[ANN] JupyterHub security release: 5.4.5

minrk · April 28, 2026, 10:59pm

We’ve released JupyterHub 5.4.5, which fixes a moderate cross-site request forgery vulnerability. This release is also available in version 4.3.4 of the helm chart.

The advisory (CVE-2026-40864) will be posted publicly in seven days (2026-05-05).

krassowski · May 5, 2026, 6:14pm

Could this be related? Launcher Notebook and Console icons not rendered in JupyterHub · Issue #18839 · jupyterlab/jupyterlab · GitHub

minrk · May 5, 2026, 8:50pm

sigh yes, and I think I know what the fix is. Sorry about that.

minrk · May 5, 2026, 9:04pm

allow no-cors GETs from same-origin by minrk · Pull Request #5380 · jupyterhub/jupyterhub · GitHub should be the fix for that

minrk · May 6, 2026, 5:57pm

5.4.6 should be out with a fix, as well as z2jh 4.3.5

Topic		Replies	Views
[ANN] Security releases: JupyterHub 4.1.6, 5.1.0 JupyterHub announcement , release , security	1	185	August 8, 2024
JupyterHub 4.1.0 - security release JupyterHub announcement , release	3	319	March 27, 2024
[ANN] Security releases of JupyterHub, Auth0, LTI authenticators JupyterHub	2	111	March 27, 2026
[ANN] Critical security fix in jupyter-server-proxy JupyterHub announcement , security	0	213	June 11, 2024
JupyterHub 1.5.0, zero-to-jupyterhub 1.2.0 security release JupyterHub announcement , security	0	972	November 4, 2021

[ANN] JupyterHub security release: 5.4.5

Related topics