Software Support - RICOH Software Information Center

1 Software Support Documents

Refer to the documents below for important information about support processes for Ricoh software products.

1.1 Using the Ricoh Software Support Website

You can use the Ricoh Software Support website to open and manage support tickets for products such as RICOH ProcessDirector™, RICOH InfoPrint Manager™, RICOH Supervisor™, and the RICOH TotalFlow products.

1.1.1 Registering and updating your profile

To use the Ricoh Software Support Website, you must register and update your profile with your contact information.

To register and update your profile:

Open the Support website: https://support.ricohsoftware.com

Tip: Bookmark the site so you can find it easily next time.
Create an account:
1. Click New to Ricoh? Sign up.
2. Enter your email address and password and click Create.
3. Check your email. Follow the instructions in the email to set your password and fill in additional information.
Log in to your account.
After you log in, click your name in the upper right and choose My Profile ⇒ Edit Profile. Add your phone number to your profile.
Now you can create, view, update, and close tickets.

For a demonstration of these steps, watch this video.

Tip: To open the video in full screen mode:

Using Firefox: Click the full screen icon in the lower right corner of the video player.
Using Chrome or Edge: Click this link: Open in full screen mode

1.1.2 Opening and managing support tickets

On the Ricoh Software Support Website, you'll open support tickets to request assistance or information. As the situation progresses, you and the Support team can update the ticket to keep each other informed of progress or other changes. When the issue is resolved, the ticket is closed.

To open or manage a support ticket:

Open the Support website: https://support.ricohsoftware.com

Tip: Bookmark the site so you can find it easily next time.
To create a support ticket:
1. Click Submit a Request in the middle or top right of the screen.
2. In the CC field, you can list email addresses for anyone who should be copied on responses to the ticket, such as your coworkers or supervisor.
3. Enter your information in all the fields.
4. Click Submit.
To view existing support tickets:
1. Click My activities, then Requests.
  - My Requests shows the tickets that you opened.
  - Requests I'm CC'd on shows the tickets that other people have opened and have listed you in the CC field.
  - Organization requests shows all the tickets opened by members of you company.
2. Use the Status filter to display tickets in different states, such as Open, Closed, or Awaiting your reply. Choose Any to display all tickets.
3. To open a specific ticket, click its Subject.
To update a support ticket:
1. Click on the ticket.
2. Click Add to conversation, then type your update.
  You can add a coworker in the CC field here too.
3. Click Submit.
  When you submit your entry, the support team is notified that the ticket was updated and it requires their attention.
4. If you are updating a ticket to report a critical production down issue and it is off-shift, you must open a new ticket. When you open the new ticket, choose 1 - Critical (Production Down Only) for the priority and refer to the existing ticket number in the Short Subject Description.
Note: Currently, you cannot change the severity of a ticket.
If an existing ticket has become a critical, production down issue AND requires off-shift support (outside the hours of 6AM-6PM US Mountain Time), you must open a new ticket with the Priority field set to 1 - Critical (Production Down Only). Refer to the existing ticket number in the Short Subject Description field.

In this situation, the support team is called in to help during off-shift hours.

When you open the new ticket, choose 1 - Critical (Production Down Only) for the priority.

Important: Only open a new ticket for critical production down issues that require off-shift assistance! Status updates not requiring off-shift callout should be handled as regular updates to the existing ticket.
To close a support ticket:
1. Click on the ticket.
2. Click Add to conversation, then type a message letting the support team know that the ticket can be closed.
3. Click Mark as solved & Submit.

1.2 Security Vulnerability updates

Check this page for updates related to critical security vulnerabilities.

1.2.1 CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105: Apache log4j

CVE-2021-44228 was opened on December 10, 2021. CVE-2021-45046 and CVE-2021-45105 followed on December 14th and December 18th.

For information about these vulnerabilities, see:

Use the links below to find updates and instructions to mitigate these vulnerabilities for the products listed. The following Ricoh software products are not affected by CVE-2021-44228, CVE-2021-45046, or CVE-2021-44228:

RICOH InfoPrint Font Collection
RICOH InfoPrint PPFA
RICOH InfoPrint WorkFlow
RICOH InfoPrint XT
RICOH Web Enablement Solutions Suite

1.2.1.1 RICOH ProcessDirector™

The RICOH ProcessDirector team provides these procedures to mitigate the effects of CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide, and released this statement to our customers.

All customers:

Virtually all current customers of RICOH ProcessDirector must update some part of your system to address these vulnerabilities.
Follow the procedure below the pink box to determine which parts of your system need to be updated and the actions required.

IF YOU ARE RUNNING RICOH PROCESSDIRECTOR 3.8.4 OR NEWER (including 3.9.x and 3.10):

Proceed to step 1 under the pink box to update your system.

