- Update to 2.11.2: Fix GHSA-h56g-gq9v-vc8r, CVE-2023-49080,

boo#1217809 * Unhandled errors in API requests include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. * jupyter-server no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. - Release 2.11.1 * avoid unhandled error on some invalid paths #1369 (@minrk) * Change md5 to hash and hash_algorithm, fix incompatibility #1367 (@Wh1isper) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:jupyter/python-jupyter-server?expand=0&rev=79
2023-12-05 10:04:58 +00:00 · 2023-12-05 10:04:58 +00:00 · c696cbc19a
commit c696cbc19a
parent c228aefe16
4 changed files with 23 additions and 4 deletions
--- a/jupyter_server-2.11.0.tar.gz
+++ b/jupyter_server-2.11.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:78c97ec8049f9062f0151725bc8a1364dfed716646a66819095e0e8a24793eba
-size 710596
--- a/jupyter_server-2.11.2.tar.gz
+++ b/jupyter_server-2.11.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0c99f9367b0f24141e527544522430176613f9249849be80504c6d2b955004bb
+size 712617
--- a/python-jupyter-server.changes
+++ b/python-jupyter-server.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Dec  5 09:59:47 UTC 2023 - Ben Greiner <code@bnavigator.de>
+
+- Update to 2.11.2: Fix GHSA-h56g-gq9v-vc8r, CVE-2023-49080,
+  boo#1217809
+  * Unhandled errors in API requests include traceback information,
+    which can include path information. There is no known mechanism
+    by which to trigger these errors without authentication, so the
+    paths revealed are not considered particularly sensitive, given
+    that the requesting user has arbitrary execution permissions
+    already in the same environment.
+  * jupyter-server no longer includes traceback information in JSON
+    error responses. For compatibility, the traceback field is
+    present, but always empty.
+- Release 2.11.1
+  * avoid unhandled error on some invalid paths #1369 (@minrk)
+  * Change md5 to hash and hash_algorithm, fix incompatibility
+    #1367 (@Wh1isper)
+
 -------------------------------------------------------------------
 Sun Nov 26 16:16:36 UTC 2023 - Ben Greiner <code@bnavigator.de>

--- a/python-jupyter-server.spec
+++ b/python-jupyter-server.spec
@ -32,7 +32,7 @@
 %endif

 Name:           python-jupyter-server%{psuffix}
-Version:        2.11.0
+Version:        2.11.2
 Release:        0
 Summary:        The backend to Jupyter web applications
 License:        BSD-3-Clause