IPython 3.2 released

Hello Jovyans,

We just release a few hours a ago a new minor version of IPython. Please upgrade your IPython notebook installation to 3.2 as soon as possible. There are important security patches in this release. Users are strongly encouraged to upgrade immediately.

Highlights:

  • A security improvement that sets the secure attribute of the login cookie to prevent them from being sent over http
  • Revert the face color of matplotlib axes in the inline backend to not be transparent
  • Enable mathjax safe mode by default
  • Fix XSS vulnerability in JSON error messages
  • Various widget-related fixes

You can get the latest via pip using pip install --upgrade ipython[notebook]. Use conda update ipython if you are using Anaconda.

A CVE has been requested for the XSS vulnerability on the OSS Security mailing list http://permalink.gmane.org/gmane.comp.security.oss.general/17131

[edit] CVE are tracked under numbers CVE-2015-4706 and CVE-2015-4707 [/edit]

Thank you to Ahmad Khan of IBM for reporting the XSS vulnerability and Jason Grout for setting MathJax safe mode.