Skip to content

docs(changelog): Added release notes for 0.2.0#181

Merged
christian-pinto merged 1 commit into
mainfrom
cp_changelog_v200
Jul 14, 2026
Merged

docs(changelog): Added release notes for 0.2.0#181
christian-pinto merged 1 commit into
mainfrom
cp_changelog_v200

Conversation

@christian-pinto

Copy link
Copy Markdown
Member

No description provided.

Signed-off-by: Christian Pinto <christian.pinto@ibm.com>
@christian-pinto christian-pinto enabled auto-merge (squash) July 13, 2026 17:18
@christian-pinto christian-pinto added the ci Enable CI integration label Jul 14, 2026
@DRL-NextGen

Copy link
Copy Markdown
Member

Checks Summary

Last run: 2026-07-14T08:30:08.940Z

Mend Unified Agent vulnerability scan found 4 vulnerabilities:

Severity Identifier Package Details Fix
❗ Critical CVE-2025-69872 diskcache-5.6.3-py3-none-any.whl
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attac...DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
Not Available
🔷 Medium CVE-2025-3000 torch-2.11.0-cp312-cp312-manylinux_2_28_x86_64.whl
A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function to...A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Not Available
🔷 Medium CVE-2026-59890 setuptools-80.10.2-py3-none-any.whl
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
Upgrade to version setuptools - 83.0.0,setuptools - 83.0.0,https://github.com/pypa/setuptools.git - 83.0.0
🔸 Low CVE-2025-63396 torch-2.11.0-cp312-cp312-manylinux_2_28_x86_64.whl
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.prof...An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
Not Available

@christian-pinto christian-pinto merged commit 8ecb126 into main Jul 14, 2026
11 checks passed
@christian-pinto christian-pinto deleted the cp_changelog_v200 branch July 14, 2026 08:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci Enable CI integration

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants