-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RLLib] Critical Tensorflow CVE - CVE-2023-25664 #44686
Comments
min version should be 2.11 or higher now > finalize and review on Thu than close ticket cc @thomasdesr |
doing a quick search brings this as part of the rllib dir path @simonsays1980 @sven1977 can one of you cut a PR to upgrade to TF latest (or at least 2.11.1) as @sercanCyberVision reported so we can close this CVE vuln? |
@sven1977 @simonsays1980 please follow up. Thanks |
@anyscalesam @zhe-thoughts Apologies for the delay - my Anyscale account got deleted, so I had to search actively on GitHub for triage issues. Yes, this an issue mentioned already somewhere else. We take car of this. |
thanks - when do you think you can submit a PR so we can merge into the next Ray weekly release @simonsays1980 ? |
Sorry for the delay, the actual RLlib is NOT requiring this 2.11.0 version anymore. RLlib shares the exact same requirements as all other ML libraries through here. What it could be is one of the |
What happened + What you expected to happen
Please see below critical CVE found in ray-ml
2.10.0
image:Versions / Dependencies
The physical location:
Reproduction script
NA
Issue Severity
High: It blocks me from completing my task.
The text was updated successfully, but these errors were encountered: