Sourced from tensorflow's releases.

TensorFlow 2.4.0

Release 2.4.0

Major Features and Improvements

• tf.distribute introduces experimental support for asynchronous training of models via the tf.distribute.experimental.ParameterServerStrategy API. Please see the tutorial to learn more.

• MultiWorkerMirroredStrategy is now a stable API and is no longer considered experimental. Some of the major improvements involve handling peer failure and many bug fixes. Please check out the detailed tutorial on Multi-worker training with Keras.

• Introduces experimental support for a new module named tf.experimental.numpy which is a NumPy-compatible API for writing TF programs. See the detailed guide to learn more. Additional details below.

• Adds Support for TensorFloat-32 on Ampere based GPUs. TensorFloat-32, or TF32 for short, is a math mode for NVIDIA Ampere based GPUs and is enabled by default.

• A major refactoring of the internals of the Keras Functional API has been completed, that should improve the reliability, stability, and performance of constructing Functional models.

• Keras mixed precision API tf.keras.mixed_precision is no longer experimental and allows the use of 16-bit floating point formats during training, improving performance by up to 3x on GPUs and 60% on TPUs. Please see below for additional details.

• TensorFlow Profiler now supports profiling MultiWorkerMirroredStrategy and tracing multiple workers using the sampling mode API.

• TFLite Profiler for Android is available. See the detailed guide to learn more.

• TensorFlow pip packages are now built with CUDA11 and cuDNN 8.0.2.

Breaking Changes

• TF Core:

  • Certain float32 ops run in lower precsion on Ampere based GPUs, including matmuls and convolutions, due to the use of TensorFloat-32. Specifically, inputs to such ops are rounded from 23 bits of precision to 10 bits of precision. This is unlikely to cause issues in practice for deep learning models. In some cases, TensorFloat-32 is also used for complex64 ops. TensorFloat-32 can be disabled by running tf.config.experimental.enable_tensor_float_32_execution(False).
  • The byte layout for string tensors across the C-API has been updated to match TF Core/C++; i.e., a contiguous array of tensorflow::tstring/TF_TStrings.
  • C-API functions TF_StringDecode, TF_StringEncode, and TF_StringEncodedSize are no longer relevant and have been removed; see core/platform/ctstring.h for string access/modification in C.
  • tensorflow.python, tensorflow.core and tensorflow.compiler modules are now hidden. These modules are not part of TensorFlow public API.
  • tf.raw_ops.Max and tf.raw_ops.Min no longer accept inputs of type tf.complex64 or tf.complex128, because the behavior of these ops is not well defined for complex types.
  • XLA:CPU and XLA:GPU devices are no longer registered by default. Use TF_XLA_FLAGS=--tf_xla_enable_xla_devices if you really need them, but this flag will eventually be removed in subsequent releases.

• tf.keras:

  • The steps_per_execution argument in model.compile() is no longer experimental; if you were passing experimental_steps_per_execution, rename it to steps_per_execution in your code. This argument controls the number of batches to run during each tf.function call when calling model.fit(). Running multiple batches inside a single tf.function call can greatly improve performance on TPUs or small models with a large Python overhead.
  • A major refactoring of the internals of the Keras Functional API may affect code that is relying on certain internal details:
    • Code that uses isinstance(x, tf.Tensor) instead of tf.is_tensor when checking Keras symbolic inputs/outputs should switch to using tf.is_tensor.
    • Code that is overly dependent on the exact names attached to symbolic tensors (e.g. assumes there will be ":0" at the end of the inputs, treats names as unique identifiers instead of using tensor.ref(), etc.) may break.
    • Code that uses full path for get_concrete_function to trace Keras symbolic inputs directly should switch to building matching tf.TensorSpecs directly and tracing the TensorSpec objects.
    • Code that relies on the exact number and names of the op layers that TensorFlow operations were converted into may have changed.
    • Code that uses tf.map_fn/tf.cond/tf.while_loop/control flow as op layers and happens to work before TF 2.4. These will explicitly be unsupported now. Converting these ops to Functional API op layers was unreliable before TF 2.4, and prone to erroring incomprehensibly or being silently buggy.
    • Code that directly asserts on a Keras symbolic value in cases where ops like tf.rank used to return a static or symbolic value depending on if the input had a fully static shape or not. Now these ops always return symbolic values.
    • Code already susceptible to leaking tensors outside of graphs becomes slightly more likely to do so now.
    • Code that tries directly getting gradients with respect to symbolic Keras inputs/outputs. Use GradientTape on the actual Tensors passed to the already-constructed model instead.
    • Code that requires very tricky shape manipulation via converted op layers in order to work, where the Keras symbolic shape inference proves insufficient.
    • Code that tries manually walking a tf.keras.Model layer by layer and assumes layers only ever have one positional argument. This assumption doesn't hold true before TF 2.4 either, but is more likely to cause issues now.

