New release: 1.8.4
This fourth bugfix release for 1.8.0 fixes a few recently reported bugs and introduces the new reverse proxy test page (see below for screenshots):
- Added a new reverse proxy test page under
https://example.com/octoprint/reverse_proxy_test). This can be used to determine whether you have configured any reverse proxies that are between you and OctoPrint correctly, and if not where the error might lie. This should help in debugging issues caused by misconfigured reverse proxies and the CSRF protection introduced in 1.8.3.
- Switched the
SameSitesetting on cookies to
Strictwas causing issues for users who navigate to their OctoPrint instance using a custom start page, since
SameSite=Strictwould suppress all cookies in that case, forcing you to login again. Please note that you can switch it to
Strictyourself via the
server.cookies.samesiteconfiguration option, if you so desire for slightly increased security, and don’t need the ability to access your OctoPrint instance from a link on another page while still staying logged in.
🐛 Bug fixes
- #4648 - Fix passive login with global API key. The
_apiuser could not be looked up for cookie signatures, this has been rectified.
- #4648 - Invalid API keys now correctly report that they are invalid instead of being treated like a guest user.
- #4648 - Guest users on the API (no browser context, no API key) are now properly handled and no longer assumed to be a browser session, thus triggering CSRF protection.
- #4650 - Fix setting CSRF cookie on cached responses. This bug could prevent the UI from working if it was served from the browser’s cache in combination with a
304 Not Modifiedresponse from the server, instead of being freshly generated.
- #4653 - Fix handling of reauth requests on the websocket with reason
stale, also send a
stalereauth request in case of attempting to
authwith an unknown user/session combo.
- Fixed fallback to pbkdf2_sha256 if argon2 backend is missing for password hashing. The
argon2_cffidependency is still required and should be automatically installed on installation of OctoPrint 1.8.3+, but if for whatever reason that (partially) fails, OctoPrint will now gracefully fallback to a different password hashing algorithm while logging a warning about that, instead of just spewing errors.
You can also take a look at the changelog on GitHub which is on the shorter side again.
Like every single release (and release candidate) of OctoPrint ever since early 2016 this release was made possible only through your continued support of my work 💕
Issues while updating?
On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.
The heads-ups from 1.8.0 still apply, please read them carefully, they might impact you and how you use OctoPrint! Also see the Further Information and Links below for more information, where to find help and how to roll back.
The following heads-ups from earlier releases also still apply:
Thanks to everyone who contributed to this bugfix release and provided full, analyzable bug reports, suggestions and feedback!
If connected to the internet, OctoPrint will allow you to apply this update automatically via an update notification. It may take up to 24h for this notification to pop up, so don't be alarmed if it doesn't show up immediately after reading this. You can force the update however via Settings > Software Update > Advanced options > Force check for update.
If you have any problems with your OctoPrint installation, please seek support on the community forum.
- Changelog and Release Notes
- FAQ entry "My OctoPrint update fails" (Read in case of any update problems!)
- Community forum
- Discord Server
- Contribution Guidelines (also relevant for creating bug reports!)
- How to file a bug report
- How to roll back to an earlier release (OctoPi)
- How to roll back to an earlier release (manual install)
- 27 Sep 2022