mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2024-12-09 03:50:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Write release notes for 5.7.3

Browse Source
This commit is contained in:
Thomas Kluyver 2018-12-16 09:50:27 +01:00
parent 46a887f6e0
commit 35aa99324a
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docs/source/changelog.rst
View File

@ -21,6 +21,23 @@ We strongly recommend that you upgrade pip to version 9+ of pip before upgrading
Use ``pip install pip --upgrade`` to upgrade pip. Check pip version with
``pip --version``.
.. _release-5.7.3:
5.7.3
-----
5.7.3 contains one security improvement and one security fix:
- Launch the browser with a local file which redirects to the server address
including the authentication token (:ghpull:`4260`).
This prevents another logged-in user from stealing the token from command line
arguments and authenticating to the server.
The single-use token previously used to mitigate this has been removed.
Thanks to Dr. Owain Kenway for suggesting the local file approach.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
assigned `CVE-2018-14041 <https://nvd.nist.gov/vuln/detail/CVE-2018-14041>`_
(:ghpull:`4271`).
.. _release-5.7.2:
5.7.2