SECURITY UPDATE JUPYTERLAB & JUPYTER NOTEBOOK
It is recommended to run the following versions:
Jupyter Notebook 6.4.1 or above, 5.7.11 or above.
Jupyter Lab 3.1.4 or above, 3.0.17 or above, 2.3.2 or above, 2.2.10 or above , 1.2.21 or above
It was discovered on Tuesday, July 20th that an untrusted notebook could execute code on load. This is a remote code execution but requires user action to open a notebook. To avoid this it is recommended that users install Jupyter Notebook 6.4.1 or above, 5.7.11 or above and for Jupyter Lab 3.1.4 or above, 3.0.17 or above, 2.3.2 or above, 2.2.10 or above, 1.2.21 or above.
Thanks to the efforts of community members these issues are being resolved and more updates are to follow. Here are some of the contributors who are heading up these efforts, we appreciate all the hard work they are doing: Matthias Bussonnier (Quansight), Guillaume Jeanne (Google), Timo Schmid (Google), Steve Silvester (Apple), Afshin Darian (Two Sigma), and Zach Sailer (Apple).
For answers to questions about these issues or for more information about deploying the new version, contact us at firstname.lastname@example.org.
Read the full original post here: https://blog.jupyter.org/cve-2021-32797-and-cve-2021-32798-remote-code-execution-in-jupyterlab-and-jupyter-notebook-a70fae0d3239