MLFlow - v2.3.1

Security

MLflow 2.3.1 is a patch release containing bug fixes and a security patch for https://github.com/mlflow/mlflow/security/advisories/GHSA-83fm-w79m-64r5. If you are using mlflow server or mlflow ui, we recommend upgrading to MLflow 2.3.1 as soon as possible.

Security patches:

  • [Security] Fix critical LFI attack vulnerability by disabling the ability to provide relative paths in registered model sources (#8281, @BenWilson2)

Bug fixes:

  • [Tracking] Fix an issue causing file and model uploads to hang on Databricks (#8348, @harupy)
  • [Tracking / Model Registry] Fix an issue causing file and model downloads to hang on Databricks (#8350, @dbczumar)
  • [Scoring] Fix regression in schema enforcement for model serving when using the inputs format for inference (#8326, @BenWilson2)
  • [Model Registry] Fix regression in model naming parsing where special characters were not accepted in model names (#8322, @arpitjasa-db)
  • [Recipes] Fix card rendering with the pandas profiler to handle columns containing all null values (#8263, @sunishsheth2009)

Security

Security wording was detected, but no CVEs were found.

Details

date
April 28, 2023, 9:17 a.m.
name
MLflow 2.3.1
type
Patch
official page
https://github.com/mlflow/mlflow/releases/tag/v2.3.1
👇
Register or login to:
  • 🔍View and search all MLFlow releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or