-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency mlflow to v2.10.1 [security] #419
base: main
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #419 +/- ##
=======================================
Coverage 18.47% 18.47%
=======================================
Files 29 29
Lines 3631 3631
Branches 477 477
=======================================
Hits 671 671
Misses 2951 2951
Partials 9 9 ☔ View full report in Codecov by Sentry. |
e6bf8a1
to
7a5a6e4
Compare
7a5a6e4
to
d412381
Compare
d412381
to
4c4ff3d
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
8c5934f
to
ee1f921
Compare
ee1f921
to
5560b08
Compare
This PR contains the following updates:
2.2.2
->2.10.1
GitHub Vulnerability Alerts
CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
GHSA-83fm-w79m-64r5
Impact
Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the
mlflow server
ormlflow ui
commands using an MLflow version older than MLflow 2.3.1 may be vulnerable to a remote file access exploit if they are not limiting who can query their server (for example, by using a cloud VPC, an IP allowlist for inbound requests, or authentication / authorization middleware).This issue only affects users and integrations that run the
mlflow server
andmlflow ui
commands. Integrations that do not make use ofmlflow server
ormlflow ui
are unaffected; for example, the Databricks Managed MLflow product and MLflow on Azure Machine Learning do not make use of these commands and are not impacted by these vulnerabilities in any way.The vulnerability is very similar to https://nvd.nist.gov/vuln/detail/CVE-2023-1177, and a separate CVE will be published and updated here shortly.
Patches
This vulnerability has been patched in MLflow 2.3.1, which was released to PyPI on April 27th, 2023. If you are using
mlflow server
ormlflow ui
with the MLflow Model Registry, we recommend upgrading to MLflow 2.3.1 as soon as possible.Workarounds
If you are using the MLflow open source
mlflow server
ormlflow ui
commands, we strongly recommend limiting who can access your MLflow Model Registry and MLflow Tracking servers using a cloud VPC, an IP allowlist for inbound requests, authentication / authorization middleware, or another access restriction mechanism of your choosing.If you are using the MLflow open source
mlflow server
ormlflow ui
commands, we also strongly recommend limiting the remote files to which your MLflow Model Registry and MLflow Tracking servers have access. For example, if your MLflow Model Registry or MLflow Tracking server uses cloud-hosted blob storage for MLflow artifacts, make sure to restrict the scope of your server's cloud credentials such that it can only access files and directories related to MLflow.References
CVE-2023-2780
mlflow prior to 2.3.0 is vulnerable to path traversal due to a bypass of the fix for CVE-2023-1177.
CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
CVE-2023-4033
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
CVE-2023-6015
MLflow allowed arbitrary files to be PUT onto the server.
CVE-2023-43472
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
CVE-2023-6568
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/init.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack.
CVE-2023-6709
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
CVE-2023-6753
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
CVE-2023-6831
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
CVE-2023-6940
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
CVE-2023-6975
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
CVE-2023-6977
This vulnerability enables malicious users to read sensitive files on the server.
CVE-2023-6974
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abused to get a remote code execution on the victim machine.
CVE-2023-6976
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
CVE-2023-6909
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
CVE-2024-27132
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
CVE-2024-27133
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
CVE-2023-6014
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement.
CVE-2024-3573
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.
CVE-2024-4263
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
Release Notes
mlflow/mlflow (mlflow)
v2.10.1
Compare Source
MLflow 2.10.1 is a patch release, containing fixes for various bugs in the
transformers
andlangchain
flavors, the MLflow UI, and the S3 artifact store. More details can be found in the patch notes below.Bug fixes:
predict()
on a pyfunc-loaded Text2TextGeneration pipeline would fail forstring
andList[string]
inputs. (#10960, @B-Step62)Documentation updates:
Small bug fixes and documentation updates:
#10930, #11005, @serena-ruan; #10927, @harupy
v2.10.0
Compare Source
MLflow 2.10.0 includes several major features and improvements
In MLflow 2.10, we're introducing a number of significant new features that are preparing the way for current and future enhanced support for Deep Learning use cases, new features to support a broadened support for GenAI applications, and some quality of life improvements for the MLflow Deployments Server (formerly the AI Gateway).
Our biggest features this release are:
We have a new home. The new site landing page is fresh, modern, and contains more content than ever. We're adding new content and blogs all of the time.
Objects and Arrays are now available as configurable input and output schema elements. These new types are particularly useful for GenAI-focused flavors that can have complex input and output types. See the new Signature and Input Example documentation to learn more about how to use these new signature types.
LangChain has autologging support now! When you invoke a chain, with autologging enabled, we will automatically log most chain implementations, recording and storing your configured LLM application for you. See the new Langchain documentation to learn more about how to use this feature.
The MLflow
transformers
flavor now supports prompt templates. You can now specify an application-specific set of instructions to submit to your GenAI pipeline in order to simplify, streamline, and integrate sets of system prompts to be supplied with each input request. Check out the updated guide to transformers to learn more and see examples!The MLflow Deployments Server now supports two new requested features: (1) OpenAI endpoints that support streaming responses. You can now configure an endpoint to return realtime responses for Chat and Completions instead of waiting for the entire text contents to be completed. (2) Rate limits can now be set per endpoint in order to help control cost overrun when using SaaS models.
Continued the push for enhanced documentation, guides, tutorials, and examples by expanding on core MLflow functionality (Deployments, Signatures, and Model Dependency management), as well as entirely new pages for GenAI flavors. Check them out today!
Features:
Objects
andArrays
support for model signatures (#9936, @serena-ruan)predict
API to serve as a pre-logging validator of environment compatibility. (#10759, @B-Step62)pyfunc
predict (#10758, @dbczumar)Futures
objects (#10715, @chenmoneygithub)login()
API (#10623, @henxing)dict
inputs with themessages
key (#10742, @daniellok-db, @B-Step62)Bug fixes:
mlflowdbfs
mounts for JohnSnowLabs flavor due to flakiness (#9872, @C-K-Loan)Documentation updates:
KeyError: 'loss'
bug for the Quickstart guideline (#10886, @yanmxa)Small bug fixes and documentation updates:
#10538, #10901, #10903, #10876, #10833, #10859, #10867, #10843, #10857, #10834, #10814, #10805, #10764, #10771, #10733, #10724, #10703, #10710, #10696, #10691, #10692, @B-Step62; #10882, #10854, #10395, #10725, #10695, #10712, #10707, #10667, #10665, #10654, #10638, #10628, @harupy; #10881, #10875, #10835, #10845, #10844, #10651, #10806, #10786, #10785, #10781, #10741, #10772, #10727, @serena-ruan; #10873, #10755, #10750, #10749, #10619, @WeichenXu123; #10877, @amueller; #10852, @QuentinAmbard; #10822, #10858, @gabrielfu; #10862, @jerrylian-db; #10840, @ernestwong-db; #10841, #10795, #10792, #10774, #10776, #10672, @BenWilson2; #10827, #10826, #10825, #10732, #10481, @michael-berk; #10828, #10680, #10629, @daniellok-db; #10799, #10800, #10578, #10782, #10783, #10723, #10464, @annzhang-db; #10803, #10731, #10708, @kriscon-db; #10797, @dbczumar; #10756, #10751, @Ankit8848; #10784, @AveshCSingh; #10769, #10763, #10717, @chenmoneygithub; #10698, @rmalani-db; #10767, @liangz1; #10682, @cdreetz; #10659, @prithvikannan; #10639, #10609, @TomeHirata
v2.9.2
Compare Source
MLflow 2.9.2 is a patch release, containing several critical security fixes and configuration updates to support extremely large model artifacts.
Features:
mlflow.deployments.openai
API to simplify direct access to OpenAI services through the deployments API (#10473, @prithvikannan)Security fixes:
..
path traversal queries (#10653, @B-Step62)HTTPDatasetSource
(#10647, @BenWilson2)Documentation updates:
Small bug fixes and documentation updates:
#10677, #10636, @serena-ruan; #10652, #10649, #10641, @harupy; #10643, #10632, @BenWilson2
v2.9.1
Compare Source
MLflow 2.9.1 is a patch release, containing a critical bug fix related to loading
pyfunc
models that were saved in previous versions of MLflow.Bug fixes:
Small bug fixes and documentation updates:
#10625, @BenWilson2
v2.9.0
Compare Source
MLflow 2.9.0 includes several major features and improvements.
MLflow AI Gateway deprecation (#10420, @harupy):
The feature previously known as MLflow AI Gateway has been moved to utilize the MLflow deployments API.
For guidance on migrating from the AI Gateway to the new deployments API, please see the [MLflow AI Gateway Migration Guide](https://mlflow.org/docs/latest/llms/gateway/migration.html.
