Hi all,
We released notebook 5.6 over the weekend, and you should be able to upgrade with pip or conda (using conda-forge) now.
We were notified of another bug which allows an untrusted notebook to execute code as soon as it opens, and this is fixed in 5.6. So we advise everyone to upgrade as soon as practical. For now, we're not sharing an example of how to exploit this vulnerability, but you should assume people will figure it out fast, if they haven't already.
There are a number of other features and fixes in the release, which you can see here:
Thanks to everyone who contributed to this release, and in particular to Jonathan Kamens, who both reported the security issue and figured out what we needed to do to fix it.
Thomas