Tensorflow

Latest version: v2.16.1

Safety actively analyzes 638396 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 8 of 17

2.3.4

Not secure
This release introduces several vulnerability fixes:

* Fixes a heap out of bounds access in sparse reduction operations
([CVE-2021-37635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37635))
* Fixes a floating point exception in `SparseDenseCwiseDiv`
([CVE-2021-37636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37636))
* Fixes a null pointer dereference in `CompressElement`
([CVE-2021-37637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37637))
* Fixes a null pointer dereference in `RaggedTensorToTensor`
([CVE-2021-37638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37638))
* Fixes a null pointer dereference and a heap OOB read arising from operations
restoring tensors
([CVE-2021-37639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37639))
* Fixes an integer division by 0 in sparse reshaping
([CVE-2021-37640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37640))
* Fixes a division by 0 in `ResourceScatterDiv`
([CVE-2021-37642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37642))
* Fixes a heap OOB in `RaggedGather`
([CVE-2021-37641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37641))
* Fixes a `std::abort` raised from `TensorListReserve`
([CVE-2021-37644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37644))
* Fixes a null pointer dereference in `MatrixDiagPartOp`
([CVE-2021-37643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37643))
* Fixes an integer overflow due to conversion to unsigned
([CVE-2021-37645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37645))
* Fixes a bad allocation error in `StringNGrams` caused by integer conversion
([CVE-2021-37646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37646))
* Fixes a null pointer dereference in `SparseTensorSliceDataset`
([CVE-2021-37647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37647))
* Fixes an incorrect validation of `SaveV2` inputs
([CVE-2021-37648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37648))
* Fixes a null pointer dereference in `UncompressElement`
([CVE-2021-37649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37649))
* Fixes a segfault and a heap buffer overflow in
`{Experimental,}DatasetToTFRecord`
([CVE-2021-37650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37650))
* Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
([CVE-2021-37651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37651))
* Fixes a use after free in boosted trees creation
([CVE-2021-37652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37652))
* Fixes a division by 0 in `ResourceGather`
([CVE-2021-37653](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37653))
* Fixes a heap OOB and a `CHECK` fail in `ResourceGather`
([CVE-2021-37654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37654))
* Fixes a heap OOB in `ResourceScatterUpdate`
([CVE-2021-37655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37655))
* Fixes an undefined behavior arising from reference binding to nullptr in
`RaggedTensorToSparse`
([CVE-2021-37656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37656))
* Fixes an undefined behavior arising from reference binding to nullptr in
`MatrixDiagV*` ops
([CVE-2021-37657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37657))
* Fixes an undefined behavior arising from reference binding to nullptr in
`MatrixSetDiagV*` ops
([CVE-2021-37658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37658))
* Fixes an undefined behavior arising from reference binding to nullptr and
heap OOB in binary cwise ops
([CVE-2021-37659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37659))
* Fixes a division by 0 in inplace operations
([CVE-2021-37660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37660))
* Fixes a crash caused by integer conversion to unsigned
([CVE-2021-37661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37661))
* Fixes an undefined behavior arising from reference binding to nullptr in
boosted trees
([CVE-2021-37662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37662))
* Fixes a heap OOB in boosted trees
([CVE-2021-37664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37664))
* Fixes vulnerabilities arising from incomplete validation in `QuantizeV2`
([CVE-2021-37663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37663))
* Fixes vulnerabilities arising from incomplete validation in MKL
requantization
([CVE-2021-37665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37665))
* Fixes an undefined behavior arising from reference binding to nullptr in
`RaggedTensorToVariant`
([CVE-2021-37666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37666))
* Fixes an undefined behavior arising from reference binding to nullptr in
unicode encoding
([CVE-2021-37667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37667))
* Fixes an FPE in `tf.raw_ops.UnravelIndex`
([CVE-2021-37668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37668))
* Fixes a crash in NMS ops caused by integer conversion to unsigned
([CVE-2021-37669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37669))
* Fixes a heap OOB in `UpperBound` and `LowerBound`
([CVE-2021-37670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37670))
* Fixes an undefined behavior arising from reference binding to nullptr in map
operations
([CVE-2021-37671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37671))
* Fixes a heap OOB in `SdcaOptimizerV2`
([CVE-2021-37672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37672))
* Fixes a `CHECK`-fail in `MapStage`
([CVE-2021-37673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37673))
* Fixes a vulnerability arising from incomplete validation in `MaxPoolGrad`
([CVE-2021-37674](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37674))
* Fixes an undefined behavior arising from reference binding to nullptr in
shape inference
([CVE-2021-37676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37676))
* Fixes a division by 0 in most convolution operators
([CVE-2021-37675](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37675))
* Fixes vulnerabilities arising from missing validation in shape inference for
`Dequantize`
([CVE-2021-37677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37677))
* Fixes an arbitrary code execution due to YAML deserialization
([CVE-2021-37678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37678))
* Fixes a heap OOB in nested `tf.map_fn` with `RaggedTensor`s
([CVE-2021-37679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37679))
* Fixes a division by zero in TFLite
([CVE-2021-37680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37680))
* Fixes an NPE in TFLite
([CVE-2021-37681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37681))
* Fixes a vulnerability arising from use of unitialized value in TFLite
([CVE-2021-37682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37682))
* Fixes an FPE in TFLite division operations
([CVE-2021-37683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37683))
* Fixes an FPE in TFLite pooling operations
([CVE-2021-37684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37684))
* Fixes an infinite loop in TFLite
([CVE-2021-37686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37686))
* Fixes a heap OOB in TFLite
([CVE-2021-37685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37685))
* Fixes a heap OOB in TFLite's `Gather*` implementations
([CVE-2021-37687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37687))
* Fixes an undefined behavior arising from null pointer dereference in TFLite
([CVE-2021-37688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37688))
* Fixes an undefined behavior arising from null pointer dereference in TFLite
MLIR optimizations
([CVE-2021-37689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37689))
* Fixes a FPE in LSH in TFLite
([CVE-2021-37691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37691))
* Fixes a segfault on strings tensors with mismatched dimensions, arising in
Go code
([CVE-2021-37692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37692))
* Fixes a use after free and a potential segfault in shape inference functions
([CVE-2021-37690](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37690))
* Updates `curl` to `7.77.0` to handle
[CVE-2021-22876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876),
[CVE-2021-22897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22897),
[CVE-2021-22898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898),
and
[CVE-2021-22901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901).