IF YOU ARE RUNNING A VERSION OF RICOH PROCESSDIRECTOR PRIOR TO 3.8.4 READ THESE BULLETS:

RICOH ProcessDirector versions prior to 3.8.4 use log4j version 1.x, which predates the security vulnerability. Log4j version 1.x packages are neither updated nor removed in these mitigation procedures.
If your security processes require you to update all software to the most recent levels of log4j and you are running a version of RICOH ProcessDirector prior to version 3.8.4, you must first upgrade to RICOH ProcessDirector 3.10, then apply one of the patches provided.
If you have ever installed a ProductUpdate feature (such as to resolve a support ticket), some of the log4j files on your system might have been updated to log4j 2.x. Follow the procedure below the pink box to determine which parts of your system need to be updated and the actions required.

Important:

April 19, 2022, 5:00 PM EDT
- A permanent solution for updating Ricoh PDF Printers to log4j version 2.17.1 is now available. To get this update, contact Software Support and request the Ricoh PDF Printer feature, version 1.0.0.0.226574 or higher.
- Updates to address the log4j vulnerability in IBM DB2 are available. Contact Software Support for an update package.
- With this update, all RICOH ProcessDirector components have solutions to update log4j to version 2.17.1. This is the final update that the RICOH ProcessDirector team will provide on this page.
January 6, 2022, 4:00 PM EST
- After following the instructions below to update RICOH ProcessDirector, JDNI lookup is disabled. As a result, following these procedures mitigates the vulnerability identified in CVE-2021-44832.
January 3, 2022, 7:00 PM EST
- Updated with additional steps for updating RICOH PDF printers.
- The RICOH ProcessDirector team is aware of CVE-2021-44832, published on December 28, 2021. The team is investigating whether this medium severity vulnerability affects RICOH ProcessDirector.
December 22, 2021, 6:30 PM EST
- Steps to update the RICOH Transform Features have been added.
December 21, 2021, 7:00 PM EST
- The log4j fixes provided on December 17th and 20th updated most of the log4j files in your RICOH ProcessDirector directory trees to version 2.16.0. We recommend following the instructions below to upgrade those files to log4j 2.17.0.
  At a later time, we will provide feature updates that contain these updates, but use these instructions to update log4j to version 2.17 now.
- If you install additional features after applying this fix you might need to follow these instructions again.
- IBM DB2 uses version log4j version 1.x, which is not affected by these security vulnerabilities. You do not need to update these files.
December 21, 2021, 1:30 PM EST
- Instructions for the official fix posted on December 20th were removed from the website for revision.
- Follow instructions for the temporary fix until further updates are posted.
December 20, 2021, 5:00 PM EST
- Over the weekend, an additional security vulnerability related to log4j (CVE-2021-45105) was opened which necessitated the release of log4j version 2.17. RICOH ProcessDirector is not vulnerable to this high priority issue because it does not use context (ctx) lookups in its logging patterns. In addition, JNDI is disabled in log4j version 2.16 by default. RICOH ProcessDirector does not enable it.
  We plan to upgrade to log4j version 2.17 or later in the upcoming RICOH ProcessDirector version 3.10.1 release, per our established process for resolving high-, meduim-, and low-severity security vulnerabilities.
- The procedures below have been updated to address incorrect path statements in some steps and to improve readability.
December 17, 2021, 11:30 PM EST:
- An affected version of log4j was introduced in RICOH ProcessDirector in version 3.8.4 and is present in all versions through 3.10.0. The component was also included in ProductUpdate package 3.4.205086 and higher. Follow the instructions below to check your product version, download an update package, and install the update.
  In addition, an affected version of log4j was included in the RicohPDFPrinter feature package, version 1.0.0.0.212710 and later.
- The instructions below provide two options: a temporary fix and an official fix. Both options install log4j version 2.16.
- The RICOH Transform Feature and RICOH PDF Printers also require updates. Instructions for those updates are under development.

To update RICOH ProcessDirector to address these vulnerabilities:

Determine which components of RICOH ProcessDirector you must update.
These components of RICOH ProcessDirector include affected levels of log4j:
1. The base product
  Navigate to this directory on your primary computer:
  - AIX or Linux:$AIWDATA/lib
  - Windows:%AIWDATA%\lib
  If you see the file log4j.jar in that directory, you must complete step 4 to update the base product.
2. RICOH PDF printers
  This component is installed by default and has contained affected versions of log4j for many versions. All customers must follow the instructions in step 5 to update this component.
3. RICOH ProcessDirector Plug-in for Adobe Acrobat
  If you have installed the PDF Document Support feature and users have installed the Adobe Acrobat plug-in, each user must follow the instructions in step 6 below.
4. RICOH Transform Features
  RICOH Transform Features for RICOH ProcessDirector version 3.9.2 or higher include an affected version of log4j. Follow the instructions in step 7 below.
  