... (truncated)

Sourced from tensorflow's changelog.

Release 2.4.0

Major Features and Improvements

• tf.distribute introduces experimental support for asynchronous training of models via the [tf.distribute.experimental.ParameterServerStrategy] (https://www.tensorflow.org/api_docs/python/tf/distribute/experimental/ParameterServerStrategy) API. Please see the tutorial to learn more.

• MultiWorkerMirroredStrategy is now a stable API and is no longer considered experimental. Some of the major improvements involve handling peer failure and many bug fixes. Please check out the detailed tutorial on [Multi-worker training with Keras] (https://www.tensorflow.org/tutorials/distribute/multi_worker_with_keras).

• Introduces experimental support for a new module named [tf.experimental.numpy] (https://www.tensorflow.org/api_docs/python/tf/experimental/numpy) which is a NumPy-compatible API for writing TF programs. See the [detailed guide] (https://www.tensorflow.org/guide/tf_numpy) to learn more. Additional details below.

• Adds Support for TensorFloat-32 on Ampere based GPUs. TensorFloat-32, or TF32 for short, is a math mode for NVIDIA Ampere based GPUs and is enabled by default.

• A major refactoring of the internals of the Keras Functional API has been completed, that should improve the reliability, stability, and performance of constructing Functional models.

• Keras mixed precision API [tf.keras.mixed_precision] (https://www.tensorflow.org/api_docs/python/tf/keras/mixed_precision?version=nightly) is no longer experimental and allows the use of 16-bit floating point formats during training, improving performance by up to 3x on GPUs and 60% on TPUs. Please see below for additional details.

• TensorFlow Profiler now supports profiling MultiWorkerMirroredStrategy and tracing multiple workers using the [sampling mode API] (https://www.tensorflow.org/guide/profiler#profiling_apis).

• TFLite Profiler for Android is available. See the detailed [guide] (https://www.tensorflow.org/lite/performance/measurement#trace_tensorflow_lite_internals_in_android) to learn more.

• TensorFlow pip packages are now built with CUDA11 and cuDNN 8.0.2.

Breaking Changes

• TF Core:
  • Certain float32 ops run in lower precision on Ampere based GPUs, including

... (truncated)

• 582c8d2 Merge pull request #44220 from tensorflow-jenkins/relnotes-2.4.0rc0-18048
• c16387f Update RELEASE.md
• 4cf406c Update RELEASE.md
• 3f35ef2 Update RELEASE.md
• 3647e8e Update RELEASE.md
• 281c7d5 Update RELEASE.md
• 91ec75f Update RELEASE.md
• ed5ad82 Update RELEASE.md
• 1267bba Update RELEASE.md
• 13a4067 Update RELEASE.md
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 2.5.1

Release 2.5.1

This release introduces several vulnerability fixes:

• Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
• Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636)
• Fixes a null pointer dereference in CompressElement (CVE-2021-37637)
• Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638)
• Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
• Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
• Fixes a division by 0 in ResourceScatterDiv (CVE-2021-37642)
• Fixes a heap OOB in RaggedGather (CVE-2021-37641)
• Fixes a std::abort raised from TensorListReserve (CVE-2021-37644)
• Fixes a null pointer dereference in MatrixDiagPartOp (CVE-2021-37643)
• Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
• Fixes a bad allocation error in StringNGrams caused by integer conversion (CVE-2021-37646)
• Fixes a null pointer dereference in SparseTensorSliceDataset (CVE-2021-37647)
• Fixes an incorrect validation of SaveV2 inputs (CVE-2021-37648)
• Fixes a null pointer dereference in UncompressElement (CVE-2021-37649)
• Fixes a segfault and a heap buffer overflow in {Experimental,}DatasetToTFRecord (CVE-2021-37650)
• Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-37651)
• Fixes a use after free in boosted trees creation (CVE-2021-37652)
• Fixes a division by 0 in ResourceGather (CVE-2021-37653)
• Fixes a heap OOB and a CHECK fail in ResourceGather (CVE-2021-37654)
• Fixes a heap OOB in ResourceScatterUpdate (CVE-2021-37655)
• Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToSparse (CVE-2021-37656)
• Fixes an undefined behavior arising from reference binding to nullptr in MatrixDiagV* ops (CVE-2021-37657)
• Fixes an undefined behavior arising from reference binding to nullptr in MatrixSetDiagV* ops (CVE-2021-37658)
• Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659)
• Fixes a division by 0 in inplace operations (CVE-2021-37660)
• Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661)
• Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662)
• Fixes a heap OOB in boosted trees (CVE-2021-37664)
• Fixes vulnerabilities arising from incomplete validation in QuantizeV2 (CVE-2021-37663)
• Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665)
• Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToVariant (CVE-2021-37666)
• Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667)
• Fixes an FPE in tf.raw_ops.UnravelIndex (CVE-2021-37668)
• Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669)
• Fixes a heap OOB in UpperBound and LowerBound (CVE-2021-37670)
• Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671)
• Fixes a heap OOB in SdcaOptimizerV2 (CVE-2021-37672)
• Fixes a CHECK-fail in MapStage (CVE-2021-37673)
• Fixes a vulnerability arising from incomplete validation in MaxPoolGrad (CVE-2021-37674)
• Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676)
• Fixes a division by 0 in most convolution operators (CVE-2021-37675)
• Fixes vulnerabilities arising from missing validation in shape inference for Dequantize (CVE-2021-37677)
• Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678)
• Fixes a heap OOB in nested tf.map_fn with RaggedTensors (CVE-2021-37679)

... (truncated)

Sourced from tensorflow's changelog.

Release 2.5.1

This release introduces several vulnerability fixes:

• Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
• Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636)
• Fixes a null pointer dereference in CompressElement (CVE-2021-37637)
• Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638)
• Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
• Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
• Fixes a division by 0 in ResourceScatterDiv (CVE-2021-37642)
• Fixes a heap OOB in RaggedGather (CVE-2021-37641)
• Fixes a std::abort raised from TensorListReserve (CVE-2021-37644)
• Fixes a null pointer dereference in MatrixDiagPartOp (CVE-2021-37643)
• Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
• Fixes a bad allocation error in StringNGrams caused by integer conversion (CVE-2021-37646)
• Fixes a null pointer dereference in SparseTensorSliceDataset (CVE-2021-37647)
• Fixes an incorrect validation of SaveV2 inputs (CVE-2021-37648)
• Fixes a null pointer dereference in UncompressElement (CVE-2021-37649)
• Fixes a segfault and a heap buffer overflow in {Experimental,}DatasetToTFRecord (CVE-2021-37650)
• Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-37651)
• Fixes a use after free in boosted trees creation (CVE-2021-37652)
• Fixes a division by 0 in ResourceGather (CVE-2021-37653)
• Fixes a heap OOB and a CHECK fail in ResourceGather (CVE-2021-37654)
• Fixes a heap OOB in ResourceScatterUpdate (CVE-2021-37655)
• Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToSparse

... (truncated)

