The latest official version 1.9.1 of the open source 3D printer slicer program OrcaSlicer comes with several bug fixes and an important security improvement.
The development team has updated OrcaSlicer to prevent sensitive information such as printer hostnames and API keys from still being included in generated G-code files. Previously, these connection details were supplied to OctoPrint and Moonraker systems, which posed potential security risks when the files were shared online. Attackers could have exploited this information to gain unauthorized access to printers with public IP addresses.
The update now completely eliminates this risk. However, the developers emphasize that the risk only existed for users whose printers were directly accessible via the Internet. When using local IP addresses (e.g. 192.168.x.x) or network names, the risk was minimal. Nevertheless, the team recommends all users whose printers are publicly accessible to update their API keys in OctoPrint, Moonraker or similar services as a precaution. The vulnerability was identified and reported by Gina Häußge from OctoPrint.
Project files in 3MF format and Bambu Lab printers are not affected by the vulnerability.
In addition to fixing the security problem, version 1.9.1 contains further bug fixes. Problems with retraction, acceleration and jerk limitation during PA pattern calibration have been fixed. In addition, rendering problems with AMD Vega GPUs have been addressed and errors in autorotation and other rotation-related processes have been corrected.
Subscribe to our Newsletter
3DPResso is a weekly newsletter that links to the most exciting global stories from the 3D printing and additive manufacturing industry.
