Skip to content

v0.1.12

Latest

Choose a tag to compare

@thomas-chauchefoin-tob thomas-chauchefoin-tob released this 26 Jun 23:55
Immutable release. Only release title and notes can be modified.
c3c695c

Security

  • Fix MLAllowlist shadowing (41ce7cb). Thanks to @reapermunky for the report! (GHSA-cffv-grgg-g429)
    • This fix makes MLAllowlist functional again, and opt-in as originally intended. If you need to scan ML pickles with an import allowlist, update calls to check_safety() to pass MLAllowList in the analyzer parameter:
pickled = Pickled([ ... ])
analyzer = Analyzer([MLAllowlist()])
res = check_safety(pickled, analyzer=analyzer)

General

  • Add ScannerDeactivation analysis to detect pickle scanner tampering in #249
  • Use a pre-generated TorchScript fixture to avoid torch.jit deprecation warnings in #254
  • Various Dependabot updates (too many to list)

Full Changelog: v0.1.11...v0.1.12