OrcaSlicer V1.9.1 fixes a security vulnerability and provides bug fixes

The latest official version 1.9.1 of this open source 3D printer slicing software OrcaSlicer In addition to several bug fixes, it brings with it an important security improvement.

The development team has updated OrcaSlicer to prevent sensitive information such as printer hostnames and API keys from being included in generated G-Code files. Previously, these connection details were provided with the OctoPrint and Moonraker systems, posing potential security risks when sharing files over the Internet. It is possible that attackers could have exploited this information to gain unauthorized access to printers with public IP addresses.

The update now removes this risk completely. However, the developers emphasize that the risk only exists for users whose printers can be accessed directly over the Internet. When using local IP addresses (eg 192.168.xx) or network names, the risks are minimal. However, the team recommends that all users whose printers are publicly accessible update their API keys in OctoPrint, Moonraker, or similar services as a precaution. The vulnerability was identified and reported by Gina Häußge of OctoPrint.

3MF project files and Bambu Lab printers are not affected by the vulnerability.

In addition to fixing the security issue, version 1.9.1 contains other bug fixes. Issues with rollback, acceleration, and vibration restriction in PA style calibration have been resolved. Additionally, display issues with AMD Vega GPUs have been addressed and errors in autoplay and other rotation-related operations have been corrected.