OctoPrint Versions Save

✋ Heads-ups

The heads-ups from 1.10.0 still apply, please read this release's release notes as well for a full picture of what you should be aware of and what changed!

These heads-ups were added:

🔒 If you use autologin and have additional reverse proxies in front of OctoPrint, make sure they are configured correctly

If you have autologin enabled (which means OctoPrint will log you in automatically if you are accessing it from a local address), it is of utmost importance to properly configure any reverse proxies in front of OctoPrint so that the client IP can be determined correctly.

If you are accessing OctoPrint through haproxy as shipped on OctoPi, or behind a reverse proxy configured following one of the reverse proxy example configurations, there should be no issue. However, if you yourself have added any additional reverse proxies in front of OctoPrint, make sure those are configured correctly.

Please read more about this in the FAQ.

⛈ Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

♻ Changes

🔒 Security fixes

• Severity High (7.1): It was possible for an unauthenticated attacker to completely bypass the authentication if the autologinLocal option was enabled within the Access Control configuration, even if they came from networks that were not configured as localNetworks, by spoofing their IP via the X-Forwarded-For header.

  Please note that this does not affect you unless you've enabled the autologinLocal feature (it ships as disabled by default and requires adjusting the config.yaml file to enable, or the installation of a third party plugin that does this for you). It likely also doesn't affect you if you have enabled said feature but have OctoPrint only accessible on a trusted network.

  If you have autologinLocal enabled and your OctoPrint instance is reachable from a hostile network like the internet, e.g. through a port forward, this does affect you and you need to update ASAP. Until you are able to update, it is strongly recommended to disable the autologin feature and/or make your instance inaccessible from potentially hostile networks.

  See also the GitHub Security Advisory and CVE-2024-32977.

✨ Features & improvements

Core

• #4975: Reserved temperature identifiers not confirmed as supported but still sent by the printer's firmware will now only cause a warning log entry in octoprint.log on their first occurrence during a connection, not every time a temperature report is received. This is to combat log spam in case of firmware bugs and misconfiguration.
• #5003: Make the ticks on the temperature graph's timeline automatically scale with the cutoff to keep the graph readable even with several hours of history.
• Revert back to the netifaces dependency. While netifaces2 as used in 1.10.0 works well, it is sadly causing some build issues in the field. In the interest of giving as many people as possible access to any bug and especially security fixes, we are thus reverting to the (unmaintained) netifaces for now and keeping an eye on the wheel availability and compatibility of netifaces2 for a future rollout.

Achievements Plugin

• #5007: Clarify the requirement to properly configure the timezone and allow to reset all or only the time based achievements.
• Clarify that the Achievements Plugin is a plugin that can be disabled, if one doesn't want to have achievements.

🐛 Bug fixes

Core

• #4952: Uploading multiple files through the web interface will now also work if printer side SD support has been disabled (see also PR#4953).
• #4993: Fix resource consumption and server performance issues caused by a busy loop in the GCODE analysis.
• PR#4996: Fix screenreader role on tabs to enable keyboard navigation
• #5004: Fix drag'n'drop file uploading in Safari.
• #5005: Fix netmask & external address detection.

Achievements Plugin

• Fix the quote of the "One small step for (a) man" achievement to match NASA's official transcript.
• Use configured timezone for internal stats as well.

Application Keys Plugin

• #5001: Fix regular user's (non-admins) not being able to revoke application keys.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this bugfix release, especially to @cp2004 and @dawidpieper for their PRs!

Also a big thank you to @jacopotediosi for responsibly disclosing the security vulnerability fixed in this release.

🔗 More information

• Commits
• Release candidates:
  • As this is a bugfix release, there were no release candidates

✋ Heads-ups

🔒 You will now be expected to re-enter your password on critical operations

This version of OctoPrint requires you to reauthenticate with your password every five minutes on various critical operations you might do on your installation, e.g. adding, changing and deleting users, adding, changing and deleting groups, installing plugins, revealing the deprecated global API key, generating, revoking, revealing and granting application keys, accessing the recovery page and downloading or restoring backups. This change matches best practices with regards to security of web applications and was done in order to protect you from various potential attack vectors.

If you do not want this reauthentication requirement, you can find information on how to disable it in the configuration docs. Be aware though that by doing so you'll negatively impact your installation's security!

☝️ Slow update if your Pi is still running pip <= 20.3 (e.g. as shipped on early OctoPi 0.18 preview versions)

During the release candidate phase we found that if your OctoPrint installation still is using a pip version below 20.3, updating to this version will take slightly longer than usual due to having to compile a third party dependency that got updated (zeroconf), as these ancient pip versions are not fetching the precompiled version from piwheels in this scenario. If you are affected, plan ahead accordingly and allow some time for the update or alternatively update pip (you can do that via the Software Update plugin's settings). Most of you however should not be affected by this at all. If you are not running a prerelease version of OctoPi 0.18.0 (the stable release of 0.18.0 is fine!), you are likely not affected by this.

⛈ Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

♻ Changes

🔒 Security fixes

• Severity Moderate (4.2): It was possible for admins to perform password changes for their own account or others via the Settings dialog without having to re-enter their password. A malicious administrator or an attacker having taken over an administrator's session could have used this to effectively lock out users from their accounts.

  This has now been fixed by introducing a reauthentication requirement on changing passwords in the Settings. Unless the user has authenticated with their password (and other credentials possibly in the future) in the past 5min of their login session, a reauthentication dialog to re-enter the credentials will be shown, and only after that has done properly will the request work. This reauthentication dialog has also been added to other critical operations (adding, changing and deleting users, adding, changing and deleting groups, installing plugins, revealing the deprecated global API key, generating, revoking, revealing and granting application keys, accessing the recovery page). The reauthentication timeout of 5min is configurable via config.yaml, see the documentation.

  See also the GitHub Security Advisory and CVE-2024-23637.

• Severity Moderate (4.0): It was possible for a malicious admin to configure or to talk a victim with admin rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface would execute JavaScript code in the victim's browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way.

  This has now been fixed by properly sanitizing the data received from the snapshot URL.

  See also the GitHub Security Advisory and CVE-2024-28237.

