Package Release Info


Update Info: Base Release
Available in Package Hub : 15 SP3





Change Logs

* Mon Jan 04 2021 Markéta Machová <>
- Fix boo#1180458 (CVE-2020-26215) with CVE-2020-26215.patch
Version: 5.7.8-bp152.1.12
* Tue Mar 17 2020 Tomá? Chvátal <>
- Fixup to build with the TW based packages.
* Tue May 28 2019 Jan Engelhardt <>
- Use noun phrase in summary.
* Fri May 24 2019 Todd R <>
- Add a jupyter-specific language package
* Wed May 22 2019 Todd R <>
- Split directories and macros into separate package.
- Make lang subpackage python version-specific
* Wed May 15 2019 Todd R <>
- Add conflicts to jupyter subpackage to more explicitly handle
  file overlaps with old naming scheme.
* Thu Apr 25 2019 Todd R <>
- Update to 5.7.8
  * Fix regression in restarting kernels in 5.7.5.
    The restart handler would return before restart was completed.
  * Further improve compatibility with tornado 6 with improved
    checks for when websockets are closed.
  * Fix regression in 5.7.6 on Windows where .js files could have the wrong mime-type.
  * Fix Open Redirect vulnerability (CVE-2019-10255)
    where certain malicious URLs could redirect from the Jupyter login page
    to a malicious site after a successful login.
    5.7.7 contained only a partial fix for this issue.
- Rename to to match python package naming guidelines.
- Split jupyter components into own subpackage.
- Add rpm macros.
* Mon Apr 01 2019 Todd R <>
- Fix doc url
* Sat Mar 30 2019 Arun Persaud <>
- update to version 5.7.7:
  * Fix regression in restarting kernels in 5.7.5. The restart handler
    would return before restart was completed.
  * Further improve compatibility with tornado 6 with improved checks
    for when websockets are closed.
  * Fix regression in 5.7.6 on Windows where .js files could have the
    wrong mime-type.
  * Fix Open Redirect vulnerability where certain malicious URLs could
    redirect from the Jupyter login page to a malicious site after a
    successful login. A CVE has been requested for this vulnerability.
* Sun Mar 10 2019 Arun Persaud <>
- update to version 5.7.6:
  * 5.7.6 contains a security fix for a cross-site inclusion (XSSI)
    vulnerability, where files at a known URL could be included in a
    page from an unauthorized website if the user is logged into a
    Jupyter server. The fix involves setting the
    X-Content-Type-Options: nosniff header, and applying CSRF checks
    previously on all non-GET API requests to GET requests to API
    endpoints and the /files/ endpoint.
    The attacking page is able to access some contents of files when
    using Internet Explorer through script errors, but this has not
    been demonstrated with other browsers. A CVE has been requested
    for this vulnerability.
* Sat Mar 09 2019 Arun Persaud <>
- update to version 5.7.5:
  * Fix compatibility with tornado 6 (:ghpull:`4392`, :ghpull:`4449`).
  * Fix opening integer filedescriptor during startup on Python 2
  * Fix compatibility with asynchronous KernelManager.restart_kernel
    methods (:ghpull:`4412`)
* Fri Jan 11 2019
- Update requirements: python-jupyter_core >= 4.4.0, python-terminado >= 0.8.1.
* Wed Jan 09 2019 Jan Engelhardt <>
- Fix {name} -> %{name}
* Fri Jan 04 2019 Todd R <>
- Update to 5.7.4
  * fixes a bug introduced in 5.7.3, in which the ``list_running_servers()``
    function attempts to parse HTML files as JSON, and consequently crashes
- Update to 5.7.3
  * Launch the browser with a local file which redirects to the server address
    including the authentication token (:ghpull:`4260`).
    This prevents another logged-in user from stealing the token from command line
    arguments and authenticating to the server.
    The single-use token previously used to mitigate this has been removed.
    Thanks to Dr. Owain Kenway for suggesting the local file approach.
  * Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
    assigned `CVE-2018-14041 <>`_
* Sat Nov 24 2018 Arun Persaud <>
- update to version 5.7.2:
  * 5.7.2 contains a security fix preventing malicious directory names
    from being able to execute javascript. CVE request pending.
- changes from version 5.7.1:
  * 5.7.1 contains a security fix preventing nbconvert endpoints from
    executing javascript with access to the server API. CVE request
* Fri Sep 28 2018 Todd R <>
- Update to version 5.7.0
  + New features:
  * Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6 (:ghpull:`3816`)
  * Update jquery-ui to 1.12 (:ghpull:`3836`)
  * Check Host header to more securely protect localhost deployments from DNS rebinding.
