Immutable
release. Only release title and notes can be modified.
Security
- Fix
MLAllowlistshadowing (41ce7cb). Thanks to @reapermunky for the report! (GHSA-cffv-grgg-g429)- This fix makes
MLAllowlistfunctional again, and opt-in as originally intended. If you need to scan ML pickles with an import allowlist, update calls tocheck_safety()to passMLAllowListin theanalyzerparameter:
- This fix makes
pickled = Pickled([ ... ])
analyzer = Analyzer([MLAllowlist()])
res = check_safety(pickled, analyzer=analyzer)- Detect dotted attribute names in
STACK_GLOBAL(d985f89). Thanks to @seankohjs for the report! (GHSA-5j3x-jp52-966f)
General
- Add
ScannerDeactivationanalysis to detect pickle scanner tampering in #249 - Use a pre-generated TorchScript fixture to avoid
torch.jitdeprecation warnings in #254 - Various Dependabot updates (too many to list)
Full Changelog: v0.1.11...v0.1.12