✨ Features & improvements

Core

• #4586: Added the capability report of the firmware as returned from M115 to octoprint.log and also the systeminfo bundle in shape of a new m115.txt file that gets generated if the bundle gets created while there's an active printer connection.
• #4617: Added a manual refresh button to the webcam view that allows to reload the underlying webcam stream (if webcam plugin supports that by having implemented onWebcamRefresh in its viewmodel, otherwise the button will be a no-op). Only gets made visible when hovering over the webcam.
• #4681: Added information on old and new file to the "file already exists dialog". See also PR#4721.
• #4685: Implemented a custom versioning tool to replace the so far used customized version of versioneer that has gotten quite long in the tooth. It should behave the same, but with way less code to keep maintained.
• #4714: Added a new dialog that gets displayed when the printer reports an unrecoverable error, containing the error message, what happened due to that error (print cancellation, disconnect), if available a link to an FAQ entry, the last lines of communication and a big reminder that printer errors are printer errors and not OctoPrint's fault. The dialog will be automatically opened on connected clients, however it can also be accessed later by clicking on the new error icon added to the printer state panel.
• #4747: Made temperature graph time axis always show the configured cutoff interval. That should prevent any jumping of events.
• #4760: Made OctoPrint compatible to Python 3.12.
• #4764: Refactored the Tornado/WSGI interface based on the current Tornado code to make it async. That fixed the issue with connection reuse and as a very welcome side effect also very much increased the performance of the internal web server in general. Long running Flask endpoints now should no longer be able to fully block Tornado, and requests can get parallelized by the frontend, leading to a large reduction of time needed to fully load the UI.
• #4838: Improved performance of the internal settings data structure, reducing the initial settings fetch right after a server start from 2s+ to 400-700ms.
• #4843: Made the upload drop zone an optional feature that can be disabled in the settings. See also PR#4853.
• #4866: Added axis labels to model size info. See also PR#4898.
• #4880: Removed scripts folder from repo.
• #4881: Display an error popup in case of startup issues due to inaccessible application directories.
• #4892: Keep tool change controls enabled while printing.
• #4921: Added graph markers for the Connected and Disconnected events to the temperature graph.
• PR#4743: Migrate from netifaces to the pretty much drop-in replacement netifaces2, since the former has been abandoned.
• PR#4752: Send initial history message when the web socket subscription is changed.
• PR#4820: Added file and print head position to paused and cancel event & log entries.
• PR#4833: Improved first run wizard safety hints. They are now visually more alerting and the wizard now also requires the user to acknowledge having read and understood each warning by checking a checkbox.
• PR#4874: Added new Thermal Malfunction error to recognized as a kill inducing error on Marlin.
• PR#4899: Removed the upper version pin for the argon2-cffi dependency.
• PR#4918: Made target temperature lines in the temperature graph dashed. Improves accessibility for color blind users.
• PR#4928: Further improve screen reader accessibility.
• Use a file <basefolder>/.incomplete_startup to flag an incomplete startup instead of a config.yaml entry. Makes it easier to reconfigure the server in CI situations.
• Improved the UX of the systeminfo CLI. octoprint systeminfo will now generate a bundle in the current directory even without an explicitly added . parameter. octoprint systeminfo --short has been added to generated an abridged version directly on the command line. This should clear up issues we saw in the past where people forgot the . and then just pasted the abridged text only version when in fact a bundle was needed and requested.
• Added progress to PrintFailed, PrintCancelled and PrintPaused events.
• Added operation to FileRemoved event. Allows distinguishing between a removal due to an actual remove or a move.
• Added a funding banner to the About dialog and a funding link to the footer.

Achievement Plugin (✨ New!)

Added a new bundled Achievements plugin! OctoPrint will now internally record some instance stats and monitor some events and based on that give out various achievements. This version contains 36 achievements, 22 of which are hidden and for you to be discovered. Additionally, the instance stats are also being recorded per year to make it possible in the future to give you some yearly stats overview of your OctoPrint and printing use.

Unlocked achievements are also tracked via the Anonymous Usage Tracking. Of course, this can be disabled, and if you have not opted into tracking in the first place, nothing will be tracked, as always. Achievement stats are available on data.octoprint.org.

The goal of these achievements is not to gamify OctoPrint, but rather to give you something fun while also making it more visible how this project is funded and how you can help. If you are not interested in achievements, just disable the bundled Achievements plugin via the plugin manager.

Action Command Notification Plugin

• #4326: Added ability to ignore incoming printer notifications based on a filter regex. This is to combat notification spam by firmwares which abuse the feature. Please talk to your firmware provider about not abusing the notification action command for things triggered by the user, e.g. mirroring M117 commands! See also PR#4886.

Application Keys Plugin

• #4894: Added application key details incl. QR Code to user settings. See also PR#4895.

Classic Webcam Plugin

• #4837: Apply the selected camera aspect ratio to its video tag.

Discovery Plugin

• Updated the zeroconf dependency.

Event Manager Plugin

• #4869: Added UI support for events with multiple triggers. See also PR#4851.

Plugin Manager Plugin

• Removed an unused variable.

Software Update Plugin

• #4819: OctoPrint will now be clearly marked as not updateable when running on Windows.

Virtual Printer Plugin

• PR#4799: Added support for generating an area report as part of the response to M115.
• Made the simulated errors configurable via the settings.

Documentation

• #4787: Added a note to the documentation of the SettingsPlugin mixin that updating settings will trigger a reload screen.
• #4852: Updated the plugin tutorial to reflect current CLI outputs.
• PR#4823: Slight improvement on the pause GCODE script.

Testing & CI

• #4908: Automatically publish release build artifacts on GitHub Releases as well as PyPI. Also automatically publish source tarball.
• Updated the node-qunit-puppeteer version to combat some JS unit test flakyness.
• Run the E2E tests against the lowest and highest supported Python version, to make sure things work on both edge cases.
• Updated playwright used for the E2E tests.

Improvements done during the release candidate phase

• Core
  • #4957: Bump websocket-client dependency to version 1.6.1, after verifying that it should still work with Python 3.7 in this version, to enable third party plugins to use bug fixes included in that version.
  • PR#4964: Harden the filename sanitization in the download_file function against possible path traversal issue in future use cases.
  • Use aria-label and role instead of sr-only headings, resolving issues with the UI Customizer Plugin or other heavy CSS manipulation.
  • Use a reload popup instead of a blocking overlay modal on UI plugin and/or settings change. That should reduce the annoyance of the reload overlay popping up due to settings updates in the background. It should also help with the reload prompts sometimes observed during the newly introduced reauthentication workflow.
  • Improve JS error reporting in Firefox.
• Backup Plugin
  • Require credential recheck for download & restore.
• Testing & CI
  • #4908: Also automatically publish a source tarball upon release.
  • Fix a potential race condition that might have caused some build errors recently.

🐛 Bug fixes

Core

• #4719: Normalize paths in file manager methods and called hooks and events.
• #4753: Fixed an error when attempting to set a custom logging level under certain circumstances.
• #4756: Fixed including variables in GCODE scripts from more than one plugin. See also PR#4757.
• #4769: Fixed a translation error in the included german language files. See also PR#4897.
• PR#4794: Protect against issues when a double slash is contained in the timelapse base folder, leading to not being able to delete timelapses.
• #4800: Fixed folder sorting by date of last print.
• #4808: Fixed wrong initial field set in printer state (printTimeOrigin instead of the correct printTimeLeftOrigin).
• #4812: Fixed octoprint systeminfo .
• PR#4830: Fixed translateability of the filament usage information in the state panel.
• #4835: Fixed octoprint get not properly returning sub trees for plugin settings hierarchies, due to a missing initialization.
• #4841: Fixed a broken knockout binding in the GCODE Viewer's size warning dialog, leading to the file name missing. See also PR#4842.
• #4843: Don't trigger the drop zone for uploading files when not dragging files. Fixes issues when accidentally dragging selected text and similar.
• #4867: Fixed a warning about using the old webcam settings access path.
• #4903: Hardened temperature offset code against empty temperature commands and added logging for such cases.
• #4922: Fixed sorting of folder list in "move or rename file" dialog.
• #4929: Fixed a regression in the webcam styles that caused issues with the (abandoned) third party plugin TouchUI. See also PR#4930.
• Keep updating the temperature graph with empty entries even while disconnected, to ensure events shown there properly reflect their point in time from "now".
• Enabled CORS on asset plugins.
• Fixed some warnings in the vendored awesome-slugify dependency.