    This is a pre-emptive measure, not fixing a known vulnerability (:ghpull:`3766`).
    Use ``.NotebookApp.allow_remote_access`` and ``.NotebookApp.local_hostnames`` to configure
  * Allow access-control-allow-headers to be overridden (:ghpull:`3886`)
  * Allow configuring max_body_size and max_buffer_size (:ghpull:`3829`)
  * Allow configuring get_secure_cookie keyword-args (:ghpull:`3778`)
  * Respect nbconvert entrypoints as sources for exporters (:ghpull:`3879`)
  * Include translation sources in source distributions (:ghpull:`3925`, :ghpull:`3931`)
  * Various improvements to documentation (:ghpull:`3799`, :ghpull:`3800`,
    :ghpull:`3806`, :ghpull:`3883`, :ghpull:`3908`)
  + Fixing problems:
  * Fix breadcrumb link when running with a base url (:ghpull:`3905`)
  * Fix possible type error when closing activity stream (:ghpull:`3907`)
  * Disable metadata editing for non-editable cells (:ghpull:`3744`)
  * Fix some styling and alignment of prompts caused by regressions in 5.6.0.
  * Enter causing page reload in shortcuts editor (:ghpull:`3871`)
  * Fix uploading to the same file twice (:ghpull:`3712`)
  * Drop -doc subpackage.  Use pre-built upstream docs instead.
* Thu Aug 02 2018
- Update to version 5.6.0
  + New features:
  * Execute cells by clicking icon in input prompt (:ghpull:`3535`, :ghpull:`3687`)
  * New "Save as" menu option (:ghpull:`3289`)
  * When serving on a loopback interface, protect against DNS rebinding by
    checking the ``Host`` header from the browser (:ghpull:`3714`).
    This check can be disabled if necessary by setting
    (Disabled by default while we work out some Mac issues in :ghissue:`3754`).
  * Add kernel_info_timeout traitlet to enable restarting slow kernels (:ghpull:`3665`)
  * Add ``custom_display_host`` config option to override displayed URL (:ghpull:`3668`)
  * Add /metrics endpoint for Prometheus Metrics (:ghpull:`3490`)
  * Update to MathJax 2.7.4 (:ghpull:`3751`)
  * Update to jQuery 3.3 (:ghpull:`3655`)
  * Update marked to 0.4 (:ghpull:`3686`)
  + Fixing problems:
  * Don't duplicate token in displayed URL (:ghpull:`3656`)
  * Clarify displayed URL when listening on all interfaces (:ghpull:`3703`)
  * Don't trash non-empty directories on Windows (:ghpull:`3673`)
  * Include LICENSE file in wheels (:ghpull:`3671`)
- Don't show "0 active kernels" when starting the notebook (:ghpull:`3696`)
  + Testing:
  * Add find replace test (:ghpull:`3630`)
  * Selenium test for deleting all cells (:ghpull:`3601`)
  * Make creating a new notebook more robust (:ghpull:`3726`)
* Tue May 29 2018
- Update to version 5.5.0
  + New features:
  * The files list now shows file sizes (:ghpull:`3539`)
  * Add a quit button in the dashboard (:ghpull:`3004`)
  * Display hostname in the terminal when running remotely (:ghpull:`3356`, :ghpull:`3593`)
  * Add slides exportation/download to the menu (:ghpull:`3287`)
  * Add any extra installed nbconvert exporters to the "Download as" menu (:ghpull:`3323`)
  * Editor: warning when overwriting a file that is modified on disk (:ghpull:`2783`)
  * Display a warning message if cookies are not enabled (:ghpull:`3511`)
  * Basic ``__version__`` reporting for extensions (:ghpull:`3541`)
  * Add ``NotebookApp.terminals_enabled`` config option (:ghpull:`3478`)
  * Make buffer time between last modified on disk and last modified on last save configurable (:ghpull:`3273`)
  * Allow binding custom shortcuts for 'close and halt' (:ghpull:`3314`)
  * Add description for 'Trusted' notification (:ghpull:`3386`)
  * Add ``settings['activity_sources']`` (:ghpull:`3401`)
  * Add an ``output_updated.OutputArea`` event (:ghpull:`3560`)
  + Fixing problems:
  * Fixes to improve web accessibility (:ghpull:`3507`)
    There is more to do on this! See :ghissue:`1801`.
