jupyter-notebook (5.2.2-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Cross-site scripting via untrusted notebook (LP: #1982670)
    - debian/patches/CVE-2018-19351.patch: Apply CSP sandboxing to nbconvert
      responses.
    - CVE-2018-19351
  * SECURITY UPDATE: Cross-site inclusion on malicious pages (LP: #1982670)
    - debian/patches/CVE-2019-9644-1.patch: Block cross-origin GET and HEAD
      requests with mismatched Referer.
    - debian/patches/CVE-2019-9644-2.patch: Add CSRF checks on files endpoints.
    - debian/patches/CVE-2019-9644-3.patch: Set X-Content-Type-Options: nosniff
      on all handlers for protecting non-script resources.
    - CVE-2019-9644
  * SECURITY UPDATE: Crafted link to login page redirects to malicious site
    (LP: #1982670)
    - debian/patches/CVE-2019-10255-1.patch: Parse URLs when validating redirect
      targets.
    - debian/patches/CVE-2019-10255-2.patch: Protect against Chrome mishandling
      backslashes as slashes in URLs.
    - debian/patches/CVE-2019-10255-3.patch: Handle empty netloc being
      interpreted as first path part being the netloc by buggy browsers.
    - CVE-2019-10255, CVE-2019-10856
  * SECURITY UPDATE: Cross-site scripting (LP: #1982670)
    - debian/patches/CVE-2018-21030-1.patch: Use CSP header to treat served
      files as belonging to a separate origin.
    - debian/patches/CVE-2018-21030-2.patch: Add a content_security_policy
      property instead of the CSP header.
    - CVE-2018-21030
  * SECURITY UPDATE: Crafted link to login page redirects to spoofed server
    (LP: #1982670)
    - debian/patches/CVE-2020-26215.patch: Validate redirect target in
      TrailingSlashHandler.
    - CVE-2020-26215
  * SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
    access (LP: #1982670)
    - debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
      the headers when a HTTP 5xx error other than HTTP 502 is triggered.
    - CVE-2022-24758
  * Address Lintian warnings.

 -- Luís Infante da Câmara <luis.infante.da.camara@tecnico.ulisboa.pt>  Sun, 28 Aug 2022 23:00:01 +0100

jupyter-notebook (5.2.2-1) unstable; urgency=medium

  * New upstream release.

 -- Gordon Ball <gordon@chronitis.net>  Wed, 06 Dec 2017 22:25:37 +0100

jupyter-notebook (5.2.1-2) unstable; urgency=medium

  * Patch tools/build-main.js which should fix being unable to use the
    built-in web terminal, due to failing to load xterm.js

 -- Gordon Ball <gordon@chronitis.net>  Thu, 23 Nov 2017 21:15:08 +0000

jupyter-notebook (5.2.1-1) unstable; urgency=medium

  * New upstream release.
  * Update lintian-overrides with a very-long-line regex related to
    bidirectional text support
  * Install upstream changelog

 -- Gordon Ball <gordon@chronitis.net>  Thu, 16 Nov 2017 20:58:44 +0000

jupyter-notebook (5.1.0-2) unstable; urgency=medium

  * Explicitly set HOME and XDG_RUNTIME_DIR due to tests failing
    on the buildds

 -- Gordon Ball <gordon@chronitis.net>  Mon, 06 Nov 2017 19:47:56 +0000

jupyter-notebook (5.1.0-1) unstable; urgency=medium

  [ Ximin Luo ]
  * New upstream release.

  [ Gordon Ball ]
  * Binary package jupyter-notebook now depends on jupyter-core, to ensure
    it is possible to run "jupyter notebook"
  * Man page added for new command "jupyter bundlerextension"
  * libjs-term.js has been replaced by libjs-xterm
  * Update Standards-Version to 4.1.1
  * Documentation now includes sample notebooks; a patch is added to ignore
    errors while building these
  * New dependencies: libjs-jed, libjs-requirejs-text
  * New missing-sources: json.js from requirejs-plugins
  * This version is built with a dummy shim replacing the unpackaged
    preact, preact-compat and proptypes javascript libraries. Consequently,
    the shortcut editor will not work.

 -- Gordon Ball <gordon@chronitis.net>  Sun, 05 Nov 2017 18:52:40 +0000

jupyter-notebook (4.2.3-4) unstable; urgency=medium

  * Clean up handling of the /etc/jupyter/nbconfig dir in maintscripts
  * Patch out the attempt to automatically import ipywidgets, which isn't
    required for ipywidgets > 4, and avoids an unneeded warning
    (closes: #848252)

 -- Gordon Ball <gordon@chronitis.net>  Sat, 07 Jan 2017 11:46:16 +0100

jupyter-notebook (4.2.3-3) unstable; urgency=medium

  * Team upload.

  [ Gordon Ball ]
  * Fix build breakage with requirejs 2.3
  * Add a systemd user unit (jupyter-notebook.service)

  [ Ximin Luo ]
  * Notify people that this package exists. (Closes: #844569)

 -- Ximin Luo <infinity0@debian.org>  Mon, 12 Dec 2016 11:32:55 +0100

jupyter-notebook (4.2.3-2) unstable; urgency=medium

  * Team upload.
  * Build source maps reproducibly (Closes: #847192)
  * Add some maintscripts to claim ownership of nbextension config files.
    Otherwise piuparts will fail notebook extension packages.

 -- Ximin Luo <infinity0@debian.org>  Wed, 07 Dec 2016 22:51:21 +0100

jupyter-notebook (4.2.3-1) unstable; urgency=medium

  * Initial release (closes: #801366).

 -- Gordon Ball <gordon@chronitis.net>  Fri, 04 Nov 2016 14:54:21 +0100
