OctoPrint.orgNew release: 1.11.6
Welcome to the first release of 2026, a bugfix release for 1.11.x, fixing a bunch of issues and one security problem:
🔒 Security fixes
Timing Side-Channel in API Key Authentication, severity Moderate (6.0): OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network.
Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess an API key character by character.
The likelihood of this attack actually working is highly dependent on the network’s latency, noise and similar parameters. An actual proof of concept was not achieved so far. Still, as always administrators are advised to not expose their OctoPrint instance on hostile networks, especially not on the public internet!
See also the GitHub Security Advisory and CVE-2026-23892
✨ Features & improvements
Achievements Plugin
- #5223: Support resetting the yearly stats & display the status of the current year.
🐛 Bug fixes
Core
- #5231: Correctly apply preprocessors on settings get & set when handling nested values.
Achievements Plugin
- #5223: Properly handle year changes during runtime in stats collection, which is also used for the Wrapped Plugin. Auto fix stats affected by the underlying issue.
Upload Manager Plugin
You can also take a look at the changelog on GitHub.
Like every single release (and release candidate) of OctoPrint ever since early 2016 this release was made possible only through continued financial support by people like you! 💕
Click here if you enjoy OctoPrint and want to help with its funding!
Issues while updating?
On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.
Also make sure to check any of the heads-ups or plugin incompatibilities listed below.
Heads-ups
The heads-ups from 1.11.0 still apply, please read them carefully, they might impact you and how you use OctoPrint! Also see the Further Information and Links below for more information, where to find help and how to roll back.
The following heads-ups from earlier releases also still apply:
Thanks
Thanks to everyone who contributed to this bugfix release and provided full, analyzable bug reports, suggestions, feedback and - of course - funding!
A special Thank You! to this fine person for their PRs!
Also another Thank you! to @yueyueL for the responsible disclosure of vulnerabilities fixed in this release.
Further Information
If connected to the internet, OctoPrint will allow you to apply this update automatically via an update notification. It may take up to 24h for this notification to pop up, so don't be alarmed if it doesn't show up immediately after reading this. You can force the update however via Settings > Software Update > Advanced options > Force check for update.
If your update fails chances are high you are running into one of the common update issues listed with fixes here, so please go through that FAQ entry first.
If you have any problems with your OctoPrint installation, please seek support on the community forum.
Links
- Changelog and Release Notes
- FAQ entry "My OctoPrint update fails" (Read in case of any update problems!)
- Community forum
- Discord Server
- FAQ
- Documentation
- Contribution Guidelines (also relevant for creating bug reports!)
- How to file a bug report
- How to roll back to an earlier release (OctoPi)
- How to roll back to an earlier release (manual install)
Discuss!