9 brings security fix for CVE-2024-35235 and several bug fixes regarding CUPS Web User Interface, PPD generation and HTTP protocol implementation.

Detailed list of changes is available in CHANGES.md.

Enjoy!

v2.4.8

CUPS 2.4.8 brings many bug fixes which aggregated over the last half a year. It brings the important fix for race conditions and errors which can happen when installing permanent IPP Everywhere printer, support for PAM modules password-auth and system-auth and new option for lpstat which can show only the successful jobs.

Detailed list of changes is available in CHANGES.md.

Enjoy!