Servlet - SmartSDK

Hi Team,

We have implemented BlackDuck to scan for vulnerabilities in the dependencies of our Ricoh RCRM application. The scan has identified Bouncy Castle v1.51 & v1.53 as high-security vulnerabilities (NVD - CVE-2018-1000180). This issue is currently breaking our security policy and build process.

Upon investigation, we found that this dependency originates from the rxspServletPackage.zip package, which we use to support SmartSDK as shown in the attached image. We are currently using rxconfServlet-3.8.8.zip. We also checked the latest available packages (rxconfServlet-3.8.9.zip and ServletComponentsFor3.8.9_1.zip) from Ricoh RIDP Downloads, but both still include the vulnerable Bouncy Castle versions.

Concern:
The RXOP package includes Bouncy Castle v1.51 & v1.53, which has been classified as a high-security vulnerability in the National Vulnerability Database (NVD - CVE-2018-1000180). This poses a potential security risk and impacts our compliance with security policies.

Could you please advise on how we should proceed with this issue? Is there an updated package that addresses this vulnerability?

Looking forward to your guidance on the resolution.

Hi RiDP support team,

Please help to create a maintenance signature for the attached version (1.3.0.598).

This version includes fix for the bug below:

- 2106834 - Could not download Ricoh UC logs.

Thanks.

production sign the DM agent

Hi Team,

Please help to create a maintenance signature for the attached version (1.3.0.596)

This version includes fixing the bugs below:

- 2095680 - Request to use real username in device authentication state instead of fake username.
 
Thanks,

Hi Team,

Please help to create a maintenance signature for the attached version (1.3.0.594)

This version includes fixing the bugs below:

- COD 21493 - STOCKPORT NHS FOUNDATION TRUST - Tungsten ControlSuite 1.4.0 - PCC5 Crashes after installation on bootup

 - Bug 2093263:PCC5 Crashes after installation on bootup
 
Thanks,
Vikas Goud

Hi Team,

Please help to create a maintenance signature for the attached version (1.3.0.593)

This version includes fixing the bugs below:

- COD 21429 - MMS Technology GmbH - Ricoh UC - Premier - MMS - Device SN and Device Hostname RRT (Hostname from device) in Unified Client

- COD 21320 - KOFAX INC US (MFDP) - Kofax ControlSuite 8.4.0 - Ricoh SOP Client: Device Screen Freezing After Minimizing Keyboard

- Bug 2092809: Ricoh SOP - error message “Missing required fields To” keeps appearing and cannot be cleared - Microsoft Team Foundation Server (kofax.com)

Thank you

Hi Team,

Please help to create a maintenance signature for the attached version (1.3.0.587)

This version includes fixing the bugs below:

- COD 21399 - Richemont International Neuchatel - Kofax ControlSuite 1.4.0 - PCC5 / Unified Cliet for Ricoh - Slow Login on Ricoh xx10 models with Baltech/Kofax Card readers

 - Bug 2086967: PCC5 / Unified Cliet for Ricoh - Slow Login on Ricoh xx10 models with Baltech/Kofax Card readers

Thanks & Regards,

V R V Madan.

Hi RiDP

We want to detect whenever the soft keyboard is shown/hidden.

Currently, we are calculating the difference between the height of the visible display frame and the current view, but this approach is unstable for us.

Is there any way to detect the visibility of the software keyboard via SmartSDK? Does the SOP platform raise any events on this activity?

Hi Team,

Please help to create a maintenance signature for the attached versions (1.3.0.585).

This version includes a fix for the bug below:

- Bug 2073635: Ricoh SOP client did not change the client IP address when the device changed its IP address.

Thanks.

Hi Team,

Please help to create a maintenance signature for the attached versions (1.3.0.583).

This version includes a fix for the bug below:

- Bug 2071067: Ricoh SOP devices might hang on "Please wait" screen when users authenticate

Thanks.