Skip to content

Commit d818339

Browse files
aws-deep-learning-containers-ci[bot]github-actions[bot]Eren-Jeager123
authored
[Auto-Update] vllm 0.25.1 (#6400)
* [Auto-Update] vllm 0.25.1 * security(vllm): allowlist CVE-2026-24747 (stale torch pin in benchmarks reqs) Finding is torch 2.9.1 pinned in the upstream base image's benchmarks/requirements.txt, not the installed package (torch 2.11.0, >= 2.10.0 fix). The weights_only unpickler RCE needs a malicious checkpoint load; the benchmark reqs file is inert metadata. Ubuntu-only (amzn2023/omni build from source and don't ship this file). --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Kevin Wang <kwanggg@amazon.com>
1 parent 5b0423f commit d818339

4 files changed

Lines changed: 10 additions & 5 deletions

File tree

.github/config/image/vllm/ec2-ubuntu.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ image:
33
description: "vLLM for EC2 instances (Ubuntu, upstream base image)"
44
metadata:
55
framework: "vllm"
6-
framework_version: "0.25.0"
6+
framework_version: "0.25.1"
77
os_version: "ubuntu22.04"
88
customer_type: "ec2"
99
arch_type: "x86"
@@ -13,7 +13,7 @@ metadata:
1313
build:
1414
dockerfile: "docker/vllm/Dockerfile"
1515
target: "vllm-ec2"
16-
base_image: "vllm/vllm-openai:v0.25.0"
16+
base_image: "vllm/vllm-openai:v0.25.1"
1717
python_version: "3.12"
1818
cuda_version: "13.0.2"
1919
efa_version: "1.47.0"

.github/config/image/vllm/sagemaker-ubuntu.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ image:
33
description: "vLLM for SageMaker (Ubuntu, upstream base image)"
44
metadata:
55
framework: "vllm"
6-
framework_version: "0.25.0"
6+
framework_version: "0.25.1"
77
os_version: "ubuntu22.04"
88
customer_type: "sagemaker"
99
platform: "sagemaker"
@@ -14,7 +14,7 @@ metadata:
1414
build:
1515
dockerfile: "docker/vllm/Dockerfile"
1616
target: "vllm-sagemaker"
17-
base_image: "vllm/vllm-openai:v0.25.0"
17+
base_image: "vllm/vllm-openai:v0.25.1"
1818
python_version: "3.12"
1919
cuda_version: "13.0.2"
2020
efa_version: "1.47.0"

docker/vllm/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Declare the argument as default to use as input
22
# base image: https://hub.docker.com/r/vllm/vllm-openai/tags
3-
ARG BASE_IMAGE=vllm/vllm-openai:v0.25.0
3+
ARG BASE_IMAGE=vllm/vllm-openai:v0.25.1
44

55
# Use input argument as base image
66
FROM $BASE_IMAGE AS base

test/security/data/ecr_scan_allowlist/vllm/framework_allowlist.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
[
2+
{
3+
"vulnerability_id": "CVE-2026-24747",
4+
"reason": "torch 2.9.1 is only a version pin in the upstream vllm/vllm-openai base image's benchmarks/requirements.txt (benchmark metadata), not the installed package. Installed torch is 2.11.0 (>= 2.10.0 fix). weights_only unpickler RCE requires loading a malicious checkpoint; the benchmark requirements file is inert. Not exploitable in the runtime.",
5+
"review_by": "2026-09-25"
6+
},
27
{
38
"vulnerability_id": "CVE-2026-39822",
49
"reason": "go/stdlib 1.25.9 statically linked inside mooncake libetcd_wrapper.so, cannot be patched independently of mooncake-transfer-engine rebuild",

0 commit comments

Comments
 (0)