BentoML is currently under active development and releases a new version every 2-3 weeks. We always recommend users to move to a newer version when it became available, and we only provide security updates in the latest version.
If you are using an older version of BentoML and would like to receive security patches, let us know via BentoML Slack Channel or BentoML Discussions.
If you discover a potential security vulnerability, we kindly request that you refrain from sharing the information publicly and report it to us directly. Please send an email to [email protected] with the following details:
- Description of the potential vulnerability.
- Steps to reproduce the issue (if applicable).
- Any relevant screenshots or logs.
- Your contact information for further communication.
Alternatively, you can open a security advisory on GitHub.