llama-stack-mirror

mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-21 05:58:40 +00:00

History

Derek Higgins 5abb7df41a fix: ABAC bypass in vector store operations (#4394 ) Vector store operations were bypassing ABAC checks by calling providers directly instead of going through the routing table. This allowed unauthorized access to vector store data and operations. Changes: o Route all VectorIORouter methods through routing table instead of directly to providers o Update routing table to enforce ABAC checks on all vector store operations (read, update, delete) o Add test suite verifying ABAC enforcement for all vector store operations o Ensure providers are never called when authorization fails Fixes security issue where users could access vector stores they don't have permission for. Fixes: #4393 Signed-off-by: Derek Higgins <derekh@redhat.com>		2025-12-16 10:49:16 -08:00
..
__init__.py	feat: Add support for query rewrite in vector_store.search (#4171 )	2025-12-10 10:06:19 -05:00
datasets.py	fix: rename llama_stack_api dir (#4155 )	2025-11-13 15:04:36 -08:00
eval_scoring.py	fix: rename llama_stack_api dir (#4155 )	2025-11-13 15:04:36 -08:00
inference.py	feat!: Implement include parameter specifically for adding logprobs in the output message (#4261 )	2025-12-11 11:11:21 -08:00
safety.py	feat!: Architect Llama Stack Telemetry Around Automatic Open Telemetry Instrumentation (#4127 )	2025-12-01 10:33:18 -08:00
tool_runtime.py	fix: MCP authorization parameter implementation (#4052 )	2025-11-14 08:54:42 -08:00
vector_io.py	fix: ABAC bypass in vector store operations (#4394 )	2025-12-16 10:49:16 -08:00