  Previous versions of the Transform Features use unaffected versions of log4j and do not need to be updated.
Download the patch that contains log4j.jar version 2.17.0:
1. Click to download: log4j patch
  MD5 checksum: 02590758d0020507effa40b6a041ad37
2. Move the patch to a location that you can access from your primary computer.
3. Verify the checksum for the package matches the value listed above.
  Open a command prompt and run the correct command for the operating system you are working on. Replace File or package name with the name of the file or package to verify.
  - AIX:csum -h MD5 File or package name
  - Linux:md5sum File or package name
  - Windows:certutil -hashfile File or package name MD5
  If the value does not match, do not install the package. Delete the package and download again.
Back up your system before you make any changes.
Install the log4j fix for the base product:
- This process only instructs you to update log4j version 2.x files, not version 1.x files.
- For RICOH ProcessDirector versions lower than 3.8.4: Do not replace any log4j-1.x*. files. If you need to migrate from log4j1.x to log4j 2.17, you must upgrade to RICOH ProcessDirector version 3.10.
- For RICOH ProcessDirector versions 3.8.4 and higher: If you find any log4j-1.x files on the system, they are not used and should be safe to remove. RICOH ProcessDirector 3.8.4 and higher only uses log4j 2.x files.
1. To install on Linux or AIX:
  1. Log in as the RICOH ProcessDirector system user (default is aiw1).
  2. Navigate to $AIWDATA
  3. Run this command: find . | grep log4j.jar|grep -v ant-apache-log4j.jar
    Note:
    ant-apache-log4j.jar is not the same as log4j.jar. The command excludes the ant-apache-log4j.jar files from the results because that file does not need to be updated.
  4. Replace all instances of log4j.jar in the $AIWDATA directory tree with the version that you downloaded.
  5. Navigate to $AIWPATH.
  6. Run this command: find . | grep log4j.jar|grep -v ant-apache-log4j.jar
    Note:
    ant-apache-log4j.jar is not the same as log4j.jar. The command excludes the ant-apache-log4j.jar files from the results because that file does not need to be updated.
  7. Replace all instances of log4j.jar in the $AIWPATH directory tree with the version that you downloaded.
  8. Run this command to restart RICOH ProcessDirector: stopaiw && startaiw
2. To install on Windows:
  1. Log in as the user who installed RICOH ProcessDirector.
  2. Stop the RICOH ProcessDirector service.
  3. Open file explorer and navigate to: %AIWDATA%
  4. Search for all instances of the log4j.jar.
    Note:
    ant-apache-log4j.jar is not the same as log4j.jar. Do not update ant-apache-log4j.jar from your list.
  5. Replace all instances of log4j.jar under the %AIWDATA% directory with the version that you downloaded.
  6. Navigate to: %AIWPATH%
  7. Search for all instances of the log4j.jar.
    Note:
    ant-apache-log4j.jar is not the same as log4j.jar. Do not update ant-apache-log4j.jar from your list.
  8. Replace all instances of log4j.jar under the %AIWPATH% directory with the version that you downloaded.
  9. Restart the Windows system.
Install the fix for the RICOH PDF printers:
- The procedures for Windows primary and application servers refer to the 7-Zip program for manipulating ZIP and other types of compressed files. If you do not have or cannot install 7-Zip, you can use another utility that lets you delete files from an archive. Adapt the instructions for the utility you use.
1. On the Linux primary server:
  1. Log in as the RICOH ProcessDirector user (default is aiw1).
  2. Open a command line and type:
```
cd $AIWDATA/pc/ws/webapps/printing/WEB-INF/lib/
ls log4j-core*
```
  3. Make note of the full name of the log4j-core . For example, the file name might be log4j-core-2.14.0.jar.
  4. Type this command, replacing JAR_file_name with the full name of the log4j-core :
```
zip -q -d JAR_file_name org/apache/logging/log4j/core/lookup/JndiLookup.class
```
    For example, if the file name is log4j-core-2.14.0.jar, enter this command:
```
zip -q -d log4j-core-2.14.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
```
  5. To verify that the command above removed the JndiLookup class from the log4j package, run this command:
```
unzip -l JAR_file_name | grep JndiLookup
```
    The command returns no results when the step above worked properly.
  6. Delete the file sdi.jar. Enter these commands:
```
cd $AIWDATA/pc/bin/depends/lib
rm sdi.jar
```
  7. Restart RICOH ProcessDirector. Run this command:
```
stopaiw && startaiw
```
2. On the Linux secondary server:
  1. Log in as the RICOH ProcessDirector user (default is aiw1).
  2. Check to see whether this directory exists on the system: $AIWPATH/pc/ws/webapps/printing/WEB-INF/lib/
    If it exists, continue with the next step. If it does not exist, you do not have to make any changes on the Secondary server. Continue to step 5.
  3. Open a command line and type:
```
cd $AIWPATH/pc/ws/webapps/printing/WEB-INF/lib/
ls log4j-core*
```
  4. Make note of the full name of the log4j-core . For example, the file name might be log4j-core-2.14.0.jar.
  5. Type this command, replacing JAR_file_name with the full name of the log4j-core :
```
zip -q -d JAR_file_name org/apache/logging/log4j/core/lookup/JndiLookup.class
```
    For example, if the file name is log4j-core-2.14.0.jar, enter this command:
```
zip -q -d log4j-core-2.14.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
```
  6. To verify that the command above removed the JndiLookup class from the log4j package, run this command:
```
unzip -l JAR_file_name | grep JndiLookup
```
    The command returns no results when the step above worked properly.
  7. Delete the file sdi.jar. Enter these commands:
```
cd $AIWPATH/pc/bin/depends/lib
rm sdi.jar
```
  8. Restart RICOH ProcessDirector. Run this command:
```
stopaiw && startaiw
```
3. On the Windows primary server:
  1. In File Explorer, open %AIWDATA%\pc\ws\webapps\printing\WEB-INF\lib.
    AIWDATA is usually a path likeC:\aiw\aiw1
  2. Right click the log4j-core*. and select 7-Zip ⇒ Open Archive.
  3. In 7-ZIP, open: org/apache/logging/log4j/core/lookup
  4. Find and delete: JndiLookup.class
  5. Return to File Explorer and open: %AIWDATA%\pc\bin\depends\lib
  6. Find sdi.jar and delete it.
  7. Restart the RICOH ProcessDirector service.
4. On a Windows Application server:
  1. In File Explorer, see whether this directory exists: %AIWPATH%\pc\ws\webapps\printing\WEB-INF\lib.
    AIWPATH is usually a path like C:\Program Files\Ricoh\ProcessDirector
    
