Backport fix for CVE-2022-23593 to 2.7.x release?

Anfernee_Xu · March 17, 2022, 2:46am

Noticed that the fix for NVD - CVE-2022-23593 is only available in 2.8.0 and the last sentence attached to the CVE is little confusing:

The fix will be included in TensorFlow 2.8.0. This is the only affected version.

Does it mean 2.7.x don’t have this issue?
If yes, do we have plan to backport the fix to 2.7.x?

Thanks

chunduriv · October 4, 2022, 12:46pm

The problem only existed in TF 2.8.0. Hence there is no need to back port the fix in lower versions. Thank you.