MLFlow - v2.3.1
Security
MLflow 2.3.1 is a patch release containing bug fixes and a security patch for https://github.com/mlflow/mlflow/security/advisories/GHSA-83fm-w79m-64r5. If you are using mlflow server
or mlflow ui
, we recommend upgrading to MLflow 2.3.1 as soon as possible.
Security patches:
- [Security] Fix critical LFI attack vulnerability by disabling the ability to provide relative paths in registered model sources (#8281, @BenWilson2)
Bug fixes:
- [Tracking] Fix an issue causing file and model uploads to hang on Databricks (#8348, @harupy)
- [Tracking / Model Registry] Fix an issue causing file and model downloads to hang on Databricks (#8350, @dbczumar)
- [Scoring] Fix regression in schema enforcement for model serving when using the
inputs
format for inference (#8326, @BenWilson2) - [Model Registry] Fix regression in model naming parsing where special characters were not accepted in model names (#8322, @arpitjasa-db)
- [Recipes] Fix card rendering with the pandas profiler to handle columns containing all null values (#8263, @sunishsheth2009)
Security
Security wording was detected, but no CVEs were found.
Details
date
April 28, 2023, 9:17 a.m.
name
MLflow 2.3.1
type
Patch
official page
👇
Register or login to:
- 🔍View and search all MLFlow releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!