2.3.3

Not secure
This release introduces several vulnerability fixes:

* Fixes a heap buffer overflow in `RaggedBinCount`
([CVE-2021-29512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29512))
* Fixes a heap out of bounds write in `RaggedBinCount`
([CVE-2021-29514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29514))
* Fixes a type confusion during tensor casts which leads to dereferencing null
pointers
([CVE-2021-29513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29513))
* Fixes a reference binding to null pointer in `MatrixDiag*` ops
([CVE-2021-29515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29515))
* Fixes a null pointer dereference via invalid Ragged Tensors
([CVE-2021-29516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29516))
* Fixes a division by zero in `Conv3D`
([CVE-2021-29517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29517))
* Fixes vulnerabilities where session operations in eager mode lead to null
pointer dereferences
([CVE-2021-29518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29518))
* Fixes a `CHECK`-fail in `SparseCross` caused by type confusion
([CVE-2021-29519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29519))
* Fixes a segfault in `SparseCountSparseOutput`
([CVE-2021-29521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29521))
* Fixes a heap buffer overflow in `Conv3DBackprop*`
([CVE-2021-29520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29520))
* Fixes a division by 0 in `Conv3DBackprop*`
([CVE-2021-29522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29522))
* Fixes a `CHECK`-fail in `AddManySparseToTensorsMap`
([CVE-2021-29523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29523))
* Fixes a division by 0 in `Conv2DBackpropFilter`
([CVE-2021-29524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29524))
* Fixes a division by 0 in `Conv2DBackpropInput`
([CVE-2021-29525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29525))
* Fixes a division by 0 in `Conv2D`
([CVE-2021-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29526))
* Fixes a division by 0 in `QuantizedConv2D`
([CVE-2021-29527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29527))
* Fixes a division by 0 in `QuantizedMul`
([CVE-2021-29528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29528))
* Fixes vulnerabilities caused by invalid validation in
`SparseMatrixSparseCholesky`
([CVE-2021-29530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29530))
* Fixes a heap buffer overflow caused by rounding
([CVE-2021-29529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529))
* Fixes a `CHECK`-fail in `tf.raw_ops.EncodePng`
([CVE-2021-29531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29531))
* Fixes a heap out of bounds read in `RaggedCross`
([CVE-2021-29532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29532))
* Fixes a `CHECK`-fail in `DrawBoundingBoxes`
([CVE-2021-29533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29533))
* Fixes a heap buffer overflow in `QuantizedMul`
([CVE-2021-29535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29535))
* Fixes a `CHECK`-fail in `SparseConcat`
([CVE-2021-29534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29534))
* Fixes a heap buffer overflow in `QuantizedResizeBilinear`
([CVE-2021-29537](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29537))
* Fixes a heap buffer overflow in `QuantizedReshape`
([CVE-2021-29536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29536))
* Fixes a division by zero in `Conv2DBackpropFilter`
([CVE-2021-29538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29538))
* Fixes a heap buffer overflow in `Conv2DBackpropFilter`
([CVE-2021-29540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29540))
* Fixes a heap buffer overflow in `StringNGrams`
([CVE-2021-29542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29542))
* Fixes a null pointer dereference in `StringNGrams`
([CVE-2021-29541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29541))
* Fixes a `CHECK`-fail in `QuantizeAndDequantizeV4Grad`
([CVE-2021-29544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29544))
* Fixes a `CHECK`-fail in `CTCGreedyDecoder`
([CVE-2021-29543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29543))
* Fixes a heap buffer overflow in `SparseTensorToCSRSparseMatrix`
([CVE-2021-29545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29545))
* Fixes a division by 0 in `QuantizedBiasAdd`
([CVE-2021-29546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29546))
* Fixes a heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`
([CVE-2021-29547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29547))
* Fixes a division by 0 in `QuantizedBatchNormWithGlobalNormalization`
([CVE-2021-29548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29548))
* Fixes a division by 0 in `QuantizedAdd`
([CVE-2021-29549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29549))
* Fixes a division by 0 in `FractionalAvgPool`
([CVE-2021-29550](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29550))
* Fixes an OOB read in `MatrixTriangularSolve`
([CVE-2021-29551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29551))
* Fixes a heap OOB in `QuantizeAndDequantizeV3`
([CVE-2021-29553](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29553))
* Fixes a `CHECK`-failure in `UnsortedSegmentJoin`
([CVE-2021-29552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29552))
* Fixes a division by 0 in `DenseCountSparseOutput`
([CVE-2021-29554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29554))
* Fixes a division by 0 in `FusedBatchNorm`
([CVE-2021-29555](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29555))
* Fixes a division by 0 in `SparseMatMul`
([CVE-2021-29557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29557))
* Fixes a division by 0 in `Reverse`
([CVE-2021-29556](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29556))
* Fixes a heap buffer overflow in `SparseSplit`
([CVE-2021-29558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29558))
* Fixes a heap OOB access in unicode ops
([CVE-2021-29559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29559))
* Fixes a heap buffer overflow in `RaggedTensorToTensor`
([CVE-2021-29560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29560))
* Fixes a `CHECK`-fail in `LoadAndRemapMatrix`
([CVE-2021-29561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29561))
* Fixes a `CHECK`-fail in `tf.raw_ops.IRFFT`
([CVE-2021-29562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29562))
* Fixes a `CHECK`-fail in `tf.raw_ops.RFFT`
([CVE-2021-29563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29563))
* Fixes a null pointer dereference in `EditDistance`
([CVE-2021-29564](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29564))
* Fixes a null pointer dereference in `SparseFillEmptyRows`
([CVE-2021-29565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29565))
* Fixes a heap OOB access in `Dilation2DBackpropInput`
([CVE-2021-29566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29566))
* Fixes a reference binding to null in `ParameterizedTruncatedNormal`
([CVE-2021-29568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29568))
* Fixes a set of vulnerabilities caused by lack of validation in
`SparseDenseCwiseMul`
([CVE-2021-29567](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29567))
* Fixes a heap out of bounds read in `MaxPoolGradWithArgmax`
([CVE-2021-29570](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29570))
* Fixes a heap out of bounds read in `RequantizationRange`
([CVE-2021-29569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29569))
* Fixes a memory corruption in `DrawBoundingBoxesV2`
([CVE-2021-29571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29571))
* Fixes a reference binding to nullptr in `SdcaOptimizer`
([CVE-2021-29572](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29572))
* Fixes an overflow and a denial of service in `tf.raw_ops.ReverseSequence`
([CVE-2021-29575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29575))
* Fixes a division by 0 in `MaxPoolGradWithArgmax`
([CVE-2021-29573](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29573))
* Fixes an undefined behavior in `MaxPool3DGradGrad`
([CVE-2021-29574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29574))
* Fixes a heap buffer overflow in `MaxPool3DGradGrad`
([CVE-2021-29576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29576))
* Fixes a heap buffer overflow in `AvgPool3DGrad`
([CVE-2021-29577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29577))
* Fixes an undefined behavior and a `CHECK`-fail in `FractionalMaxPoolGrad`
([CVE-2021-29580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29580))
* Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
([CVE-2021-29578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29578))
* Fixes a heap buffer overflow in `MaxPoolGrad`
([CVE-2021-29579](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29579))
* Fixes a segfault in `CTCBeamSearchDecoder`
([CVE-2021-29581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29581))
* Fixes a heap OOB read in `tf.raw_ops.Dequantize`
([CVE-2021-29582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29582))
* Fixes a `CHECK`-fail due to integer overflow
([CVE-2021-29584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29584))
* Fixes a heap buffer overflow and undefined behavior in `FusedBatchNorm`
([CVE-2021-29583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29583))
* Fixes a division by zero in padding computation in TFLite
([CVE-2021-29585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29585))
* Fixes a division by zero in optimized pooling implementations in TFLite
([CVE-2021-29586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29586))
* Fixes a division by zero in TFLite's implementation of `SpaceToDepth`
([CVE-2021-29587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29587))
* Fixes a division by zero in TFLite's implementation of `GatherNd`
([CVE-2021-29589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29589))
* Fixes a division by zero in TFLite's implementation of `TransposeConv`
([CVE-2021-29588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29588))
* Fixes a heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
([CVE-2021-29590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29590))
* Fixes a null pointer dereference in TFLite's `Reshape` operator
([CVE-2021-29592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29592))
* Fixes a stack overflow due to looping TFLite subgraph
([CVE-2021-29591](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29591))
* Fixes a division by zero in TFLite's implementation of `DepthToSpace`
([CVE-2021-29595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29595))
* Fixes a division by zero in TFLite's convolution code
([CVE-2021-29594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29594))
* Fixes a division by zero in TFLite's implementation of `EmbeddingLookup`
([CVE-2021-29596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29596))
* Fixes a division by zero in TFLite's implementation of `BatchToSpaceNd`
([CVE-2021-29593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29593))
* Fixes a division by zero in TFLite's implementation of `SpaceToBatchNd`
([CVE-2021-29597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29597))
* Fixes a division by zero in TFLite's implementation of `SVDF`
([CVE-2021-29598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29598))
* Fixes a division by zero in TFLite's implementation of `Split`
([CVE-2021-29599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29599))
* Fixes a division by zero in TFLite's implementation of `OneHot`
([CVE-2021-29600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29600))
* Fixes a division by zero in TFLite's implementation of `DepthwiseConv`
([CVE-2021-29602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29602))
* Fixes a division by zero in TFLite's implementation of hashtable lookup
([CVE-2021-29604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29604))
* Fixes a integer overflow in TFLite concatentation
([CVE-2021-29601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29601))
* Fixes a integer overflow in TFLite memory allocation
([CVE-2021-29605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29605))
* Fixes a heap OOB write in TFLite
([CVE-2021-29603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29603))
* Fixes a heap OOB read in TFLite
([CVE-2021-29606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29606))
* Fixes a heap OOB and null pointer dereference in `RaggedTensorToTensor`
([CVE-2021-29608](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29608))
* Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
([CVE-2021-29609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29609))
* Fixes vulnerabilities caused by incomplete validation in
`SparseSparseMinimum`
([CVE-2021-29607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29607))
* Fixes vulnerabilities caused by incomplete validation in `SparseReshape`
([CVE-2021-29611](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29611))
* Fixes vulnerabilities caused by invalid validation in
`QuantizeAndDequantizeV2`
([CVE-2021-29610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29610))
* Fixes a heap buffer overflow in `BandedTriangularSolve`
([CVE-2021-29612](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29612))
* Fixes vulnerabilities caused by incomplete validation in
`tf.raw_ops.CTCLoss`
([CVE-2021-29613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29613))
* Fixes an interpreter crash from vulnerabilities in `tf.io.decode_raw`
([CVE-2021-29614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29614))
* Fixes a stack overflow in `ParseAttrValue` with nested tensors
([CVE-2021-29615](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29615))
* Fixes a null dereference in Grappler's `TrySimplify`
([CVE-2021-29616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29616))
* Fixes a crash in `tf.transpose` with complex inputs
([CVE-2021-29618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29618))
* Fixes a crash in `tf.strings.substr` due to `CHECK`-fail
([CVE-2021-29617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29617))
* Fixes a segfault in `tf.raw_ops.SparseCountSparseOutput`
([CVE-2021-29619](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29619))
* Fixes a segfault in `tf.raw_ops.ImmutableConst`
([CVE-2021-29539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29539))
* Updates `curl` to `7.76.0` to handle
[CVE-2020-8169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169),
[CVE-2020-8177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177),
[CVE-2020-8231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231),
[CVE-2020-8284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284),
[CVE-2020-8285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285)
and
[CVE-2020-8286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286).

