Jupyter Core 4.6.2
We released a patch change in the jupyter_core library today which allows for the JUPYTER_ALLOW_INSECURE_WRITES
environment variable to be set with a true
or 1
value to allow for jupyter applications to skip checking for 600 write permissions on non-windows environments. The constraint to check for secret files being saved securely was added from a security advisory, but it caused a lot of clients to fail when running on top of a number of mounted file systems or docker environments. Many of these users had no ability to change their filesystem setup to allow for secure file write and were forced to change their jupyter library paths or pin their version back to an older release.
This flag should make it easier for those users to opt into an execution mode that allows for launching as applications did before the security fix. For those that use this feature you’ll have a warning emitted if files are not being written securely, so hopefully it will give an indication that’s useful and clear to administrators as well as users that the flag is ON.
Best,
Jupyter Team