Bump to 4.1.3

Merge pull request #4754 from minrk/413
changelog for 4.1.3
2025-10-14 13:33:00 +00:00 · 2024-03-26 10:07:04 +01:00 · 2024-03-26 10:06:38 +01:00 · 2024-03-26 09:44:07 +01:00 · 2024-03-26 09:42:54 +01:00 · 2024-03-26 08:55:15 +01:00
5 changed files with 23 additions and 4 deletions
--- a/docs/source/_static/rest-api.yml
+++ b/docs/source/_static/rest-api.yml
@@ -6,7 +6,7 @@ info:
  description: The REST API for JupyterHub
  license:
    name: BSD-3-Clause
-  version: 4.1.2
+  version: 4.1.3
 servers:
  - url: /hub/api
 security:
--- a/docs/source/reference/changelog.md
+++ b/docs/source/reference/changelog.md
@@ -10,6 +10,23 @@ command line for details.
 ## 4.1
 ### 4.1.3 - 2024-03-26
 ([full changelog](https://github.com/jupyterhub/jupyterhub/compare/4.1.2...4.1.3))
 #### Bugs fixed
 - respect jupyter-server disable_check_xsrf setting [#4753](https://github.com/jupyterhub/jupyterhub/pull/4753) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio))
 #### Contributors to this release
 The following people contributed discussions, new ideas, code and documentation contributions, and review.
 See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports).
 ([GitHub contributors page for this release](https://github.com/jupyterhub/jupyterhub/graphs/contributors?from=2024-03-25&to=2024-03-26&type=c))
@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fjupyterhub+involves%3AconsideRatio+updated%3A2024-03-25..2024-03-26&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fjupyterhub+involves%3Aminrk+updated%3A2024-03-25..2024-03-26&type=Issues))
 ### 4.1.2 - 2024-03-25
 4.1.2 fixes a regression in 4.1.0 affecting named servers.
--- a/jupyterhub/_version.py
+++ b/jupyterhub/_version.py
@@ -3,7 +3,7 @@
 # Copyright (c) Jupyter Development Team.
 # Distributed under the terms of the Modified BSD License.
 # version_info updated by running `tbump`
-version_info = (4, 1, 2, "", "")
+version_info = (4, 1, 3, "", "")
 # pep 440 version: no dot before beta/rc, but before .dev
 # 0.1.0rc1
--- a/jupyterhub/services/auth.py
+++ b/jupyterhub/services/auth.py
@@ -931,7 +931,9 @@ class HubOAuth(HubAuth):
        Applies JupyterHub check_xsrf_cookie if not token authenticated
        """
-        if getattr(handler, '_token_authenticated', False):
+        if getattr(handler, '_token_authenticated', False) or handler.settings.get(
            "disable_check_xsrf", False
        ):
            return
        check_xsrf_cookie(handler)
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,7 +43,7 @@ target_version = [
 github_url = "https://github.com/jupyterhub/jupyterhub"
 [tool.tbump.version]
-current = "4.1.2"
+current = "4.1.3"
 # Example of a semver regexp.
 # Make sure this matches current_version before
Author	SHA1	Message	Date
Min RK	3d40be5890	Bump to 4.1.3	2024-03-26 10:07:04 +01:00
Min RK	ac72c60cb3	Merge pull request #4754 from minrk/413 changelog for 4.1.3	2024-03-26 10:06:38 +01:00
Min RK	92264696b1	changelog for 4.1.3	2024-03-26 09:44:07 +01:00
Min RK	f2b7b69c3e	Merge pull request #4753 from minrk/server-xsrf-config respect jupyter-server disable_check_xsrf setting	2024-03-26 09:42:54 +01:00
Min RK	e0f001271b	respect jupyter-server disable_check_xsrf setting allows global disable of xsrf checks in single-user servers	2024-03-26 08:55:15 +01:00