Classic Webcam Plugin

• #4885: Fixed snapshot timeout & SSL validation settings.

Discovery Plugin

• #4814: Join multicast group for SSDP discovery on all available addresses. Fixes issues with discovery on VLAN enabled hosts.

Plugin Manager Plugin

• Properly handle unset plugin versions in plugin notifications from the repository, e.g. when attempting to load notifications for a bundled plugin (which normally shouldn't happen, but turned out to happen during development thanks to an identifier clash).

Software Update Plugin

• Fixed httpheader check type. It was not storing its current value properly.

Virtual Printer Plugin

• #4907: Fixed a race condition related to G4 and wait.

Documentation

• #4906: Adjusted documentation to reflect correct name for logsViewModel dependency.
• PR#4815: Updated documentation of PrinterInterface.set_temperature to reflect the current implementation.
• PR#4868: Removed some repeating words.
• Clarify how to reconfigure log formatters. OctoPrint now either uses simple or colored formatters for the console log output, this still needed to get properly documented.

Fixes done during the release candidate phase

• Core
  • #4939 (regression): Fix drag'n'drop initialization.
  • #4940 (regression): Make octoprint._version backward compatible enough again to work around use on OctoPi images and third party plugins out there.
  • #4941 (regression): Fix some syntax under Python 3.7 & 3.8.
  • #4942 (regression): Fix handling of setting an empty dict on the configuration. Also added a unit test for this.
  • #4943 (regression): Fix fetching of file details for the existence check, preventing the "file already exists" dialog from making the correct checks.
  • #4966 (regression): Fix handling of the reauthentication workflow for external users created & logged in from a configured header.
  • #4969 (regression): Fix the final page of the firstrun wizard interfering with the completion of arbitrary wizards from plugins, when not even shown.
  • #4980: Fix missing temperature history for anything but the first extruder. This was actually not a regression, but the bug only could be seen now after extending the timeline of the temperature graph to the full available history.
  • #4983 (regression): Fix prefix caching for custom defaults. Manifested in no longer being able to select release channels in the Software Update plugin.
  • #4987 (regression): Fix creation of the static version file during installation of sdist under Windows.
  • Removed a left-over from the Access Control settings panel.
  • Properly reflect that users logged in from a configured header can't log out through the logout button but rather must log out by closing the browser.
• Achievements Plugin
  • #4984: Make the "Mass Production" achievement detect modifications of the file.
  • Fix the "Heavy Chonker" achievement.
  • Fix the default groups for the achievement permission.
• Action Command Notification Plugin
  • #4967 (regression): Fix the filter logic so that an empty filter regex won't lead to all notifications to be filtered out.
• GCODE Viewer
  • #4978: Fix reloading of the same file. First thought to be a regression, turned out to not be one but was a low hanging fruit.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this RC, especially to @0r31, @bigfoxtail, @CMR-DEV, @cociweb, @cperrin88, @credomane, @crysxd, @danielkucera, @dawidpieper, @eumiro, @evanwurden, @hynek, @jatin-47, @jneilliii , @kaenguruhs, @mad73923, @max246, @MichaIng, @mintsoft, @neod123 and @thinkyhead for their PRs!

And an extra shoutout to our 13 first time contributors: @bigfoxtail, @CMD-DEV, @cociweb, @cperrin88, @credomane, @danielkucera, @evanwurden, @hynek, @jatin-47, @kaenguruhs, @mad73923, @mintsoft and @neod123! 🎉

Also a big thank you to @tkruppert and @jacopotediosi for responsibly disclosing the security vulnerabilities fixed in this release.

☝️ Known issues

The following issues were discovered in earlier versions, but too late to still be fixed in this version, and are going to get a fix in an upcoming bugfix release.

• #4952: Upload of multiple files is impossible if SD support is disabled. Keep SD support enabled for now if you want to upload more than one file at once via the web UI.
• #4975: Reserved identifiers in the temperature reports from the printer lead to a warning getting logged each time instead of just once, which can increase the log file with broken firmware implementations. Avoid firmware reporting reserved identifiers, e.g. reporting a chamber temperature while also marking a chamber as not available as observed on current Prusa XL firmware builds.
• #4993: A bug in the GCODE analyser implementation can cause the server to get blocked if a lot of files need to get analysed at once during startup or due to a bulk upload. For now it is strongly suggested to limit the amount of freshly added files to a max of 10 at once and/or be aware of the server being very busy for a few minutes after larger numbers of added files.

🔗 More information

• Commits
• Release candidates:
  • 1.10.0rc1
  • 1.10.0rc2
  • 1.10.0rc3
  • 1.10.0rc4

⚠️ Important note on release candidates

This is a Release Candidate of OctoPrint. It is not a stable release: severe bugs can occur, and they can be bad enough that they make a manual downgrade to an earlier version necessary - maybe even from the command line.

You should be comfortable with and capable of possibly having to do this before installing an RC.

🔁 Feedback on this RC

Please provide general feedback on this RC in this ticket. An "All is working fine" is valuable feedback as well because it tells me people are actually testing this RC and just not finding problems with it.

If you run into any obvious bugs, please follow "How to file a bug report" - I need logs and reproduction steps to fix issues, not just the information that something doesn't work.

Thanks!

Things to take a closer look at

For this RC, these things should get a closer look while testing, if possible (things newly added in this follow-up RC marked with :new:):

• Proper behaviour when using the included web interface as well as any third party clients at your disposal.
• User and group management functioning as expected.
• Plugin installation functioning as expected.
• Application key management functioning as expected. Authentication workflow with third party clients at your disposal (e.g. slicers) works as it should.
• Backup creation, download and restore functioning as expected

✨ Features & improvements

Core

• Improve JS error reporting in Firefox.
• Fix a potential race condition that might have caused some build errors recently.

Achievements Plugin

• Added unlocked achievements to the Anonymous Usage Tracking. Of course, this can be disabled, and if you have not opted into tracking in the first place, nothing will be tracked, as always. Achievement stats are available on data.octoprint.org.

🐛 Bug fixes

Core

• #4980: Fix missing temperature history for anything but the first extruder. This was actually not a regression, but the bug only could be seen now after extending the timeline of the temperature graph to the full available history.
• #4983 (regression): Fix prefix caching for custom defaults. Manifested in no longer being able to select release channels in the Software Update plugin.
• #4987 (regression): Fix creation of the static version file during installation of sdist under Windows.

Achievements Plugin

• #4984: Make the "Mass Production" achievement detect modifications of the file.
• Fix the "Heavy Chonker" achievement.
• Fix the default groups for the achievement permission.

GCODE Viewer

• #4978: Fix reloading of the same file. First thought to be a regression, turned out to not be one but was a low hanging fruit.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this release candidate and provided full, analyzable bug reports!

