5.7.4 fixes a bug introduced in 5.7.3, in which the list_running_servers()
function attempts to parse HTML files as JSON, and consequently crashes
5.7.3 contains one security improvement and one security fix:
- Launch the browser with a local file which redirects to the server address
including the authentication token
This prevents another logged-in user from stealing the token from command line
arguments and authenticating to the server.
The single-use token previously used to mitigate this has been removed.
Thanks to Dr. Owain Kenway for suggesting the local file approach.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
assigned CVE-2018-14041
5.7.2
5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.
5.7.1
5.7.1 contains a security fix preventing nbconvert endpoints from executing javascript with access to the server API. CVE request pending.
5.7.0
New features:
- Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6
- Update jquery-ui to 1.12
- Check Host header to more securely protect localhost deployments from DNS rebinding.
This is a pre-emptive measure, not fixing a known vulnerability
Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
access.
- Allow access-control-allow-headers to be overridden
- Allow configuring max_body_size and max_buffer_size
- Allow configuring get_secure_cookie keyword-args
- Respect nbconvert entrypoints as sources for exporters
- Include translation sources in source distributions
- Various improvements to documentation
Fixing problems:
- Fix breadcrumb link when running with a base url
- Fix possible type error when closing activity stream
- Disable metadata editing for non-editable cells
- Fix some styling and alignment of prompts caused by regressions in 5.6.0.
- Enter causing page reload in shortcuts editor
- Fix uploading to the same file twice
5.5.0
New features:
The files list now shows file sizes
Add a quit button in the dashboard
Display hostname in the terminal when running remotely
Add slides exportation/download to the menu
Add any extra installed nbconvert exporters to the “Download as” menu
Editor: warning when overwriting a file that is modified on disk
Display a warning message if cookies are not enabled
Basic __version__ reporting for extensions
Add NotebookApp.terminals_enabled config option
Make buffer time between last modified on disk and last modified on last save configurable
Allow binding custom shortcuts for ‘close and halt’
Add description for ‘Trusted’ notification
Add settings['activity_sources']
Add an output_updated.OutputArea event
Fixing problems:
Fixes to improve web accessibility
Fixed color contrast issue in tree.less
Allow cancelling upload of large files
Don’t clear login cookie on requests without cookie
Don’t trash files on different device to home dir on Linux
Clear waiting asterisks when restarting kernel
Fix output prompt when execution_count missing
Make the ‘changed on disk’ dialog work when displayed twice
Fix going back to root directory with history in notebook list
Allow defining keyboard shortcuts for missing actions
Prevent default on pageup/pagedown when completer is active
Prevent default event handling on new terminal
ConfigManager should not write out default values found in the .d directory
Fix leak of iopub object in activity monitoring
Javascript lint in notebooklist.js
Some Javascript syntax fixes
Convert native for loop to Array.forEach()
Disable cache when downloading nbconvert output
Add missing digestmod arg to HMAC
Log OSErrors failing to create less-critical files during startup
Use powershell on Windows
API spec improvements, API handler improvements
Set notebook to dirty state after change to kernel metadata
Use CSP header to treat served files as belonging to a separate origin
Don’t install gettext into builtins
Add missing import _
Write notebook.json file atomically
Fix clicking with modifiers, page title updates
Upgrade jQuery to version 2.2
Upgrade xterm.js to 3.1.0
Upgrade moment.js to 2.19.3
Upgrade CodeMirror to 5.35
“Require” pyzmq>=17
5.4.1
A security release to fix CVE-2018-8768.
5.4.0
Fix creating files and folders after navigating directories in the dashboard
Enable printing notebooks in colour, removing the CSS that made everything black and white
Limit the completion options displayed in the notebook to 1000, to avoid performance issues with very long lists
Accessibility improvements in tree.html
Added alt-text to the kernel logo image in the notebook UI
Added a test on Travis CI to flag if symlinks are accidentally introduced in the future. This should prevent the issue that necessitated :ref:release-5.3.1
Use lowercase letters for random IDs generated in our Javascript
Removed duplicate code setting TextCell.notebook
5.2.1
Add more border width to codemirror cursor.
Fix nbconvert handler.
Fix the prompt_area argument of the output area constructor.
Handle a compound extension in new_untitled.
Allow disabling offline message buffering
5.2.0
Allow setting token via jupyter_token env.
Fix some errors caused by raising 403 in get_current_user.
Register contents_manager.files_handler_class directly.
Ensure that keyboard shortcuts are disabled when editing them.
Make all files in the dashboard editable by default and provide a whitelist of viewable file extensions.
The root directory of the notebook server should never be hidden.
Fix notebook require config to match tools/build-main.
Give page constructor default arguments.
Fix codemirror.less to match codemirror's expected padding layout.
Addx-xsrftoken to access-control-allow-headers.
Buffer messages when websocket connection is interrupted.
Load locale dynamically only when not en-us.
Changed key strength to 2048 bits.
Resyncjsversion with python version.
Allow copy operation on modified, read-only notebook.
Update error handling on apihandlers.
Test python 3.6 on travis, drop 3.3.
Avoid base64-literals in image tests.
Upgrade xterm.js to 2.9.2.
Changed all python variables named file to file_name to not override built_in file.
Add more doc tests.
Typos fix.
Rename and update license.
Travis builds doc.
Pull request i18n.
Factor out output_prompt_function, as is done with input prompt.
Use rfc5987 encoding for filenames.
Added path to the resources metadata, the same as in from_filename(...) in nbconvert.exporters.py.
Make "extrakeys" consistent for notebook and editor.
Bidi support.
The Jupyter Notebook is a web application that allows you to create
and share documents that contain live code, equations, visualizations,
and explanatory text. The Notebook has support for multiple
programming languages, sharing, and interactive widgets.
