1
We’ve just published security releases of 3 JupyterHub packages:
- JupyterHub 5.4.4 fixes an open redirect vulnerability (CVE-2026-33709)
- jupyterhub-ltiauthenticator 1.6.3 fixes a possible Denial-of-Service attack in LTI11Authenticator (CVE-2026-34052)
- oauthenticator 17.4.0 fixes email verification in Auth0OAuthenticator (CVE-2026-33175)
These are included in the 4.3.3 release of the jupyterhub helm chart.
All jupyterhub users are encouraged to upgrade.
The full advisories will be published at the above links 7 days after the fixed releases, one week from today (2026-04-02).
Paul2708 2
Thanks for providing patches!
Just want to mention that the changelog of Z2JH v4.3.3 is currently not present on the website.
minrk 3
thanks! it was released from a backport branch, so it’s on the 4.3.3 page, but I’ll make sure to update changelog on latest as well.