• 8222c1c Merge pull request #51381 from tensorflow/mm-fix-r2.5-build
• d584260 Disable broken/flaky test
• f6c6ce3 Merge pull request #51367 from tensorflow-jenkins/version-numbers-2.5.1-17468
• 3ca7812 Update version numbers to 2.5.1
• 4fdf683 Merge pull request #51361 from tensorflow/mm-update-relnotes-on-r2.5
• 05fc01a Put CVE numbers for fixes in parentheses
• bee1dc4 Update release notes for the new patch release
• 47beb4c Merge pull request #50597 from kruglov-dmitry/v2.5.0-sync-abseil-cmake-bazel
• 6f39597 Merge pull request #49383 from ashahab/abin-load-segfault-r2.5
• 0539b34 Merge pull request #48979 from liufengdb/r2.5-cherrypick
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 1.15.2

Release 1.15.2

Note that this release no longer has a single pip package for GPU and CPU. Please see #36347 for history and details

Bug Fixes and Other Changes

• Fixes a security vulnerability where converting a Python string to a tf.float16 value produces a segmentation fault (CVE-2020-5215)
• Updates curl to 7.66.0 to handle CVE-2019-5482 and CVE-2019-5481
• Updates sqlite3 to 3.30.01 to handle CVE-2019-19646, CVE-2019-19645 and CVE-2019-16168

TensorFlow 1.15.0

Release 1.15.0

This is the last 1.x release for TensorFlow. We do not expect to update the 1.x branch with features, although we will issue patch releases to fix vulnerabilities for at least one year.

Major Features and Improvements

• As announced, tensorflow pip package will by default include GPU support (same as tensorflow-gpu now) for the platforms we currently have GPU support (Linux and Windows). It will work on machines with and without Nvidia GPUs. tensorflow-gpu will still be available, and CPU-only packages can be downloaded at tensorflow-cpu for users who are concerned about package size.
• TensorFlow 1.15 contains a complete implementation of the 2.0 API in its compat.v2 module. It contains a copy of the 1.15 main module (without contrib) in the compat.v1 module. TensorFlow 1.15 is able to emulate 2.0 behavior using the enable_v2_behavior() function. This enables writing forward compatible code: by explicitly importing either tensorflow.compat.v1 or tensorflow.compat.v2, you can ensure that your code works without modifications against an installation of 1.15 or 2.0.
• EagerTensor now supports numpy buffer interface for tensors.
• Add toggles tf.enable_control_flow_v2() and tf.disable_control_flow_v2() for enabling/disabling v2 control flow.
• Enable v2 control flow as part of tf.enable_v2_behavior() and TF2_BEHAVIOR=1.
• AutoGraph translates Python control flow into TensorFlow expressions, allowing users to write regular Python inside tf.function-decorated functions. AutoGraph is also applied in functions used with tf.data, tf.distribute and tf.keras APIS.
• Adds enable_tensor_equality(), which switches the behavior such that:
  • Tensors are no longer hashable.
  • Tensors can be compared with == and !=, yielding a Boolean Tensor with element-wise comparison results. This will be the default behavior in 2.0.
• Auto Mixed-Precision graph optimizer simplifies converting models to float16 for acceleration on Volta and Turing Tensor Cores. This feature can be enabled by wrapping an optimizer class with tf.train.experimental.enable_mixed_precision_graph_rewrite().
• Add environment variable TF_CUDNN_DETERMINISTIC. Setting to "true" or "1" forces the selection of deterministic cuDNN convolution and max-pooling algorithms. When this is enabled, the algorithm selection procedure itself is also deterministic.
• TensorRT
  • Migrate TensorRT conversion sources from contrib to compiler directory in preparation for TF 2.0.
  • Add additional, user friendly TrtGraphConverter API for TensorRT conversion.
  • Expand support for TensorFlow operators in TensorRT conversion (e.g. Gather, Slice, Pack, Unpack, ArgMin, ArgMax,DepthSpaceShuffle).
  • Support TensorFlow operator CombinedNonMaxSuppression in TensorRT conversion which significantly accelerates object detection models.

