Hello! Could you please also comment on JQuery and nginx ( outdated versions ) for 7.0.0.0 ( Ultimaker S5 ). We are also have complains from our IT department due to firmware vulnerabilities. Will it be updated in the next patch? Thank you!
Edited by esertuk
@esertuk Just like @CarloK said above none of our printers are using the configuration option that allows for that particular exploit, so we are not rushing to include a new version. Nor are we currently aware of any CVE for nginx that we do expose our users to since all require specific configurations we don't use). We do asses security concerns on an ongoing basis, I imagine you could contact support and request our latest security assessment documentation.
I think the Jquery CVE's concerning XSS are a valid concern (albeit with the low impact of at worst (re-)starting a print, not retrieval of information AFAIK).
The S3 and the S5 have the option to enable the firewall, you can still use the cloud platform if you do but none of the software running on the printer is exposed to attackers on your internal network. This should alleviate any concerns from your IT department.
Edit: Adding up-sell, FTW? 😛
If your organization subscribes to Ultimaker Essentials your IT department can block access to the printer settings by configuring a pin code and enable the firewall on all printers remotely.
// Now I feel dirty, you can just enable the firewall and tell everyone to leave it on.
adding the up-sell
-
Our picks
-
Help Us Improve Cura – Join the Ultimaker Research Program
Vishnu posted a topic in Official news,
🚀 Help Shape the Future of Cura and Digital Factory – Join Our Power User Research Program!
We’re looking for active users of Cura and Digital Factory — across professional and educational use cases — to help us improve the next generation of our tools.
Our Power User Research Program kicks off with a quick 15-minute interview to learn about your setup and workflows. If selected, you’ll be invited into a small group of users who get early access to features and help us shape the future of 3D printing software.
🧪 What to Expect:
A short 15-minute kickoff interview to help us get to know you If selected, bi-monthly research sessions (15–30 minutes) where we’ll test features, review workflows, or gather feedback Occasional invites to try out early prototypes or vote on upcoming improvements
🎁 What You’ll Get:
Selected participants receive a free 1-year Studio or Classroom license Early access to new features and tools A direct voice in what we build next
👉 Interested? Please fill out this quick form
Your feedback helps us make Cura Cloud more powerful, more intuitive, and more aligned with how you actually print and manage your workflow.
Thanks for being part of the community,
— The Ultimaker Software Team-
- 0 replies
Picked By
MariMakes, -
-
.png.91a5da8b642e6900392a0f7ee0c018ec.png)
Cura 5.10 stable released!
ArunC posted a topic in UltiMaker Cura,
The full stable release of Cura 5.10 has arrived, and it brings support for the new Ultimaker S8, as well as new materials and profiles for previously supported UltiMaker printers. Additionally, you can now control your models in Cura using a 3D SpaceMouse and more!
-
-
- 18 replies
Picked By
MariMakes, -
-
.png.91a5da8b642e6900392a0f7ee0c018ec.png)
Recommended Posts
CarloK 208
@noverby Thanks for bringing this to our attention. We checked the vulnerability and it's only applicable when a certain configuration option in nginx is active. In our UM3 printers that option is not present, so this CVE is not applicable.
I'll make a note to update nginx in a next release, but because it has no impact on our printers we won't rush a new release.
Link to post
Share on other sites
noverby 0
Thanks @CarloK!
Link to post
Share on other sites