🔗 More information

• Commits

⚠️ Important note on release candidates

This is a Release Candidate of OctoPrint. It is not a stable release: severe bugs can occur, and they can be bad enough that they make a manual downgrade to an earlier version necessary - maybe even from the command line.

You should be comfortable with and capable of possibly having to do this before installing an RC.

🔁 Feedback on this RC

Please provide general feedback on this RC in this ticket. An "All is working fine" is valuable feedback as well because it tells me people are actually testing this RC and just not finding problems with it.

If you run into any obvious bugs, please follow "How to file a bug report" - I need logs and reproduction steps to fix issues, not just the information that something doesn't work.

Thanks!

Things to take a closer look at

For this RC, these things should get a closer look while testing, if possible (things newly added in this follow-up RC marked with :new:):

• Proper behaviour when using the included web interface as well as any third party clients at your disposal.
• User and group management functioning as expected.
• Plugin installation functioning as expected.
• Application key management functioning as expected. Authentication workflow with third party clients at your disposal (e.g. slicers) works as it should.
• Backup creation, download and restore functioning as expected

🔒 Security fixes

• Severity Moderate (4.0): It was possible for a malicious admin to configure or to talk a victim with admin rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface would execute JavaScript code in the victim's browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way.

  This has now been fixed by properly sanitizing the data received from the snapshot URL.

  See also the GitHub Security Advisory and CVE-2024-28237.

✨ Features & improvements

Core

• #4957: Bump websocket-client dependency to version 1.6.1, after verifying that it should still work with Python 3.7 in this version, to enable third party plugins to use bug fixes included in that version.
• PR#4964: Harden the filename sanitization in the download_file function against possible path traversal issue in future use cases.
• Use aria-label and role instead of sr-only headings, resolving issues with the UI Customizer Plugin or other heavy CSS manipulation.
• Use a reload popup instead of a blocking overlay modal on UI plugin and/or settings change. That should reduce the annoyance of the reload overlay popping up due to settings updates in the background. It should also help with the reload prompts sometimes observed during the newly introduced reauthentication workflow.

🐛 Bug fixes

Core

• #4966 (regression): Fix handling of the reauthentication workflow for external users created & logged in from a configured header.
• #4969 (regression): Fix the final page of the firstrun wizard interfering with the completion of arbitrary wizards from plugins, when not even shown.
• Properly reflect that users logged in from a configured header can't log out through the logout button but rather must log out by closing the browser.

Action Command Notification Plugin

• #4967 (regression): Fix the filter logic so that an empty filter regex won't lead to all notifications to be filtered out.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this release candidate and provided full, analyzable bug reports, and especially to @jacopotediosi for their PR and the responsible disclosure of the security vulnerability fixed in this release!

🔗 More information

• Commits

⚠️ Important note on release candidates

This is a Release Candidate of OctoPrint. It is not a stable release: severe bugs can occur, and they can be bad enough that they make a manual downgrade to an earlier version necessary - maybe even from the command line.

You should be comfortable with and capable of possibly having to do this before installing an RC.

🔁 Feedback on this RC

Please provide general feedback on this RC in this ticket. An "All is working fine" is valuable feedback as well because it tells me people are actually testing this RC and just not finding problems with it.

If you run into any obvious bugs, please follow "How to file a bug report" - I need logs and reproduction steps to fix issues, not just the information that something doesn't work.

Thanks!

Things to take a closer look at

For this RC, these things should get a closer look while testing, if possible (things newly added in this follow-up RC marked with :new:):

• Proper behaviour when using the included web interface as well as any third party clients at your disposal.
• User and group management functioning as expected.
• Plugin installation functioning as expected.
• Application key management functioning as expected. Authentication workflow with third party clients at your disposal (e.g. slicers) works as it should.
• Backup creation, download and restore functioning as expected :new:

✨ Features & improvements

Backup Plugin

• Require credential recheck for download & restore.

Testing & CI

• #4908: Also automatically publish source tarball on GitHub releases.

🐛 Bug fixes

Core

• #4939 (regression): Fix drag'n'drop initialization.
• #4940 (regression): Make octoprint._version backward compatible enough again to work around use on OctoPi images and third party plugins out there.
• #4941 (regression): Fix some syntax under Python 3.7 & 3.8.
• #4942 (regression): Fix handling of setting an empty dict on the configuration. Also added a unit test for this.
• #4943 (regression): Fix fetching of file details for the existence check, preventing the "file already exists" dialog from making the correct checks.
• Removed a left-over from the Access Control settings panel.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this release candidate and provided full, analyzable bug reports!

🔗 More information

• Commits

⚠️ Important note on release candidates

This is a Release Candidate of OctoPrint. It is not a stable release: severe bugs can occur, and they can be bad enough that they make a manual downgrade to an earlier version necessary - maybe even from the command line.

You should be comfortable with and capable of possibly having to do this before installing an RC.

🔁 Feedback on this RC

Please provide general feedback on this RC in this ticket. An "All is working fine" is valuable feedback as well because it tells me people are actually testing this RC and just not finding problems with it.

If you run into any obvious bugs, please follow "How to file a bug report" - I need logs and reproduction steps to fix issues, not just the information that something doesn't work.

Thanks!

Things to take a closer look at

For this RC, these things should get a closer look while testing, if possible:

• Proper behaviour when using the included web interface as well as any third party clients at your disposal.
• User and group management functioning as expected.
• Plugin installation functioning as expected.
• Application key management functioning as expected. Authentication workflow with third party clients at your disposal (e.g. slicers) works as it should.

🔒 Security fixes

• Severity Moderate (4.2): It was possible for admins to perform password changes for their own account or others via the Settings dialog without having to re-enter their password. A malicious administrator or an attacker having taken over an administrator's session could have used this to effectively lock out users from their accounts.

  This has now been fixed by introducing a reauthentication requirement on changing passwords in the Settings. Unless the user has authenticated with their password (and other credentials possibly in the future) in the past 5min of their login session, a reauthentication dialog to re-enter the credentials will be shown, and only after that has done properly will the request work. This reauthentication dialog has also been added to other critical operations (adding, changing and deleting users, adding, changing and deleting groups, installing plugins, revealing the deprecated global API key, generating, revoking, revealing and granting application keys, accessing the recovery page). The reauthentication timeout of 5min is configurable via config.yaml, see the documentation.

  See also the GitHub Security Advisory and CVE-2024-23637.

