Page MenuHomeSolus

Update jupyter notebook to 5.7.8
ClosedPublic

Authored by maverick1 on May 18 2019, 10:22 AM.

Details

Summary

Update jupyter notebook to 5.7.8
Changes

  • Fix regression in restarting kernels in 5.7.5. The restart handler would return before restart was completed.
  • Fix Open Redirect vulnerability (CVE-2019-10255) where certain malicious URLs could redirect from the Jupyter login page to a malicious site after a successful login.
  • Security fix for a cross-site inclusion (XSSI) vulnerability (CVE-2019–9644), where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server.
  • Fixe a bug in which the list_running_servers() function attempts to parse HTML files as JSON, and consequently crashes
  • Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been assigned CVE-2018-14041
  • Security fix preventing malicious directory names from being able to execute javascript.
  • Security fix preventing nbconvert endpoints from executing javascript with access to the server API.
Test Plan

Ran jupyter notebook and opened .ipnb files locally.

Diff Detail

Repository
R4602 python-notebook
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

maverick1 created this revision.May 18 2019, 10:22 AM
maverick1 requested review of this revision.May 18 2019, 10:22 AM
DataDrake accepted this revision.May 20 2019, 10:42 PM
DataDrake added a subscriber: DataDrake.

LGTM. Thanks!

This revision is now accepted and ready to land.May 20 2019, 10:42 PM
This revision was automatically updated to reflect the committed changes.