2.3.2

Not secure
Bug Fixes and Other Changes

* Fixes an access to unitialized memory in Eigen code
([CVE-2020-26266](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26266))
* Fixes a security vulnerability caused by lack of validation in
`tf.raw_ops.DataFormatVecPermute` and `tf.raw_ops.DataFormatDimMap`
([CVE-2020-26267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26267))
* Fixes a vulnerability caused by attempting to write to immutable memory
region in `tf.raw_ops.ImmutableConst`
([CVE-2020-26268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26268)
* Fixes a `CHECK`-fail in LSTM with zero-length input
([CVE-2020-26270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26270))
* Fixes a security vulnerability caused by accessing heap data outside of
bounds when loading a specially crafted `SavedModel`
([CVE-2020-26271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26271))
* Solves an OOM issue on TPUs when XLA contexts use fused average updates
* Updates `libjpeg-turbo` to `2.0.5` to handle
[CVE-2020-13790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790).
* Updates `junit` to `4.13.1` to handle
[CVE-2020-15250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250).
* Updates `PCRE` to `8.44` to handle
[CVE-2019-20838](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838)
and
[CVE-2020-14155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155).
* Updates `sqlite3` to `3.44.0` to keep in sync with master branch.

2.3.1

Not secure
Bug Fixes and Other Changes

* Fixes an undefined behavior causing a segfault in `tf.raw_ops.Switch`
([CVE-2020-15190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15190))
* Fixes three vulnerabilities in conversion to DLPack format
([CVE-2020-15191](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15191),
[CVE-2020-15192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15192),
[CVE-2020-15193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15193))
* Fixes two vulnerabilities in `SparseFillEmptyRowsGrad`
([CVE-2020-15194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15194),
[CVE-2020-15195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15195))
* Fixes several vulnerabilities in `RaggedCountSparseOutput` and
`SparseCountSparseOutput` operations
([CVE-2020-15196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15196),
[CVE-2020-15197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15197),
[CVE-2020-15198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15198),
[CVE-2020-15199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15199),
[CVE-2020-15200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15200),
[CVE-2020-15201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15201))
* Fixes an integer truncation vulnerability in code using the work sharder API
([CVE-2020-15202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15202))
* Fixes a format string vulnerability in `tf.strings.as_string`
([CVE-2020-15203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15203))
* Fixes segfault raised by calling session-only ops in eager mode
([CVE-2020-15204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15204))
* Fixes data leak and potential ASLR violation from `tf.raw_ops.StringNGrams`
([CVE-2020-15205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15205))
* Fixes segfaults caused by incomplete `SavedModel` validation
([CVE-2020-15206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15206))
* Fixes a data corruption due to a bug in negative indexing support in TFLite
([CVE-2020-15207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15207))
* Fixes a data corruption due to dimension mismatch in TFLite
([CVE-2020-15208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15208))
* Fixes several vulnerabilities in TFLite saved model format
([CVE-2020-15209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209),
[CVE-2020-15210](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15210),
[CVE-2020-15211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15211))
* Fixes several vulnerabilities in TFLite implementation of segment sum
([CVE-2020-15212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15212),
[CVE-2020-15213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15213),
[CVE-2020-15214](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15214))
* Updates `sqlite3` to `3.33.00` to handle
[CVE-2020-15358](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358).
* Fixes deprecated usage of `collections` API
* Removes `scipy` dependency from `setup.py` since TensorFlow does not need it
to install the pip package

2.3.0

Not secure
Major Features and Improvements

* `tf.data` adds two new mechanisms to solve input pipeline bottlenecks and
save resources:

* [snapshot](https://www.tensorflow.org/api_docs/python/tf/data/experimental/snapshot)
* [tf.data service](https://www.tensorflow.org/api_docs/python/tf/data/experimental/service).

