More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2308378 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 were patched.
https://nvd.nist.gov/vuln/detail/CVE-2024-43805
This we have v4.2.5 in Fedora 40+, there's no fix yet in Fedora 39.
Unfortunately, it's impossible to update jupyterlab and notebook in f39 due to missing dependencies and backporting the patch would require changing how we build these packages. I'll try to find a way but I don't think I'll make it in time that would make sense for soon-eol Fedora 39.
I won't have enough free cycles to fix this in Fedora 39 before the EOL date which is in 5 weeks.