ultralytics 8.3.234

v8.3.234 - `ultralytics 8.3.234` Security fix: ast.literal_eval for safer evaluation of metadata strings (#22847)

on Python PyPI

🌟 Summary

Ultralytics 8.3.234 is a small but important maintenance release focused on safer model metadata handling, more robust training augmentations, and smoother docs & tooling—with no breaking changes for typical YOLO users. 🚀

📊 Key Changes

• 🔐 Safer metadata parsing in model export (current PR #22847)

  • Replaced unsafe eval with ast.literal_eval when reading string metadata (e.g. imgsz, names, kpt_shape, kpt_names, args) in torch_to_mnn inside the autobackend.
  • Marked a few remaining eval calls in cfg2task with # nosec B307 to clearly document that they are safe, controlled uses on known attributes.

• 🧪 More robust Albumentations label handling (#22846)

  • Ensures labels["cls"] from Albumentations transforms is always stored as a 2D column array (num_boxes, 1) instead of a 1D array.
  • Prevents shape mismatch issues when training with Albumentations-based augmentations.

• 🐍 Dependency & Python version alignment for dev installs (#22830)

  • Updated the zensical dev dependency to require Python 3.10+ (matching what the docs tooling already expects).
  • Avoids confusing dependency resolution errors when working on Ultralytics in dev mode.

• 🎥 Improved segmentation docs with a video tutorial (#22825)

  • Replaced a static image in the object isolation with segmentation guide with an embedded YouTube tutorial.
  • Shows how to use Ultralytics YOLO segmentation + OpenCV in Python to remove backgrounds and isolate objects.

• 🤖 Upgraded in-docs LLM chat widget (#22832, #22845, #22861)

  • Bumped the embedded Ultralytics LLM chat script in mkdocs.yml from v0.0.8 → v0.0.9 → v0.1.0 → v0.1.2.
  • Users browsing docs now benefit from newer chat features, fixes, and better stability.

• ✨ JavaScript & CSS cleanups in docs UI (#22842, #22844)

  • Modernized JS: arrow functions, template literals, Number.parseInt / Number.parseFloat, Number.isNaN, and cleaner regexes.
  • Simplified CSS by removing unnecessary !important flags and clarifying language switcher and banner styles.
  • Improves maintainability and reduces subtle UI bugs in the docs.

• 🔗 Documentation & link updates (#22823, #22829)

  • Jetson guide: switched onnxruntime-gpu wheel install to a clean Ultralytics GitHub asset link, making commands easier to copy and more reliable.
  • Axelera integration docs: fixed external blog URLs for YOLO11 drone and traffic/ANPR use cases so they point to the correct Ultralytics blog pages.

• 🔢 Version bump

  • Library version updated from 8.3.233 → 8.3.234.

🎯 Purpose & Impact

• 🛡️ Higher security when loading/exporting models

  • Replacing eval with ast.literal_eval significantly reduces the risk of arbitrary code execution from crafted metadata strings (e.g. in exported models).
  • Ideal for users who handle models or weights from external or untrusted sources.

• ⚙️ More stable training with Albumentations

  • Consistent (num_boxes, 1) shape for class labels avoids hidden bugs and crashes in data pipelines.
  • Especially helpful if you rely on Albumentations-heavy augmentation for detection tasks.

• 👨‍💻 Smoother development experience

  • Clearer Python 3.10+ requirement for zensical in dev extras means fewer dependency resolution headaches for contributors and power users working on the repo.

• 📚 Better learning and onboarding

  • The new segmentation video tutorial makes it easier for newcomers and visual learners to quickly reproduce object isolation workflows in Python.
  • Updated Jetson and Axelera docs improve trust, clarity, and real-world guidance for deploying YOLO11 on edge hardware.

• 🤖 Improved docs assistant experience

  • The updated Ultralytics LLM chat widget on the docs site offers a smoother, more reliable in-browser assistant, without any changes needed in user code.

Overall, 8.3.234 is a safe, drop-in update: you can upgrade to benefit from better security, stability, and docs UX with no changes to your existing YOLO training or inference code. ✅

What's Changed

• Change onnxruntime-gpu download from Ultralytics assets by @lakshanthad in #22823
• Fix links by @glenn-jocher in #22829
• Add https://youtu.be/5HBB5IBuJ6c to docs by @RizwanMunawar in #22825
• fix: 🐞 update zensical dependency to require Python 3.10 or higher by @onuralpszr in #22830
• Update to v0.0.9/js/chat.min.js by @glenn-jocher in #22832
• Biome format by @pderrenger in #22842
• Biome fixes by @pderrenger in #22844
• Update to chat.js v0.1.0 by @glenn-jocher in #22845
• Update @v0.1.2/js/chat.min.js by @glenn-jocher in #22861
• fix: 🐞 reshape class labels in Albumentations transform by @onuralpszr in #22846
• ultralytics 8.3.234 Security fix: ast.literal_eval for safer evaluation of metadata strings by @onuralpszr in #22847

Full Changelog: v8.3.233...v8.3.234