CVE-2016–9971

Advisory

Notebook 4.3.1 includes a patch for a CSRF vulnerability.
https://github.com/jupyter/notebook/pull/1969
https://blog.jupyter.org/security-release-jupyter-notebook-4-3-1-808e1f3bb5e2

Affected package

Affected versions

Fixed versions

Vulnerability changelog

4.3.1 is a patch release with a security patch, a couple bug fixes, and improvements to the newly-released token authentication.

Bug fixes:
- Fix carriage return handling
- Make the font size more robust against fickle brow
- Ignore resize events that bubbled up and didn't come from window

Other improvements:
- Better docs for token-based authentication
- Further highlight token info in log output when autogenerated
- Add Authorization to allowed CORS headers

See the 4.3.1 milestone on GitHub for a complete list of [issues](https://github.com/jupyter/notebook/issues?utf8=%E2%9C%93&q=is%3Aissue%20milestone%3A4.3.1%20)
and [pull requests](https://github.com/jupyter/notebook/pulls?utf8=%E2%9C%93&q=is%3Apr%20milestone%3A4.3.1%20) involved in this release.

Resources

• https://pypi.org/project/notebook
• https://pyup.io/changelogs/notebook/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016–9971