✨ Features & improvements

Core

• #4586: Added the capability report of the firmware as returned from M115 to octoprint.log and also the systeminfo bundle in shape of a new m115.txt file that gets generated if the bundle gets created while there's an active printer connection.
• #4617: Added a manual refresh button to the webcam view that allows to reload the underlying webcam stream (if webcam plugin supports that by having implemented onWebcamRefresh in its viewmodel, otherwise the button will be a no-op). Only gets made visible when hovering over the webcam.
• #4681: Added information on old and new file to the "file already exists dialog". See also PR#4721.
• #4685: Implemented a custom versioning tool to replace the so far used customized version of versioneer that has gotten quite long in the tooth. It should behave the same, but with way less code to keep maintained.
• #4714: Added a new dialog that gets displayed when the printer reports an unrecoverable error, containing the error message, what happened due to that error (print cancellation, disconnect), if available a link to an FAQ entry, the last lines of communication and a big reminder that printer errors are printer errors and not OctoPrint's fault. The dialog will be automatically opened on connected clients, however it can also be accessed later by clicking on the new error icon added to the printer state panel.
• #4747: Made temperature graph time axis always show the configured cutoff interval. That should prevent any jumping of events.
• #4760: Made OctoPrint compatible to Python 3.12.
• #4764: Refactored the Tornado/WSGI interface based on the current Tornado code to make it async. That fixed the issue with connection reuse and as a very welcome side effect also very much increased the performance of the internal web server in general. Long running Flask endpoints now should no longer be able to fully block Tornado, and requests can get parallelized by the frontend, leading to a large reduction of time needed to fully load the UI.
• #4838: Improved performance of the internal settings data structure, reducing the initial settings fetch right after a server start from 2s+ to 400-700ms.
• #4843: Made the upload drop zone an optional feature that can be disabled in the settings. See also PR#4853.
• #4866: Added axis labels to model size info. See also PR#4898.
• #4880: Removed scripts folder from repo.
• #4881: Display an error popup in case of startup issues due to inaccessible application directories.
• #4892: Keep tool change controls enabled while printing.
• #4921: Added graph markers for the Connected and Disconnected events to the temperature graph.
• PR#4743: Migrate from netifaces to the pretty much drop-in replacement netifaces2, since the former has been abandoned.
• PR#4752: Send initial history message when the web socket subscription is changed.
• PR#4820: Added file and print head position to paused and cancel event & log entries.
• PR#4833: Improved first run wizard safety hints. They are now visually more alerting and the wizard now also requires the user to acknowledge having read and understood each warning by checking a checkbox.
• PR#4874: Added new Thermal Malfunction error to recognized as a kill inducing error on Marlin.
• PR#4899: Removed the upper version pin for the argon2-cffi dependency.
• PR#4918: Made target temperature lines in the temperature graph dashed. Improves accessibility for color blind users.
• PR#4928: Further improve screen reader accessibility.
• Use a file <basefolder>/.incomplete_startup to flag an incomplete startup instead of a config.yaml entry. Makes it easier to reconfigure the server in CI situations.
• Improved the UX of the systeminfo CLI. octoprint systeminfo will now generate a bundle in the current directory even without an explicitly added . parameter. octoprint systeminfo --short has been added to generated an abridged version directly on the command line. This should clear up issues we saw in the past where people forgot the . and then just pasted the abridged text only version when in fact a bundle was needed and requested.
• Added progress to PrintFailed, PrintCancelled and PrintPaused events.
• Added operation to FileRemoved event. Allows distinguishing between a removal due to an actual remove or a move.
• Added a funding banner to the About dialog and a funding link to the footer.

Achievement Plugin (✨ New!)

Added a new bundled Achievements plugin! OctoPrint will now internally record some instance stats and monitor some events and based on that give out various achievements. This version contains 36 achievements, 22 of which are hidden and for you to be discovered. Additionally, the instance stats are also being recorded per year to make it possible in the future to give you some yearly stats overview of your OctoPrint and printing use.

Action Command Notification Plugin

• #4326: Added ability to ignore incoming printer notifications based on a filter regex. This is to combat notification spam by firmwares which abuse the feature. Please talk to your firmware provider about not abusing the notification action command for things triggered by the user, e.g. mirroring M117 commands! See also PR#4886.

Application Keys Plugin

• #4894: Added application key details incl. QR Code to user settings. See also PR#4895.

Classic Webcam Plugin

• #4837: Apply the selected camera aspect ratio to its video tag.

Discovery Plugin

• Updated the zeroconf dependency.

Event Manager Plugin

• #4869: Added UI support for events with multiple triggers. See also PR#4851.

Plugin Manager Plugin

• Removed an unused variable.

Software Update Plugin

• #4819: OctoPrint will now be clearly marked as not updateable when running on Windows.

Virtual Printer Plugin

• PR#4799: Added support for generating an area report as part of the response to M115.
• Made the simulated errors configurable via the settings.

Documentation

• #4787: Added a note to the documentation of the SettingsPlugin mixin that updating settings will trigger a reload screen.
• #4852: Updated the plugin tutorial to reflect current CLI outputs.
• PR#4823: Slight improvement on the pause GCODE script.

Testing & CI

• #4908: Automatically publish release build artifacts on GitHub Releases as well as PyPI.
• Updated the node-qunit-puppeteer version to combat some JS unit test flakyness.
• Run the E2E tests against the lowest and highest supported Python version, to make sure things work on both edge cases.
• Updated playwright used for the E2E tests.

🐛 Bug fixes

Core

• #4719: Normalize paths in file manager methods and called hooks and events.
• #4753: Fixed an error when attempting to set a custom logging level under certain circumstances.
• #4756: Fixed including variables in GCODE scripts from more than one plugin. See also PR#4757.
• #4769: Fixed a translation error in the included german language files. See also PR#4897.
• #4800: Fixed folder sorting by date of last print.
• #4808: Fixed wrong initial field set in printer state (printTimeOrigin instead of the correct printTimeLeftOrigin).
• #4812: Fixed octoprint systeminfo .
• PR#4830: Fixed translateability of the filament usage information in the state panel.
• #4835: Fixed octoprint get not properly returning sub trees for plugin settings hierarchies, due to a missing initialization.
• #4841: Fixed a broken knockout binding in the GCODE Viewer's size warning dialog, leading to the file name missing. See also PR#4842.
• #4843: Don't trigger the drop zone for uploading files when not dragging files. Fixes issues when accidentally dragging selected text and similar.
• #4867: Fixed a warning about using the old webcam settings access path.
• #4903: Hardened temperature offset code against empty temperature commands and added logging for such cases.
• #4922: Fixed sorting of folder list in "move or rename file" dialog.
• #4929: Fixed a regression in the webcam styles that caused issues with the (abandoned) third party plugin TouchUI. See also PR#4930.
• PR#4794: Protect against issues when a double slash is contained in the timelapse base folder, leading to not being able to delete timelapses.
• Keep updating the temperature graph with empty entries even while disconnected, to ensure events shown there properly reflect their point in time from "now".
• Enabled CORS on asset plugins.
• Fixed some warnings in the vendored awesome-slugify dependency.

Classic Webcam Plugin

• #4885: Fixed snapshot timeout & SSL validation settings.

Discovery Plugin

• #4814: Join multicast group for SSDP discovery on all available addresses. Fixes issues with discovery on VLAN enabled hosts.

Plugin Manager Plugin

• Properly handle unset plugin versions in plugin notifications from the repository, e.g. when attempting to load notifications for a bundled plugin (which normally shouldn't happen, but turned out to happen during development thanks to an identifier clash).

Software Update Plugin

• Fixed httpheader check type. It was not storing its current value properly.

Virtual Printer Plugin

• #4907: Fixed a race condition related to G4 and wait.

