mirror of
https://github.com/jupyterhub/jupyterhub.git
synced 2025-10-10 19:43:01 +00:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
6a4900c468 | ||
|
|
efbb692540 | ||
|
|
244ab813fe |
@@ -9,6 +9,14 @@ command line for details.
|
||||
|
||||
## 0.9
|
||||
|
||||
### [0.9.5] 2019-03-28
|
||||
|
||||
JupyterHub 0.9.5 is a security release.
|
||||
|
||||
- Fixes an Open Redirect vulnerability on some browsers
|
||||
which improperly handle backslashes in URLs (Chrome).
|
||||
A CVE has been requested for this vulnerability.
|
||||
|
||||
### [0.9.4] 2018-09-24
|
||||
|
||||
JupyterHub 0.9.4 is a small bugfix release.
|
||||
@@ -426,7 +434,8 @@ Fix removal of `/login` page in 0.4.0, breaking some OAuth providers.
|
||||
First preview release
|
||||
|
||||
|
||||
[Unreleased]: https://github.com/jupyterhub/jupyterhub/compare/0.9.4...HEAD
|
||||
[Unreleased]: https://github.com/jupyterhub/jupyterhub/compare/0.9.5...HEAD
|
||||
[0.9.5]: https://github.com/jupyterhub/jupyterhub/compare/0.9.4...0.9.5
|
||||
[0.9.4]: https://github.com/jupyterhub/jupyterhub/compare/0.9.3...0.9.4
|
||||
[0.9.3]: https://github.com/jupyterhub/jupyterhub/compare/0.9.2...0.9.3
|
||||
[0.9.2]: https://github.com/jupyterhub/jupyterhub/compare/0.9.1...0.9.2
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
version_info = (
|
||||
0,
|
||||
9,
|
||||
4,
|
||||
5,
|
||||
"", # release (b1, rc1, or "" for final or dev)
|
||||
# "dev", # dev or nothing
|
||||
)
|
||||
|
||||
@@ -427,6 +427,8 @@ class BaseHandler(RequestHandler):
|
||||
- else: /hub/home
|
||||
"""
|
||||
next_url = self.get_argument('next', default='')
|
||||
# protect against some browsers' buggy handling of backslash as slash
|
||||
next_url = next_url.replace('\\', '%5C')
|
||||
if (next_url + '/').startswith(
|
||||
(
|
||||
'%s://%s/' % (self.request.protocol, self.request.host),
|
||||
|
||||
Reference in New Issue
Block a user