MLflow 2.3.1 is a patch release containing bug fixes and a security patch for GHSA-83fm-w79m-64r5. If you are using mlflow server or mlflow ui, we recommend upgrading to MLflow 2.3.1 as soon as possible.
Security patches:
- [Security] Fix critical LFI attack vulnerability by disabling the ability to provide relative paths in registered model sources (#8281, @BenWilson2)
Bug fixes:
- [Tracking] Fix an issue causing file and model uploads to hang on Databricks (#8348, @harupy)
- [Tracking / Model Registry] Fix an issue causing file and model downloads to hang on Databricks (#8350, @dbczumar)
- [Scoring] Fix regression in schema enforcement for model serving when using the inputs format for inference (#8326, @BenWilson2)
- [Model Registry] Fix regression in model naming parsing where special characters were not accepted in model names (#8322, @arpitjasa-db)
- [Recipes] Fix card rendering with the pandas profiler to handle columns containing all null values (#8263, @sunishsheth2009)