Bambu Lab Took Down an OrcaSlicer Fork and Handed It a Bigger Audience
The prickly overlap between a subset of Bambu Lab users and the company itself flashed into the spotlight this month, following Bambu Lab pressuring a solo developer to take down an OrcaSlicer fork that reconnected the slicer to Bambu Lab's cloud infrastructure.
Developer Paweł Jarczak published OrcaSlicer-bambulab in April, quickly getting the attention of Bambu Lab, who deemed the slicer an unacceptable risk to its cloud infrastructure. The fork, derived from the open-source OrcaSlicer program and combined with code from Bambu Studio (both are projects released under the Affero General Public License: AGPL), restored cloud printing access – a feature Bambu Lab had stripped from third-party software in changes it made last year. Within about a week of the repo going public, Jarczak pulled it down, leaving a note on the page alleging communication from Bambu Lab that threatened a cease-and-desist prepared by the company’s lawyers, should he not take it offline.
Behind the headlines is a developer who has been an active open-source contributor to the very products at the center of the dispute. Jarczak told All3DP “public discussions can easily make this look like some big ‘hacker drama’. That is not how I see myself. I am just a normal guy who likes helping people.” He explained that he is a Bambu Lab customer, a user of the Linux version of Bambu Studio, who has contributed bug fixes through official channels in the past.
“While working with locally compiled Bambu Studio, I noticed that the networking path worked normally on Linux. Since OrcaSlicer is also from the same PrusaSlicer/Slic3r/Bambu Studio family of open-source code, I did not see an obvious reason why the public Bambu Studio code path could not be adapted there too.” He clarifies: “Everything I personally worked with was based on publicly available Bambu Studio source code.”
Some background: in January 2025, Bambu Lab removed the API path that OrcaSlicer and any other third-party software used for direct cloud communication, replacing it with Bambu Connect – proprietary middleware that passes files to the printer but removes remote runtime control. The move effectively limited the commands that could be sent to printers via the company’s cloud to Bambu Studio and third parties that integrate Bambu Connect as an additional step in the process.
It was a controversial move, not least because of the unspecific claims of security improvements that accompanied it – and that the new system Bambu Lab described as secure was undermined within 24 hours when a security researcher extracted the private key used to sign critical operations.
It remains a sore spot for some users of the company’s printers who prefer OrcaSlicer. The OrcaSlicer project declined to incorporate Bambu Lab’s new control path, and the two have sat with a waist-high wall between them ever since.
To clarify, OrcaSlicer can still be used to prepare and send jobs to Bambu Lab hardware, it’s just that remote sending of print jobs and controlling the machines is off the table via the company’s cloud. Using the printers in LAN or developer mode – a concession to those concerned by the initial firmware change – remains possible; you just lose the full ecosystem aspect, which is one of the reasons why someone might choose a Bambu Lab printer in the first place. For some, the move raised an unacceptable barrier and changed the nature of the machines they had bought.
Jarczak’s slicer worked because the Linux-side pathway of Bambu Studio had not yet been updated to reflect the 2025 restrictions, he says, claiming no changes to the code used. The argument here is that Bambu Lab had, in a sense, neglected to lock one of the doors it said was no longer accessible. In a blog post published on May 7, Bambu Lab’s version of events goes into more detail, saying the slicer fork worked by setting its HTTP user agent string to identify itself to Bambu’s servers as official Bambu Studio software, rather than as an OrcaSlicer derivative – passing a server-side client identity check that way.
According to Jarczak’s note, Bambu Lab’s communication stated that a cease-and-desist letter had been prepared, and alleged that his “implementation”: impersonated Bambu Studio; bypassed their authorization controls; violated their Terms of Use; involved reverse engineering; and could allow modified forks to send arbitrary commands to printers.
He did not accept those allegations as established facts. After asking the company for specifics about the alleged violations and permission to share the conversation, Jarczak says Bambu Lab declined his request to publish the correspondence. He removed the software from GitHub, but by that point the fork and Bambu Lab’s response had started to attract attention.
Whether or not the company’s list of grievances would hold water in court is up for debate. On May 6, IP attorney Leonard “Lawful Masses” French published a wide-ranging 19-minute legal analysis of Bambu Lab’s enforcement position on YouTube, postulating from Jarczak’s explanation of the correspondence that Bambu Lab’s accusations may not survive if tested.
A day later, on May 7, Bambu Lab broke its silence with a blog post, addressing the situation with the stated intent to “clarify a few points that have been somewhat misinterpreted or unintentionally confusing.”
The post opens by stating the obvious: anyone can fork Bambu Studio’s AGPL-licensed code, modify it, and distribute it. Some 734 forks already do, they note. The threatened cease-and-desist, per Jarczak’s account, had treated the act of forking as itself problematic but the blog post doesn’t address this discrepancy, instead narrowing the complaint specifically to the user agent spoofing – framed as client impersonation – potentially threatening the stability of the company’s cloud infrastructure.
Bambu Lab reasons that its move is about ensuring the integrity of its cloud platform, which it describes as a private service, against uncontrolled traffic. Jarczak’s fork “worked by injecting falsified identity metadata into network communication,” the blog post claims. The 2025 justification for the original control change centred on keeping remote commands sent to your printer secure, as well as managing “30 million unauthorized requests per day”. The 2026 response frames things squarely around service integrity – ‘about the stability of our cloud infrastructure’ – with no mention of the printer security rationale from 2025.
On May 10, right-to-repair advocate Louis Rossmann pledged to help if Jarczak reposted the code and Bambu Lab attempted to sue them, saying “If Bambu Lab goes after you for keeping up your code, I am so confident in your case that I will pay the first $10,000.” This sentiment is a common theme in many of the threads that have opened up to discuss the fork and Bambu Lab’s response. Jarczak told All3DP “a lot of people keep telling me ‘fight them’, ‘sue them’, and so on. But I am a programmer. I like building things, fixing problems, and seeing that something works for people. I do not enjoy legal fights, and I do not take pleasure in the idea of suing anyone.”
Jarczak rejects Bambu Lab’s allegation that his work could lead to “DDoS-like load patterns” and make things easier for hackers. “If Bambu Lab believes there is a serious security issue in a path that still exists in their own software, then that should be fixed on their side. Putting legal pressure on an individual open-source contributor does not seem like the right way to handle it.”
However you look at it, it’s another episode in the ongoing friction between power users exercising their right to use their hardware as they see fit (within the bounds of licensing and the scope therein) and brands, particularly ecosystem-heavy ones, asserting their boundaries as they wish. Those two motives do not often align, and in Bambu Lab’s case this time, threatening a solo developer with a track record of contributing to that ecosystem has put more attention on the issue than it likely would have wanted.
When approached, a representative for Bambu Lab said the company had no further comment beyond what was published in the blog post. The company closes that post off with a nod to its bug bounty program, encouraging users to report any issues and exploits they find.
Stay Informed, Save Big, Make More
Get our bi-weekly newsletter for the latest 3D printing news, deals, and guides.
We do not share your information! You can unsubscribe at any time.
By subscribing you agree to our Privacy Policy.
Read more recent news:
License: The text of "Bambu Lab Took Down an OrcaSlicer Fork and Handed It a Bigger Audience" by All3DP is licensed under a Creative Commons Attribution 4.0 International License.