    If it exists, continue with the next step. If it does not exist, you do not have to make any changes on the Application server. Continue to step 5.
  2. Right click the log4j-core*. and select 7-Zip ⇒ Open Archive.
  3. In 7-ZIP, open: org/apache/logging/log4j/core/lookup
  4. Find and delete: JndiLookup.class
  5. Return to File Explorer and open: %AIWPATH%\pc\bin\depends\lib
  6. Find sdi.jar and delete it.
  7. Restart the RICOH ProcessDirector service.
Instruct all users who have the RICOH ProcessDirector Plug-in for Adobe Acrobat installed on their systems to complete these steps. Provide these steps and the updated log4j.jar file to those users.
1. Log on to the system where the RICOH ProcessDirector Plug-in for Adobe Acrobat is installed.
2. Shut down Adobe Acrobat.
3. Restart your Windows system to ensure all processes are stopped.
4. Open file explorer and navigate to Adobe Acrobat Plugin install directory\plug_ins\InfoPrintPlugin\lib.
  For example, open: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\InfoPrintPlugin\lib
5. Replace the existing log4j.jar with the version that you downloaded.
If you have the RICOH Transform features installed, update them to use log4j version 2.17.
1. Click to download the correct update package:
  - AIX
    log4j patch for Transform Features on AIX
    Note:
    After you download this file, the file name should be: tf_patch_log4j_aix.tar.gz However, if you download the file using the Chrome browser, the final suffix (.gz) might be stripped off. Rename the file to tf_patch_log4j_aix.tar.gz before you proceed.
    MD5 checksum: 95cb3a6677e4eb574d03b9bed5f62d4f
  - Linux
    log4j patch for Transform Features on Linux
    Note:
    After you download this file, the file name should be: tf_patch_log4j_linux.tar.gz However, if you download the file using the Chrome browser, the final suffix (.gz) might be stripped off. Rename the file to tf_patch_log4j_linux.tar.gz before you proceed.
    MD5 checksum: fc8a71a2287fcc90360b20776b0fe31a
  - Windows
    log4j patch for Transform Features on Windows
    
    MD5 checksum: 3ef4e02c45b8e456c23648cdc02bd685
2. Move the patch to an empty directory in a location that you can access from your primary computer.
3. Verify the checksum for the package matches the value listed above.
  Open a command prompt and run the correct command for the operating system you are working on. Replace File or package name with the name of the file or package to verify.
  - AIX:csum -h MD5 File or package name
  - Linux:md5sum File or package name
  - Windows:certutil -hashfile File or package name MD5
  If the value does not match, do not install the package. Delete the package and download again.
4. Install the update on AIX:
  1. Log in to your system as the root user.
  2. Navigate to the package you downloaded. Run these commands to unpack the package:
    - gzip -d tf_patch_log4j_aix.tar.gz
    - tar -xf tf_patch_log4j_aix.tar
  3. Run the ./patch_aix.sh script file.
  4. To verify that the patch was correctly applied:
    - Run the command: find /opt/infoprint/itm -name "log4j-*"
    - You should see only the log4j libraries with version 2.17.0
5. Install the update on Linux:
  1. Log in to your system as the root user.
  2. Navigate to the package you downloaded. Run these commands to unpack the package:
    - gzip -d tf_patch_log4j_linux.tar.gz
    - tar -xf tf_patch_log4j_linux.tar
  3. Run the ./patch_linux.sh script file.
  4. To verify that the patch was correctly applied:
    - Run the command: find /opt/infoprint/itm -name "log4j-*"
    - You should see only the log4j libraries with version 2.17.0
6. Install the update on Windows:
  1. Log in as a user who is a member of the Administrator security group.
  2. Navigate to the package you downloaded and unpack the packages.
  3. Run the patch_windows.cmd script file.
  4. To verify that the patch was correctly applied:
    - Open a command prompt and change the current drive to the drive where Transform Features are installed. The default installation path for the Transform Features is: C:\Program Files\InfoPrint\InfoPrint Transform Features
    - Run the command: dir /s "log4j-*.jar"
    - You should see only log4j libraries with version 2.17.0

1.2.1.2 RICOH InfoPrint Manager™

The RICOH InfoPrint Manager team provides these procedures to mitigate the effects of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832.