Documentation

• #4906: Adjusted documentation to reflect correct name for logsViewModel dependency.
• PR#4815: Updated documentation of PrinterInterface.set_temperature to reflect the current implementation.
• PR#4868: Removed some repeating words.
• Clarify how to reconfigure log formatters. OctoPrint now either uses simple or colored formatters for the console log output, this still needed to get properly documented.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this RC, especially to @0r31, @bigfoxtail, @CMR-DEV, @cociweb, @cperrin88, @credomane, @crysxd, @danielkucera, @dawidpieper, @eumiro, @evanwurden, @hynek, @jatin-47, @jneilliii , @kaenguruhs, @mad73923, @max246, @MichaIng, @mintsoft, @neod123 and @thinkyhead for their PRs!

And an extra shoutout to our 13 first time contributors: @bigfoxtail, @CMD-DEV, @cociweb, @cperrin88, @credomane, @danielkucera, @evanwurden, @hynek, @jatin-47, @kaenguruhs, @mad73923, @mintsoft and @neod123! 🎉

Also a big thank you to Timothy "TK" Ruppert for responsibly disclosing the security vulnerability that was fixed in this release.

🔗 More information

• Commits

✋ Heads-ups

The heads-ups from 1.9.0 still apply, please read this release's release notes as well for a full picture of what you should be aware of and what changed!

⛈ Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

♻ Changes

🔒 Security fixes

• Severity Medium (6.4): It was possible for a malicious admin to configure a specially crafted GCODE script through the Settings that would allow code execution during rendering of that script. An attacker could have used this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system.

  Please note that GCODE files uploaded to be printed were not affected! This vulnerability exclusively affected GCODE Scripts to be executed on connection to the printer, print pause, resume etc, as described in the documentation, to be found under Settings > GCODE Scripts and configurable only by users with the ADMIN permission.

  See also the GitHub Security Advisory and CVE-2023-41047.

🐛 Bug fixes

• #4849 & PR#4860: Fix for not being able to extrude/retract from the control panel in the UI after editing the extrusion speed in the printer profile.
• #4893: Pin pydantic dependency to 1.10.12. This works around an issue existing in some environments with pydantic version 1.10.13, which was released on September 26 2023. Said issue causes OctoPrint to no longer be able to start. See also pydantic/pydantic#7689.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this bugfix release, especially to @srLinux for their PR!

Also a big thank you to tianxin Wu (Bearcat), Vulnerability Researcher at Numen Cyber Labs, Singapore, for responsibly disclosing the security vulnerability that was fixed in this release.

🔗 More information

• Commits
• As this is a bugfix release, there were no release candidates

✋ Heads-ups

The heads-ups from 1.9.0 still apply, please read this release's release notes as well for a full picture of what you should be aware of and what changed!

⛈ Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

♻ Changes

🐛 Bug fixes

• #4779 & PR#4780: Work around argon2 password hashing algorithm not working reliably on Rock64/aarch64 - no error is produced, but the hash verification just fails. Fall back to pbkdf2_sha256 if this happens. Backported from 1.10.0.dev.
• #4806: Fix the httpheader software update check type. Backported from 1.10.0.dev.
• #4854: Upgrade PyYaml dependency to 6.0.1+. This works around an issue existing in PyYaml versions 5.4.0 to 6.0.0 with its dependency Cython in version 3.0, which was released on July 17th 2023. Said issue renders OctoPrint uninstallable due to PyYaml's install failing.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this bugfix release, especially to @cperrin88 for their PR!

🔗 More information

• Commits
• As this is a bugfix release, there were no release candidates

✋ Heads-ups

The heads-ups from 1.9.0 still apply, please read this release's release notes as well for a full picture of what you should be aware of and what changed!

⛈ Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

♻ Changes

✨ Improvements

• #4821: Defer sending of M20 until after the capability report has been received by default, instead of defaulting to sending it right away. Most firmwares out there now should be sending capability reports, and for those that don't, the setting can still be manually set to false.

🐛 Bug fixes

• #4818: Fix broken/erroring plugin sorting if a list of SortablePlugins and non sortable plugins gets processed in the same sorting context.
• #4829: Fix URL used by the GCode Viewer's worker to fetch info about the file to be rendered. It was not supporting custom prefixes on the URL yet (e.g. http://example.com/octoprint), now it does.
• #4834: Fix a bug in the GCode Viewer that resulted in a print not being rendered when loaded while the tab of the viewer was not focused.
• #4824: Fix potential webcam unload/load switching when scrolling on the control tab. Could not always be triggered, but apparently was seen under some circumstances.
• Fix the reload button of the GCode Viewer
• Fix a bug in the GCode Viewer causing layers that were empty in one file causing that layer to not be rendered in all consecutively loaded files, until a page reload.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this bugfix release, especially to @cp2004 and @JoveToo for their PRs!

🔗 More information

• Commits
• As this is a bugfix release, there were no release candidates

✋ Heads-ups

💥 OctoPrint's web interface now requires ES9 (EcmaScript 2018) support in your browser

Up until now OctoPrint still supported running its UI on browsers that only supported EcmaScript 5 as released in 2009. However, given that based on data about used browsers from the Anonymous Usage Tracking 98.96% of all browsers used to access OctoPrint support ES9 and being able to use these features allows things like asynchronous GCODE loading in the viewer (see #4559) and in general very much improves development experience and speed, the decision has been made to greenlight the use of these features in OctoPrint's JS code base.

Given that pretty much all common browsers have had the required support for several years now, this change should not affect ~99% of all of you. For those 0.15% of you accessing the OctoPrint web interface with ancient browsers that don't yet have support this means it is time to upgrade. For those 0.89% of you accessing the OctoPrint web interface with browsers for which we do not know about support, it might also be time to upgrade.

In any case, you can check whether your chosen browser supports all the features that OctoPrint uses in core & bundled plugins by going to the new check page at octoprint.org/browser-check/.

🧩 Heads-up for plugin and third party application developers: Webcam integration has moved to a plugin interface

OctoPrint 1.9.0 has been refactored to extract the webcam integration into a new plugin type WebcamProvider as well as a _webcam template type. You may find the documentation of these here:

• WebcamProviderPlugin
• TemplatePlugin with information on Webcam templates

A new bundled plugin Classic Webcam has been created that implements the existing webcam integration (mjpg/hls/beta webrtc support as well as snapshotting).

A consequence of this refactoring is that there's no longer a general webcam configuration in the settings but rather now there are WebcamProviderPlugin specific settings per plugin. A backwards compatible compatibility layer has been added so that plugin's accessing any of the formerly available global webcam settings should still be able to access and change the data, however it should be considered deprecated and warnings will be logged. Please check your plugins and adjust as necessary when running on OctoPrint 1.9.0.

🧩 Heads-up for plugin developers: octoprint_setuptools has been extracted

In order to support plugin's that want to use pyproject.toml, in which case current pip versions will build their package in isolated mode, leading to the required octoprint_setuptools dependency not being available and thus the install failing, octoprint_setuptools was extracted into its own pypi package to allow pyproject.toml based plugins to depend on it by adding this to pyproject.toml:

[build-system]
requires = ["setuptools>=40.8.0", "wheel", "octoprint-setuptools"]
build-backend = "setuptools.build_meta"

This should not affect plugins that don't use pyproject.toml, however plugin developers are strongly advised to test installing their plugin under 1.9.0 if not already done during the release candidate phase.

