starred/bambuddy-maziggy-1
1
0
Fork 0
mirror of https://github.com/maziggy/bambuddy.git synced 2026-05-09 08:25:54 +02:00
Code Issues 44 Projects Packages Wiki Activity

[PR #279] [MERGED] v0.1.8b #990

New issue
Closed
opened 2026-05-07 00:15:21 +02:00 by BreizhHardware · 0 comments
BreizhHardware commented 2026-05-07 00:15:21 +02:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/maziggy/bambuddy/pull/279
Author: @maziggy
Created: 2/5/2026
Status: Merged
Merged: 2/5/2026
Merged by: @maziggy

Base: mainHead: 0.1.8b

📝 Commits (10+)

  • 11bb34f Bumped version
  • 91a4e2a Windows Portable Launcher
  • a2571aa Fix filename matching for files with spaces (Issue #218)
  • 104b9d4 Fix external spool ams_mapping2 slot_id (Issue #213)
  • be7aff1 Plate management updates
  • b2cc824 rebase changes
  • 6f1d1fa Updated archive view to work after merging with latest 0.1.8b
  • 0f0ddde Updated README
  • f51795a Updated README
  • 685bf84 Merge branch '0.1.8b' into feature/updated_plate_view

📊 Changes

113 files changed (+14901 additions, -9794 deletions)

View changed files

📝 .github/workflows/security.yml (+2 -0)
.python-bin/python (+1 -0)
📝 CHANGELOG.md (+105 -1)
📝 Dockerfile (+2 -1)
📝 Dockerfile.test (+2 -1)
📝 README.md (+21 -2)
📝 backend/app/api/routes/archives.py (+131 -26)
📝 backend/app/api/routes/library.py (+129 -16)
📝 backend/app/api/routes/metrics.py (+2 -4)
📝 backend/app/api/routes/pending_uploads.py (+3 -3)
📝 backend/app/api/routes/print_queue.py (+66 -1)
📝 backend/app/api/routes/printers.py (+318 -1)
📝 backend/app/api/routes/projects.py (+8 -0)
📝 backend/app/api/routes/settings.py (+25 -1)
📝 backend/app/core/auth.py (+213 -97)
📝 backend/app/core/config.py (+1 -1)
📝 backend/app/main.py (+122 -11)
📝 backend/app/schemas/library.py (+7 -0)
📝 backend/app/services/archive.py (+1 -1)
📝 backend/app/services/bambu_ftp.py (+172 -33)

...and 80 more files

📄 Description

🎉 BamBuddy v0.1.8

🔒 Security

XML External Entity (XXE) Prevention

  • Replaced xml.etree.ElementTree with defusedxml across all 3MF parsing code
  • Prevents XXE attacks through malicious 3MF files

Path Injection Vulnerabilities Fixed

  • Added path traversal validation to project attachment endpoints
  • Strengthened filename sanitization in timelapse processing
  • Prevents directory traversal attacks via ../ sequences

Security Scanning in CI/CD

  • Added Bandit (Python security analyzer) with SARIF upload to GitHub Security
  • Added Trivy (container/IaC scanner) for Docker image and Dockerfile analysis
  • Added pip-audit and npm-audit for dependency vulnerability scanning
  • Automatic GitHub issue creation for detected vulnerabilities
  • Security scan results visible in GitHub Security tab

Enhancements

3D Model Viewer Improvements (https://github.com/maziggy/bambuddy/pull/262)

  • Added plate selector for multi-plate 3MF files with thumbnail previews
  • Object count display shows number of objects per plate and total
  • Fullscreen toggle for immersive model viewing
  • Resizable split view between plate selector and 3D viewer in fullscreen mode
  • Pagination support for files with many plates (e.g., 50+ plates)
  • Added i18n translations for all model viewer strings (English, German, Japanese)

