Home » Oreps » TensorFlow » All Releases » v2.3.4 Release

tensorflow/tensorflow

An Open Source Machine Learning Framework for Everyone

Watch

Basic Details Issues Addressed Top Contributors Directory Browser Release Notes

TensorFlow v2.3.4

TensorFlow: v2.3.4 Release

Release date:

August 11, 2021

Previous version:

v2.3.3 (released June 4, 2021)

Magnitude:

34,917 Diff Delta

Contributors:

163 total committers

Data confidence:

Commits:

1,237

295 Features Released with v2.3.4

← Previous 1 2 3 4 5 6 7 8 9 10 Next →

Browse Other Releases

Latest Pending Unreleased 😎

v2.4.0-rc4 Released December 4, 2020

676 Δ

v2.4.0-rc3 Released November 24, 2020

553 Δ

v2.4.0-rc2 Released November 17, 2020

175 Δ

v2.4.0-rc1 Released November 7, 2020

1,955 Δ

v2.4.0-rc0 Released August 8, 2021

993 Δ

v2.3.4 Released August 11, 2021

34,917 Δ

v2.3.3 Released June 4, 2021

4,041 Δ

v2.3.2 Released January 4, 2021

648 Δ

v2.3.1 Released September 22, 2020

592 Δ

v2.3.0 Released July 24, 2020

0 Δ

Top Contributors in v2.3.4

tensorflower-gardener

jsimsa

abattery

aselle

yangustc07

wangpengmit

mihaimaruseac

jpienaar

fchollet

ccrusius

Directory Browser for v2.3.4

We haven't yet finished calculating and confirming the files and directories changed in this release. Please check back soon.

Release Notes Published

Release 2.3.4

NOTE: This is the last release in the 2.3.x line

This release introduces several vulnerability fixes:

Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636)
Fixes a null pointer dereference in CompressElement (CVE-2021-37637)
Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638)
Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
Fixes a division by 0 in ResourceScatterDiv (CVE-2021-37642)
Fixes a heap OOB in RaggedGather (CVE-2021-37641)
Fixes a std::abort raised from TensorListReserve (CVE-2021-37644)
Fixes a null pointer dereference in MatrixDiagPartOp (CVE-2021-37643)
Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
Fixes a bad allocation error in StringNGrams caused by integer conversion (CVE-2021-37646)
Fixes a null pointer dereference in SparseTensorSliceDataset (CVE-2021-37647)
Fixes an incorrect validation of SaveV2 inputs (CVE-2021-37648)
Fixes a null pointer dereference in UncompressElement (CVE-2021-37649)
Fixes a segfault and a heap buffer overflow in {Experimental,}DatasetToTFRecord (CVE-2021-37650)
Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-37651)
Fixes a use after free in boosted trees creation (CVE-2021-37652)
Fixes a division by 0 in ResourceGather (CVE-2021-37653)
Fixes a heap OOB and a CHECK fail in ResourceGather (CVE-2021-37654)
Fixes a heap OOB in ResourceScatterUpdate (CVE-2021-37655)
Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToSparse (CVE-2021-37656)
Fixes an undefined behavior arising from reference binding to nullptr in MatrixDiagV* ops (CVE-2021-37657)
Fixes an undefined behavior arising from reference binding to nullptr in MatrixSetDiagV* ops (CVE-2021-37658)
Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659)
Fixes a division by 0 in inplace operations (CVE-2021-37660)
Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661)
Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662)
Fixes a heap OOB in boosted trees (CVE-2021-37664)
Fixes vulnerabilities arising from incomplete validation in QuantizeV2 (CVE-2021-37663)
Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665)
Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToVariant (CVE-2021-37666)
Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667)
Fixes an FPE in tf.raw_ops.UnravelIndex (CVE-2021-37668)
Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669)
Fixes a heap OOB in UpperBound and LowerBound (CVE-2021-37670)
Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671)
Fixes a heap OOB in SdcaOptimizerV2 (CVE-2021-37672)
Fixes a CHECK-fail in MapStage (CVE-2021-37673)
Fixes a vulnerability arising from incomplete validation in MaxPoolGrad (CVE-2021-37674)
Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676)
Fixes a division by 0 in most convolution operators (CVE-2021-37675)
Fixes vulnerabilities arising from missing validation in shape inference for Dequantize (CVE-2021-37677)
Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678)
Fixes a heap OOB in nested tf.map_fn with RaggedTensors (CVE-2021-37679)
Fixes a division by zero in TFLite (CVE-2021-37680)
Fixes an NPE in TFLite (CVE-2021-37681)
Fixes a vulnerability arising from use of unitialized value in TFLite (CVE-2021-37682)
Fixes an FPE in TFLite division operations (CVE-2021-37683)
Fixes an FPE in TFLite pooling operations (CVE-2021-37684)
Fixes an infinite loop in TFLite (CVE-2021-37686)
Fixes a heap OOB in TFLite (CVE-2021-37685)
Fixes a heap OOB in TFLite's Gather* implementations (CVE-2021-37687)
Fixes an undefined behavior arising from null pointer dereference in TFLite (CVE-2021-37688)
Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations (CVE-2021-37689)
Fixes a FPE in LSH in TFLite (CVE-2021-37691)
Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code (CVE-2021-37692)
Fixes a use after free and a potential segfault in shape inference functions (CVE-2021-37690)
Updates curl to 7.77.0 to handle CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, and CVE-2021-22901.