Important:

January 20, 2022
- Updated RICOH InfoPrint Manager and InfoPrint Manager Transform feature packages to include log4j version 2.17.1 and updated verification instructions accordingly.
December 22, 2021, 1:00 PM EST:
- Updated procedure to increase usability.
- Added requirement to download the Transform Feature update package for InfoPrint Manager version 4.9.2 in addition to version 4.10.1.
December 21, 2021, 3:30 PM EST:
- The RICOH InfoPrint Manager update packages have been updated to include log4j version 2.17, to address CVE-2021-45105 in addition to CVE-2021-44228 and CVE-2021-45046.
- Instructions have been added for updating the Transform Feature for InfoPrint Manager version 4.10.1, if it is installed on your system.
December 17, 2021, 12:00 PM EST:
- RICOH InfoPrint Manager versions 4.9.2 and higher are impacted by these vulnerabilities. Follow the procedure below for your version and operating system to update your InfoPrint Manager server.
- If you are running InfoPrint Manager 4.10.0 : We recommend updating to Version 4.10.1, then applying the update package for Version 4.10.1. Follow the usual instructions for installing service updates: AIX, Windows, Linux
- Versions of RICOH InfoPrint Manager below 4.9.2 are not affected. No action is required.

Follow the instructions for your operating system:

All operating systems: Download the software update package:
1. Make sure you have a valid product EID to access the software download website.
2. Open the Ricoh Software Download website: https://dl.ricohsoftware.com
3. Click Software Downloads.
4. Enter your product EID and click Submit.
  - If you are running InfoPrint Manager Version 4.10.0, remember to update to version 4.10.1 before installing the update package.
5. On the product page, click View Related Files on the right side.
6. On the RICOH InfoPrint Manager Related Files page, click InfoPrint Manager Security Update (CVE-2021-44228) to download the package.
7. If you are updating RICOH InfoPrint Manager or 4.9.2 or 4.10.1 and have the Transform Feature installed, click InfoPrint Manager Transform Manager Feature Security Update (CVE-2021-44228) to download the Transform Feature update as well.
8. Continue with the installation steps for your operating system.
RICOH InfoPrint Manager for AIX
1. Stop the web server. Open SMIT and choose: InfoPrint Printing System ⇒ InfoPrint Ultilities ⇒ Stop the Web Server
2. Open: /var/pd/ipmws/webapps
3. Check the current ownership and permissions for the files listed. If any of the files are not owned by ipm1, make note of the owner ID.
  Enter this command:
```
ls -l /var/pd/ipmws/webapps/IPM /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx /var/pd/ipmws/webapps/ipmnx.war >ls_prelog4j.out
```
  - Only include /var/pd/ipmws/webapps/ipmnx and /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
4. Back up the existing files.
  Enter this command:
```
tar -cvf /var/pd/ipmws/webapps_prelog4j.tar /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx.war
```
  - Only include /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
5. Remove the existing files.
  Enter this command:
```
rm -r /var/pd/ipmws/webapps/IPM /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx /var/pd/ipmws/webapps/ipmnx.war
```
  - Only include /var/pd/ipmws/webapps/ipmnx and /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
6. Unzip the update package that you downloaded. Copy the WAR files from that package into /var/pd/ipmws/webapps.
  - Only include ipmnx.war if the Pull Print feature is installed.
7. Update the privileges and access rights for the new WAR files, ensuring that the IPM.war has the same privileges as IPMHelp.war.
  If you installed as ipm1, run the commands listed. If you installed as a different user, use the same commands, but replace ipm1 with the correct user name.
```
chown ipm1:sys /var/pd/ipmws/webapps/IPM.war
chmod 544 /var/pd/ipmws/webapps/IPM.war
chown ipm1:sys /var/pd/ipmws/webapps/jobviewer.war
chmod 544 /var/pd/ipmws/webapps/jobviewer.war
chown ipm1:sys /var/pd/ipmws/webapps/ipmnx.war
chmod 544 /var/pd/ipmws/webapps/ipmnx.war
```
8. Start the web server. Open SMIT and choose: InfoPrint Printing System ⇒ InfoPrint Ultilities ⇒ Start the Web Server
9. Verify that the InfoPrint Manager security update is installed:
  - Open the InfoPrint Manager Web GUI and check the About box. If the Build Date is 2022.01.06, the patch is installed.
  - Open a command prompt and change the current drive to the drive where InfoPrint Manager is installed.
  - Run the command: find /var/pd -name “log4j-*”
  - You should see only log4j libraries with version 2.17.1
RICOH InfoPrint Manager for Linux
1. Stop the web server using the InfoPrint Manager Management Interface (MMI).
2. Open: /var/pd/ipmws/webapps
3. Check the current ownership and permissions for the files listed. If any of the files are not owned by ipm1, make note of the owner ID.
  Enter this command:
```
ls -l /var/pd/ipmws/webapps/IPM /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx /var/pd/ipmws/webapps/ipmnx.war >ls_prelog4j.out
```
  - Only include /var/pd/ipmws/webapps/ipmnx and /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
4. Back up the existing files.
  Enter this command:
```
tar -cvf /var/pd/ipmws/webapps_prelog4j.tar /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx.war
```
  - Only include /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
5. Remove the existing files.
  Enter this command:
```
rm -r /var/pd/ipmws/webapps/IPM /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx /var/pd/ipmws/webapps/ipmnx.war
```
6. Unzip the update package that you downloaded. Copy the WAR files from that package into /var/pd/ipmws/webapps.
  - Only include ipmnx.war if the Pull Print feature is installed.
7. Update the privileges and access rights for the new WAR files, ensuring that the IPM.war has the same privileges as IPMHelp.war.
  If you installed as ipm1, run the commands listed. If you installed as a different user, use the same commands, but replace ipm1 with the correct user name.
```
chown ipm1:sys /var/pd/ipmws/webapps/IPM.war
chmod 644 /var/pd/ipmws/webapps/IPM.war
chown ipm1:sys /var/pd/ipmws/webapps/jobviewer.war
chmod 644 /var/pd/ipmws/webapps/jobviewer.war
chown ipm1:sys /var/pd/ipmws/webapps/ipmnx.war
chmod 644 /var/pd/ipmws/webapps/ipmnx.war
```
8. Start the web server using the MMI.
9. Verify that the InfoPrint Manager security update is installed:
  - Open the InfoPrint Manager Web GUI and check the About box. If the Build Date is 2022.01.06, the patch is installed.
  - Open a command prompt and change the current drive to the drive where InfoPrint Manager is installed.
  - Run the command: find /var/pd -name "log4j-*"
  - You should see only log4j libraries with version 2.17.1
RICOH InfoPrint Manager for Windows
1. Stop the web server using the InfoPrint Manager Microsoft Management Console (MMC).
2. Open the folder where the InfoPrint Manager web server is installed. If you used the default installation path, open C:\ProgramData\RICOH\InfoPrint Manager\ipmws\webapps.
  If you installed in a different location, search for ipmws and open that folder.
3. Back up these file:
  - IPM.war
  - jobviewer.war
  - ipmnx.war
    This file only exists if the Pull Print feature is installed.
4. Delete these files and folders from inside the webapps folder:
  - IPM
  - IPM.war
  - jobviewer
  - jobviewer.war
  - ipmnx (if it exists)
  - ipmnx.war (if it exists)
5. Unzip the update package that you downloaded. Copy the WAR files from that package into the webapps folder.
  - Only include ipmnx.war if the Pull Print feature is installed.
6. Start the web server using the MMC.
7. Verify that the InfoPrint Manager security update is installed:
  - Open the InfoPrint Manager Web GUI and check the About box. If the Build Date is 2022.01.06, the patch is installed.
  - Open a command prompt and change the current drive to the drive where InfoPrint Manager is installed.
  - Run the command: dir /s "log4j-*"
  - You should see only log4j libraries with version 2.17.1
RICOH InfoPrint Manager for Linux: Transform Feature
1. Log in to your system as the root user.
2. Copy the provided file to an empty directory. Run these commands to unpack the package:
  - gzip -d tf_patch_log4j_2.17.1_linux.tar.gz
  - tar -xf tf_patch_log4j_2.17.1_linux.tar
3. Run the ./patch_linux.sh script file.
4. To verify that the patch was correctly applied:
  - Run the command: find /opt/infoprint/itm -name "log4j-*"
  - You should see only the log4j libraries with version 2.17.1
RICOH InfoPrint Manager for Windows: Transform Feature
1. Log in as a user who is a member of the Administrator security group.
2. Copy the provided file to an empty directory and unzip the packages.
3. Run the patch_windows.cmd script file.
4. To verify that the patch was correctly applied:
  - Open a command prompt and change the current drive to the drive where Transform Features are installed.
  - Run the command: dir /s "log4j-*"
  - You should see only log4j libraries with version 2.17.1

