JupyterHub 4.1.0 - security release

minrk · March 20, 2024, 1:12pm

JupyterHub 4.1.0 is available on PyPI and conda-forge and includes fixes for security vulnerabilities, as well as backporting several bugfixes and small enhancements from 5.0 development.

A security advisory will be published next week at http://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g

All JupyterHub deployments are encouraged to upgrade.

Thanks to everyone who contributed!

mahendrapaipuri · March 20, 2024, 2:18pm

Cheers @minrk. Does it have to do with the same vulnerability that JSP published?

minrk · March 21, 2024, 8:12am

It is unrelated. We happen to be finishing multiple security releases at the same time.

minrk · March 27, 2024, 1:21pm

The advisory is published: XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing · Advisory · jupyterhub/jupyterhub · GitHub

Topic		Replies	Views
[ANN] Security releases: JupyterHub 4.1.6, 5.1.0 JupyterHub announcement , release , security	1	103	August 8, 2024
Release of JupyterHub 1.4 Meta announcement , release	0	568	April 21, 2021
JupyterHub 1.4.1 General announcement , release	0	481	May 12, 2021
[ANN] JupyterHub 5 release JupyterHub announcement , release	0	248	May 24, 2024
[ANN] JupyterHub 2.0.2 JupyterHub announcement	0	482	January 10, 2022

JupyterHub 4.1.0 - security release

Related topics