Breaking Changes

• Tensorflow code now produces 2 different pip packages: tensorflow_core containing all the code (in the future it will contain only the private implementation) and tensorflow which is a virtual pip package doing forwarding to tensorflow_core (and in the future will contain only the public API of tensorflow). We don't expect this to be breaking, unless you were importing directly from the implementation.
• TensorFlow 1.15 is built using devtoolset7 (GCC7) on Ubuntu 16. This may lead to ABI incompatibilities with extensions built against earlier versions of TensorFlow.
• Deprecated the use of constraint= and .constraint with ResourceVariable.
• tf.keras:
  • OMP_NUM_THREADS is no longer used by the default Keras config. To configure the number of threads, use tf.config.threading APIs.
  • tf.keras.model.save_model and model.save now defaults to saving a TensorFlow SavedModel.
  • keras.backend.resize_images (and consequently, keras.layers.Upsampling2D) behavior has changed, a bug in the resizing implementation was fixed.
  • Layers now default to float32, and automatically cast their inputs to the layer's dtype. If you had a model that used float64, it will probably silently use float32 in TensorFlow2, and a warning will be issued that starts with Layer "layer-name" is casting an input tensor from dtype float64 to the layer's dtype of float32. To fix, either set the default dtype to float64 with tf.keras.backend.set_floatx('float64'), or pass dtype='float64' to each of the Layer constructors. See tf.keras.layers.Layer for more information.
  • Some tf.assert_* methods now raise assertions at operation creation time (i.e. when this Python line executes) if the input tensors' values are known at that time, not during the session.run(). When this happens, a noop is returned and the input tensors are marked non-feedable. In other words, if they are used as keys in feed_dict argument to session.run(), an error will be raised. Also, because some assert ops don't make it into the graph, the graph structure changes. A different graph can result in different per-op random seeds when they are not given explicitly (most often).

Bug Fixes and Other Changes

• tf.estimator:
  • tf.keras.estimator.model_to_estimator now supports exporting to tf.train.Checkpoint format, which allows the saved checkpoints to be compatible with model.load_weights.
  • Fix tests in canned estimators.

... (truncated)

Sourced from tensorflow's changelog.

Release 1.15.2

Bug Fixes and Other Changes

• Fixes a security vulnerability where converting a Python string to a tf.float16 value produces a segmentation fault (CVE-2020-5215)
• Updates curl to 7.66.0 to handle CVE-2019-5482 and CVE-2019-5481
• Updates sqlite3 to 3.30.01 to handle CVE-2019-19646, CVE-2019-19645 and CVE-2019-16168

Release 2.1.0

TensorFlow 2.1 will be the last TF release supporting Python 2. Python 2 support officially ends an January 1, 2020. As announced earlier, TensorFlow will also stop supporting Python 2 starting January 1, 2020, and no more releases are expected in 2019.

