Skip to content

Security patch v0.13.4

Choose a tag to compare

View all tags
@Wauplin Wauplin released this 06 Apr 15:05
· 1084 commits to main since this release
v0.13.4
b33e7a3

Security patch to fix a vulnerability in huggingface_hub. In some cases, downloading a file with hf_hub_download or snapshot_download could lead to overwriting any file on a Windows machine. With this fix, only files in the cache directory (or a user-defined directory) can be updated/overwritten.

  • Malicious repo can overwrite any file on disk #429 @Wauplin

Full Changelog: v0.13.3...v0.13.4

Contributors

Wauplin
Assets 2
Loading