MLflow Tracking docs overhaul (#10471, @B-Step62):
The MLflow tracking docs have been overhauled. We'd like your feedback on the new tracking docs!
Security fixes:
Three security patches have been filed with this release and CVE's have been issued with the details involved in the security patch and potential attack vectors. Please review and update your tracking server deployments if your tracking server is not securely deployed and has open access to the internet.
path
inHttpArtifactRepository.list_artifacts
(#10585, @harupy)filename
inContent-Disposition
header forHTTPDatasetSource
(#10584, @harupy).Content-Type
header to prevent POST XSS (#10526, @B-Step62)Features:
backoff_jitter
when making HTTP requests (#10486, @ajinkyavbhandare)aggregate_results
if the score type is numeric inmake_metric
API (#10490, @sunishsheth2009)torch_dtype
for transformers models (#10586, @serena-ruan)ndcg_at_k
to retriever evaluation (#10284, @liangz1)copy_model_version
(#10308, @jerrylian-db)RunnableSequence
,RunnableParallel
, andRunnableBranch
(#10521, #10611, @serena-ruan)Bug fixes:
Documentation updates:
Small bug fixes and documentation updates:
#10567, #10559, #10348, #10342, #10264, #10265, @B-Step62; #10595, #10401, #10418, #10394, @chenmoneygithub; #10557, @dan-licht; #10584, #10462, #10445, #10434, #10432, #10412, #10411, #10408, #10407, #10403, #10361, #10340, #10339, #10310, #10276, #10268, #10260, #10224, #10214, @harupy; #10415, @jessechancy; #10579, #10555, @annzhang-db; #10540, @wllgrnt; #10556, @smurching; #10546, @mbenoit29; #10534, @gabrielfu; #10532, #10485, #10444, #10433, #10375, #10343, #10192, @serena-ruan; #10480, #10416, #10173, @jerrylian-db; #10527, #10448, #10443, #10442, #10441, #10440, #10439, #10381, @prithvikannan; #10509, @keenranger; #10508, #10494, @WeichenXu123; #10489, #10266, #10210, #10103, @TomeHirata; #10495, #10435, #10185, @daniellok-db; #10319, @michael-berk; #10417, @bbqiu; #10379, #10372, #10282, @BenWilson2; #10297, @KonakanchiSwathi; #10226, #10223, #10221, @milinddethe15; #10222, @flooxo; #10590, @letian-w;
v2.8.1
Compare Source
MLflow 2.8.1 is a patch release, containing some critical bug fixes and an update to our continued work on reworking our docs.
Notable details:
mlflow.llm.log_predictions
is being marked as deprecated, as its functionality has been incorporated intomlflow.log_table
. This API will be removed in the 2.9.0 release. (#10414, @dbczumar)Bug fixes:
Azure OpenAI
integration formlflow.evaluate
when using LLMjudge
metrics (#10291, @prithvikannan)Examples
to optional for themake_genai_metric
API (#10353, @prithvikannan)fastapi
dependency when usingmlflow.evaluate
for LLM results (#10354, @prithvikannan)mlflow.login()
API to catch invalid hostname configuration input errors (#10239, @chenmoneygithub)flush
operation at the conclusion of logging system metrics (#10320, @chenmoneygithub)SHAP
model explainability functionality withinmlflow.shap.log_explanation
so that duplicate or conflicting dependencies are not registered when logging (#10305, @BenWilson2)Documentation updates:
Small bug fixes and documentation updates:
#10367, #10359, #10358, #10340, #10310, #10276, #10277, #10247, #10260, #10220, #10263, #10259, #10219, @harupy; #10313, #10303, #10213, #10272, #10282, #10283, #10231, #10256, #10242, #10237, #10238, #10233, #10229, #10211, #10231, #10256, #10242, #10238, #10237, #10229, #10233, #10211, @BenWilson2; #10375, @serena-ruan; #10330, @Haxatron; #10342, #10249, #10249, @B-Step62; #10355, #10301, #10286, #10257, #10236, #10270, #10236, @prithvikannan; #10321, #10258, @jerrylian-db; #10245, @jessechancy; #10278, @daniellok-db; #10244, @gabrielfu; #10226, @milinddethe15; #10390, @bbqiu; #10232, @sunishsheth2009
v2.8.0
Compare Source
MLflow 2.8.0 includes several notable new features and improvements
Features:
completions
in the OpenAI flavor ([#9838](https://togithub.com/mlflConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.