Major Features and Improvements

• The tensorflow pip package now includes GPU support by default (same as tensorflow-gpu) for both Linux and Windows. This runs on machines with and without NVIDIA GPUs. tensorflow-gpu is still available, and CPU-only packages can be downloaded at tensorflow-cpu for users who are concerned about package size.
• Windows users: Officially-released tensorflow Pip packages are now built with Visual Studio 2019 version 16.4 in order to take advantage of the new /d2ReducedOptimizeHugeFunctions compiler flag. To use these new packages, you must install "Microsoft Visual C++ Redistributable for Visual Studio 2015, 2017 and 2019", available from Microsoft's website here.
  • This does not change the minimum required version for building TensorFlow from source on Windows, but builds enabling EIGEN_STRONG_INLINE can take over 48 hours to compile without this flag. Refer to configure.py for more information about EIGEN_STRONG_INLINE and /d2ReducedOptimizeHugeFunctions.
  • If either of the required DLLs, msvcp140.dll (old) or msvcp140_1.dll (new), are missing on your machine, import tensorflow will print a warning message.
• The tensorflow pip package is built with CUDA 10.1 and cuDNN 7.6.
• tf.keras
  • Experimental support for mixed precision is available on GPUs and Cloud TPUs. See usage guide.
  • Introduced the TextVectorization layer, which takes as input raw strings and takes care of text standardization, tokenization, n-gram generation, and vocabulary indexing. See this end-to-end text classification example.
  • Keras .compile .fit .evaluate and .predict are allowed to be outside of the DistributionStrategy scope, as long as the model was constructed inside of a scope.
  • Experimental support for Keras .compile, .fit, .evaluate, and .predict is available for Cloud TPUs, Cloud TPU, for all types of Keras models (sequential, functional and subclassing models).
  • Automatic outside compilation is now enabled for Cloud TPUs. This allows tf.summary to be used more conveniently with Cloud TPUs.
  • Dynamic batch sizes with DistributionStrategy and Keras are supported on Cloud TPUs.
  • Support for .fit, .evaluate, .predict on TPU using numpy data, in addition to tf.data.Dataset.
  • Keras reference implementations for many popular models are available in the TensorFlow Model Garden.
• tf.data
  • Changes rebatching for tf.data datasets + DistributionStrategy for better performance. Note that the dataset also behaves slightly differently, in that the rebatched dataset cardinality will always be a multiple of the number of replicas.
  • tf.data.Dataset now supports automatic data distribution and sharding in distributed environments, including on TPU pods.
  • Distribution policies for tf.data.Dataset can now be tuned with 1. tf.data.experimental.AutoShardPolicy(OFF, AUTO, FILE, DATA) 2. tf.data.experimental.ExternalStatePolicy(WARN, IGNORE, FAIL)
• tf.debugging
  • Add tf.debugging.enable_check_numerics() and tf.debugging.disable_check_numerics() to help debugging the root causes of issues involving infinities and NaNs.
• tf.distribute
  • Custom training loop support on TPUs and TPU pods is avaiable through strategy.experimental_distribute_dataset, strategy.experimental_distribute_datasets_from_function, strategy.experimental_run_v2, strategy.reduce.
  • Support for a global distribution strategy through tf.distribute.experimental_set_strategy(), in addition to strategy.scope().
• TensorRT
  • TensorRT 6.0 is now supported and enabled by default. This adds support for more TensorFlow ops including Conv3D, Conv3DBackpropInputV2, AvgPool3D, MaxPool3D, ResizeBilinear, and ResizeNearestNeighbor. In addition, the TensorFlow-TensorRT python conversion API is exported as tf.experimental.tensorrt.Converter.
• Environment variable TF_DETERMINISTIC_OPS has been added. When set to "true" or "1", this environment variable makes tf.nn.bias_add operate deterministically (i.e. reproducibly), but currently only when XLA JIT compilation is not enabled. Setting TF_DETERMINISTIC_OPS to "true" or "1" also makes cuDNN convolution and max-pooling operate deterministically. This makes Keras Conv*D and MaxPool*D layers operate deterministically in both the forward and backward directions when running on a CUDA-enabled GPU.

Breaking Changes

• Deletes Operation.traceback_with_start_lines for which we know of no usages.
• Removed id from tf.Tensor.__repr__() as id is not useful other than internal debugging.
• Some tf.assert_* methods now raise assertions at operation creation time if the input tensors' values are known at that time, not during the session.run(). This only changes behavior when the graph execution would have resulted in an error. When this happens, a noop is returned and the input tensors are marked non-feedable. In other words, if they are used as keys in feed_dict argument to session.run(), an error will be raised. Also, because some assert ops don't make it into the graph, the graph structure changes. A different graph can result in different per-op random seeds when they are not given explicitly (most often).
• The following APIs are not longer experimental: tf.config.list_logical_devices, tf.config.list_physical_devices, tf.config.get_visible_devices, tf.config.set_visible_devices, tf.config.get_logical_device_configuration, tf.config.set_logical_device_configuration.
• tf.config.experimentalVirtualDeviceConfiguration has been renamed to tf.config.LogicalDeviceConfiguration.
• tf.config.experimental_list_devices has been removed, please use tf.config.list_logical_devices.

