[IPython-dev] IPython 3.2 released, please upgrade
Kyle Kelley
rgbkrk at gmail.com
Mon Jun 22 13:07:33 EDT 2015
Hi everyone,
As soon as possible, please upgrade your IPython notebook installation to
3.2.
IPython 3.2 contains important security fixes. Users are strongly
encouraged to upgrade immediately.
Highlights:
* A security improvement that sets the secure attribute of the login cookie
to prevent them from being sent over http
* Revert the face color of matplotlib axes in the inline backend to not be
transparent
* Enable mathjax safe mode by default
* Fix XSS vulnerability in JSON error messages
* Various widget-related fixes
You can get the latest via pip using `pip install --upgrade
ipython[notebook]`. Stay tuned for conda/Anaconda package updates.
A CVE has been requested for the XSS vulnerability in
http://permalink.gmane.org/gmane.comp.security.oss.general/17131
Thank you to Ahmad Khan of IBM for reporting the XSS vulnerability and
Jason Grout for setting MathJax safe mode.
--
Kyle Kelley (@rgbkrk <https://twitter.com/rgbkrk>; lambdaops.com,
developer.rackspace.com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20150622/efe6d883/attachment.html>
More information about the IPython-dev
mailing list