If you manage a deployment of BinderHub and/or use nbgitpuller in your JupyterHub deployments, a critical security vulnerability has been indentified and fixed. You are encouraged to upgrade immediately.
- For nbgitpuller, that means upgrading to 0.10.2 or later
- For BinderHub, that means chart version 0.2.0-n653.h195caac or later
See security advisories GHSA-9jjr-qqfp-ppwx for BinderHub and GHSA-mq5p-2mcr-m52j for nbgitpuller for more details.
Thanks to Jose Carlos Luna Duran (CERN) and Riccardo Castellotti (CERN) for reporting the vulnerability and providing a fix.
If you believe you’ve found a security vulnerability in a Jupyter project, please report it to security@ipython.org.