1.2.1.3 RICOH Supervisor™

Various components of RICOH Supervisor have been updated to address CVE-2021-44228 and CVE-2021-45046.

Important:

January 6, 2021:
- RICOH Supervisor has been updated to use log4j version 2.17.1, to address further vulnerabilities.
- RICOH Supervisor Data Collector has released an updated version of the client package that uses log4j version 2.17.1.
  Follow the usual procedures to download and install the updated RICOH Supervisor Data Collector software on your systems.
December 20, 2021:
- RICOH Supervisor has been updated to use log4j version 2.16, which addresses these security vulnerabilities.
- RICOH Supervisor Data Collector has released an updated version of the client package to mitigate these vulnerabilities.
  Follow the usual procedures to download and install the updated RICOH Supervisor Data Collector software on your systems.

1.2.1.4 RICOH TotalFlow Production Manager™

The RICOH TotalFlow Production Manager team has released a new version of the software to mitigate the effects of CVE-2021-44228 and CVE-2021-45046.

December 22, 2021, 2:00 PM EST:
- Ricoh has released an update to RICOH TotalFlow Production Manager, version 4.3.6 to resolve these vulnerabilities. Download the new version from the Ricoh Software Download website. Follow your usual installation instructions to install on your system.
- A third vulnerability for log4j, CVE-2021-45105, was opened on December 18, 2021. RICOH TotalFlow Production Manager is not vulnerable to this high priority issue.
December 16, 2021:
This page will be updated when mitigation procedures are available for this issue. Check this page for updates regularly.

