ci: pin torch to 2.6.0+cpu (close CVE-2025-32434 gap in CI)#75
Merged
Conversation
CI installed torch==2.4.1+cpu, which is below the 2.6.0 minimum documented in pyproject.toml ([torch-cpu]) and retrieval/embeddings.py. torch<2.6.0 is vulnerable to CVE-2025-32434 (the weights_only=True RCE bypass). Align the CI install with the documented security pin so tests run against the same hardened version shipped to users.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
.github/workflows/ci.ymlinstalls the test environment with:But the project's documented security gate requires torch ≥ 2.6.0:
pyproject.toml→[torch-cpu]/[full]:torch==2.6.0+cpuwith the comment "Minimum safe version post CVE-2025-32434 (weights_only=True RCE bypass in torch<2.6)."
retrieval/embeddings.pysecurity note: "We now pin torch==2.6.0+cpu … CVE-2025-32434 showed that torch.load(..., weights_only=True) was bypassable for RCE on torch<2.6.0."CI was running its full test + RAG smoke suite against torch 2.4.1, a version below that gate and still exposed to CVE-2025-32434. That means the "reproducible CI security gate" was validating against a different, vulnerable torch than the one shipped to users — and a regression that depends on 2.6.0 behavior could pass or fail inconsistently.
Also, problem 2:
config.yaml → security.allowed_origins contained:
The quotes around null are curly/smart quotes (“ ”), not straight quotes. YAML therefore parses this as the literal 6-character string “null” (curly quotes included), which gate.py feeds straight into Starlette's CORSMiddleware allow_origins.
--
Recommendation for problem #2: use straight quotes around null instead of "null"
--
Change
Bump the CI torch install to
torch==2.6.0+cpuand add a comment tying it back to thepyproject.tomlpin and the CVE.make relevant changes to requirements.txt and constraints.txt to reflect the prior change, if needed
for problem Bump the pip group across 1 directory with 3 updates #2: use straight quotes around null instead of "null" in config.yaml
Benefit
ci.ymlandpyproject.toml.-config.yaml null origins allowed will be allowed haha