dafbf9de71
6.0.1 - Attempt to re-establish websocket connection to Gateway - Add missing react-dom js to package data 6.0 This is the first major release of the Jupyter Notebook since version 5.0 (March 2017). We encourage users to start trying JupyterLab, which has just announced it's 1.0 release in preparation for a future transition. - Remove Python 2.x support in favor of Python 3.5 and higher. - Multiple accessibility enhancements and bug-fixes. - Multiple translation enhancements and bug-fixes. - Remove deprecated ANSI CSS styles. - Native support to forward requests to Jupyter Gateway(s) (Embedded NB2KG). - Use JavaScript to redirect users to notebook homepage. - Enhanced SSL/TLS security by using PROTOCOL_TLS which selects the highest ssl/tls protocol version available that both the client and server support. When PROTOCOL_TLS is not available use PROTOCOL_SSLv23. - Add ?no_track_activity=1 argument to allow API requests. to not be registered as activity (e.g. API calls by external activity monitors). - Kernels shutting down due to an idle timeout is no longer considered an activity-updating event. - Further improve compatibility with tornado 6 with improved checks for when websockets are closed. - Launch the browser with a local file which redirects to the server address including the authentication token. This prevents another logged-in user from stealing the token from command line arguments and authenticating to the server. The single-use token previously used to mitigate this has been removed. Thanks to Dr. Owain Kenway for suggesting the local file approach. - Respect nbconvert entrypoints as sources for exporters - Update to CodeMirror to 5.37, which includes f-string syntax for Python 3.6. - Update jquery-ui to 1.12 - Execute cells by clicking icon in input prompt. - New "Save as" menu option. - When serving on a loopback interface, protect against DNS rebinding by checking the Host header from the browser. This check can be disabled if necessary by setting NotebookApp.allow_remote_access. (Disabled by default while we work out some Mac issues in :ghissue:3754). - Add kernel_info_timeout traitlet to enable restarting slow kernels. - Add custom_display_host config option to override displayed URL. - Add /metrics endpoint for Prometheus Metrics. - Optimize large file uploads. - Allow access control headers to be overriden in jupyter_notebook_config.py to support greater CORS and proxy configuration flexibility. - Add support for terminals on windows. - Add a "restart and run all" button to the toolbar. - Frontend/extension-config: allow default json files in a .d directory. - Allow setting token via jupyter_token env. - Cull idle kernels using --MappingKernelManager.cull_idle_timeout. - Allow read-only notebooks to be trusted. - Convert JS tests to Selenium. Security Fixes included in previous minor releases of Jupyter Notebook and also included in version 6.0. - Fix Open Redirect vulnerability (CVE-2019-10255) where certain malicious URLs could redirect from the Jupyter login page to a malicious site after a successful login. - Contains a security fix for a cross-site inclusion (XSSI) vulnerability (CVE-2019–9644), where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server. The fix involves setting the X-Content-Type-Options: nosniff header, and applying CSRF checks previously on all non-GET API requests to GET requests to API endpoints and the /files/ endpoint. - Check Host header to more securely protect localhost deployments from DNS rebinding. This is a pre-emptive measure, not fixing a known vulnerability. Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure access. - Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been assigned CVE-2018-14041 <https://nvd.nist.gov/vuln/detail/CVE-2018-14041>_. - Contains a security fix preventing malicious directory names from being able to execute javascript. - Contains a security fix preventing nbconvert endpoints from executing javascript with access to the server API. CVE request pending.
6 lines
411 B
Text
6 lines
411 B
Text
$NetBSD: distinfo,v 1.11 2019/08/22 08:23:27 adam Exp $
|
|
|
|
SHA1 (notebook-6.0.1.tar.gz) = b9e62e669c28c318e0fec6c7ea4cb52de7e06232
|
|
RMD160 (notebook-6.0.1.tar.gz) = 9c661bb817d2186e37bd27ca2acb8ec5c4699935
|
|
SHA512 (notebook-6.0.1.tar.gz) = d159bd95148661ca1a1063eff8c51047a0024bc320dacf00d88cc01f90cb1e6e607ea4ae41ed6938f770b294e9bcae0b24387d48c5c005822443979f88378aa9
|
|
Size (notebook-6.0.1.tar.gz) = 13419800 bytes
|