1.2.1.5 RICOH TotalFlow Prep

The RICOH TotalFlow Prep team has released a new version of the software to mitigate the effects of CVE-2021-44228 and CVE-2021-45046.

December 22, 2021, 2:00 PM EST:
- Ricoh has released an update to RICOH TotalFlow Prep, version 4.3.6 to resolve these vulnerabilities. Download the new version from the Ricoh Software Download website. Follow your usual installation instructions to install on your system.
- A third vulnerability for log4j, CVE-2021-45105, was opened on December 18, 2021. RICOH TotalFlow Prep is not vulnerable to this high priority issue.
December 16, 2021:
This page will be updated when mitigation procedures are available for this issue. Check this page for updates regularly.

1.2.1.6 RICOH TotalFlow BatchBuilder™

The TotalFlow BatchBuilder team has released a new version of the software to mitigate the effects of CVE-2021-44228 and CVE-2021-45046.

Important:

December 20, 2021, 3:00 PM EST:
- Ricoh has released RICOH TotalFlow BatchBuilder, version 2.4.2-46 to resolve these vulnerabilities. Download the new version from the Ricoh Software Download website. Follow the instructions for updating TotalFlow BatchBuilder here: Migrating to the latest version of TotalFlow BatchBuilder
- Over the weekend, an additional security vulnerability related to log4j (CVE-2021-45105) was opened which necessitated the release of log4j version 2.17. RICOH TotalFlow BatchBuilder is not vulnerable to this high priority issue.

1.2.2 CVE-2022-22963 and CVE-2022-22965: Spring Framework components

CVE-2022-22963 & CVE-2022-22965 were opened on April 1, 2022. Initial reports indicate that CVE-2022-22963 affects Spring Cloud Function (versions 3.1.6, 3.2.2, and older versions) and CVE-2022-22965 affects Spring MVC or Spring WebFlux applications running on Java 9 and higher in WAR packages running under Tomcat.

These RICOH software products do not include the Spring Framework components listed above and are not vulnerable to this issue:

RICOH AFP Resource Installer
RICOH InfoPrint Font Collection
RICOH InfoPrint Manager
RICOH InfoPrint PPFA
RICOH InfoPrint Workflow
RICOH InfoPrint XT
RICOH ProcessDirector
RICOH Supervisor
RICOH TotalFlow BatchBuilder
RICOH TotalFlow Prep
RICOH TotalFlow Production Manager
RICOH Web Enablement Solutions Suite

1.3 RICOH ProcessDirector

Urgent communications for issues with RICOH ProcessDirector.

1.3.1 Cannot restart RICOH ProcessDirector™

Certificate issue discovered February 13, 2022.

Background

While developing the packaging methods that enable the pluggable architecture that provides the many free and paid features of RICOH ProcessDirector, we embedded a signed software certificate in the product as part of our feature management system. This certificate expired over the weekend.

Checks for the certificate are made each time the product starts so if RICOH ProcessDirector is stopped and started (to install newer code, perform routine maintenance, to recover from a network outage, etc.), RICOH ProcessDirector will not start again without remediation.

We have updated our feature management system to prevent this from happening again. Refer to the note below dated February 16, 2022.

What does this error look like?

There are numerous reasons that you might not be able to restart RICOH ProcessDirector. The steps below only apply to one specific circumstance. Only follow these steps if you experience #1 and either #2 or #3:

RICOH ProcessDirector was stopped and cannot be started again.
You see this message in the RICOH ProcessDirector System.trace file:
AIWI6498E: Server System was shut down because the file /opt/infoprint/ippd/features/Base/feature.xml has been tampered with
You see this message on the RICOH ProcessDirector login page:
Server System was shut down because the file /opt/infoprint/ippd/features/Base/feature.xml has been tampered with. [AIWI6498E]

Important:

July 13, 2022, 3:00 PM EDT
If you have installed RICOH ProcessDirector 3.10.1 or higher OR have ProductUpdate-3.4.r227119.epk installed on your system, you do not have to complete this procedure. The fix is included in those packages.

Customers running versions 3.7.1 – 3.8.x should upgrade to a supported release or call software support for assistance downloading the latest product update and other required EPKs.

Customers running versions 3.6.1 or earlier should NOT follow the procedure below to install the update package. You must call software support for assistance, as additional details are required to determine the correct action to take.
March 4, 2022, 12:00 PM EST
Updated command in step 3.4.
March 2, 2022, 10:00 PM EST
Further simplified the procedures based on customer feedback and experience.
February 28, 2022, 7:00 PM EST
Simplified the procedures based on customer feedback and experience.
February 22, 2022, 6:00 PM EST
Updated procedure to clarify that these steps can only be applied to RICOH ProcessDirector 3.7 through 3.10.1. Customers running older versions (3.6.1 or older) must call software support for assistance.
February 16, 2022, 11:00 AM EST
The Version 3.10.1 package on the software download site has been replaced to include the patch for this issue. You can install the updated Version of 3.10.1 or the Product Update feature on the Additional Files page instead of following the instructions below.
February 14, 2022, 5:45 PM EST
Updated to add background section for this issue.
February 14, 2022, 1:00 PM EST
Revised several steps for clarity.
February 13, 2022, 7:15 PM EST
Instructions added below to address this issue. Download the update package, then follow the correct instructions for your operating system.
February 13, 2022, 2:15 PM EST
Customers have reported that if they run stopaiw (on AIX or Linux) or stop the RICOH ProcessDirector service (Windows), they are not able to restart RICOH ProcessDirector. Restarting the server that RICOH ProcessDirector runs on also causes this issue. Note that routine maintenance or other scripts you might restart the RICOH ProcessDirector server.

