Jupyter Notebook has had a couple more minor releases. 5.7.3 made some security improvements:
1. Jupyter now launches your browser by opening an HTML file which redirects to the server with the authentication token. This eliminates a window of time in which another logged-in user could see the authentication token in command line arguments and authenticate with it before the real user. Thanks to Dr. Owain Kenway for suggesting this technique. 2. Bootstrap is upgraded from 3.3 to 3.4, which includes a fix for an XSS vulnerability. We haven't investigated how this vulnerability might affect Jupyter. After releasing 5.7.3, we found that the newly written HTML files for point 1 cause a problem for 'jupyter notebook list'. 5.7.4 fixes this. You can upgrade now with pip: pip install --upgrade notebook Or conda (from conda-forge); conda update notebook -- You received this message because you are subscribed to the Google Groups "Project Jupyter" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/CAOvn4qhFXG_oZTV%2BhTKuRP1Cbm3qqwszmQjxX8eQMdzKMmc1mg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
