rpm/python-ipython
SHA256
1
0
Fork 0
forked from pool/python-ipython
Code Pull Requests Activity

Accepting request 947647 from home:bnavigator:branches:devel:languages:python:jupyter

Browse Source 
- Update to 8.0.1
  * Security fix CVE-2022-21699: change some default values in
    order to prevent potential Execution with Unnecessary
    Privileges.
  * Almost all version of IPython looks for configuration and
    profiles in current working directory. Since IPython was
    developed before pip and environments existed it was used a
    convenient way to load code/packages in a project dependant
    way.
  * In 2022, it is not necessary anymore, and can lead to confusing
    behavior where for example cloning a repository and starting
    IPython or loading a notebook from any Jupyter-Compatible
    interface that has ipython set as a kernel can lead to code
    execution.
  * The current working directory is not searched anymore for
    profiles or configurations files.
  * Added a __patched_cves__ attribute (set of strings) to IPython
    module that contain the list of fixed CVE. This is
    informational only.

OBS-URL: https://build.opensuse.org/request/show/947647
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:jupyter/python-ipython?expand=0&rev=80
This commit is contained in:
Benjamin Greiner
2022-01-20 10:31:08 +00:00
committed by Git OBS Bridge
parent 718ec357b3
commit e11ff893c4
4 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
python-ipython.changes
View File

@@ -1,3 +1,26 @@
-------------------------------------------------------------------
Thu Jan 20 10:19:48 UTC 2022 - Ben Greiner <code@bnavigator.de>
- Update to 8.0.1
* Security fix CVE-2022-21699: change some default values in
order to prevent potential Execution with Unnecessary
Privileges.
* Almost all version of IPython looks for configuration and
profiles in current working directory. Since IPython was
developed before pip and environments existed it was used a
convenient way to load code/packages in a project dependant
way.
* In 2022, it is not necessary anymore, and can lead to confusing
behavior where for example cloning a repository and starting
IPython or loading a notebook from any Jupyter-Compatible
interface that has ipython set as a kernel can lead to code
execution.
* The current working directory is not searched anymore for
profiles or configurations files.
* Added a __patched_cves__ attribute (set of strings) to IPython
module that contain the list of fixed CVE. This is
informational only.
-------------------------------------------------------------------
Sat Jan 15 22:58:17 UTC 2022 - Ben Greiner <code@bnavigator.de>