  * Fixed color contrast issue in tree.less (:ghpull:`3336`)
  * Allow cancelling upload of large files (:ghpull:`3373`)
  * Don't clear login cookie on requests without cookie (:ghpull:`3380`)
  * Don't trash files on different device to home dir on Linux (:ghpull:`3304`)
  * Clear waiting asterisks when restarting kernel (:ghpull:`3494`)
  * Fix output prompt when ``execution_count`` missing (:ghpull:`3236`)
  * Make the 'changed on disk' dialog work when displayed twice (:ghpull:`3589`)
  * Fix going back to root directory with history in notebook list (:ghpull:`3411`)
  * Allow defining keyboard shortcuts for missing actions (:ghpull:`3561`)
  * Prevent default on pageup/pagedown when completer is active (:ghpull:`3500`)
  * Prevent default event handling on new terminal (:ghpull:`3497`)
  * ConfigManager should not write out default values found in the .d directory (:ghpull:`3485`)
  * Fix leak of iopub object in activity monitoring (:ghpull:`3424`)
  * Javascript lint in notebooklist.js (:ghpull:`3409`)
  * Some Javascript syntax fixes (:ghpull:`3294`)
  * Convert native for loop to ``Array.forEach()`` (:ghpull:`3477`)
  * Disable cache when downloading nbconvert output (:ghpull:`3484`)
  * Add missing digestmod arg to HMAC (:ghpull:`3399`)
  * Log OSErrors failing to create less-critical files during startup (:ghpull:`3384`)
  * Use powershell on Windows (:ghpull:`3379`)
  * API spec improvements, API handler improvements (:ghpull:`3368`)
  * Set notebook to dirty state after change to kernel metadata (:ghpull:`3350`)
  * Use CSP header to treat served files as belonging to a separate origin (:ghpull:`3341`)
  * Don't install gettext into builtins (:ghpull:`3330`)
  * Add missing ``import _`` (:ghpull:`3316`, :ghpull:`3326`)
  * Write ``notebook.json`` file atomically (:ghpull:`3305`)
  * Fix clicking with modifiers, page title updates (:ghpull:`3282`)
  * Upgrade jQuery to version 2.2 (:ghpull:`3428`)
  * Upgrade xterm.js to 3.1.0 (:ghpull:`3189`)
  * Upgrade moment.js to 2.19.3 (:ghpull:`3562`)
  * Upgrade CodeMirror to 5.35 (:ghpull:`3372`)
  * "Require" pyzmq>=17 (:ghpull:`3586`)
  + Documentation:
  * Documentation updates and organisation (:ghpull:`3584`)
  * Add section in docs about privacy (:ghpull:`3571`)
  * Add explanation on how to change the type of a cell to Markdown (:ghpull:`3377`)
  * Update docs with confd implementation details (:ghpull:`3520`)
  * Add more information for where ```` is located (:ghpull:`3346`)
  * Document options to enable nbextensions in specific sections (:ghpull:`3525`)
  * jQuery attribute selector value MUST be surrounded by quotes (:ghpull:`3527`)
  * Do not execute special notebooks with nbsphinx (:ghpull:`3360`)
  * Other minor fixes in :ghpull:`3288`, :ghpull:`3528`, :ghpull:`3293`, :ghpull:`3367`
  + Testing:
  * Testing with Selenium & Sauce labs (:ghpull:`3321`)
  * Selenium utils + markdown rendering tests (:ghpull:`3458`)
  * Convert insert cell tests to Selenium (:ghpull:`3508`)
  * Convert prompt numbers tests to Selenium (:ghpull:`3554`)
  * Convert delete cells tests to Selenium (:ghpull:`3465`)
  * Convert undelete cell tests to Selenium (:ghpull:`3475`)
  * More selenium testing utilities (:ghpull:`3412`)
  * Only check links when build is trigger by Travis Cron job (:ghpull:`3493`)
  * Fix Appveyor build errors (:ghpull:`3430`)
  * Undo patches in teardown before attempting to delete files (:ghpull:`3459`)
  * Get tests running with tornado 5 (:ghpull:`3398`)
  * Unpin ipykernel version on Travis (:ghpull:`3223`)
* Thu Apr 19 2018
- Update to version 5.4.1
  * A security release to fix CVE-2018-8768.
* Wed Feb 28 2018
- Package directory needed by jupyterlab
* Thu Feb 15 2018
- Package additional directories.