v2.20.0

2.20.0

(Full Changelog)

Security fixes

• CVE-2026-44727 GHSA-fcw5-x6j4-ccmp

Enhancements made

• Fix confusing terminal output when using ServerApp.ip=0.0.0.0 #1643 (@Yann-P, @minrk)
• Add a toggle to enable curve encryption for all kernels that support it #1638 (@krassowski, @Carreau, @ianthomas23, @minrk)

Bugs fixed

• Grab the port from bind_sockets in case its different #1651 (@choldgraf, @krassowski)

Maintenance and upkeep improvements

• Fix test_authorizer having a spurious comma in params #1664 (@krassowski)
• Add a reminder to merge GHSA before release #1659 (@Yann-P, @Carreau)
• Exclude problematic pywinpty 3.0.4 version #1658 (@krassowski)
• ci: explicitly pass base-setup inputs to fix strict validation failures #1626 (@Carreau, @Copilot)

Documentation improvements

• Align docs for curve encryption with latest JEP version #1660 (@krassowski, @Carreau)
• Remove PGP key from docs #1653 (@Yann-P, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@Carreau (activity) | @choldgraf (activity) | @Copilot (activity) | @ianthomas23 (activity) | @krassowski (activity) | @minrk (activity) | @Yann-P (activity)