Skip to Content, Navigation, or Footer.
The Cornell Daily Sun
The Cornell Daily Sun
Sunday, Dec. 14, 2025
Shop Our Merch
Support The Sun
Advertise

Bokeh 2.3.3 [extra Quality]

This security flaw, tracked as CVE-2026-21883 , could allow for Cross-Site WebSocket Hijacking (CSWSH) in a deployed Bokeh server instance. An attacker could potentially gain unauthorized access to sensitive data or manipulate visualizations by exploiting the flawed hostname validation logic in WebSocket connections.

The HoverTool is a powerful passive tool that displays tooltips when a user hovers their mouse over a glyph. This is invaluable for exploring detailed data points. You can customize the tooltips to show specific columns from your ColumnDataSource, allowing users to inspect data values interactively.

callback = CustomJS(args=dict(source=source, slider=slider), code=""" const data = source.data; const multiplier = slider.value; const new_y = data['x'].map(x => x * multiplier); data['y'] = new_y; source.change.emit(); """)

The main differences are the eight bug fixes listed above; there are in 2.3.3 compared to 2.3.2. If you are already on 2.3.2 and not affected by those specific issues, upgrading is optional. bokeh 2.3.3

output_file() : Saves the generated plot as a standalone HTML file on your local disk.

While 2.3.3 was an essential update for stability in its time, it has since been succeeded by the , which introduced major architectural changes, including improved CSS-based theming and performance upgrades. Releases — Bokeh 2.3.3 Documentation

from bokeh.io import export_png, export_svg, save This security flaw, tracked as CVE-2026-21883 , could

When deploying Bokeh applications, especially those running on a Bokeh server, security is a critical aspect. A notable vulnerability was identified in versions up to 2.3.3 that relates to incomplete origin validation in WebSocket connections.

# Create some data x = np.linspace(0, 4*np.pi, 100) y = np.sin(x)

Bokeh 2.3.3 is a maintenance and bugfix release in the stable 2.3.x series of the Bokeh visualization library. This version addresses several critical issues related to data handling, user interface interactions, and documentation accuracy. It does introduce new features or breaking API changes, making it a safe upgrade for users on any prior 2.3.x release. This is invaluable for exploring detailed data points

As a patch release, Bokeh 2.3.3 focuses on stability and bug fixes rather than introducing major new features. Understanding what was addressed can help you anticipate potential behavior or identify if an issue you are encountering is known and resolved.

If you are using the Anaconda or Miniconda distribution:

pip install bokeh==2.3.3

Trending