JupyterHub 4.1.0 - security release

minrk · March 20, 2024, 1:12pm

JupyterHub 4.1.0 is available on PyPI and conda-forge and includes fixes for security vulnerabilities, as well as backporting several bugfixes and small enhancements from 5.0 development.

A security advisory will be published next week at http://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g

All JupyterHub deployments are encouraged to upgrade.

Thanks to everyone who contributed!

mahendrapaipuri · March 20, 2024, 2:18pm

Cheers @minrk. Does it have to do with the same vulnerability that JSP published?

minrk · March 21, 2024, 8:12am

It is unrelated. We happen to be finishing multiple security releases at the same time.

minrk · March 27, 2024, 1:21pm

The advisory is published: XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing · Advisory · jupyterhub/jupyterhub · GitHub

Topic	Replies	Views
Release of JupyterHub 1.4 Meta announcement , release	522	April 21, 2021
Security fix in nbgitpuller and BinderHub JupyterHub announcement , security	601	August 25, 2021
Three security advisories for JupyterLab and Notebook Security	195	January 20, 2024
Jupyterhub:1.4.0 JupyterHub jupyterhub , how-to , help-wanted	381	July 8, 2022
[ANN] Security Releases for Jupyter Server and Notebook Security	774	June 14, 2022

JupyterHub 4.1.0 - security release

Related Topics