Fedora 42: Essential JupyterLab Cross Site Scripting Security Update

fedora

September 13, 2025

Security fixes for CVE-2025-54880 and CVE-2025-54881.

Summary

JupyterLab is the next-generation user interface for Project Jupyter

offering all the familiar building blocks of the classic Jupyter

Notebook (notebook, terminal, text editor, file browser, rich outputs, etc.)

in a flexible and powerful user interface.

Update Information:

Security fixes for CVE-2025-54880 and CVE-2025-54881.

Topics Covered

security advisory fedora cross site scripting jupyterlab cve-2025-54881 cve-2025-54880

Change Log

* Wed Sep 3 2025 Lumir Balhar - 4.4.7-1 - Update to 4.4.7 (rhbz#2392881) * Sun Aug 17 2025 Lumir Balhar - 4.4.6-1 - Update to 4.4.6 (rhbz#2388776) * Fri Aug 15 2025 Python Maint - 4.4.5-2 - Rebuilt for Python 3.14.0rc2 bytecode * Thu Jul 31 2025 Lumir Balhar - 4.4.5-1 - Update to 4.4.5 (rhbz#2382133) * Thu Jul 24 2025 Fedora Release Engineering - 4.4.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jun 29 2025 Lumir Balhar - 4.4.4-1 - Update to 4.4.4 (rhbz#2375330) * Fri Jun 6 2025 Python Maint - 4.4.3-2 - Rebuilt for Python 3.14 * Mon May 26 2025 Lumir Balhar - 4.4.3-1 - Update to 4.4.3 (rhbz#2368575) * Mon May 26 2025 Lumir Balhar - 4.4.2-2 - Use cogapp for generated content * Wed May 7 2025 Lumir Balhar - 4.4.2-1 - Update to 4.4.2 (rhbz#2364417) * Wed Apr 23 2025 Lumir Balhar - 4.4.1-1 - Update to 4.4.1 (rhbz#2361753)

References

[ 1 ] Bug #2389840 - CVE-2025-54881 jupyterlab: Mermaid cross site scripting [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2389840 [ 2 ] Bug #2389841 - CVE-2025-54880 jupyterlab: Mermaid cross site scripting [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2389841

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4be9d96d5a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: jupyterlab

Product: Fedora 42

Version: 4.4.7

Release: 1.fc42

URL: https://jupyter.org

Summary: JupyterLab computational environment

Topics Covered

security advisory fedora cross site scripting jupyterlab cve-2025-54881 cve-2025-54880

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42: Essential JupyterLab Cross Site Scripting Security Update

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42: Essential JupyterLab Cross Site Scripting Security Update

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!