Bug Fixes and Other Changes

... (truncated)

• 5d80e1e Merge pull request #36215 from tensorflow-jenkins/version-numbers-1.15.2-8214
• 71e9d8f Update version numbers to 1.15.2
• e50120e Merge pull request #36214 from tensorflow-jenkins/relnotes-1.15.2-2203
• 1a7e9fb Releasing 1.15.2 instead of 1.15.1
• 85f7aab Insert release notes place-fill
• e75a6d6 Merge pull request #36190 from tensorflow/mm-r1.15-fix-v2-build
• a6d8973 Use config=v1 as this is r1.15 branch.
• fdb8589 Merge pull request #35912 from tensorflow-jenkins/relnotes-1.15.1-31298
• a6051e8 Add CVE number for main patch
• 360b2e3 Merge pull request #34532 from ROCmSoftwarePlatform/r1.15-rccl-upstream-patch
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 2.4.0

Release 2.4.0

Major Features and Improvements

• tf.distribute introduces experimental support for asynchronous training of models via the tf.distribute.experimental.ParameterServerStrategy API. Please see the tutorial to learn more.

• MultiWorkerMirroredStrategy is now a stable API and is no longer considered experimental. Some of the major improvements involve handling peer failure and many bug fixes. Please check out the detailed tutorial on Multi-worker training with Keras.

• Introduces experimental support for a new module named tf.experimental.numpy which is a NumPy-compatible API for writing TF programs. See the detailed guide to learn more. Additional details below.

• Adds Support for TensorFloat-32 on Ampere based GPUs. TensorFloat-32, or TF32 for short, is a math mode for NVIDIA Ampere based GPUs and is enabled by default.

• A major refactoring of the internals of the Keras Functional API has been completed, that should improve the reliability, stability, and performance of constructing Functional models.

• Keras mixed precision API tf.keras.mixed_precision is no longer experimental and allows the use of 16-bit floating point formats during training, improving performance by up to 3x on GPUs and 60% on TPUs. Please see below for additional details.

• TensorFlow Profiler now supports profiling MultiWorkerMirroredStrategy and tracing multiple workers using the sampling mode API.

• TFLite Profiler for Android is available. See the detailed guide to learn more.

• TensorFlow pip packages are now built with CUDA11 and cuDNN 8.0.2.

Breaking Changes

• TF Core:

  • Certain float32 ops run in lower precsion on Ampere based GPUs, including matmuls and convolutions, due to the use of TensorFloat-32. Specifically, inputs to such ops are rounded from 23 bits of precision to 10 bits of precision. This is unlikely to cause issues in practice for deep learning models. In some cases, TensorFloat-32 is also used for complex64 ops. TensorFloat-32 can be disabled by running tf.config.experimental.enable_tensor_float_32_execution(False).
  • The byte layout for string tensors across the C-API has been updated to match TF Core/C++; i.e., a contiguous array of tensorflow::tstring/TF_TStrings.
  • C-API functions TF_StringDecode, TF_StringEncode, and TF_StringEncodedSize are no longer relevant and have been removed; see core/platform/ctstring.h for string access/modification in C.
  • tensorflow.python, tensorflow.core and tensorflow.compiler modules are now hidden. These modules are not part of TensorFlow public API.
  • tf.raw_ops.Max and tf.raw_ops.Min no longer accept inputs of type tf.complex64 or tf.complex128, because the behavior of these ops is not well defined for complex types.
  • XLA:CPU and XLA:GPU devices are no longer registered by default. Use TF_XLA_FLAGS=--tf_xla_enable_xla_devices if you really need them, but this flag will eventually be removed in subsequent releases.

