Aug 092022
Octoprint 1.8.1 Release

✋ Heads-ups The heads-ups from 1.8.0 still apply, please read this release’s release notes as well for a full picture of what you should be aware of and what changed! ⛈ Issues while updating? On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem. ♻ Changes 🔒 Security fixes Fixed a cross-site scripting vulnerability in the user and group managers. An attacker could talk an admin into creating a user or group with a specially crafted name containing executable HTML/JS, and then into deleting those again, triggering the cross-site scripting issue in the deletion confirmation dialog. A stealing of credentials through this should not have been possible under 1.8.0, however in versions before 1.8.0 the stealing of the „remember me“ token would [..weiterlesen..]