llama-stack-mirror

mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-04 10:10:36 +00:00

History

mergify[bot] 9afa387d16 fix: RBAC bypass vulnerabilities in model access (backport #4270 ) (#4285 ) Closes security gaps where RBAC checks could be bypassed: o Inference router: Added RBAC enforcement in the fallback path to ensure access control is applied consistently. o Model listing: Dynamic models fetched via provider_data were returned without RBAC checks. Added filtering to ensure users only see models they have permission to access. Both fixes create temporary ModelWithOwner objects for RBAC validation, maintaining security through consistent access control enforcement. Closes: #4269 <hr>This is an automatic backport of pull request #4270 done by [Mergify](https://mergify.com). Signed-off-by: Derek Higgins <derekh@redhat.com> Signed-off-by: Charlie Doern <cdoern@redhat.com> Co-authored-by: Derek Higgins <derekh@redhat.com>		2025-12-03 13:02:37 -05:00
..
access_control	chore(cleanup)!: kill vector_db references as far as possible (#3864 )	2025-10-20 20:06:16 -07:00
conversations	feat(stores)!: use backend storage references instead of configs (#3697 )	2025-10-20 13:20:09 -07:00
prompts	feat(stores)!: use backend storage references instead of configs (#3697 )	2025-10-20 13:20:09 -07:00
routers	fix: RBAC bypass vulnerabilities in model access (backport #4270 ) (#4285 )	2025-12-03 13:02:37 -05:00
routing_tables	chore(cleanup)!: kill vector_db references as far as possible (#3864 )	2025-10-20 20:06:16 -07:00
server	revert: "chore(cleanup)!: remove tool_runtime.rag_tool" (#3877 )	2025-10-21 11:22:06 -07:00
storage	feat(stores)!: use backend storage references instead of configs (#3697 )	2025-10-20 13:20:09 -07:00
store	feat(stores)!: use backend storage references instead of configs (#3697 )	2025-10-20 13:20:09 -07:00
ui	chore(cleanup)!: kill vector_db references as far as possible (#3864 )	2025-10-20 20:06:16 -07:00
utils	feat(cherry-pick): fixes for 0.3.1 release (#3998 )	2025-10-30 21:51:42 -07:00
__init__.py	chore(rename): move llama_stack.distribution to llama_stack.core (#2975 )	2025-07-30 23:30:53 -07:00
build.py	feat(distro): no huggingface provider for starter (#3258 )	2025-08-26 14:06:36 -07:00
client.py	feat: introduce API leveling, post_training, eval to v1alpha (#3449 )	2025-09-26 16:18:07 +02:00
common.sh	refactor: remove Conda support from Llama Stack (#2969 )	2025-08-02 15:52:59 -07:00
configure.py	chore(release-0.3.x): handle missing external_providers_dir (#4011 )	2025-10-31 12:55:34 -07:00
datatypes.py	feat: support `workers` in run config (#4014 )	2025-10-31 13:48:55 -07:00
distribution.py	chore(cleanup)!: kill vector_db references as far as possible (#3864 )	2025-10-20 20:06:16 -07:00
external.py	chore(rename): move llama_stack.distribution to llama_stack.core (#2975 )	2025-07-30 23:30:53 -07:00
id_generation.py	feat(tests): make inference_recorder into api_recorder (include tool_invoke) (#3403 )	2025-10-09 14:27:51 -07:00
inspect.py	chore(rename): move llama_stack.distribution to llama_stack.core (#2975 )	2025-07-30 23:30:53 -07:00
library_client.py	fix(logging): move module-level initialization to explicit setup calls (#3874 )	2025-10-21 11:08:25 -07:00
providers.py	chore(rename): move llama_stack.distribution to llama_stack.core (#2975 )	2025-07-30 23:30:53 -07:00
request_headers.py	chore(pre-commit): add pre-commit hook to enforce llama_stack logger usage (#3061 )	2025-08-20 07:15:35 -04:00
resolver.py	fix: Add policies to adapters (backport #4277 ) (#4279 )	2025-12-02 13:27:54 -08:00
stack.py	revert: "chore(cleanup)!: remove tool_runtime.rag_tool" (#3877 )	2025-10-21 11:22:06 -07:00
start_stack.sh	chore!: remove --env from `llama stack run` (#3711 )	2025-10-07 20:58:15 -07:00
testing_context.py	feat(ci): add support for docker:distro in tests (#3832 )	2025-10-16 19:33:13 -07:00