Skip to content

Commit c231fd2

Browse files
minrkminrk
committed
changelog notes for 4.3.1
1 parent e98fba2 commit c231fd2

File tree

1 file changed

+24
-6
lines changed

1 file changed

+24
-6
lines changed

docs/source/changelog.rst

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,14 +10,22 @@ For more detailed information, see `GitHub <https://github.com/jupyter/notebook>
1010

1111
Use ``pip install notebook --upgrade`` or ``conda upgrade notebook`` to
1212
upgrade to the latest release.
13-
13+
14+
1415
.. _release-4.3.1:
1516

1617
4.3.1
1718
-----
1819

1920
4.3.1 is a patch release with a security patch, a couple bug fixes, and improvements to the newly-released token authentication.
2021

22+
**Security fix**:
23+
24+
- CVE-2016-9971. Fix CSRF vulnerability,
25+
where malicious forms could create untitled files and start kernels
26+
(no remote execution or modification of existing files)
27+
for users of certain browsers (Firefox, Internet Explorer / Edge).
28+
2129
Bug fixes:
2230

2331
- Fix carriage return handling
@@ -30,16 +38,25 @@ Other improvements:
3038
- Further highlight token info in log output when autogenerated
3139
- Add Authorization to allowed CORS headers
3240

33-
See the 4.3 milestone on GitHub for a complete list of
34-
`issues <https://github.com/jupyter/notebook/issues?utf8=%E2%9C%93&q=is%3Aissue%20milestone%3A4.3.1%20>`__
35-
and `pull requests <https://github.com/jupyter/notebook/pulls?utf8=%E2%9C%93&q=is%3Apr%20milestone%3A4.3.1%20>`__ involved in this release.
41+
See the 4.3.1 milestone on GitHub for a complete list of
42+
`issues <https://github.com/jupyter/notebook/issues?utf8=%E2%9C%93&q=is%3Aissue%20milestone%3A4.3.1>`__
43+
and `pull requests <https://github.com/jupyter/notebook/pulls?utf8=%E2%9C%93&q=is%3Apr%20milestone%3A4.3.1>`__ involved in this release.
3644

3745
.. _release-4.3:
3846

39-
4.3
40-
---
47+
4.3.0
48+
-----
4149

4250
4.3 is a minor release with many bug fixes and improvements.
51+
The biggest user-facing change is the addition of token authentication,
52+
which is enabled by default.
53+
A token is generated and used when your browser is opened automatically,
54+
so you shouldn't have to enter anything in the default circumstances.
55+
If you see a login page
56+
(e.g. by switching browsers, or launching on a new port with ``--no-browser``),
57+
you get a login URL with the token from the command ``jupyter notebook list``,
58+
which you can paste into your browser.
59+
4360

4461
Highlights:
4562

@@ -87,6 +104,7 @@ See the 4.3 milestone on GitHub for a complete list of
87104
`issues <https://github.com/jupyter/notebook/issues?utf8=%E2%9C%93&q=is%3Aissue%20milestone%3A4.3%20>`__
88105
and `pull requests <https://github.com/jupyter/notebook/pulls?utf8=%E2%9C%93&q=is%3Apr%20milestone%3A4.3%20>`__ involved in this release.
89106

107+
90108
.. _release-4.2.3:
91109

92110
4.2.3

0 commit comments

Comments
 (0)