The Development team is investigating the issue to find the cause. Refer to this page for updates.

Follow these steps to install the patch for this issue:

Verify the version of RICOH ProcessDirector that you have installed.
- If you have version 3.7 or newer, continue with step 2.
- If you have version 3.6.1 or older, stop here and contact software support.
Download the patch that contains TamperedLicenseFix.jar.
1. Use this link to download the patch: TamperedLicenseFix.zip
  MD5 checksum: bc9fc9d87e7f99dae412392233c500ad
2. Copy the file that you downloaded to a location that you can access from your primary computer.
3. Verify the checksum for the package matches the value listed above.
  Open a command prompt and run the correct command for the operating system you are working on. Replace File or package name with the name of the file or package to verify.
  - AIX:csum -h MD5 File or package name
  - Linux:md5sum File or package name
  - Windows:certutil -hashfile File or package name MD5
  If the value does not match, do not install the package. Delete the package and download again.
4. Unzip TamperedLicenseFix.zip into the following directory:
  - AIX or Linux: $AIWDATA/patches
  - Windows: %AIWDATA%\patches
5. Delete TamperedLicenseFix.zip from your system.
RICOH ProcessDirector for AIX or Linux: Install the TamperedLicenseFix:
1. Log in as the RICOH ProcessDirector system user (default is aiw1).
2. Open a terminal and stop RICOH ProcessDirector by running: stopaiw
3. Run these commands to backup the current interfaces.jar in /aiw/aiw1/patchtemp and create an updated interfaces.jar in /aiw/aiw1/patchtemp/work.
  - Do not create backups of the interfaces.jar files that are being replaced!
  - cd /aiw/aiw1
  - mkdir patchtemp
  - cd patchtemp
  - cp /aiw/aiw1/lib/interfaces.jar .
  - mkdir work
  - cd work
  - jar -xf ../interfaces.jar
  - jar -xf /aiw/aiw1/patches/TamperedLicenseFix.jar
  - jar -cf interfaces.jar .
4. Run this command to look up instances of interfaces.jar in /opt/infoprint/ippd and replace them with /aiw/aiw1/patchtemp/work/interfaces.jar:
  for Replace in `find /opt/infoprint/ippd -name interfaces.jar 2>/dev/null | grep -v "existingdb"`; do cp /aiw/aiw1/patchtemp/work/interfaces.jar $Replace; done
5. Run this command to clean up temporary UI resources:
  java -Ddebug=true com.infoprint.ippd.xdk.activator.Doctor
6. Start RICOH ProcessDirector by running: startaiw
7. Before you log in to RICOH ProcessDirector, clear your browser cache and restart the browser.
RICOH ProcessDirector for Windows: Install the TamperedLicenseFix:
1. Log in to Windows as the user who installed RICOH ProcessDirector.
2. Stop the RICOH ProcessDirector service.
3. Make sure that no Java processes are still running for RICOH ProcessDirector. If any Java process are still running, kill them.
4. Verify that TamperedLicenseFix.jar is in %AIWDATA%\patches.
  - The default value for %AIWDATA% is: C:\aiw\aiw1
5. Create a directory under %AIWDATA% called: patchtemp
6. Copy %AIWDATA%\lib\interfaces.jar to: %AIWDATA%\patchtemp
7. Copy the %AIWDATA%\patches\TamperedLicenseFix.jar to: %AIWDATA%\patchtemp
8. Use Explorer to open %AIWDATA%\patchtemp. Make sure that you have 7-Zip installed.
9. Right-click TamperedLicenseFix.jar and select: 7-Zip ⇒ Extract Here
10. Right-click the com directory and select: 7-ZIP ⇒ Add to archive
11. Change the Archive Format to: zip
12. Change the Archive to: interfaces.jar
13. Make sure Update mode is set to: Add and replace files
14. Click OK.
15. Use Explorer to open %AIWPATH%. Search for interfaces.jar. Replace every interfaces.jar file found in your search with the one you patched in %AIWDATA%\patchtemp\interfaces.jar.
  - Do not create backups of the interfaces.jar files that are being replaced!
  - The default value for %AIWPATH% is: C:\Program Files\Ricoh\ProcessDirector
16. Open a command prompt and run this command to clean up temporary GUI resources:
  ippdprofile.cmd && java -Ddebug=true com.infoprint.ippd.xdk.activator.Doctor
17. Start the RICOH ProcessDirector service.
18. Before you log in to RICOH ProcessDirector, clear your browser cache and restart the browser.