CVE-2017-18342

Advisory

Triage 3.3.0 updates its dependency 'pyyaml' to versions '>=4.2b1' to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

New functionality:

- Postmodel Analysis (482)
- Stores Timechop image to disk (590)
- Add matrix uuid to evaluations tables [Resolves 591] (593)
- Experiment Profiling [Resolves 557] (558)

Bug fixes:

- Postmodel fixes (604)
- Fixes 598 (600)
- Series equality operator [Resolves 563] (564)
- Fix MatrixStore memory leak [Resolves 594]
- Fix empty/columns check on HDFStore [Resolves 589] (592)
- Fix upgrade_db to use filehandle [Resolves 572]
- Fix FromObj.maybe_materialize [Resolves 565] (566)
- support 5 GB multipart upload threshold via S3Fs (546)

General Improvements:

- Scheduled monthly dependency update for February (588)
- Namespace cohort and labels tables by their config [Resolves 574] (576)
- Only Build Features for Cohort [Resolves 513] (567)
- Colocate Testing with Training [Resolves 560] (569)
- Upgrade PyYAML to current security-patched release
- Skip Prediction Saving [Resolves 559]
- Scheduled monthly dependency update for January (562)
- Materialize Subquery From Objects [Resolves 554] (555)
- Skip already-evaluated models [Resolves 540] (541)
- Throw warning if unscaled logit is used [Resolves 508] (548)
- support in `develop` script for detection of pyenv installed via Homebrew
- upgrade install-cli to better support non-GNU (MacOS)
- Cohort Generation respects replace flag [Resolves 503]

Refactoring/Documentation:

- Add Audition, Postmodeling, Dirty Duck references to docs (599)
- audition_config file
- Audition config correct (601)
- Experiment Architecture Doc [Resolves 579] (580)
- docs: make proper list of experiment upgrading links
- Cohort and Label Deep Dive [Resolves 492] (577)
- Disable individual importance in example experiment config (568)
- Tweak language in running document

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342