New release: 1.8.0
This has been an extra stressful year so far, and thus it took me a while to get this release finalized and shipped. Thank you for your patience, and I’m glad I can finally present you all with OctoPrint 1.8.0!
Like every single release (and release candidate) of OctoPrint ever since 2016, this release was made possible only through your continued support of my work 💕
The full changelog contains a long list of new features, improvements and bug fixes. Before we come to the highlights, let me first get some big announcements out of the way (that are also included in the heads-ups below!):
- The biggest announcement is probably that with the 1.8.0 release OctoPrint is dropping Python 2 support. I already wrote about this in a past post here, and this is now the first release that is Python 3 exclusive. As of the publication of the first release candidate 1.8.0rc1, any OctoPrint instances still on Python 2 have already been redirected to the legacy repository for update checks and thus will also no longer be able to partake in future updates - which they wouldn’t anyway as the code base has already been migrated to be Python 3 exclusive, removing all the workarounds so painstakingly put in over the past three years.
Three security vulnerabilities were fixed that were disclosed to me while the final release candidate was undergoing testing. We are looking at two cross-site scripting issues and one open redirect that could have been used to steal login credentials if successfully executed. In order to successfully exploit these vulnerabilities, an attacker would have had to identify the admin of a vulnerable instance found somewhere on the public internet or another hostile network and target them with a malicious link or social engineering to configure a malicious webcam stream URL. These issues are now fixed in 1.8.0 stable, and as such, once you have updated your OctoPrint instance to 1.8.0 you should no longer be potentially exposed to these issues.
Let me once again reiterate that you should never expose your OctoPrint directly on the public internet, thinking it would not be found by anyone. There are search engines that constantly scan and index the entire internet for arbitrary IP addresses coming online, and those can be used to find your OctoPrint instance. If you keep your OctoPrint instance restricted to your LAN, a cloud connection or a VPN, you greatly reduce the likelihood of this or any future vulnerabilities to even remotely affect you. Here’s a great post about safe remote access to OctoPrint for you to read.
With that covered, let’s get to the highlights:
- The temperature tab now has (optional) event markers for when a print gets started, paused, resumed, cancelled or finishes. Big thanks to @surdu!
- You may now enqueue software updates while a print is ongoing. They will then be started (after a short countdown) after successful completion of the print, or manually if you cancelled the print. You can manage the queue during the print to remove items you don’t want to be enqueued after all, or add additional items to it. This was contributed by @jneilliii!
- It’s now possible to bulk enable/disable plugins. This makes it easier for the user to locate plugins that are causing problems in the system.
- This release adds the first version of embedding WebRTC based webcams. Please note that this should be considered beta and is still subject to change while further work and research is being done on the backend side of things. @johnboiles did most of the legwork on this!
- OctoPrint will now show a heads-up notice if no serial ports are detected, with a link to the relevant FAQ entry. That will hopefully make it easier to spot if the printer is not physically connected or unsupported.
- Thumbnails for the timelapse recordings will now be generated automatically and displayed in the UI. There’s also a command-line tool for generating thumbnails for the existing recordings. A fancy new feature contributed by @crysxd!
- The GCode Viewer’s memory usage has been improved by @JoveToo and @cp2004 by switching out the underlying data structure and hunting down some bottlenecks. This means you should now be able to display larger GCode files before running into issues.
- Performance of settings access has been greatly improved as well, by refactoring the code to use a more efficient data structure. This was some heavy collaboration with @flaviut!
- Third-party clients can now authenticate with OctoPrint through the Application Key plugin’s fancy new auth dialog instead of having to direct the user to the more heavyweight full UI.
- An encoding issue was solved that was observed against the latest versions of
- … and even more.
Issues while updating?
On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.
Please read the following carefully, it might impact you and how you use OctoPrint! Also see the Further Information and Links below for more information, where to find help and how to roll back.
OctoPrint 1.8.0 drops Python 2 support!
As previously announced on the OctoBlog and in OctoPrint On Air #43, OctoPrint 1.8.0 drops Python 2 support. In order to be able to install/update to it, you need to be running OctoPrint under Python 3 already, e.g. as shipped on OctoPi 0.18.0. Installing on Python 2 will fail. The Software Updater will also be redirected to a new OctoPrint Legacy repository for checking for OctoPrint updates if it detects that you are still running Python 2. As outlined in the blog post and the vlog, there are no more updates for OctoPrint 1.7/Python 2 planned. Update now or you will be left behind, including for most security fixes!
If you are unsure what version of Python your OctoPrint instance is running under, open the web interface and look into the lower left corner where it will tell you:
This is also covered in the FAQ.
OctoPrint 1.8.0 fixes some reported security issues, update ASAP!
While OctoPrint 1.8.0rc5 was undergoing testing, three security vulnerabilities were disclosed to me. These issues are fixed in the stable release of 1.8.0. Since these vulnerabilities are of low concern for instances that are not publicly exposed on the internet or other hostile networks, as strongly recommended, the fixes will not be backported to OctoPrint 1.7.x and thus instances still under Python 2.
Please update your OctoPrint instance to the latest stable version of OctoPrint 1.8.0 as soon as possible.
Heads-up for plugin authors
There are a bunch of heads-ups for plugin authors regarding deprecated functionality and important clarifications of functionality. Please check them out in the release notes.
Thanks to everyone who contributed to this release and provided full, analyzable bug reports, suggestions and feedback!
A special Thank You! to these 27 fine people for their PRs!
Also another Thank you! to rajbabai8 for the responsible disclosure of vulnerabilities fixed in this release.
And last but not least, a big shoutout to everyone who reported back on the release candidates this time: @1n5aN1aC, @AndKe, @avandeputte, @b-morgan, @ChrisHeerschap, @ckuethe, @cp2004, @Cpat39, @Crowlord, @fcchambers, @goeland86, @Guilouz, @jneilliii, @JohnOCFII, @mod38, @oliof and @pingywon.
If you are interested in some numbers, here's some data extracted from the anonymous usage tracking for the RCs that went before 1.8.0's stable release:
- 1.8.0rc2 (2022-03-16): 1064 instances, 27853h or 3.2 years of accumulative printing time
- 1.8.0rc3 (2022-03-29): 808 instances, 16195h or 1.8 years of accumulative printing time
- 1.8.0rc4 (2022-04-05): 833 instances, 14239h or 1.6 years of accumulative printing time
- 1.8.0rc5 (2022-04-12): 1489 instances, 56103h or 6.4 years of accumulative printing time
- 1.8.0rc1 (2022-03-14)
Overall there were 2147 instances that participated in the RC testing phase and which collectively completed 117080h or 13.4 years of print jobs.
If connected to the internet, OctoPrint will allow you to apply this update automatically via an update notification. It may take up to 24h for this notification to pop up, so don't be alarmed if it doesn't show up immediately after reading this. You can force the update however via Settings > Software Update > Advanced options > Force check for update.
If your update fails chances are high you are running into one of the common update issues listed with fixes here, so please go through that FAQ entry first.
If you have any problems with your OctoPrint installation, please seek support on the community forum.
- Changelog and Release Notes
- FAQ entry "My OctoPrint update fails" (Read in case of any update problems!)
- Community forum
- Discord Server
- Contribution Guidelines (also relevant for creating bug reports!)
- How to file a bug report
- How to roll back to an earlier release (OctoPi)
- How to roll back to an earlier release (manual install)
- 17 May 2022