Safety vulnerability ID: 37958
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Syft 0.2.3 uses yaml.safe_load() to fix an arbitrary code execution vulnerability.
Latest version: 0.9.1
Perform numpy-like analysis on data that remains in someone elses server
New functionality:
* Migrates PySyft to PyTorch 1.4 (2930 by gmuraru)
* Implements tanh for FixedPrecisionTensors using Chebyshev approximation (3004 by gmuraru)
* Adds the ability to simulate latency with VirtualWorkers (3070 by jefersonf)
* Adds Protobuf serialization for Placeholders, Plans, and States (2972 by karlhigley)
Refactoring:
* Reworks Plans for smoother serialization to multiple formats (2910 by LaRiffle and vvmnnnkv)
* Moves Plans, Protocols, and States from the `messaging` package to the `execution` package (3078 by karlhigley)
* Renames Operation class to OperationMessage (3090 by karlhigley)
Bug fixes:
* Fixes retrieval of the fit() result in WebsocketClientWorker (2948 by brandonhee)
* Fixes numeric issues in handcrafted Conv and Pool implementations (2945 and 2964 by arshjot)
* Removes an insecure eval in native tensor interpreter (2951 by karlhigley)
* Fixes parameters to ObjectRequestMessage in websocket_client.py (2948 by brandonhee)
* Fixes PyTorch JIT tracing compatibility for Plans (2988 by karlhigley)
* Removes workarounds for previous versions of PyTorch (2999 by gmuraru)
* Pins requests dependency specification to version 2.22.0 (2970 by ADMoreau)
* Fixes interoperability of AutogradTensors with other tensors vis a vis `requires_grad` (2998 by gmuraru)
* Improves logging, typing, and documentation of PATE implementation (3033 by TTitcombe)
* Fixes a potential security issue with unsafe YAML loading (3037 by systemshift)
* Raises an error when attempting to additively share FloatTensors (3094 by pierrepocreau)
* Improves testing for Syft's RNN implementation (3092 by jimboH)
* Changes dependency specifications to require compatible versions (3119 by karlhigley)
* Fixes compatibility with msgpack 1.0 serialization library (3067 by IonesioJunior and 3073 by hdodenhof)
Documentation:
* Adds Sphinx documentation (3017 by Benardi)
* Fixes notebook test badge (3028 by jefersonf)
* Adds a link to the Udacity Secure And Private AI course (3016 by AVJdataminer)
* Improves instructions for developing protocol changes with `syft-proto` (2818 by refactormyself)
Tutorials:
* Adds model evaluation to SplitNN tutorial (2983 by midokura-silvia)
* Adds a note to Part 10 FL with Secure Aggregation tutorial about hooking Numpy (3022 by fdroessler)
Translations:
* Bengali:
* Parts 1, 2, 6, and 7 (2938, 2942, 3052, and 3053 by ucalyptus)
* Parts 8, 9, 11, 12, and 12bis (3096, 3050, 3041, 3039, and 3038 by adventuroussrv)
* French:
* Part 1 (3107 by r0cketr1kky)
* Hindi:
* Parts 5, 6, 7, 13b, and 13c (2909 and 3055 by raheja)
* Part 13a (2958 by Yugandhartripathi)
* Italian:
* Part 1 (3056 by DanyEle)
* Portuguese:
* Part 1 (3035 by MarcioPorto)
* Parts 7, 8, and 8bis (2977 by joaolcaas)
* Parts 9, 10 and 11 (2980 by jefersonf)
* Parts 12 and 13a (3015 by marcusvlc)
* Parts 12bis and 13b (3020 by hericlesme)
* Part 13c (3023 by Izabellaaaq)
* Spanish:
* Parts 6 (2941by ricardopretelt)
* Parts 7, 8, 9, 10, 11, and 13abc (2944, 2962, 3031 and 3032 by arturomf94)
* Part 12 (2822 by socd06)
* Ukrainian:
* Part 1 (2854 by KyloRen1)
Builds:
* Moves automated testing of PRs from Travis to Github Actions (2936, 3012, and 3013 by karlhigley and systemshift)
* Adds a security scan for every PR (3036 by systemshift)
* Runs automated translation tests only on the notebooks that changed to speed up the builds (3064 by arturomf94)
* Automatically updates the `pysyft-notebook` Docker image when changes are merged to `master` (3030 by linamnt)
* Caches dependencies in Github Actions (3124 by imskr)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application