Download Latest Version 1.11.5 source code.tar.gz (6.9 MB)
Email in envelope

Get an email when there's a new version of OctoPrint

Home / 1.11.4
Name Modified Size InfoDownloads / Week
Parent folder
sha512sums.txt 2025-11-04 479 Bytes
0
octoprint-1.11.4.tar.gz 2025-11-04 3.2 MB
0
octoprint-1.11.4-py3-none-any.whl 2025-11-04 3.5 MB
1 1 weekly downloads
octoprint-1.11.4.source.tar.gz 2025-11-04 6.9 MB
0
1.11.4 source code.tar.gz 2025-11-04 6.9 MB
0
1.11.4 source code.zip 2025-11-04 7.4 MB
0
README.md 2025-11-04 4.3 kB
0
Totals: 7 Items   27.9 MB 1

Click here if you want to help with OctoPrint's funding!

✋ Heads-ups

The heads-ups from previous 1.11.x releases still apply, please read their release notes as well for a full picture of what you should be aware of and what changed!

⛈ Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

♻ Changes

🔒 Security fixes

  • XSS in Action Commands Notification and Prompt, severity Moderate (4.6): OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Commands notification and prompt popups.

An attacker who successfully convinces a victim to print a specially crafted file could exploit this issue to disrupt ongoing prints, extract information (including sensitive configuration settings, if the targeted user has the necessary permissions for that), or perform other actions on behalf of the targeted user within the OctoPrint instance.

If popups have been disabled for both Action Command notifications and prompts, this vulnerability does not have an impact.

See also the GitHub Security Advisory and CVE-2025-64187

Minor security fixes

  • Protected the execution of system commands with a reauthentication request.

✨ Features & improvements

Gcode Viewer Plugin

  • Got rid of some unused calculations in the gcode parser, greatly improving loading performance.

Plugin Manager Plugin & Software Update Plugin

  • #5204: The Plugin Manager and the Software Update Plugin will now detect if they are about to install an OctoPrint plugin that still uses the legacy setup.py that depends on octoprint_setuptools, and add necessary parameters to pip for installation to work even under pip >= 25.3 (specifically --no-build-isolation --use-pep517). This solves errors installing plugins when the pip version in OctoPrint's virtual environment has been upgraded to 25.3 or newer. See also this FAQ item.

🐛 Bug fixes

Core

  • #5193: Persist cache key used for file metadata in UI to reduce the likelihood of triggering a file data polling loop.
  • #5199: Trigger the reload overlay when encountering a CSRF error during a server reconnect. That fixes the "Server Offline" error encountered when restoring from a backup.
  • Pinned the psutil dependency less aggressively again, after a broken release was pulled by piwheels.
  • Pinned the click dependency to a version below 8.3 due to breaking changes. This is a temporary solution for the 1.11.x release in particular, 1.12.0 will ship with full compatibility to current click releases again.
  • Pinned the markupsafe dependency to <=3.0.2 under Python 3.9 and armv7 due to the stock Python 3 environment found on Debian Bullseye that matches these parameters containing a buggy toml library that can no longer parse the packaging file of recent releases.

🎉 Special thanks to all the contributors!

Special thanks to everyone who contributed to this bugfix release!

Also a big thank you to @jacopotediosi for responsibly disclosing the security vulnerability fixed in this release.

🔗 More information

  • Commits
  • Release candidates:
  • As this is a bugfix release, there were no release candidates
Source: README.md, updated 2025-11-04