In addition checkout the detailed
[guide](https://www.tensorflow.org/guide/data_performance_analysis) for
analyzing input pipeline performance with TF Profiler.

* [`tf.distribute.TPUStrategy`](https://www.tensorflow.org/api_docs/python/tf/distribute/TPUStrategy)
is now a stable API and no longer considered experimental for TensorFlow.
(earlier `tf.distribute.experimental.TPUStrategy`).

* [TF Profiler](https://www.tensorflow.org/guide/profiler) introduces two new
tools: a memory profiler to visualize your model’s memory usage over time
and a [python tracer](https://www.tensorflow.org/guide/profiler#events)
which allows you to trace python function calls in your model. Usability
improvements include better diagnostic messages and
[profile options](https://tensorflow.org/guide/profiler#collect_performance_data)
to customize the host and device trace verbosity level.

* Introduces experimental support for Keras Preprocessing Layers API
([`tf.keras.layers.experimental.preprocessing.*`](https://www.tensorflow.org/api_docs/python/tf/keras/layers/experimental/preprocessing?version=nightly))
to handle data preprocessing operations, with support for composite tensor
inputs. Please see below for additional details on these layers.

* TFLite now properly supports dynamic shapes during conversion and inference.
We’ve also added opt-in support on Android and iOS for
[XNNPACK](https://github.com/tensorflow/tensorflow/tree/master/tensorflow/lite/delegates/xnnpack),
a highly optimized set of CPU kernels, as well as opt-in support for
[executing quantized models on the GPU](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/lite/g3doc/performance/gpu_advanced.md#running-quantized-models-experimental).

* Libtensorflow packages are available in GCS starting this release. We have
also started to
[release a nightly version of these packages](https://github.com/tensorflow/tensorflow#official-builds).

* The experimental Python API
[`tf.debugging.experimental.enable_dump_debug_info()`](https://www.tensorflow.org/api_docs/python/tf/debugging/experimental/enable_dump_debug_info)
now allows you to instrument a TensorFlow program and dump debugging
information to a directory on the file system. The directory can be read and
visualized by a new interactive dashboard in TensorBoard 2.3 called
[Debugger V2](https://www.tensorflow.org/tensorboard/debugger_v2), which
reveals the details of the TensorFlow program including graph structures,
history of op executions at the Python (eager) and intra-graph levels, the
runtime dtype, shape, and numerical composition of tensors, as well as their
code locations.

Breaking Changes

* Increases the **minimum bazel version** required to build TF to **3.1.0**.
* `tf.data`
* Makes the following (breaking) changes to the `tf.data`.
* C++ API: - `IteratorBase::RestoreInternal`,
`IteratorBase::SaveInternal`, and `DatasetBase::CheckExternalState`
become pure-virtual and subclasses are now expected to provide an
implementation.
* The deprecated `DatasetBase::IsStateful` method is removed in favor of
`DatasetBase::CheckExternalState`.
* Deprecated overrides of `DatasetBase::MakeIterator` and
`MakeIteratorFromInputElement` are removed.
* The signature of `tensorflow::data::IteratorBase::SaveInternal` and
`tensorflow::data::IteratorBase::SaveInput` has been extended with
`SerializationContext` argument to enable overriding the default policy
for the handling external state during iterator checkpointing. This is
not a backwards compatible change and all subclasses of `IteratorBase`
*need to be updated* accordingly.
* `tf.keras`
* Add a new `BackupAndRestore` callback for handling distributed training
failures & restarts. Please take a look at this
[tutorial](https://www.tensorflow.org/tutorials/distribute/multi_worker_with_keras)
for details on how to use the callback.
* `tf.image.extract_glimpse` has been updated to correctly process the case
where `centered=False` and `normalized=False`. This is a breaking change as
the output is different from (incorrect) previous versions. Note this
breaking change only impacts `tf.image.extract_glimpse` and
`tf.compat.v2.image.extract_glimpse` API endpoints. The behavior of
`tf.compat.v1.image.extract_glimpse` does not change. The behavior of
existing C++ kernel `ExtractGlimpse` does not change either, so saved models
using `tf.raw_ops.ExtractGlimpse` will not be impacted.

Known Caveats

* `tf.lite`
* Keras-based LSTM models must be converted with an explicit batch size in
the input layer.

Bug Fixes and Other Changes

TF Core:

* Set `tf2_behavior` to 1 to enable V2 for early loading cases.
* Add `execute_fn_for_device function` to dynamically choose the
implementation based on underlying device placement.
* Eager:
* Add `reduce_logsumexp` benchmark with experiment compile.
* Give `EagerTensor`s a meaningful `__array__` implementation.
* Add another version of defun matmul for performance analysis.
* `tf.function`/AutoGraph:
* `AutoGraph` now includes into TensorFlow loops any variables that are
closed over by local functions. Previously, such variables were
sometimes incorrectly ignored.
* functions returned by the `get_concrete_function` method of
`tf.function` objects can now be called with arguments consistent with
the original arguments or type specs passed to `get_concrete_function`.
This calling convention is now the preferred way to use concrete
functions with nested values and composite tensors. Please check the
[guide](https://www.tensorflow.org/guide/concrete_function) for more
details on `concrete_ function`.
* Update `tf.function`'s `experimental_relax_shapes` to handle composite
tensors appropriately.
* Optimize `tf.function` invocation, by removing redundant list converter.
* `tf.function` will retrace when called with a different variable instead
of simply using the `dtype` & `shape`.
* [Improve support](https://github.com/tensorflow/tensorflow/issues/33862)
for dynamically-sized TensorArray inside `tf.function`.
* `tf.math`:
* Narrow down `argmin`/`argmax` contract to always return the smallest
index for ties.
* `tf.math.reduce_variance` and `tf.math.reduce_std` return correct
computation for complex types and no longer support integer types.
* Add Bessel functions of order 0,1 to `tf.math.special`.
* `tf.divide` now always returns a tensor to be consistent with
documentation and other APIs.
* `tf.image`:
* Replaced
[`tf.image.non_max_suppression_padded`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/image/non_max_suppression_padded?hl=en)
with a new implementation that supports batched inputs, which is
considerably faster on TPUs and GPUs. Boxes with area=0 will be ignored.
Existing usage with single inputs should still work as before.
* `tf.linalg`
* Add `tf.linalg.banded_triangular_solve`.
* `tf.random`:
* Add `tf.random.stateless_parameterized_truncated_normal`.
* `tf.ragged`:
* Add `tf.ragged.cross` and `tf.ragged.cross_hashed` operations.
* `tf.RaggedTensor`:
* `RaggedTensor.to_tensor()` now preserves static shape.
* Add `tf.strings.format()` and `tf.print()` to support RaggedTensors.
* `tf.saved_model`:
* `tf.function` from SavedModel no longer ignores args after a
`RaggedTensor` when selecting the concrete function to run.
* Fix save model issue for ops with a list of functions.
* Add `tf.saved_model.LoadOptions` with
[`experimental_io_device`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/saved_model/LoadOptions?hl=en)
as arg with default value `None` to choose the I/O device for loading
models and weights.
* Update `tf.saved_model.SaveOptions` with
[`experimental_io_device`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/saved_model/SaveOptions?hl=en)
as arg with default value `None` to choose the I/O device for saving
models and weights.
* Mutable tables now restore checkpointed values when loaded from
SavedModel.
* The user object metadata field in the SavedModel proto has been
deprecated as part of the updates to Keras SavedModel. Keras was the
only consumer of this field prior to the update.
* GPU
* TF 2.3 includes PTX kernels only for
[compute capability](https://developer.nvidia.com/cuda-gpus) 7.0 to
reduce the TF pip binary size. Earlier releases included PTX for a
variety of older compute capabilities.
* Remove environmental variable `TF_USE_CUDNN`.
* Others
* Retain parent namescope for ops added inside
`tf.while_loop`/`tf.cond`/`tf.switch_case`.
* Update `tf.vectorized_map` to support vectorizing `tf.while_loop` and
TensorList operations.
* `tf.custom_gradient` can now be applied to functions that accept nested
structures of `tensors` as inputs (instead of just a list of tensors).
Note that Python structures such as tuples and lists now won't be
treated as tensors, so if you still want them to be treated that way,
you need to wrap them with `tf.convert_to_tensor`.
* No lowering on gradient case op when input is `DeviceIndex` op.
* Extend the ragged version of `tf.gather` to support `batch_dims` and
`axis` args.
* Update `tf.map_fn` to support RaggedTensors and SparseTensors.
* Deprecate `tf.group`. It is not useful in eager mode.
* Add CPU and GPU implementation of modified variation of
[`FTRL`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/raw_ops/ApplyFtrl)/[`FTRLV2`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/raw_ops/ApplyFtrlV2)
that can triggerred by `multiply_linear_by_lr` allowing a learning rate
of zero.

