Skip to content

BentoML

v1.4.39 Security

This release patches 1 CVE for security teams tracking exposure across their dependency inventory.

Published 27d Model Serving & MLOps
1 patched CVE
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE CVE-2023-4863 EPSS 93%
1 CVEs patched

Topics

ai-inference machine-learning generative-ai inference-platform llm llm-inference
+8 more
llm-serving llmops ml-engineering mlops model-inference-service model-serving multimodal python

Summary

AI summary

Fixed file copy preventing symlink following and added support for string inputs in FileSchema.

Full changelog

What's Changed

  • ci: pre-commit autoupdate [skip ci] by @pre-commit-ci[bot] in https://github.com/bentoml/BentoML/pull/5593
  • fix: prevent following symlinks when copying files in BentoStore by @frostming in https://github.com/bentoml/BentoML/pull/5598
  • fix: add sharing=locked to BuildKit cache mounts for multi-arch builds by @lawrence3699 in https://github.com/bentoml/BentoML/pull/5597
  • fix: enhance Dockerfile generation by normalizing base image lines and adding tests by @frostming in https://github.com/bentoml/BentoML/pull/5603
  • fix: defer prometheus_client import in bentoml.metrics to fix histogram collection in multiprocess mode by @ramkrishs in https://github.com/bentoml/BentoML/pull/5602
  • ci: pre-commit autoupdate [skip ci] by @pre-commit-ci[bot] in https://github.com/bentoml/BentoML/pull/5605
  • fix: handle string input in FileSchema by encoding to UTF-8 by @frostming in https://github.com/bentoml/BentoML/pull/5606

New Contributors

  • @lawrence3699 made their first contribution in https://github.com/bentoml/BentoML/pull/5597
  • @ramkrishs made their first contribution in https://github.com/bentoml/BentoML/pull/5602

Full Changelog: https://github.com/bentoml/BentoML/compare/v1.4.38...v1.4.39

Security Fixes

  • Prevent following symlinks when copying files in BentoStore
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track BentoML

Get notified when new releases ship.

Sign up free

About BentoML

The easiest way to serve AI apps and models - Build Model Inference APIs, Job queues, LLM apps, Multi-model pipelines, and more!

All releases →

Related context

Beta — feedback welcome: [email protected]