HomeSolus

Update jupyter notebook to 5.7.8

Authored by maverick1 on May 20 2019, 10:43 PM.

Description

Update jupyter notebook to 5.7.8

Summary:
Update jupyter notebook to 5.7.8
Changes

  • Fix regression in restarting kernels in 5.7.5. The restart handler would return before restart was completed.
  • Fix Open Redirect vulnerability (CVE-2019-10255) where certain malicious URLs could redirect from the Jupyter login page to a malicious site after a successful login.
  • Security fix for a cross-site inclusion (XSSI) vulnerability (CVE-2019–9644), where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server.
  • Fixe a bug in which the list_running_servers() function attempts to parse HTML files as JSON, and consequently crashes
  • Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been assigned CVE-2018-14041
  • Security fix preventing malicious directory names from being able to execute javascript.
  • Security fix preventing nbconvert endpoints from executing javascript with access to the server API.

Test Plan: Ran jupyter notebook and opened .ipnb files locally.

Reviewers: Triage Team, DataDrake

Reviewed By: Triage Team, DataDrake

Subscribers: DataDrake

Differential Revision: https://dev.getsol.us/D6318

Details

Committed
DataDrakeMay 20 2019, 10:46 PM
Pushed
DataDrakeMay 20 2019, 10:46 PM
Reviewer
Triage Team
Differential Revision
D6318: Update jupyter notebook to 5.7.8
Parents
R4602:f1b19b4d080f: Initial inclusion of python-notebook in repo, fixes T5049
Branches
Unknown
Tags
Unknown
References
tag: python-notebook-5.7.8-2