New release: 1.9.3

This release was made possible only through continued financial support by people like you!
Click here if you enjoy OctoPrint and want to help with its funding!

This third bugfix release & security for 1.9.x includes a fix for one security vulnerability, one bug and one workaround for an issue with a third party dependency:

🔒 Security fixes

• Severity Medium (6.4): It was possible for a malicious admin to configure a specially crafted GCODE script through the Settings that would allow code execution during rendering of that script. An attacker could have used this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system.

  Please note that GCODE files uploaded to be printed were not affected! This vulnerability exclusively affected GCODE Scripts to be executed on connection to the printer, print pause, resume etc, as described in the documentation, to be found under Settings > GCODE Scripts and configurable only by users with the ADMIN permission.

  See also the GitHub Security Advisory and CVE-2023-41047.

🐛 Bug fixes

• #4849 & PR#4860: Fix for not being able to extrude/retract from the control panel in the UI after editing the extrusion speed in the printer profile.
• #4893: Pin pydantic dependency to 1.10.12. This works around an issue existing in some environments with pydantic > version 1.10.13, which was released on September 26 2023. Said issue causes OctoPrint to no longer be able to start. See also pydantic/pydantic#7689.

You can also take a look at the changelog on GitHub.

Like every single release (and release candidate) of OctoPrint ever since early 2016 this release was made possible only through continued financial support by people like you! 💕

Click here if you enjoy OctoPrint and want to help with its funding!

Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

Heads-ups

The heads-ups from 1.9.0 still apply, please read them carefully, they might impact you and how you use OctoPrint! Also see the Further Information and Links below for more information, where to find help and how to roll back.

Thanks

Thanks to everyone who contributed to this bugfix release and provided full, analyzable bug reports, suggestions and feedback!

A special Thank You! to this fine person for their PRs, and an extra warm welcome to our one first-time contributor! 🎉

@srLinux

Further Information

If connected to the internet, OctoPrint will allow you to apply this update automatically via an update notification. It may take up to 24h for this notification to pop up, so don't be alarmed if it doesn't show up immediately after reading this. You can force the update however via Settings > Software Update > Advanced options > Force check for update.

If your update fails chances are high you are running into one of the common update issues listed with fixes here, so please go through that FAQ entry first.

If you have any problems with your OctoPrint installation, please seek support on the community forum.

Links

• Changelog and Release Notes
• FAQ entry "My OctoPrint update fails" (Read in case of any update problems!)
• Community forum
• Discord Server
• FAQ
• Documentation
• Contribution Guidelines (also relevant for creating bug reports!)
• How to file a bug report
• How to roll back to an earlier release (OctoPi)
• How to roll back to an earlier release (manual install)