Trail of Bits reposted this
🔒Gradio 5 Just Got Even More Secure!🔒 🛡️A comprehensive Security overhaul with Trail of Bits! Following the launch of Gradio 5, we are very excited to share about one of the most significant enhancements in Gradio 5 -- Web Security. With Gradio becoming the go-to framework for building and sharing machine learning apps (over 6M monthly downloads & 470K apps on Hugging Face Spaces), we knew that security had to be a top priority. That's why we went ahead and partnered with the cybersecurity experts at Trail of Bits for an in-depth security audit. 🔍 𝐈𝐧 𝐭𝐡𝐞 𝐬𝐩𝐢𝐫𝐢𝐭 𝐨𝐟 𝐭𝐫𝐚𝐧𝐬𝐩𝐚𝐫𝐞𝐧𝐜𝐲 𝐚𝐧𝐝 𝐨𝐩𝐞𝐧-𝐬𝐨𝐮𝐫𝐜𝐞, 𝐰𝐞'𝐫𝐞 𝐦𝐚𝐤𝐢𝐧𝐠 𝐭𝐡𝐞 𝐟𝐮𝐥𝐥 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐫𝐞𝐩𝐨𝐫𝐭 𝐩𝐮𝐛𝐥𝐢𝐜! 📄 Keep reading to access the report and to learn more 👇 Gradio has successfully addressed all the issues identified by the Trail of Bits team in our security audit. The key highlights are: 1️⃣ Local Apps Security: Addressed CORS misconfigurations to prevent unauthorized access and token theft when running Gradio apps locally. 2️⃣ Deployed Apps Protection: Fixed SSRF vulnerabilities to secure internal networks and prevent data leaks for apps deployed on servers. 3️⃣ Shared Links Safety: Secured communication between frp-client and frp-server to prevent interception and unauthorized access when sharing apps via built-in share links. 4️⃣ Supply Chain Defense: Hardened our CI pipeline against supply chain threats by pinning dependencies and enhancing workflow security. 👉 Read the Full Security Report here: https://lnkd.in/djFewzS5 Q: What Does Gradio's Security Audit mean for You? 🤔 A: Your Gradio apps are now safer by default, without requiring significant changes to your code! You can continue building and sharing amazing ML apps with greater peace of mind. 🚀 💪 Upgrade to Gradio 5 Today with Full Confidence : pip install --upgrade gradio Dive Deeper: Check out our latest blog post on Hugging Face for an in-depth look at our security journey and the steps we've taken to make Gradio more secure: https://lnkd.in/dYcxMumQ We'd Love to Hear From our Community ! Your feedback is invaluable to us. Together, let's build a safer and more robust ecosystem for machine learning applications! 🙌 Let us know your thoughts on the new security enhancements with Gradio 5, or any other features you'd like to see in Gradio. 💬