Change8

v0.10.1.1

📦 vllm
🐛 3 fixes🔧 4 symbols

Summary

A critical bugfix and security release addressing vulnerabilities in HTTP header handling and unsafe type conversion, alongside a fix for CUTLASS MLA CUDAGraphs.

Migration Steps

  1. Upgrade to v0.10.1.1 immediately to address security vulnerabilities GHSA-rxc4-3w6r-4v47 and GHSA-79j6-g2m3-jgfw.

🐛 Bug Fixes

  • Fix CUTLASS MLA Full CUDAGraph issue (#23200)
  • Limit HTTP header count and size to prevent potential DoS (#23267)
  • Remove use of eval() for converting unknown types to prevent arbitrary code execution (#23266)

🔧 Affected Symbols

CUTLASSMLACUDAGrapheval