Issue description: A potential issue has been reported by some customers in which the Ghostscript component on the Ephesoft server is being flagged as a security vulnerability. This article presents a proposed solution developed by the Ephesoft security teams.
Ghostscript proposes the following solution in most of the security scans:
Customers are advised to upgrade to Ghostscript 9.24 (https://www.ghostscript.com/download.html) or later versions to remediate these vulnerabilities. Workaround: If customers are not able to update to the latest version, they are advised to disable PS, EPS, PDF, and XPS coders in ImageMagick policy.xml.
If customers are not able to perform the above, they are suggested to uninstall Ghostscript installations from their operating systems.
Following are links for downloading patches to fix the vulnerabilities:
- Ghostscript 9.24 or later (https://www.ghostscript.com/download.html)
Ephesoft recommends that you manually upgrade your Ghostscript version to reduce risk from this vulnerability. This is the case with all versions of Ephesoft Transact.
Please ensure that you back up the Ephesoft folder, the Shared Folders, and all databases before performing the Ghostscript upgrade to version 9.24.
This issue will be addressed in the upcoming release, Ephesoft Transact 2019.1. This release will upgrade the Ghostscript version to Ghostscript version 9.25.