4.2.2 is a small bugfix release on 4.2, with an important security fix.
All users are strongly encouraged to upgrade to 4.2.2.
> Highlights:
- **Security fix**: CVE-2016-6524, where untrusted latex output could
be added to the page in a way that could execute javascript.
- Fix missing POST in OPTIONS responses.
- Fix for downloading non-ascii filenames.
- Avoid clobbering ssl_options, so that users can specify more
detailed SSL configuration.
- Fix inverted load order in nbconfig, so user config has highest
priority.
- Improved error messages here and there.