Virtual Printer Proxy Mode Improvements

  • SSDP proxy for cross-network setups: select slicer network interface for automatic printer discovery via SSDP relay
  • FTP proxy now listens on privileged port 990 (matching Bambu Studio expectations)
  • Automatic directory permission checking at startup with clear error messages

🐛 Bug Fixes

FTP Reliability Improvements

  • A1/A1 Mini FTP Upload Failures (https://github.com/maziggy/bambuddy/issues/271): Fixed uploads hanging/timing out by replacing storbinary() with manual chunked
    transfer
  • P1S/P1P FTP Upload Failures: Fixed EOFError by restoring SSL session reuse on data channel
  • FTP Auto-Detection: Automatically detects working FTP mode (prot_p vs prot_c) for A1/A1 Mini with caching

UI/UX Fixes

Other Fixes

  • Safari Camera Stream: Fixed streams not loading due to Service Worker error
  • Queue Print Time (https://github.com/maziggy/bambuddy/pull/274): Fixed showing total time instead of per-plate time for multi-plate files - contributed by
    @MisterBeardy
  • Docker Permissions: Added PUID/PGID support for proper bind-mount permissions

Added

Windows Portable Launcher (contributed by @nmori)

  • New start_bambuddy.bat for Windows users - double-click to run, no installation required
  • Automatically downloads Python 3.13 and Node.js 22 on first run
  • Everything stored in .portable\ folder for easy cleanup
  • Supports both x64 and ARM64 Windows systems

