Jupyter security issue Aug. 13, 2021

Resolution: 
Resolved

Please do not run any Jupyter applications at OSC until further notice due to a security vulnerability.

OSC will update JupyterLab and Jupyter Notebook applications to rectify this as soon as possible.

List of versions changed:

  • 0.35: removed because there is no official patch release.
  • 1.2: upgraded to 1.2.21
  • 2.1: replaced with 2.2.10 because there is no official patch release.
  • 3.0: upgraded to 3.0.17

References for more information:

https://blog.jupyter.org/cve-2021-32797-and-cve-2021-32798-remote-code-execution-in-jupyterlab-and-jupyter-notebook-a70fae0d3239

CVE-2021–32797 and CVE-2021–32798 Remote Code execution in JupyterLab and Jupyter Notebook

Resolved

Jupyter applications have been updated to patch security vulnerabilities.

  • Version 0.35 of Jupyter has been dropped as there is no patch available for that version.
  • Version 1.2 has been updated to 1.2.21.
  • Version 2.1 has been replaced by 2.2.
  • Version 3.0 has been updated to 3.0.17.

Exentensions that were built for 3.0 will likely need to be rebuilt by running the jupyter lab build command in a terminal within the Jupyter application.