Quantcast
Channel: Jupyter Blog - Medium
Viewing all articles
Browse latest Browse all 314

Security fix for JupyterHub GitLab OAuthenticator Group Whitelists

$
0
0

If you are using JupyterHub with the GitLab OAuthenticator and its gitlab_group_whitelist support, there is a security issue where the authenticator will allow users outside your intended group whitelist to create accounts. A fix has been released as OAuthenticator 0.6.2 and 0.7.3. No other authentication mechanism, including GitLabOAuthenticator without using the group whitelist feature, is affected. If you are using GitLab authentication with group whitelist support, upgrade oauthenticator immediately:

python3 -m pip install --upgrade oauthenticator

Thanks to Joseph Weston for reporting the issue and providing the fix.

Timeline (all times UTC):

2018–02–16 09:51 Joseph Weston reports security issue to the Jupyter security list

2018–02–16 16:08 Fix is verified and applied to oauthenticator master

2018–02–16 21:52 oauthenticator 0.7.3 and 0.6.2 are released with the fix


Security fix for JupyterHub GitLab OAuthenticator Group Whitelists was originally published in Jupyter Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.


Viewing all articles
Browse latest Browse all 314

Trending Articles