Safety vulnerability ID: 40385
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Kiwi TCMS 6.4 updates Patternfly to version 3.59.0, which deals with an XSS issue in bootstrap (CVE-2018-14041). By default session cookies will expire after 24 hours. This can now be controlled via the ``SESSION_COOKIE_AGE`` setting. See https://github.com/kiwitcms/Kiwi/issues/556.
Latest version: 7.3.2
Jupyter Notebook - A web-based notebook environment for interactive computing
- Launch the browser with a local file which redirects to the server
address including the authentication token ([4260](https://github.com/jupyter/notebook/pull/4260)). This prevents another logged-in user from stealing
the token from command line arguments and authenticating to the
server. The single-use token previously used to mitigate this has
been removed. Thanks to Dr. Owain Kenway for suggesting the local
file approach.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has
been assigned
[CVE-2018-14041](https://nvd.nist.gov/vuln/detail/CVE-2018-14041) ([4271](https://github.com/jupyter/notebook/pull/4271)).
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application