This week a series of vulnerabilities was addressed in the Jupyter packages:
jupyter-lsp
2.2.2 was released including a fix for critical security vulnerability GHSA-4qhp-652w-c22x; all users of JupyterLab v4.0 and Notebook v7.0 are recommended to upgrade.
Thank you to researchers at pillar.security for discovering and disclosing the issue.
JupyterLab 3.6.7, 4.0.11, 4.1.0b2 and Notebook 7.0.7 were released including fixes for two security vulnerabilities:
- GHSA-44cc-43rp-5947 (all versions mentioned), and
- GHSA-4m77-cmpx-vjc4 (JupyterLab 3.x and earlier not affected).
The reports for these from a bug bounty programme sponsored by European Commission.