Skip to content

CUPS

Configuration Management

The Common Unix Print System uses Internet Printing Protocol (IPP) to support printing to local and network printers.

Track releases GitHub Website
C Latest v2.4.19 · 1mo ago Security brief →

Features

  • Supports AirPrint™ and IPP Everywhere™ printers
  • Manages network and USB printers via Printer Applications or PPD-based drivers
  • Provides System V (lp) and Berkeley (lpr) command-line interfaces
  • Includes a configurable web administration interface at http://localhost:631/
  • Offers C API, filters, drivers, and backends for printing workflows

Recent releases

View all 7 releases →
v2.4.19 Bugfix

Fixed regression allowing shared printing from non‑local accounts.

Changelog

CUPS 2.4.19 fixes a regression in shared printing from non-local accounts (Issue #1557)

View release on GitHub
v2.4.18 Bug fix
Security fixes
  • CVE-2026-27447 — addressed in previous release
Full changelog

The new release 2.4.18 contains a hotfix after the CVE-2026-27447 fix:

  • Fixed cupsd crash if user does not exist (Issue #1555)

I'm sorry for inconvenience and enjoy!

View release on GitHub
v2.4.17 Security relevant
Security fixes
  • CVE-2026-27447 — scheduler treated local user and group names as case‑insensitive
  • CVE-2026-34978 — RSS notifier could write outside the scheduler's RSS directory
  • CVE-2026-34980 — scheduler did not filter control characters from option values
Full changelog

The new release 2.4.17 contains the following security fixes:

  • CVE-2026-27447: The scheduler treated local user and group names as case-
    insensitive.
  • CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS
    directory.
  • CVE-2026-34980: The scheduler did not filter control characters from option
    values.
  • CVE-2026-34979: The scheduler did not always allocate enough memory for a
    job's options string.
  • CVE-2026-34990: The scheduler incorrectly allowed local certificates over the
    loopback interface.
  • CVE-2026-39314: Fixed the range check for job password strings.
  • CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
  • CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.

where the last CVE number is requested from Github for several days now, the number will be corrected once we have one, but we decided to make a release to share the other fixes.

The release includes other fixes as well, listed in CHANGES.md.

Enjoy!

View release on GitHub
v2.4.16 Bugfix

Fixed infinite loop in GTK caused by internal libcups behavior change.

Full changelog

The hotfix release 2.4.16 includes fix for infinite loop in GTK, which was caused by change of internal behavior in libcups on which GTK depended on, and workaround for stopping the scheduler if configuration includes unknown directives.

The full list of changes is shown in CHANGES.md.

Enjoy!

View release on GitHub
v2.4.15 Security relevant
Security fixes
  • CVE-2025-61915 — fixes various cupsd issues causing local DoS
  • CVE-2025-58436 — resolves unresponsive cupsd process caused by slow client
Full changelog

The release CUPS 2.4.15 brings two CVE fixes:

  • Fix various cupsd issues which cause local DoS (CVE-2025-61915)
  • Fix unresponsive cupsd process caused by slow client (CVE-2025-58436)

and several bug fixes described in CHANGES.md.

Enjoy!

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
1,630
Forks
292
Languages
C Go Template C++
View on GitHub Homepage

Install & Platforms

Platforms
linux macos

Similar tools

Mainsail
Fluidd
Rootprint
lpigeon/ros-mcp-server
postal

Beta — feedback welcome: [email protected]