♻ Changes

🔒 Security fixes

• When accessed through https, OctoPrint will now set all cookies with the secure flag.

✨ Features & improvements

• #1868 & #4300: Support multiple file uploads via the Web UI.
• #2191: Added support for M118 on virtual printer.
• #3893: Extended GCODE analyser to also calculate non-extruding bounding box and evaluate those in the UI, warning about moves outside of the configured build volume.
• #4040: Record last_fan_speed for use in GCODE scripts, just like last_position and last_temperature.
• #4195: Added four new hooks: octoprint.plugin.backup.before_backup, octoprint.plugin.backup.after_backup, octoprint.plugin.backup.before_restore, octoprint.plugin.backup.after_restore. Those will allow plugins to perform additional tasks right before/after backup and right before/after restore, e.g. copying additional files from the file system into the plugin's data folder, and moving it around after.
• #4373: Support installing plugins from a JSON list of URLs or the plugin manager's export.
• #4428: Added a plugin management task queue to queue up plugin installs while printing.
• #4435: Improved memory footprint of GCODE viewer by compressing the individual layer data.
• #4483: Don't block unused keys apart from Tab when keyboard control is active.
• #4484: Upgraded to FontAwesome 6.
• #4450: Improved performance of parser in GCODE viewer's "skipUntilThis" functionality.
• #4473: If no printer connection is active, OctoPrint will now poll and refresh the serial port list in the background.
• #4494: Send long filenames to Marlin when the LFN_WRITE capability is set.
• #4510: Updated black.
• #4511: Migrated black config to pyproject.toml.
• #4512: Use lazy logging in octoprint. module.
• #4518: Added custom name field to events in the event manager. Should improve readability if a lot of event hooks are configured.
• #4524: The short hand systeminfo overview has now been hidden behind a devmode query parameter in the URL. It sadly happened too often that people only shared the abridged overview instead of a full bundle. This should hopefully help.
• #4534: Added JavaScript QUnit based tests to build workflow.
• #4536: Added more unit tests for helpers.js.
• #4541: Added button to clear the GitHub Access Token from the Software Update plugin again.
• #4559: Improved memory footprint of GCODE viewer by loading the displayed GCODE file asynchronously and never loading it fully into memory at once.
• #4562: Dropped restriction to ES5 on the core UI and switched to ES9 compatibility to allow for the use of modern JS language features. This might mean that OctoPrint's UI will refuse to load in really old browsers, but at some point we need to move forward. You can check compatibility of your used browsers on a new browser check page on octoprint.org.
• #4584: Automatically detect available files for octoprint dev css:build.
• #4588: Improved error reporting when uploading and removing files and folders.
• #4591: Fire action command hooks on all action commands, not just unhandled ones, to give plugins a chance to react even to handled action commands as well.
• #4594: Added a warning that using the "skip until" feature of the GCODE viewer to skip past too much GCODE (especially initialization code like G90/G91 or M82/M83) can break the visualization.
• #4597: Added aria labels and roles for accessibility.
• #4605: Recognize Repetier Firmware style SD Card initialization messages. Consequentially remove "always present" setting since it is no longer needed.
• #4610: Support timestamps in SD card file listings. Send M20 L T if EXTENDED_M20 support is reported by the firmware. Also extend file list parser to be able to parse timestamps.
• #4611: Added a tooltip to the plugin manager install buttons to clarify it is disabled when it is disabled (during printing).
• #4613: Render all whitespace in file names in the file list in the UI.
• #4614: Added a hint about octoprint dev css:build to the docs.
• #4618: Clarified that plugins installed while restoring from OctoPrint backups won't necessarily be the same version as prior.
• #4625 & #4722: Improved stack traces of StorageErrors by providing __str__ method. Get rid of left-over StorageError.message references.
• #4628: Moved webcam support to a new webcam focused plugin type. WebcamProviderPlugin mixins provide information about and configuration of available cameras, as well as access to snapshots. A new template type webcam allows plugins to embed webcam streams into OctoPrint's control view through custom HTML. This should allow to quickly add support for new types of webcam servers and streaming protocols. See also #4717.
• #4635: Support additional No media SD card initialization failure message from Marlin 2.1.x.
• #4638: Slight refactoring of the timelapse related permissions. TIMELAPSE_{LIST|DOWNLOAD|DELETE} will now only apply to finished timelapses, TIMELAPSE_ADMIN will be only related to configuration access, and a new TIMELAPSE_MANAGE_UNRENDERED permission allows listing, deleting and rendering of unrendered timelapses.
• #4657: Added a new event ChartMarked that allows to inject custom chart markers into the temperature graph. For an example of how this can be used, the BedCooldown plugin utilizes this starting with version 0.6.0 and uses it to inject an additional "Cooldown" marker into the graph. See also #4738.
• #4658: Added a new field operation to the FILE_ADDED event to allow event hooks to distinguish whether the event was caused by adding (add), copying (copy) or moving (move) a file.
• #4682: Added a dependency on wheel to ensure it is installed, since a lack of it might cause issues with certain plugin setups and new pip versions.
• #4694: UX improvements in the file/folder move dialog.
• #4695: Support R parameter in temperature commands when applying temperature offsets.
• #4702: Use block scalars in YAML dumps. Improves readability of config files and such.
• #4704: Performance improvements on the file list API endpoint.
• #4708: Added a new removeMessage to the socket client to allow to unsubscribe a handler for messages again.
• Migrated default settings to pydantic.
• Added support for Traefik's X-Forwarded-Prefix header.
• Added codespell to pre-commit to add automatic spell checking.
• Added a new utility function octoprint.util.files.search_in_file that will search whether a regular expression match is contained in a file, using grep if available and falling back to a pure python implementation if not.
• Made the Announcements plugin less spammy. Announcements will now no longer trigger a popup (unless from a priority 1 channel like Important) but instead cause an unread counter to be rendered on the notification icon (1-9 and infinity symbol for more). The announcement reader has been extended by a default "Unread" tab that shows all unread news items, and a Mark All Read button has been added to quickly get rid of the unread counter altogether.
• Added the option for plugins to provide a privacy policy URL via __plugin_privacypolicy__ and modified the Plugin Manager to add a link to that on plugins making use of it. Repository plugins can also report this via a new privacypolicy property which will show the link even in the repository browser without having to install the plugin first.
• The virtual printer now supports LFN_WRITE.
• Improved file entries from printer's SD in the UI's file list. The Metadata dropdown button has been replaced with an SD card icon to make clear this file is from the SD card. Also improved the rendering of unknown upload dates.
• Added various new unit tests.
• Added flag to CommandlineCaller to not have it log its output.
• Added two new log files: tornado.log is an access log for the embedded tornado web server and logs all requests (as logged on the tornado.access target). auth.log logs successful and failed logins via credentials, remember me cookie, headers or autologin, as well as logouts. This should allow auditing OctoPrint access, and also make it possible to use something like fail2ban if so desired.
• Migrated E2E tests to Playwright.
• Added a log check to the E2E tests. When any exceptions or other ERROR lines are logged in octoprint.log while running the E2E tests, this will now cause a test failure.
• Added a method Settings.checkBaseFolder(self, type) to check whether a base folder already exists, without creating it.
• Got rid of a false positive error about a missing default printer profile on the very first server start.
• Upgraded various dependencies and adjusted codebase as needed for breaking changes. See also #4629

Improvements done during the release candidate phase

• #4759: Make it easier for plugins to move the webcam surface of the new webcam integration around.
• #4778: Clarify the role of the "default webcam", now called "fallback webcam", since it is only responsible of providing the compatibility layer of the webcam settings for legacy clients.
• #4778: Minor phrasing tweak.
• Migrate a unit test from unittest to pytest in the hopes that this fixes some flakiness issues observed in CI.

