Skip to content

Bump from jupyter_server >=2.10.0 to jupyter_server >=2.20.0 #2207

Merged
andy-maier merged 2 commits into
masterfrom
fix/jupyter-server-cve-2024-35178
Jul 10, 2026
Merged

Bump from jupyter_server >=2.10.0 to jupyter_server >=2.20.0 #2207
andy-maier merged 2 commits into
masterfrom
fix/jupyter-server-cve-2024-35178

Conversation

@vontedduchaithra

Copy link
Copy Markdown
Contributor

Fixes path traversal vulnerability in jupyter_server <=2.17.0.

Fixes path traversal vulnerability in jupyter_server <=2.17.0.

Signed-off-by: Vonteddu Chaithra <Vonteddu.Chaithra1@ibm.com>
@vontedduchaithra vontedduchaithra self-assigned this Jul 1, 2026
@coveralls

coveralls commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Coverage Status

coverage: 77.195%. first build — fix/jupyter-server-cve-2024-35178 into master

@vontedduchaithra vontedduchaithra added backport Create backport PR when PR gets merged dependencies Pull requests from dependabot python Pull requests that update python code labels Jul 1, 2026
@andy-maier andy-maier added this to the 1.26.0 milestone Jul 5, 2026
Comment thread changes/noissue.37.fix.rst
Comment thread changes/37.fix.rst Outdated
Signed-off-by: Vonteddu Chaithra <Vonteddu.Chaithra1@ibm.com>
@andy-maier andy-maier merged commit e1477ab into master Jul 10, 2026
11 checks passed
@andy-maier andy-maier deleted the fix/jupyter-server-cve-2024-35178 branch July 10, 2026 06:10
@github-actions

Copy link
Copy Markdown

Backport failed for stable_1.25, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin stable_1.25
git worktree add -d .worktree/backport-2207-to-stable_1.25 origin/stable_1.25
cd .worktree/backport-2207-to-stable_1.25
git switch --create backport-2207-to-stable_1.25
git cherry-pick -x e1477abff7b4c6071befac4d5dc71b9b03a86581

@andy-maier

Copy link
Copy Markdown
Member

Note that PR #2210 already had increased the version of jupiter_server to 2.20, because stating 2.10 was actually a mistake in an earlier PR. So this PR got reduced to just providing the change log entry, upon its merge.

andy-maier added a commit that referenced this pull request Jul 10, 2026
…2216)

* security: Bump jupyter_server >=2.20.0 on Python>=3.10 (CVE-2024-35178)

Fixes path traversal vulnerability in jupyter_server <=2.17.0.



* Addressed Review Comments



---------

Signed-off-by: Vonteddu Chaithra <Vonteddu.Chaithra1@ibm.com>
Co-authored-by: vontedduchaithra <90314288+vontedduchaithra@users.noreply.github.com>
Co-authored-by: Vonteddu Chaithra <Vonteddu.Chaithra1@ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport Create backport PR when PR gets merged dependencies Pull requests from dependabot python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants