Closed rsignell-usgs closed 5 years ago
Thanks @rsignell-usgs!
This change has caused some downstream problems (e.g. https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/1215) on staging.ocean.pangeo.io. We effectively downgraded from "0.9-e120fda" to "0.8.2". Going back to an 0.8 version was probably not the right choice.
Surely the security fix was also applied to the development versions of the jhub chart. If so, could we switch to a more recent version?
I misunderstood the z2jh changelog. My understanding was that 0.8.2 was equivalent to the development version. It seems now that they backported the fix. In any event, this is resolved based on #92.
Addresses open redirect vulnerability
Fixes #90