🐛 Bug fixes

• #4347: Only allow one concurrent backup in parallel.
• #4445: Fixed support of second level locales.
• #4470: Fixed wrong mm/s in documentation.
• #4471: Fixed non-extrusion G2/G3 moves in the GCODE viewer.
• #4490: Removed use of HTML entity for degree in temperature tooltips, use unicode degree symbol instead.
• #4493: Defer sending of M20 until first capability report has been received and thus it can be determined whether the printer supports the L parameter or not.
• #4505: Fixed timelapse getting stuck unrendered if filename includes %.
• #4525: Fixed double message when trying to skip a mandatory wizard during first run setup.
• #4539: Fixed blacklist fetch timeout, missing one could cause a server hang in case of broken network connectivity.
• #4551: Made Settings object thread safe.
• #4552: Extracted octoprint_setuptools into its own pypi package to allow pyproject.toml based plugins to depend on it by adding this to pyproject.toml:

  [build-system]
  requires = ["setuptools>=40.8.0", "wheel", "octoprint-setuptools"]
  build-backend = "setuptools.build_meta"
  

• #4554: Fixed ZeroDivisionError due to firmware retraction in GCODE analyser.
• #4558: Fixed flakey Cypress E2E tests by switching to Playwright.
• #4574: Fixed improper use of sys.version to check for Python 3+.
• #4575: Fixed some Python type hints.
• #4578: Limit configurable build volume to something sensible to avoid crashes in the GCODE viewer when attempting to render billions of grid lines.
• #4581: Use G2/G3 arc length for estimating print time.
• #4582: Fixed rendering of G02/G03 (leading 0) in the GCODE viewer.
• #4607: Fixed lower casing of SD Card file names in virtual printer.
• #4616: Fixed spinner icon on file delete.
• #4621: Trim leading/trailing whitespace from user names.
• #4623: Fix onEventFileDeselected not firing on printer disconnect.
• #4626: Fix translation of permission descriptions in UI, also added new knockout binding gettext to assist in dynamic translation based on observable values.
• #4634: Decreased timeouts of various external fetches to reduce likeliness of blocking the main webserver thread.
• #4636: Fixed a bug in handling the SLICING_STARTED event in the UI.
• #4640: HLS camera flipping seems to have fixed itself by migrating the webcam integration into its own plugin.
• #4651: Fixed logout after first run wizard, it was not reloading the login UI. As a consequence of this, deprecated CONFIG_ACCESS_CONTROL_ACTIVE.
• #4655: Fixed various broken links to flask and jinja2 documentation in the docs.
• #4665: Explicitly use setup.cfg for flake8 configuration, to avoid issues if the user has a local config in ~/.config/flake8 already.
• #4670: Fixed permissions of anonymous API access. Also fix error message for wrong permissions on plugins.
• #4680: Fixed file list scroll position on upload.
• #4688: Fixed handling of POST requests with chunked transfer encoding.
• #4690: Include newlines when copy-pasting from software update log or plugin manager log.
• #4703: Fixed error detection during plugin installs, should now also correctly detect missing/broken dependencies.
• #4712: Fixed authkey flow redirect when not logged in.
• #4735: Fixed settings "Send line numbers & checksums for non-GCODE commands" and "Wait for acknowledging ok for non-GCODE commands" not saving from the UI.
• Fixed an issue with the settings markup of the GCODE viewer plugin.
• Fixed an issue with saving multiple credentials for the Software Update Plugin, where newly added credentials would overwrite any existing ones.
• Removed support for tarball language packs, which were never really supported to begin with and made the code more vulnerable to attacks due to issues in the tarfile core library.
• Fixed a bug in the Action Command Prompt plugin causing a JS error when some data was not set.
• Fixed the default URL used for redirects, which potentially got any prefix paths attached twice.
• Fixed various typos and spelling errors. See also #4468, #4492, #4533, #4550, #4599, #4679

Fixes done during the release candidate phase

• #4749 (regression): Bring back a bundled octoprint_setuptools package, since installing the one provided by OctoPrint-Setuptools apparently won't work on updates from OctoPrint versions where OctoPrint provides that package, breaking plugin installs in the process.
• #4754 (regression): Fix saving of the number of extruders in the printer profile
• #4755 (regression): Fix the Application Keys workflow failing due to an unset CSRF cookie
• #4761 (regression): Fix an error with the new chart markings that could render the temperature graph non functional
• #4762 (regression): Fix the system wide language defaults getting ignored
• #4763 (regression): Fix an internal server error when the Application Keys plugin is disabled
• #4772 (regression): Fixed sync of GCODE Viewer with progress when behind haproxy
• #4776: Fix a typo in the new webcam visibility API
• #4782: Fix a typo in the Classic Webcam snapshot hook, leading to the SSL validation setting not being fetched correctly
• #4783: Fix saving the changes to the default snapshot webcam.
• #4789: Fix synchronization of the timelapse configuration on snapshot webcam change.
• #4791 (regression): Fix webcam initialisation on control tab if only one webcam plugin is available.
• #4795 (regression): Fix breaking UI of the events manager when loading event subscriptions that don't yet have a name (PR#4796)
• Fix the new python setup.py scan_deps dev tool breaking when encountering a non PEP440-compliant version number (regression)
• GCODE Viewer: Fixed a double load of the model under certain circumstances. (regression)

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this RC, especially to @040medien, @arekm, @arrdem, @cclauss, @CoReYeDe, @cp2004, @crysxd, @dawidpieper, @FedericoNembrini, @frenck, @j7126, @jneilliii, @Josef-MrBeam, @JoveToo, @kForth, @luzpaz, @max246, @msrasheed, @rfinnie, @richardsondev, @sgsunder, @smartin015, @the-ress, @tommywienert and @vector76 for their PRs!

And an extra shoutout to our 16 first time contributors: @040medien, @arekm, @arrdem, @CoReYeDe, @dawidpieper, @Josef-MrBeam, @kForth, @luzpaz, @max246, @msrasheed, @nmattis, @Patrick-Ames, @sgsunder, @smartin015, @the-ress and @tommywienert! 🎉

🔗 More information

• Commits
• Release candidates:
  • 1.9.0rc1
  • 1.9.0rc2
  • 1.9.0rc3
  • 1.9.0rc4
  • 1.9.0rc5
  • 1.9.0rc6