Safety vulnerability ID: 65006
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Clearml 1.14.2 fixes potential path traversal on file download.
https://github.com/allegroai/clearml/commit/831c1394da0d99cc65b0fe060a6dfff13816efab
Latest version: 1.16.5
ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI
New Features and Improvements
- Report upload/download with `tqdm` if installed
- Add support for a `PipelineController.version` property
- Add support for specifying an AWS profile when providing bucket storage credentials
- Add an `ignore_remote_overrides` argument to `Task.connect()` and `Task.connect_configuration()` allowing users to disable overriding values when running remotely
- Add support for setting a custom certificate path using the `CLEARML_API_HOST_VERIFY_CERT` environment variable (instead of just allowing the user to disable verification)
- Add dataset reporting example (1180)
- Update README GIFs (1191)
Bug Fixes
- Fix missing component callbacks on multiple step calls (1195, thanks materight!)
- Fix unsafe usage of `tempfile.mktemp`
- Fix potential path traversal on file download (CVE-2024-24591)
- Fix Python 3.12 support by not using `distutils`
- Fix `TaskScheduler` does not save local state before running remotely
- Fix pipeline should continue instead of aborting when `PipelineController.abort_on_failure` is set to False and a step has been aborted
- Fix HPO crashes when its corresponding task is initialized with `continue_last_task=True`
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application