Spaces:
Paused
Fix: CVE-2025-32434 - Force safetensors for CLIP model loading
Browse filesRoot cause:
- transformers 4.57.1 requires torch>=2.6 to load .bin files (CVE-2025-32434)
- Current torch 2.2.2 < 2.6 → CLIP loading failed during build
- Runtime code already uses use_safetensors=True, but Dockerfile didn't
Solution:
1. Dockerfile: Add use_safetensors=True to CLIP model loading
2. requirements.txt: Pin transformers<4.52 to avoid future torch 2.6 requirement
Technical details:
- openai/clip-vit-base-patch32 has model.safetensors (605MB)
- Safetensors format is immune to CVE-2025-32434
- Consistent with runtime code in clip_retrieval.py
Changes:
- Dockerfile line 115-116: Added use_safetensors=True parameters
- requirements.txt line 13: Changed transformers>=4.35.0 to >=4.46.0,<4.52.0
Expected behavior:
✅ Build completes successfully with CLIP download
✅ All models use safetensors format (secure)
✅ No torch version upgrade needed
Updated: requirements.txt
- requirements.txt +2 -1
|
@@ -9,7 +9,8 @@ numpy>=1.24.0,<2.0.0 # PyTorch 2.2 requires numpy<2
|
|
| 9 |
Pillow>=10.0.0
|
| 10 |
|
| 11 |
# Transformers & NLP
|
| 12 |
-
|
|
|
|
| 13 |
tokenizers>=0.15.0
|
| 14 |
|
| 15 |
# 3D Processing
|
|
|
|
| 9 |
Pillow>=10.0.0
|
| 10 |
|
| 11 |
# Transformers & NLP
|
| 12 |
+
# Pin to <4.52 to avoid torch>=2.6 requirement in 4.48+
|
| 13 |
+
transformers>=4.46.0,<4.52.0
|
| 14 |
tokenizers>=0.15.0
|
| 15 |
|
| 16 |
# 3D Processing
|