mirror of
https://github.com/jupyterhub/jupyterhub.git
synced 2025-10-11 12:03:00 +00:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
6a4900c468 | ||
|
|
efbb692540 | ||
|
|
244ab813fe |
@@ -9,6 +9,14 @@ command line for details.
|
|||||||
|
|
||||||
## 0.9
|
## 0.9
|
||||||
|
|
||||||
|
### [0.9.5] 2019-03-28
|
||||||
|
|
||||||
|
JupyterHub 0.9.5 is a security release.
|
||||||
|
|
||||||
|
- Fixes an Open Redirect vulnerability on some browsers
|
||||||
|
which improperly handle backslashes in URLs (Chrome).
|
||||||
|
A CVE has been requested for this vulnerability.
|
||||||
|
|
||||||
### [0.9.4] 2018-09-24
|
### [0.9.4] 2018-09-24
|
||||||
|
|
||||||
JupyterHub 0.9.4 is a small bugfix release.
|
JupyterHub 0.9.4 is a small bugfix release.
|
||||||
@@ -426,7 +434,8 @@ Fix removal of `/login` page in 0.4.0, breaking some OAuth providers.
|
|||||||
First preview release
|
First preview release
|
||||||
|
|
||||||
|
|
||||||
[Unreleased]: https://github.com/jupyterhub/jupyterhub/compare/0.9.4...HEAD
|
[Unreleased]: https://github.com/jupyterhub/jupyterhub/compare/0.9.5...HEAD
|
||||||
|
[0.9.5]: https://github.com/jupyterhub/jupyterhub/compare/0.9.4...0.9.5
|
||||||
[0.9.4]: https://github.com/jupyterhub/jupyterhub/compare/0.9.3...0.9.4
|
[0.9.4]: https://github.com/jupyterhub/jupyterhub/compare/0.9.3...0.9.4
|
||||||
[0.9.3]: https://github.com/jupyterhub/jupyterhub/compare/0.9.2...0.9.3
|
[0.9.3]: https://github.com/jupyterhub/jupyterhub/compare/0.9.2...0.9.3
|
||||||
[0.9.2]: https://github.com/jupyterhub/jupyterhub/compare/0.9.1...0.9.2
|
[0.9.2]: https://github.com/jupyterhub/jupyterhub/compare/0.9.1...0.9.2
|
||||||
|
|||||||
@@ -6,7 +6,7 @@
|
|||||||
version_info = (
|
version_info = (
|
||||||
0,
|
0,
|
||||||
9,
|
9,
|
||||||
4,
|
5,
|
||||||
"", # release (b1, rc1, or "" for final or dev)
|
"", # release (b1, rc1, or "" for final or dev)
|
||||||
# "dev", # dev or nothing
|
# "dev", # dev or nothing
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -427,6 +427,8 @@ class BaseHandler(RequestHandler):
|
|||||||
- else: /hub/home
|
- else: /hub/home
|
||||||
"""
|
"""
|
||||||
next_url = self.get_argument('next', default='')
|
next_url = self.get_argument('next', default='')
|
||||||
|
# protect against some browsers' buggy handling of backslash as slash
|
||||||
|
next_url = next_url.replace('\\', '%5C')
|
||||||
if (next_url + '/').startswith(
|
if (next_url + '/').startswith(
|
||||||
(
|
(
|
||||||
'%s://%s/' % (self.request.protocol, self.request.host),
|
'%s://%s/' % (self.request.protocol, self.request.host),
|
||||||
|
|||||||
Reference in New Issue
Block a user