`tf.data`:

* `tf.data.experimental.dense_to_ragged_batch` works correctly with tuples.
* `tf.data.experimental.dense_to_ragged_batch` to output variable ragged rank.
* `tf.data.experimental.cardinality` is now a method on `tf.data.Dataset`.
* `tf.data.Dataset` now supports `len(Dataset)` when the cardinality is
finite.

`tf.distribute`:

* Expose experimental
[`tf.distribute.DistributedDataset`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/distribute/DistributedDataset?hl=en)
and
[`tf.distribute.DistributedIterator`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/distribute/DistributedIterator)
to distribute input data when using `tf.distribute` to scale training on
multiple devices.
* Added a
[`get_next_as_optional`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/distribute/DistributedIterator?hl=en#get_next_as_optional)
method for
[`tf.distribute.DistributedIterator`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/distribute/DistributedIterator?hl=en)
class to return a `tf.experimental.Optional` instance that contains the
next value for all replicas or none instead of raising an out of range
error. Also see *new*
[guide on input distribution](https://www.tensorflow.org/tutorials/distribute/input).
* Allow var.assign on MirroredVariables with aggregation=NONE in replica
context. Previously this would raise an error. We now allow this because
many users and library writers find using `.assign` in replica context to be
more convenient, instead of having to use `Strategy.extended.update` which
was the previous way of updating variables in this situation.
* `tf.distribute.experimental.MultiWorkerMirroredStrategy` adds support for
partial batches. Workers running out of data now continue to participate in
the training with empty inputs, instead of raising an error. Learn more
about
[partial batches here](https://www.tensorflow.org/tutorials/distribute/input#partial_batches).
* Improve the performance of reading metrics eagerly under
`tf.distribute.experimental.MultiWorkerMirroredStrategy`.
* Fix the issue that `strategy.reduce()` inside `tf.function` may raise
exceptions when the values to reduce are from loops or if-clauses.
* Fix the issue that `tf.distribute.MirroredStrategy` cannot be used together
with `tf.distribute.experimental.MultiWorkerMirroredStrategy`.
* Add a `tf.distribute.cluster_resolver.TPUClusterResolver.connect` API to
simplify TPU initialization.
* Add `tf.distribute.Strategy.gather` and
`tf.distribute.ReplicaContext.all_gather` methods to gather and concatenate
`tf.distribute.DistributedValues` across workers and devices.

`tf.keras`:

* Introduces experimental preprocessing layers API
(`tf.keras.layers.experimental.preprocessing`) to handle data preprocessing
operations such as categorical feature encoding, text vectorization, data
normalization, and data discretization (binning). The newly added layers
provide a replacement for the legacy feature column API, and support
composite tensor inputs.
* Added **categorical data** processing layers:
* `IntegerLookup` & `StringLookup`: build an index of categorical feature
values
* `CategoryEncoding`: turn integer-encoded categories into one-hot,
multi-hot, or tf-idf encoded representations
* `CategoryCrossing`: create new categorical features representing
co-occurrences of previous categorical feature values
* `Hashing`: the hashing trick, for large-vocabulary categorical features
* `Discretization`: turn continuous numerical features into categorical
features by binning their values
* Improved **image preprocessing** layers: `CenterCrop`, `Rescaling`
* Improved **image augmentation** layers: `RandomCrop`, `RandomFlip`,
`RandomTranslation`, `RandomRotation`, `RandomHeight`, `RandomWidth`,
`RandomZoom`, `RandomContrast`
* Improved **`TextVectorization`** layer, which handles string tokenization,
n-gram generation, and token encoding
* The `TextVectorization` layer now accounts for the mask_token as part of
the vocabulary size when output_mode='int'. This means that, if you have
a max_tokens value of 5000, your output will have 5000 unique values
(not 5001 as before).
* Change the return value of `TextVectorization.get_vocabulary()` from
`byte` to `string`. Users who previously were calling 'decode' on the
output of this method should no longer need to do so.
* Introduce new Keras dataset generation utilities :
* **[`image_dataset_from_directory`](https://www.tensorflow.org/api_docs/python/tf/keras/preprocessing/image_dataset_from_directory)**
is a utility based on `tf.data.Dataset`, meant to replace the legacy
`ImageDataGenerator`. It takes you from a structured directory of images
to a labeled dataset, in one function call. Note that it doesn't perform
image data augmentation (which is meant to be done using preprocessing
layers).
* **[`text_dataset_from_directory`](https://www.tensorflow.org/api_docs/python/tf/keras/preprocessing/text_dataset_from_directory)**
takes you from a structured directory of text files to a labeled
dataset, in one function call.
* **[`timeseries_dataset_from_array`](https://www.tensorflow.org/api_docs/python/tf/keras/preprocessing/timeseries_dataset_from_array)**
is a `tf.data.Dataset`-based replacement of the legacy
`TimeseriesGenerator`. It takes you from an array of timeseries data to
a dataset of shifting windows with their targets.
* Added
[`experimental_steps_per_execution`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/keras/Model?hl=en#compile)
arg to `model.compile` to indicate the number of batches to run per
`tf.function` call. This can speed up Keras Models on TPUs up to 3x.
* Extends `tf.keras.layers.Lambda` layers to support multi-argument lambdas,
and keyword arguments when calling the layer.
* Functional models now get constructed if *any* tensor in a layer call's
arguments/keyword arguments comes from a keras input. Previously the
functional api would only work if all of the elements in the first argument
to the layer came from a keras input.
* Clean up `BatchNormalization` layer's `trainable` property to act like
standard python state when it's used inside `tf.functions` (frozen at
tracing time), instead of acting like a pseudo-variable whose updates *kind
of sometimes* get reflected in already-traced `tf.function` traces.
* Add the `Conv1DTranspose` layer.
* Refine the semantics of `SensitivitySpecificityBase` derived metrics. See
the updated API docstrings for
[`tf.keras.metrics.SensitivityAtSpecificity`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/keras/metrics/SensitivityAtSpecificity)
and
[`tf.keras.metrics.SpecificityAtSensitivty`](https://www.tensorflow.org/versions/r2.3/api_docs/python/tf/keras/metrics/SpecificityAtSensitivity).

