Safety vulnerability ID: 51719
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Starwhale 0.3.1 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Latest version: 0.6.13
An MLOps Platform for Model Evaluation
🧭 What's Changed
* bug(client): fix python extract insecure bug(cve-2007-4559) (1464) tianweidut
* bug(examaple): fix cifar10 model evaluation example typo (1392) tianweidut
* chore(console): refine current user info logic (1465) jialeicui
* chore(controller): do not expose GPU to the job which requires no GPU (1404) jialeicui
* chore(doc/example): upgrade doc and runtime example with starwhale 0.3.0 (1391) tianweidut
* chore(docker): add demo runtime and docker image for mnist on jetson (1402) jialeicui
* chore(storage): add a memory implementation for unit test (1463) xuchuan
* chore: allow `SW_PYPI_EXTRA_INDEX_URL` be override by env var (1436) anda-ren
* ci: sync images from public registry to self hosted registry (1311) anda-ren
* doc(contribute): add server description for contribute.md (1389) goldenxinxing
* doc: add serviceaccount doc in helm install (1437) jialeicui
* doc: add some doc for server (1394) anda-ren
* doc: starwhale controller deployment with docker (1421) jialeicui
* doc: update docs for the git-lfs issue (1382) tianweidut
* e2e(console): add admin cases (1426) waynelwz
* e2e: up tp 34 cases, cover evaluation/dataset/model etc (1423) waynelwz
* enhace(dataset): remove dataset.yaml/name dependencies (1401) tianweidut
* enhance(client): add aliases for swcli commands (1388) tianweidut
* enhance(runtime): refactor runtime dependencies with user original sequence (1445) tianweidut
* enhance(runtime): starwhale runtime standardization(runtime build = lock + package) (1450) tianweidut
* enhance(storage): support putting a stream without knowing the length (1460) xuchuan
* enhancement(console): refactor job step more user friendly (1398) waynelwz
* example: add FGVC-Aircraft dataset (1446) anda-ren
* example: add cifar100 dataset (1417) tianweidut
* example: add emnist dataset (1444) anda-ren
* feat(console): get resource by resource pool api (1431) waynelwz
* feat(controller): add tag validation (1456) dreamlandliu
* feat(controller): api and unit test for trash management (1462) dreamlandliu
* feat(dataset): support dataset string id (1424) tianweidut
* feat(dataset): support function as dataset build handler (1397) tianweidut
* feat(server): add data range api for dataset (1429) goldenxinxing
* feat: add e2e & unit test support (1344) waynelwz
* feat: take datastore into auth framework (1442) anda-ren
* feat: use signed url instead of auth propagation (1443) anda-ren
* fix(ci): fix e2e not use pypi repo (1396) anda-ren
* fix(client): get instance wrong when multi instances has the same uri (1395) goldenxinxing
* fix(controller) : fix job status error when deploy task to k8s failed (1403) anda-ren
* fix(controller): add project role for test user (1387) dreamlandliu
* fix(controller): conflict flyway migration file (1425) jialeicui
* fix(controller): fix list jobs mapper (1405) jialeicui
* fix(sdk): support single step override task num (1430) goldenxinxing
* fix(server): dataset range api timeout error (1457) goldenxinxing
* fix(server): lock ut error & transactional use bug (1461) goldenxinxing
* fix(storage): avoid uploading an empty part on aliyun (1466) xuchuan
* fix(unittest): job resource's wrong type (1427) goldenxinxing
* refactor(controller): rename swmp/swds to model/dataset (1438) dreamlandliu
* refactor(controller): resource pool implementation change;update doc (1420) anda-ren
⚙️ Who Contributes
anda-ren, dreamlandliu, goldenxinxing, jialeicui, tianweidut, waynelwz and xuchuan
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application