Upgrade Instructions

Docker

docker compose pull && docker compose up -d

Docker with custom user permissions

PUID=$(id -u) PGID=$(id -g) docker compose up -d

Bare Metal

git pull
pip install -r requirements.txt
cd frontend && npm ci && npm run build

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/maziggy/bambuddy/pull/279 **Author:** [@maziggy](https://github.com/maziggy) **Created:** 2/5/2026 **Status:** ✅ Merged **Merged:** 2/5/2026 **Merged by:** [@maziggy](https://github.com/maziggy) **Base:** `main` ← **Head:** `0.1.8b` --- ### 📝 Commits (10+) - [`11bb34f`](https://github.com/maziggy/bambuddy/commit/11bb34f87a92da5888ebbfa1a902f1fc5f7f87e0) Bumped version - [`91a4e2a`](https://github.com/maziggy/bambuddy/commit/91a4e2a0f5aa3f13a77398d2e8fe94782b82aaa2) Windows Portable Launcher - [`a2571aa`](https://github.com/maziggy/bambuddy/commit/a2571aaf2e69634c0a1fb706de5575a7dd3541cf) Fix filename matching for files with spaces (Issue #218) - [`104b9d4`](https://github.com/maziggy/bambuddy/commit/104b9d4a2528f40e8ee54eb1b7f81fbc3752a3a2) Fix external spool ams_mapping2 slot_id (Issue #213) - [`be7aff1`](https://github.com/maziggy/bambuddy/commit/be7aff1f91b69829ef8e93b92df65a13f3a6eeee) Plate management updates - [`b2cc824`](https://github.com/maziggy/bambuddy/commit/b2cc82480d9d96e24357df1229bc7f941c869fd5) rebase changes - [`6f1d1fa`](https://github.com/maziggy/bambuddy/commit/6f1d1fa06ea9eb4d4b945850e7d4e22477b7386c) Updated archive view to work after merging with latest 0.1.8b - [`0f0ddde`](https://github.com/maziggy/bambuddy/commit/0f0ddde92918bc0ccd6e7e2d2417b188239c7a69) Updated README - [`f51795a`](https://github.com/maziggy/bambuddy/commit/f51795ac4fc7435b28eaa4dc2b68fade71082690) Updated README - [`685bf84`](https://github.com/maziggy/bambuddy/commit/685bf84de185d4a321f41b4d54881c59acd5dfb3) Merge branch '0.1.8b' into feature/updated_plate_view ### 📊 Changes **113 files changed** (+14901 additions, -9794 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/security.yml` (+2 -0) ➕ `.python-bin/python` (+1 -0) 📝 `CHANGELOG.md` (+105 -1) 📝 `Dockerfile` (+2 -1) 📝 `Dockerfile.test` (+2 -1) 📝 `README.md` (+21 -2) 📝 `backend/app/api/routes/archives.py` (+131 -26) 📝 `backend/app/api/routes/library.py` (+129 -16) 📝 `backend/app/api/routes/metrics.py` (+2 -4) 📝 `backend/app/api/routes/pending_uploads.py` (+3 -3) 📝 `backend/app/api/routes/print_queue.py` (+66 -1) 📝 `backend/app/api/routes/printers.py` (+318 -1) 📝 `backend/app/api/routes/projects.py` (+8 -0) 📝 `backend/app/api/routes/settings.py` (+25 -1) 📝 `backend/app/core/auth.py` (+213 -97) 📝 `backend/app/core/config.py` (+1 -1) 📝 `backend/app/main.py` (+122 -11) 📝 `backend/app/schemas/library.py` (+7 -0) 📝 `backend/app/services/archive.py` (+1 -1) 📝 `backend/app/services/bambu_ftp.py` (+172 -33) _...and 80 more files_ </details> ### 📄 Description 🎉 BamBuddy v0.1.8 🔒 Security XML External Entity (XXE) Prevention - Replaced xml.etree.ElementTree with defusedxml across all 3MF parsing code - Prevents XXE attacks through malicious 3MF files Path Injection Vulnerabilities Fixed - Added path traversal validation to project attachment endpoints - Strengthened filename sanitization in timelapse processing - Prevents directory traversal attacks via ../ sequences Security Scanning in CI/CD - Added Bandit (Python security analyzer) with SARIF upload to GitHub Security - Added Trivy (container/IaC scanner) for Docker image and Dockerfile analysis - Added pip-audit and npm-audit for dependency vulnerability scanning - Automatic GitHub issue creation for detected vulnerabilities - Security scan results visible in GitHub Security tab ✨ Enhancements 3D Model Viewer Improvements (https://github.com/maziggy/bambuddy/pull/262) - Added plate selector for multi-plate 3MF files with thumbnail previews - Object count display shows number of objects per plate and total - Fullscreen toggle for immersive model viewing - Resizable split view between plate selector and 3D viewer in fullscreen mode - Pagination support for files with many plates (e.g., 50+ plates) - Added i18n translations for all model viewer strings (English, German, Japanese) Virtual Printer Proxy Mode Improvements - SSDP proxy for