`tf.lite`:

* Converter
* Restored `inference_input_type` and `inference_output_type` flags in TF
2.x TFLiteConverter (backward compatible with TF 1.x) to support integer
(tf.int8, tf.uint8) input and output types in post training full integer
quantized models.
* Added support for converting and resizing models with dynamic
(placeholder) dimensions. Previously, there was only limited support for
dynamic batch size, and even that did not guarantee that the model could
be properly resized at runtime.
* Enabled experimental support for a new quantization mode with 16-bit
activations and 8-bit weights. See
`lite.OpsSet.EXPERIMENTAL_TFLITE_BUILTINS_ACTIVATIONS_INT16_WEIGHTS_INT8`.
* CPU
* Fix an issue w/ dynamic weights and `Conv2D` on x86.
* Add a runtime Android flag for enabling `XNNPACK` for optimized CPU
performance.
* Add a runtime iOS flag for enabling `XNNPACK` for optimized CPU
performance.
* Add a compiler flag to enable building a TFLite library that applies
`XNNPACK` delegate automatically when the model has a `fp32` operation.
* GPU
* Allow GPU acceleration starting with internal graph nodes
* Experimental support for quantized models with the Android GPU delegate
* Add GPU delegate whitelist.
* Rename GPU whitelist -> compatibility (list).
* Improve GPU compatibility list entries from crash reports.
* NNAPI
* Set default value for
`StatefulNnApiDelegate::Options::max_number_delegated_partitions` to 3.
* Add capability to disable `NNAPI` CPU and check `NNAPI` Errno.
* Fix crashes when using `NNAPI` with target accelerator specified with
model containing Conv2d or FullyConnected or LSTM nodes with quantized
weights.
* Fix `ANEURALNETWORKS_BAD_DATA` execution failures with
`sum`/`max`/`min`/`reduce` operations with `scalar` inputs.
* Hexagon
* TFLite Hexagon Delegate out of experimental.
* Experimental `int8` support for most hexagon ops.
* Experimental per-channel quant support for `conv` in Hexagon delegate.
* Support dynamic batch size in C++ API.
* CoreML
* Opensource CoreML delegate
* Misc
* Enable building Android TFLite targets on Windows
* Add support for `BatchMatMul`.
* Add support for `half_pixel_centers` with `ResizeNearestNeighbor`.
* Add 3D support for `BatchToSpaceND`.
* Add 5D support for `BroadcastSub`, `Maximum`, `Minimum`, `Transpose` and
`BroadcastDiv`.
* Rename `kTfLiteActRelu1` to `kTfLiteActReluN1To1`.
* Enable flex delegate on tensorflow.lite.Interpreter Python package.
* Add `Buckettize`, `SparseCross` and `BoostedTreesBucketize` to the flex
whitelist.
* Add support for selective registration of flex ops.
* Add missing kernels for flex delegate whitelisted ops.
* Fix issue when using direct `ByteBuffer` inputs with graphs that have
dynamic shapes.
* Fix error checking supported operations in a model containing
`HardSwish`.

Packaging Support

* Added `tf.sysconfig.get_build_info()`. Returns a dict that describes the
build environment of the currently installed TensorFlow package, e.g. the
NVIDIA CUDA and NVIDIA CuDNN versions used when TensorFlow was built.

Profiler

* Fix a subtle use-after-free issue in `XStatVisitor::RefValue()`.

TPU Enhancements

* Adds 3D mesh support in TPU configurations ops.
* Added TPU code for `FTRL` with `multiply_linear_by_lr`.
* Silently adds a new file system registry at `gstpu`.
* Support `restartType` in cloud tpu client.
* Depend on a specific version of google-api-python-client.
* Fixes apiclient import.

Tracing and Debugging

* Add a `TFE_Py_Execute` traceme.

XLA Support

* Implement stable `argmin` and `argmax`

Thanks to our Contributors

This release contains contributions from many people at Google, as well as:

90244958880bigcat_chenASIC, Abdul Baseer Khan, Abhineet Choudhary, Abolfazl
Shahbazi, Adam Hillier, ag.ramesh, Agoniii, Ajay P, Alex Hoffman, Alexander
Bayandin, Alexander Grund, Alexandre Abadie, Alexey Rogachevskiy, amoitra,
Andrew Stevens, Angus-Luo, Anshuman Tripathy, Anush Elangovan, Artem Mavrin,
Ashutosh Hathidara, autoih, Ayushman Kumar, ayushmankumar7, Bairen Yi, Bas
Aarts, Bastian Eichenberger, Ben Barsdell, bhack, Bharat Raghunathan, Biagio
Montaruli, Bigcat-Himax, blueyi, Bryan Cutler, Byambaa, Carlos
Hernandez-Vaquero, Chen Lei, Chris Knorowski, Christian Clauss, chuanqiw,
CuiYifeng, Daniel Situnayake, Daria Zhuravleva, Dayananda-V, Deven Desai, Devi
Sandeep Endluri, Dmitry Zakharov, Dominic Jack, Duncan Riach, Edgar Liberis,
Ehsan Toosi, ekuznetsov139, Elena Zhelezina, Eugene Kuznetsov, Eugene
Mikhantiev, Evgenii Zheltonozhskii, Fabio Di Domenico, Fausto Morales, Fei Sun,
feihugis, Felix E. Klee, flyingcat, Frederic Bastien, Fredrik Knutsson, frreiss,
fsx950223, ganler, Gaurav Singh, Georgios Pinitas, Gian Marco Iodice, Giorgio
Arena, Giuseppe Rossini, Gregory Keith, Guozhong Zhuang, gurushantj, Hahn
Anselm, Harald Husum, Harjyot Bagga, Hristo Vrigazov, Ilya Persky, Ir1d, Itamar
Turner-Trauring, jacco, Jake Tae, Janosh Riebesell, Jason Zaman, jayanth, Jeff
Daily, Jens Elofsson, Jinzhe Zeng, JLZ, Jonas Skog, Jonathan Dekhtiar, Josh
Meyer, Joshua Chia, Judd, justkw, Kaixi Hou, Kam D Kasravi, Kamil Rakoczy, Karol
Gugala, Kayou, Kazuaki Ishizaki, Keith Smiley, Khaled Besrour, Kilaru Yasaswi
Sri Chandra Gandhi, Kim, Young Soo, Kristian Hartikainen, Kwabena W. Agyeman,
Leslie-Fang, Leslie-Fang-Intel, Li, Guizi, Lukas Geiger, Lutz Roeder, M\U00E5Ns
Nilsson, Mahmoud Abuzaina, Manish, Marcel Koester, Marcin Sielski, marload,
Martin Jul, Matt Conley, mdfaijul, Meng, Peng, Meteorix, Michael Käufl,
Michael137, Milan Straka, Mitchell Vitez, Ml-0, Mokke Meguru, Mshr-H, nammbash,
Nathan Luehr, naumkin, Neeraj Bhadani, ngc92, Nick Morgan, nihui, Niranjan
Hasabnis, Niranjan Yadla, Nishidha Panpaliya, Oceania2018, oclyke, Ouyang Jin,
OverLordGoldDragon, Owen Lyke, Patrick Hemmer, Paul Andrey, Peng Sun,
periannath, Phil Pearl, Prashant Dandriyal, Prashant Kumar, Rahul Huilgol, Rajan
Singh, Rajeshwar Reddy T, rangjiaheng, Rishit Dagli, Rohan Reddy, rpalakkal,
rposts, Ruan Kunliang, Rushabh Vasani, Ryohei Ikegami, Semun Lee, Seo-Inyoung,
Sergey Mironov, Sharada Shiddibhavi, ShengYang1, Shraiysh Vaishay, Shunya Ueta,
shwetaoj, Siyavash Najafzade, Srinivasan Narayanamoorthy, Stephan Uphoff,
storypku, sunchenggen, sunway513, Sven-Hendrik Haase, Swapnil Parekh, Tamas Bela
Feher, Teng Lu, tigertang, tomas, Tomohiro Ubukata, tongxuan.ltx, Tony Tonev,
Tzu-Wei Huang, Téo Bouvard, Uday Bondhugula, Vaibhav Jade, Vijay Tadikamalla,
Vikram Dattu, Vincent Abriou, Vishnuvardhan Janapati, Vo Van Nghia, VoVAllen,
Will Battel, William D. Irons, wyzhao, Xiaoming (Jason) Cui, Xiaoquan Kong,
Xinan Jiang, xutianming, Yair Ehrenwald, Yasir Modak, Yasuhiro Matsumoto, Yixing
Fu, Yong Tang, Yuan Tang, zhaozheng09, Zilin Zhu, zilinzhu, 张志豪

2.2.3

Not secure
This release introduces several vulnerability fixes:

* Fixes a heap buffer overflow in `RaggedBinCount`
([CVE-2021-29512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29512))
* Fixes a heap out of bounds write in `RaggedBinCount`
([CVE-2021-29514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29514))
* Fixes a type confusion during tensor casts which leads to dereferencing null
pointers
([CVE-2021-29513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29513))
* Fixes a reference binding to null pointer in `MatrixDiag*` ops
([CVE-2021-29515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29515))
* Fixes a null pointer dereference via invalid Ragged Tensors
([CVE-2021-29516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29516))
* Fixes a division by zero in `Conv3D`
([CVE-2021-29517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29517))
* Fixes vulnerabilities where session operations in eager mode lead to null
pointer dereferences
([CVE-2021-29518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29518))
* Fixes a `CHECK`-fail in `SparseCross` caused by type confusion
([CVE-2021-29519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29519))
* Fixes a segfault in `SparseCountSparseOutput`
([CVE-2021-29521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29521))
* Fixes a heap buffer overflow in `Conv3DBackprop*`
([CVE-2021-29520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29520))
* Fixes a division by 0 in `Conv3DBackprop*`
([CVE-2021-29522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29522))
* Fixes a `CHECK`-fail in `AddManySparseToTensorsMap`
([CVE-2021-29523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29523))
* Fixes a division by 0 in `Conv2DBackpropFilter`
([CVE-2021-29524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29524))
* Fixes a division by 0 in `Conv2DBackpropInput`
([CVE-2021-29525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29525))
* Fixes a division by 0 in `Conv2D`
([CVE-2021-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29526))
* Fixes a division by 0 in `QuantizedConv2D`
([CVE-2021-29527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29527))
* Fixes a division by 0 in `QuantizedMul`
([CVE-2021-29528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29528))
* Fixes vulnerabilities caused by invalid validation in
`SparseMatrixSparseCholesky`
([CVE-2021-29530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29530))
* Fixes a heap buffer overflow caused by rounding
([CVE-2021-29529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529))
* Fixes a `CHECK`-fail in `tf.raw_ops.EncodePng`
([CVE-2021-29531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29531))
* Fixes a heap out of bounds read in `RaggedCross`
([CVE-2021-29532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29532))
* Fixes a `CHECK`-fail in `DrawBoundingBoxes`
([CVE-2021-29533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29533))
* Fixes a heap buffer overflow in `QuantizedMul`
([CVE-2021-29535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29535))
* Fixes a `CHECK`-fail in `SparseConcat`
([CVE-2021-29534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29534))
* Fixes a heap buffer overflow in `QuantizedResizeBilinear`
([CVE-2021-29537](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29537))
* Fixes a heap buffer overflow in `QuantizedReshape`
([CVE-2021-29536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29536))
* Fixes a division by zero in `Conv2DBackpropFilter`
([CVE-2021-29538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29538))
* Fixes a heap buffer overflow in `Conv2DBackpropFilter`
([CVE-2021-29540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29540))
* Fixes a heap buffer overflow in `StringNGrams`
([CVE-2021-29542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29542))
* Fixes a null pointer dereference in `StringNGrams`
([CVE-2021-29541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29541))
* Fixes a `CHECK`-fail in `QuantizeAndDequantizeV4Grad`
([CVE-2021-29544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29544))
* Fixes a `CHECK`-fail in `CTCGreedyDecoder`
([CVE-2021-29543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29543))
* Fixes a heap buffer overflow in `SparseTensorToCSRSparseMatrix`
([CVE-2021-29545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29545))
* Fixes a division by 0 in `QuantizedBiasAdd`
([CVE-2021-29546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29546))
* Fixes a heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`
([CVE-2021-29547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29547))
* Fixes a division by 0 in `QuantizedBatchNormWithGlobalNormalization`
([CVE-2021-29548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29548))
* Fixes a division by 0 in `QuantizedAdd`
([CVE-2021-29549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29549))
* Fixes a division by 0 in `FractionalAvgPool`
([CVE-2021-29550](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29550))
* Fixes an OOB read in `MatrixTriangularSolve`
([CVE-2021-29551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29551))
* Fixes a heap OOB in `QuantizeAndDequantizeV3`
([CVE-2021-29553](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29553))
* Fixes a `CHECK`-failure in `UnsortedSegmentJoin`
([CVE-2021-29552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29552))
* Fixes a division by 0 in `DenseCountSparseOutput`
([CVE-2021-29554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29554))
* Fixes a division by 0 in `FusedBatchNorm`
([CVE-2021-29555](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29555))
* Fixes a division by 0 in `SparseMatMul`
([CVE-2021-29557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29557))
* Fixes a division by 0 in `Reverse`
([CVE-2021-29556](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29556))
* Fixes a heap buffer overflow in `SparseSplit`
([CVE-2021-29558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29558))
* Fixes a heap OOB access in unicode ops
([CVE-2021-29559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29559))
* Fixes a heap buffer overflow in `RaggedTensorToTensor`
([CVE-2021-29560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29560))
* Fixes a `CHECK`-fail in `LoadAndRemapMatrix`
([CVE-2021-29561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29561))
* Fixes a `CHECK`-fail in `tf.raw_ops.IRFFT`
([CVE-2021-29562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29562))
* Fixes a `CHECK`-fail in `tf.raw_ops.RFFT`
([CVE-2021-29563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29563))
* Fixes a null pointer dereference in `EditDistance`
([CVE-2021-29564](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29564))
* Fixes a null pointer dereference in `SparseFillEmptyRows`
([CVE-2021-29565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29565))
* Fixes a heap OOB access in `Dilation2DBackpropInput`
([CVE-2021-29566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29566))
* Fixes a reference binding to null in `ParameterizedTruncatedNormal`
([CVE-2021-29568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29568))
* Fixes a set of vulnerabilities caused by lack of validation in
`SparseDenseCwiseMul`
([CVE-2021-29567](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29567))
* Fixes a heap out of bounds read in `MaxPoolGradWithArgmax`
([CVE-2021-29570](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29570))
* Fixes a heap out of bounds read in `RequantizationRange`
([CVE-2021-29569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29569))
* Fixes a memory corruption in `DrawBoundingBoxesV2`
([CVE-2021-29571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29571))
* Fixes a reference binding to nullptr in `SdcaOptimizer`
([CVE-2021-29572](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29572))
* Fixes an overflow and a denial of service in `tf.raw_ops.ReverseSequence`
([CVE-2021-29575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29575))
* Fixes a division by 0 in `MaxPoolGradWithArgmax`
([CVE-2021-29573](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29573))
* Fixes an undefined behavior in `MaxPool3DGradGrad`
([CVE-2021-29574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29574))
* Fixes a heap buffer overflow in `MaxPool3DGradGrad`
([CVE-2021-29576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29576))
* Fixes a heap buffer overflow in `AvgPool3DGrad`
([CVE-2021-29577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29577))
* Fixes an undefined behavior and a `CHECK`-fail in `FractionalMaxPoolGrad`
([CVE-2021-29580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29580))
* Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
([CVE-2021-29578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29578))
* Fixes a heap buffer overflow in `MaxPoolGrad`
([CVE-2021-29579](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29579))
* Fixes a segfault in `CTCBeamSearchDecoder`
([CVE-2021-29581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29581))
* Fixes a heap OOB read in `tf.raw_ops.Dequantize`
([CVE-2021-29582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29582))
* Fixes a `CHECK`-fail due to integer overflow
([CVE-2021-29584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29584))
* Fixes a heap buffer overflow and undefined behavior in `FusedBatchNorm`
([CVE-2021-29583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29583))
* Fixes a division by zero in padding computation in TFLite
([CVE-2021-29585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29585))
* Fixes a division by zero in optimized pooling implementations in TFLite
([CVE-2021-29586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29586))
* Fixes a division by zero in TFLite's implementation of `SpaceToDepth`
([CVE-2021-29587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29587))
* Fixes a division by zero in TFLite's implementation of `GatherNd`
([CVE-2021-29589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29589))
* Fixes a division by zero in TFLite's implementation of `TransposeConv`
([CVE-2021-29588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29588))
* Fixes a heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
([CVE-2021-29590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29590))
* Fixes a null pointer dereference in TFLite's `Reshape` operator
([CVE-2021-29592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29592))
* Fixes a stack overflow due to looping TFLite subgraph
([CVE-2021-29591](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29591))
* Fixes a division by zero in TFLite's implementation of `DepthToSpace`
([CVE-2021-29595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29595))
* Fixes a division by zero in TFLite's convolution code
([CVE-2021-29594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29594))
* Fixes a division by zero in TFLite's implementation of `EmbeddingLookup`
([CVE-2021-29596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29596))
* Fixes a division by zero in TFLite's implementation of `BatchToSpaceNd`
([CVE-2021-29593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29593))
* Fixes a division by zero in TFLite's implementation of `SpaceToBatchNd`
([CVE-2021-29597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29597))
* Fixes a division by zero in TFLite's implementation of `SVDF`
([CVE-2021-29598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29598))
* Fixes a division by zero in TFLite's implementation of `Split`
([CVE-2021-29599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29599))
* Fixes a division by zero in TFLite's implementation of `OneHot`
([CVE-2021-29600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29600))
* Fixes a division by zero in TFLite's implementation of `DepthwiseConv`
([CVE-2021-29602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29602))
* Fixes a division by zero in TFLite's implementation of hashtable lookup
([CVE-2021-29604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29604))
* Fixes a integer overflow in TFLite concatentation
([CVE-2021-29601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29601))
* Fixes a integer overflow in TFLite memory allocation
([CVE-2021-29605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29605))
* Fixes a heap OOB write in TFLite
([CVE-2021-29603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29603))
* Fixes a heap OOB read in TFLite
([CVE-2021-29606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29606))
* Fixes a heap OOB and null pointer dereference in `RaggedTensorToTensor`
([CVE-2021-29608](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29608))
* Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
([CVE-2021-29609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29609))
* Fixes vulnerabilities caused by incomplete validation in
`SparseSparseMinimum`
([CVE-2021-29607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29607))
* Fixes vulnerabilities caused by incomplete validation in `SparseReshape`
([CVE-2021-29611](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29611))
* Fixes vulnerabilities caused by invalid validation in
`QuantizeAndDequantizeV2`
([CVE-2021-29610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29610))
* Fixes a heap buffer overflow in `BandedTriangularSolve`
([CVE-2021-29612](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29612))
* Fixes vulnerabilities caused by incomplete validation in
`tf.raw_ops.CTCLoss`
([CVE-2021-29613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29613))
* Fixes an interpreter crash from vulnerabilities in `tf.io.decode_raw`
([CVE-2021-29614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29614))
* Fixes a stack overflow in `ParseAttrValue` with nested tensors
([CVE-2021-29615](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29615))
* Fixes a null dereference in Grappler's `TrySimplify`
([CVE-2021-29616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29616))
* Fixes a crash in `tf.transpose` with complex inputs
([CVE-2021-29618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29618))
* Fixes a crash in `tf.strings.substr` due to `CHECK`-fail
([CVE-2021-29617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29617))
* Fixes a segfault in `tf.raw_ops.SparseCountSparseOutput`
([CVE-2021-29619](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29619))
* Fixes a segfault in `tf.raw_ops.ImmutableConst`
([CVE-2021-29539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29539))
* Updates `curl` to `7.76.0` to handle
[CVE-2020-8169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169),
[CVE-2020-8177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177),
[CVE-2020-8231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231),
[CVE-2020-8284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284),
[CVE-2020-8285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285)
and
[CVE-2020-8286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286).

Page 8 of 17

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.