Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2020-1747 and CVE-2020-14343 #11099

Merged
merged 10 commits into from
Dec 17, 2021
Merged

Fix CVE-2020-1747 and CVE-2020-14343 #11099

merged 10 commits into from
Dec 17, 2021

Conversation

carmocca
Copy link
Contributor

@carmocca carmocca commented Dec 16, 2021
edited by github-actions bot
Loading

What does this PR do?

Fixes #11045

Does your PR introduce any breaking changes? If yes, please list them.

If users were relying on the capabilities of UnsafeLoader when loading the hparams, this will be a breaking change.

Before submitting

  • Was this discussed/approved via a GitHub issue? (not for typos and docs)
  • Did you read the contributor guideline, Pull Request section?
  • Did you make sure your PR does only one thing, instead of bundling different changes together?
  • [n/a] Did you make sure to update the documentation with your changes? (if necessary)
  • [n/a] Did you write any new necessary tests? (not for typos and docs)
  • [n/a] Did you verify new and existing tests pass locally with your changes?
  • Did you list all the breaking changes introduced by this pull request?
  • Did you update the CHANGELOG? (not for typos, docs, test updates, or internal minor changes/refactorings)

PR review

  • Is this pull request ready for review? (if not, please submit in draft mode)
  • Check that all items from Before submitting are resolved
  • Make sure the title is self-explanatory and the description concisely explains the PR
  • Add labels and milestones (and optionally projects) to the PR so it can be classified

cc @Borda

@carmocca carmocca self-assigned this Dec 16, 2021
@carmocca carmocca added this to the 1.5.x milestone Dec 16, 2021
@carmocca carmocca added bug Something isn't working 3rd party Related to a 3rd-party labels Dec 16, 2021
carmocca
carmocca commented Dec 16, 2021
View reviewed changes
CHANGELOG.md Show resolved Hide resolved
@carmocca carmocca marked this pull request as ready for review December 16, 2021 18:10
tchaton
tchaton approved these changes Dec 17, 2021
View reviewed changes
Copy link
Contributor

@tchaton tchaton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM !

@mergify mergify bot added the ready PRs ready to be merged label Dec 17, 2021
@carmocca carmocca modified the milestones: 1.5.x, 1.6 Dec 17, 2021
@carmocca carmocca enabled auto-merge (squash) December 17, 2021 14:57
Borda
Borda approved these changes Dec 17, 2021
View reviewed changes
Copy link
Member

@Borda Borda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we check that it is fully back compatible with past checkpoints?

@carmocca
Copy link
Contributor Author

can we check that it is fully back compatible with past checkpoints?

@Borda It isn't if the checkpoint yaml requires arbitrary code execution.

@mergify mergify bot removed the has conflicts label Dec 17, 2021
@mergify mergify bot removed the has conflicts label Dec 17, 2021
@carmocca carmocca merged commit 62f1e82 into master Dec 17, 2021
@carmocca carmocca deleted the yaml/fix-cve branch December 17, 2021 20:27
@akihironitta akihironitta mentioned this pull request Mar 3, 2022
Closed
@ftnext ftnext mentioned this pull request Apr 23, 2022
Merged
@awaelchli awaelchli mentioned this pull request Mar 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justusschock justusschock justusschock approved these changes

@awaelchli awaelchli awaelchli approved these changes

@tchaton tchaton tchaton approved these changes

@Borda Borda Borda approved these changes

@ananthsub ananthsub ananthsub approved these changes

@kaushikb11 kaushikb11 Awaiting requested review from kaushikb11

@rohitgr7 rohitgr7 Awaiting requested review from rohitgr7

@SeanNaren SeanNaren Awaiting requested review from SeanNaren

@williamFalcon williamFalcon Awaiting requested review from williamFalcon

Assignees

@carmocca carmocca

Labels
3rd party Related to a 3rd-party bug Something isn't working ready PRs ready to be merged
Projects
None yet
Milestone
pl:1.6
Development

Successfully merging this pull request may close these issues.

Potential security issue
6 participants
@carmocca @ananthsub @awaelchli @Borda @tchaton @justusschock