Open Source

The recently disclosed CopyFail Linux kernel zero-day (CVE-2026-31431) opens up a way for code running inside a container to break out onto the underlying node. We took a close look at our hubs to confirm whether they were exposed, confirmed that our hubs are likely not at risk, and added another layer of protection just in case.

To facilitate communities using JupyterHub for a workshop, we introduced the idea of a ‘shared password’ based authentication a few years ago. This lets communities set a single global password that is handed out to all workshop attendees (instead of collecting email addresses or GitHub usernames before the workshop starts).

A small group of Jupyter community members recently met in Seattle to demo Jupyter workflows augmented with AI tools and discuss what’s next. This is a quick report-out about what stood out.

The Berkeley Institute for Data Science (BIDS) has joined the mybinder.org federation, contributing a new node alongside 2i2c and GESIS. BIDS is the birthplace of mybinder.org, so it’s great to see them back as an active federation member.

The Jupyter Security Working Group recently held a Security Tooling Sprint. It was a timely event given the recent spate of software supply chain attacks across the tech world. The sprint covered two main areas:

We’ve completed a major round of infrastructure upgrades across all 2i2c-managed hubs - every hub is now running Kubernetes 1.34 and Z2JH helm chart 4.3.3. Running up-to-date versions of both Kubernetes and the JupyterHub helm chart ensures that our communities get the best support and reliability, both in terms of features and security.

As part of an initiative to improve jupyterbook.org’s documentation, we refactored the site so that multiple repositories are served under one domain. We wrote up the details on the Jupyter Book blog.

Our collaborators at NASA VEDA recently asked us about the rationale behind policies for upgrading our infrastructure relatively quickly when new versions come out. Here’s the explanation that we shared with them, in case it’s useful for others as well.

TL;DR # nbgitpuller now has improved UX context-aware error handling. Update to version 1.3.0 and let us know what you think by opening an issue or via the feedback form below 🚀

We’re excited to share that Jenny Wong has been invited to join the JupyterHub team as a contributor and maintainer. Jenny’s contributions to nbgitpuller and grafana-dashboards, along with her active participation in project meetings and community planning, earned her this recognition from the JupyterHub community.