Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[enhancement] Update to JupyterHub 1.5.0 #926

Closed
pierrotsmnrd opened this issue Nov 17, 2021 · 3 comments
Closed

[enhancement] Update to JupyterHub 1.5.0 #926

pierrotsmnrd opened this issue Nov 17, 2021 · 3 comments
Assignees
@danlester
Labels
type: bug 🐛 Something isn't working type: enhancement 💅🏼 New feature or request
Milestone
Release v0.4.0

Comments

@pierrotsmnrd
Copy link
Contributor

Description

JupyterHub 1.5.0 has been released and contains a security fix :

JupyterHub 1.5 is a security release, fixing a vulnerability ghsa-cw7p-q79f-m2v7 where JupyterLab users with multiple tabs open could fail to logout completely, leaving their browser with valid credentials until they logout again.

QHub must be updated to use JupyterHub 1.5.0 to include this fix.
@pierrotsmnrd pierrotsmnrd added type: enhancement 💅🏼 New feature or request type: bug 🐛 Something isn't working labels Nov 17, 2021
@danlester
Copy link
Contributor

This would mean upgrading to use z2jh Helm chart version 1.2.0 - see https://jupyterhub.github.io/helm-chart/

@danlester danlester added this to the Release v0.4.0 milestone Nov 19, 2021
@danlester danlester self-assigned this Nov 19, 2021
@danlester
Copy link
Contributor

By the way, to fix the vulnerability we (only) need to update the jupyterhub in the user environment:
https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/04de3447397bb85b495d0302984d36c61bc75da5/CHANGELOG.md

@danlester
Copy link
Contributor

The new Helm chart is available in my authstate branch if anyone wants to try it. Seems to work so far on GCP.

But for some reason on Digital Ocean, JupyterHub couldn't reach the Keycloak API. Will try again.

@danlester danlester mentioned this issue Nov 26, 2021
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danlester danlester

Labels
type: bug 🐛 Something isn't working type: enhancement 💅🏼 New feature or request
Projects
None yet
Milestone
Release v0.4.0
Development

No branches or pull requests
2 participants
@pierrotsmnrd @danlester