pypi ultralytics 8.3.226
v8.3.226 - `ultralytics 8.3.226` ♻️ Replace `eval()` with `ast.literal_eval()` for security (#22597)
on Python PyPI

one day ago

🌟 Summary

Security-first release that replaces unsafe eval() with safe parsing across the codebase, alongside quality-of-life upgrades: custom Albumentations in Python API, simplified NCNN export via PNNX, multi-GPU training stability fixes, and improved installer/logging and docs. 🔒⚙️

📊 Key Changes

  • Security & Parsing (priority)

    • Replaced all eval() usage with ast.literal_eval() for safe, deterministic parsing in config, loaders, image size checks, and Triton utils. 🔐
    • Notable spots:
      • cfg.smart_value() now uses ast.literal_eval()
      • Webcam source strings like "0" parsed as int safely
      • imgsz strings like "[640, 640]" parsed securely
      • Triton model metadata parsed via ast.literal_eval()

  • Data Augmentation

    • Python API now supports custom Albumentations transforms via a new augmentations parameter in model.train(...). 🎨
    • Docs updated with examples and advanced usage guidance.

  • Export/Deployment

    • NCNN export now uses the Python PNNX package directly (no external binary download, no implicit ONNX export). 🧩
    • Logs include PNNX version; simpler, more reliable NCNN pipeline.

  • Training & Stability

    • Fixed DDP crash when running with val=False by ensuring final_epoch is always defined; added CUDA test coverage. 🧪
    • Analytics charts now apply safe Matplotlib settings by default for consistent plotting across environments.

  • Installation & Tooling

    • Improved check_requirements() logs and error handling, especially with the uv package manager (stderr merged into stdout; better fallback behavior). 📦
    • CI link checks: increased retry delay for fewer flaky failures. 🔗

  • Docs & UX

    • Added a Colab badge and ready-to-run notebook link for training YOLO11 on KITTI. 🚀
    • Broad link hygiene: standardized YouTube, Coral/Google, PyTorch, TorchVision, W&B, and Sony Aitrios URLs; readability and minor code sample fixes across guides.
    • Small UI and example fixes in interactive tracking and docs JS.

🎯 Purpose & Impact

  • Safer by default

    • Eliminates arbitrary code execution risks from eval(), making config and input parsing safer and more predictable. 🛡️
    • Potential minor behavior change: non-literal inputs that previously “worked” with eval() will now remain strings or raise handled errors—more deterministic and secure.

  • Better training experience

    • Custom Albumentations in Python lets you tune augmentations precisely for your domain without touching CLI/YAML. Great for medical, aerial, and industrial use cases. 🧪
    • DDP fix prevents rare crashes in multi-GPU runs when disabling validation, improving robustness for fast iteration.

  • Smoother export and deployment

    • NCNN via PNNX Python API simplifies the toolchain—no external binary management, fewer moving parts, and clearer logs. 📦➡️📱

  • More reliable tooling and docs

    • Clearer install logs (pip/uv), fewer flaky CI link failures, and a new KITTI Colab quickstart make onboarding and troubleshooting easier. 📘⚡

Example: Using custom Albumentations in Python API 

import albumentations as A
from ultralytics import YOLO

model = YOLO("yolo11n.pt")
custom_transforms = [
    A.Blur(blur_limit=7, p=0.5),
    A.CLAHE(clip_limit=4.0, p=0.5),
]
model.train(data="coco8.yaml", epochs=100, imgsz=640, augmentations=custom_transforms)

Helpful links:

  • Learn custom Albumentations usage in the updated guide: YOLO Data Augmentation
  • NCNN export overview using PNNX: NCNN Export Guide
  • Train YOLO11 on KITTI in one click: KITTI Colab Notebook

What's Changed

  • feat: 🚀 Add initial support for custom Albumentations transforms in data augmentation for python api by @onuralpszr in #21952
  • Use PNNX Python interface for NCNN conversion by @Y-T-G in #22347
  • fix: 🐞 Add plt_settings import for Analytics class for prevent CI break in matplotlib backend by @onuralpszr in #22590
  • Add KITTI notebook in docs by @RizwanMunawar in #22592
  • Change retry delay from 900 to 1800 seconds on links.yml by @glenn-jocher in #22604
  • Python 3.9 Python code in Markdown target by @glenn-jocher in #22605
  • Fix undefined final_epoch for DDP training when val=False by @Y-T-G in #22607
  • Python and URL/301 refactor by @glenn-jocher in #22618
  • Fix check_requirements() missing output when using uv package manager by @glenn-jocher in #22623
  • ultralytics 8.3.226 ♻️ Replace eval() with ast.literal_eval() for security by @onuralpszr in #22597

Full Changelog: v8.3.225...v8.3.226

Check out latest releases or
releases around ultralytics 8.3.226

Don't miss a new ultralytics release

NewReleases is sending notifications on new releases.

Get notifications