JupyterHub 4.1.0 - security release

minrk · March 20, 2024, 1:12pm

JupyterHub 4.1.0 is available on PyPI and conda-forge and includes fixes for security vulnerabilities, as well as backporting several bugfixes and small enhancements from 5.0 development.

A security advisory will be published next week at http://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g

All JupyterHub deployments are encouraged to upgrade.

Thanks to everyone who contributed!

mahendrapaipuri · March 20, 2024, 2:18pm

Cheers @minrk. Does it have to do with the same vulnerability that JSP published?

minrk · March 21, 2024, 8:12am

It is unrelated. We happen to be finishing multiple security releases at the same time.

minrk · March 27, 2024, 1:21pm

The advisory is published: XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing · Advisory · jupyterhub/jupyterhub · GitHub

Topic		Replies	Views
[ANN] Security releases: JupyterHub 4.1.6, 5.1.0 JupyterHub announcement , release , security	1	179	August 8, 2024
JupyterHub 1.5.0, zero-to-jupyterhub 1.2.0 security release JupyterHub announcement , security	0	968	November 4, 2021
[ANN] Critical security fix in jupyter-server-proxy JupyterHub announcement , security	0	202	June 11, 2024
[ANN] Security releases of JupyterHub, Auth0, LTI authenticators JupyterHub	2	102	March 27, 2026
JupyterHub 1.4.1 General announcement , release	0	500	May 12, 2021

JupyterHub 4.1.0 - security release

Related topics