We’ve released JupyterHub 5.4.5, which fixes a moderate cross-site request forgery vulnerability. This release is also available in version 4.3.4 of the helm chart.
The advisory (CVE-2026-40864) will be posted publicly in seven days (2026-05-05).
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| [ANN] Security releases: JupyterHub 4.1.6, 5.1.0 | 1 | 182 | August 8, 2024 | |
| JupyterHub 4.1.0 - security release | 3 | 318 | March 27, 2024 | |
| [ANN] Security releases of JupyterHub, Auth0, LTI authenticators | 2 | 108 | March 27, 2026 | |
| [ANN] Critical security fix in jupyter-server-proxy | 0 | 206 | June 11, 2024 | |
| JupyterHub 1.5.0, zero-to-jupyterhub 1.2.0 security release | 0 | 969 | November 4, 2021 |