cross-network setups: select slicer network interface for automatic printer discovery via SSDP relay - FTP proxy now listens on privileged port 990 (matching Bambu Studio expectations) - Automatic directory permission checking at startup with clear error messages 🐛 Bug Fixes FTP Reliability Improvements - A1/A1 Mini FTP Upload Failures (https://github.com/maziggy/bambuddy/issues/271): Fixed uploads hanging/timing out by replacing storbinary() with manual chunked transfer - P1S/P1P FTP Upload Failures: Fixed EOFError by restoring SSL session reuse on data channel - FTP Auto-Detection: Automatically detects working FTP mode (prot_p vs prot_c) for A1/A1 Mini with caching UI/UX Fixes - Authentication Required Error (https://github.com/maziggy/bambuddy/issues/257): Fixed error after fresh install with auth enabled - Filament Hover Card Overlapping (https://github.com/maziggy/bambuddy/issues/259): Fixed popup being covered by navigation bar - Filament Statistics Multiplied (https://github.com/maziggy/bambuddy/issues/229): Fixed totals incorrectly multiplied by quantity - Queue Status Mismatch (https://github.com/maziggy/bambuddy/issues/249): Queue now shows "Paused" when printer is paused - Timezone Display (https://github.com/maziggy/bambuddy/issues/233): Fixed scheduled time displayed in wrong timezone - Mobile Layout (https://github.com/maziggy/bambuddy/issues/255): Fixed header buttons overflowing on mobile devices - AMS Auto-Matching (https://github.com/maziggy/bambuddy/issues/245): Fixed wrong slot selection when multiple trays have same filament type Other Fixes - Safari Camera Stream: Fixed streams not loading due to Service Worker error - Queue Print Time (https://github.com/maziggy/bambuddy/pull/274): Fixed showing total time instead of per-plate time for multi-plate files - contributed by @MisterBeardy - Docker Permissions: Added PUID/PGID support for proper bind-mount permissions ➕ Added Windows Portable Launcher (contributed by @nmori) - New start_bambuddy.bat for Windows users - double-click to run, no installation required - Automatically downloads Python 3.13 and Node.js 22 on first run - Everything stored in .portable\ folder for easy cleanup - Supports both x64 and ARM64 Windows systems --- Upgrade Instructions Docker docker compose pull && docker compose up -d Docker with custom user permissions PUID=$(id -u) PGID=$(id -g) docker compose up -d Bare Metal git pull pip install -r requirements.txt cd frontend && npm ci && npm run build --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
BreizhHardware 2026-05-07 00:15:21 +02:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
github-repo-stats
bug-report-assets
dev
0.2.4b3
0.2.4b2
0.2.4b1
pr/1114
0.2.3.2
0.2.3.1
0.2.3
0.2.3b3
0.2.3b2
0.2.3b1
0.2.2.2
0.2.2.1
0.2.2b3
0.2.2
0.2.2b2
0.2.2b1
0.2.1.1
0.2.1
0.2.1b3
0.2.1b2
0.2.1b
0.2.0
0.2.0b
0.1.5-2-ctrl
v0.2.4b4-daily.20260508
v0.2.4b2
v0.2.4b3
v0.2.4b1
v0.2.3.2
v0.2.3.1
v0.2.3
v0.2.3b3
v0.2.3b2
v0.2.3b1-daily.20260407
v0.2.3b1
v0.2.2.2
v0.2.2.1
v0.2.3b1-daily.20260318
v0.2.3b1-daily.20260317
v0.2.3b1-daily.20260316
v0.2.2
v0.2.2b4-daily.20260314
v0.2.2b4-daily.20260313
v0.2.2b3-daily.20260312
v0.2.2b3-1
v0.2.2b2
v0.2.2-b2
v0.2.2b3
v0.2.2-b1
v0.2.2b1
v0.2.1.1
v0.2.1
v0.2.1b3
v0.2.1b2
v0.2.1b
v0.2.0
v0.1.9
v0.1.8.1
v0.1.8
v0.1.7
v0.1.6.2
v0.1.6.1
v0.1.6-hotfix
v0.1.6
v0.1.6b11
v0.1.6b10
v0.1.6b9
v0.1.6b8
v0.1.6b7
v0.1.6b6
v0.1.6b5
v0.1.6b4
v0.1.6b3
v0.1.6b2
v0.1.6b
v0.1.5-final
v0.1.5b7
v0.1.5b6
v0.1.5b5
v0.1.5b4
v0.1.5b3
v0.1.5b2
v0.1.5b
v0.1.4
v0.1.3
v0.1.2-bugfix
v0.1.2-final
v0.1.2
0.1.1
Labels
Clear labels   
A1

   
automated

   
automated

   
bug

   
bug

   
Closed due to inactivity

   
contrib

   
dependencies

   
dependencies

   
duplicate

   
enhancement

   
feedback

   
hold

   
invalid

   
Notes

   
P1S

   
pull-request
Mirrored from GitHub Pull Request

  
security

   
ThumbsUp

   
user-report

   
wontfix
No labels
A1
automated
automated
bug
bug
Closed due to inactivity
contrib
dependencies
dependencies
duplicate
enhancement
feedback
hold
invalid
Notes
P1S
pull-request
security
ThumbsUp
user-report
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/bambuddy-maziggy-1#990
No description provided.