Skip to content

1.9.3
Compare
Choose a tag to compare
@foosel foosel released this 09 Oct 15:06
· 318 commits to master since this release
1.9.3
506648c

✋ Heads-ups

The heads-ups from 1.9.0 still apply, please read this release's release notes as well for a full picture of what you should be aware of and what changed!

⛈ Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

♻ Changes

🔒 Security fixes

  • Severity Medium (6.4): It was possible for a malicious admin to configure a specially crafted GCODE script through the Settings that would allow code execution during rendering of that script. An attacker could have used this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system.

    Please note that GCODE files uploaded to be printed were not affected! This vulnerability exclusively affected GCODE Scripts to be executed on connection to the printer, print pause, resume etc, as described in the documentation, to be found under Settings > GCODE Scripts and configurable only by users with the ADMIN permission.

    See also the GitHub Security Advisory and CVE-2023-41047.

🐛 Bug fixes

  • #4849 & PR#4860: Fix for not being able to extrude/retract from the control panel in the UI after editing the extrusion speed in the printer profile.
  • #4893: Pin pydantic dependency to 1.10.12. This works around an issue existing in some environments with pydantic version 1.10.13, which was released on September 26 2023. Said issue causes OctoPrint to no longer be able to start. See also pydantic/pydantic#7689.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this bugfix release, especially to @srLinux for their PR!

Also a big thank you to tianxin Wu (Bearcat), Vulnerability Researcher at Numen Cyber Labs, Singapore, for responsibly disclosing the security vulnerability that was fixed in this release.

🔗 More information

  • Commits
  • As this is a bugfix release, there were no release candidates
Assets 2
Loading