github huggingface/huggingface_hub v0.13.4
Security patch v0.13.4
on GitHub

latest releases: v0.25.0, v0.25.0.rc1, v0.25.0.rc0...
17 months ago

Security patch to fix a vulnerability in huggingface_hub. In some cases, downloading a file with hf_hub_download or snapshot_download could lead to overwriting any file on a Windows machine. With this fix, only files in the cache directory (or a user-defined directory) can be updated/overwritten.

  • Malicious repo can overwrite any file on disk #429 @Wauplin

Full Changelog: v0.13.3...v0.13.4

Check out latest releases or
releases around huggingface/huggingface_hub v0.13.4

Don't miss a new huggingface_hub release

NewReleases is sending notifications on new releases.

Get notifications