Skip to content

Commit

Permalink
Changelog note for GHSA-hfgr-h3vc-p6c2
Browse files Browse the repository at this point in the history
  • Loading branch information
minrk committed Nov 21, 2023
1 parent 2b5bd22 commit d73244e
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions docs/source/changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,12 @@ command line for details.

([full changelog](https://github.com/jupyterhub/dockerspawner/compare/12.1.0...13.0.0))

13.0 Fixes security vulnerability GHSA-hfgr-h3vc-p6c2, which allowed authenticated users to spawn arbitrary images
unless `DockerSpawner.allowed_images` was specified.

#### API and Breaking Changes

- Add and require `DockerSpawner.allowed_images='*'` to allow any image to be spawned via `user_options`. (GHSA-hfgr-h3vc-p6c2)
- Remove deprecated, broken hub_ip_connect [#499](https://github.com/jupyterhub/dockerspawner/pull/499) ([@minrk](https://github.com/minrk))
- Require python 3.8+ and jupyterhub 2.3.1+ [#488](https://github.com/jupyterhub/dockerspawner/pull/488) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk))

Expand Down

0 comments on commit d73244e

Please sign in to comment.