llama-stack-mirror

mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-04 18:13:44 +00:00

History

mergify[bot] 9afa387d16 fix: RBAC bypass vulnerabilities in model access (backport #4270 ) (#4285 ) Closes security gaps where RBAC checks could be bypassed: o Inference router: Added RBAC enforcement in the fallback path to ensure access control is applied consistently. o Model listing: Dynamic models fetched via provider_data were returned without RBAC checks. Added filtering to ensure users only see models they have permission to access. Both fixes create temporary ModelWithOwner objects for RBAC validation, maintaining security through consistent access control enforcement. Closes: #4269 <hr>This is an automatic backport of pull request #4270 done by [Mergify](https://mergify.com). Signed-off-by: Derek Higgins <derekh@redhat.com> Signed-off-by: Charlie Doern <cdoern@redhat.com> Co-authored-by: Derek Higgins <derekh@redhat.com>		2025-12-03 13:02:37 -05:00
..
__init__.py	chore(cleanup)!: kill vector_db references as far as possible (#3864 )	2025-10-20 20:06:16 -07:00
datasets.py	refactor(logging): rename llama_stack logger categories (#3065 )	2025-08-21 17:31:04 -07:00
eval_scoring.py	refactor(logging): rename llama_stack logger categories (#3065 )	2025-08-21 17:31:04 -07:00
inference.py	fix: RBAC bypass vulnerabilities in model access (backport #4270 ) (#4285 )	2025-12-03 13:02:37 -05:00
safety.py	refactor(logging): rename llama_stack logger categories (#3065 )	2025-08-21 17:31:04 -07:00
tool_runtime.py	revert: "chore(cleanup)!: remove tool_runtime.rag_tool" (#3877 )	2025-10-21 11:22:06 -07:00
vector_io.py	chore(cleanup)!: kill vector_db references as far as possible (#3864 )	2025-10-20 20:06:16 -07:00