##// END OF EJS Templates
FIX CVE-2022-21699...
Matthias Bussonnier -
r27463:c306d208 5.x
parent child Browse files
Show More
@@ -58,6 +58,10 b" __author__ = '%s <%s>' % (release.author, release.author_email)"
58 58 __license__ = release.license
59 59 __version__ = release.version
60 60 version_info = release.version_info
61 # list of CVEs that should have been patched in this release.
62 # this is informational and should not be relied upon.
63 __patched_cves__ = {"CVE-2022-21699"}
64
61 65
62 66 def embed_kernel(module=None, local_ns=None, **kwargs):
63 67 """Embed and start an IPython kernel in a given scope.
@@ -134,7 +134,7 b' class BaseIPythonApplication(Application):'
134 134 config_file_paths = List(Unicode())
135 135 @default('config_file_paths')
136 136 def _config_file_paths_default(self):
137 return [py3compat.getcwd()]
137 return []
138 138
139 139 extra_config_file = Unicode(
140 140 help="""Path to an extra config file to load.
@@ -184,9 +184,9 b' class ProfileList(Application):'
184 184 profiles = list_profiles_in(py3compat.getcwd())
185 185 if profiles:
186 186 print()
187 print("Available profiles in current directory (%s):" % py3compat.getcwd())
188 self._print_profiles(profiles)
189
187 print(
188 "Profiles from CWD have been removed for security reason, see CVE-2022-21699:"
189 )
190 190 print()
191 191 print("To use any of the above profiles, start IPython with:")
192 192 print(" ipython --profile=<name>")
@@ -187,7 +187,7 b' class ProfileDir(LoggingConfigurable):'
187 187 is not found, a :class:`ProfileDirError` exception will be raised.
188 188
189 189 The search path algorithm is:
190 1. ``py3compat.getcwd()``
190 1. ``os.getcwd()`` # removed for security reason.
191 191 2. ``ipython_dir``
192 192
193 193 Parameters
@@ -199,7 +199,7 b' class ProfileDir(LoggingConfigurable):'
199 199 will be "profile_<profile>".
200 200 """
201 201 dirname = u'profile_' + name
202 paths = [py3compat.getcwd(), ipython_dir]
202 paths = [ipython_dir]
203 203 for p in paths:
204 204 profile_dir = os.path.join(p, dirname)
205 205 if os.path.isdir(profile_dir):
@@ -2,6 +2,14 b''
2 2 5.x Series
3 3 ============
4 4
5
6 .. _whatsnew5101
7
8 IPython 5.10.1 (CVE-2022-21699)
9 ===============================
10
11 Fix CVE-2022-21699, see IPython 8.0.1 release notes.
12
5 13 .. _whatsnew5100
6 14
7 15 IPython 5.10.0
General Comments 0
You need to be logged in to leave comments. Login now