• tf.keras:

  • The steps_per_execution argument in model.compile() is no longer experimental; if you were passing experimental_steps_per_execution, rename it to steps_per_execution in your code. This argument controls the number of batches to run during each tf.function call when calling model.fit(). Running multiple batches inside a single tf.function call can greatly improve performance on TPUs or small models with a large Python overhead.
  • A major refactoring of the internals of the Keras Functional API may affect code that is relying on certain internal details:
    • Code that uses isinstance(x, tf.Tensor) instead of tf.is_tensor when checking Keras symbolic inputs/outputs should switch to using tf.is_tensor.
    • Code that is overly dependent on the exact names attached to symbolic tensors (e.g. assumes there will be ":0" at the end of the inputs, treats names as unique identifiers instead of using tensor.ref(), etc.) may break.
    • Code that uses full path for get_concrete_function to trace Keras symbolic inputs directly should switch to building matching tf.TensorSpecs directly and tracing the TensorSpec objects.
    • Code that relies on the exact number and names of the op layers that TensorFlow operations were converted into may have changed.
    • Code that uses tf.map_fn/tf.cond/tf.while_loop/control flow as op layers and happens to work before TF 2.4. These will explicitly be unsupported now. Converting these ops to Functional API op layers was unreliable before TF 2.4, and prone to erroring incomprehensibly or being silently buggy.
    • Code that directly asserts on a Keras symbolic value in cases where ops like tf.rank used to return a static or symbolic value depending on if the input had a fully static shape or not. Now these ops always return symbolic values.
    • Code already susceptible to leaking tensors outside of graphs becomes slightly more likely to do so now.
    • Code that tries directly getting gradients with respect to symbolic Keras inputs/outputs. Use GradientTape on the actual Tensors passed to the already-constructed model instead.
    • Code that requires very tricky shape manipulation via converted op layers in order to work, where the Keras symbolic shape inference proves insufficient.
    • Code that tries manually walking a tf.keras.Model layer by layer and assumes layers only ever have one positional argument. This assumption doesn't hold true before TF 2.4 either, but is more likely to cause issues now.

... (truncated)

Sourced from tensorflow's changelog.

Release 2.4.0

Major Features and Improvements

• tf.distribute introduces experimental support for asynchronous training of models via the [tf.distribute.experimental.ParameterServerStrategy] (https://www.tensorflow.org/api_docs/python/tf/distribute/experimental/ParameterServerStrategy) API. Please see the tutorial to learn more.

• MultiWorkerMirroredStrategy is now a stable API and is no longer considered experimental. Some of the major improvements involve handling peer failure and many bug fixes. Please check out the detailed tutorial on [Multi-worker training with Keras] (https://www.tensorflow.org/tutorials/distribute/multi_worker_with_keras).

• Introduces experimental support for a new module named [tf.experimental.numpy] (https://www.tensorflow.org/api_docs/python/tf/experimental/numpy) which is a NumPy-compatible API for writing TF programs. See the [detailed guide] (https://www.tensorflow.org/guide/tf_numpy) to learn more. Additional details below.

• Adds Support for TensorFloat-32 on Ampere based GPUs. TensorFloat-32, or TF32 for short, is a math mode for NVIDIA Ampere based GPUs and is enabled by default.

• A major refactoring of the internals of the Keras Functional API has been completed, that should improve the reliability, stability, and performance of constructing Functional models.

• Keras mixed precision API [tf.keras.mixed_precision] (https://www.tensorflow.org/api_docs/python/tf/keras/mixed_precision?version=nightly) is no longer experimental and allows the use of 16-bit floating point formats during training, improving performance by up to 3x on GPUs and 60% on TPUs. Please see below for additional details.

• TensorFlow Profiler now supports profiling MultiWorkerMirroredStrategy and tracing multiple workers using the [sampling mode API] (https://www.tensorflow.org/guide/profiler#profiling_apis).

• TFLite Profiler for Android is available. See the detailed [guide] (https://www.tensorflow.org/lite/performance/measurement#trace_tensorflow_lite_internals_in_android) to learn more.

• TensorFlow pip packages are now built with CUDA11 and cuDNN 8.0.2.

Breaking Changes

• TF Core:
  • Certain float32 ops run in lower precision on Ampere based GPUs, including

... (truncated)

• 582c8d2 Merge pull request #44220 from tensorflow-jenkins/relnotes-2.4.0rc0-18048
• c16387f Update RELEASE.md
• 4cf406c Update RELEASE.md
• 3f35ef2 Update RELEASE.md
• 3647e8e Update RELEASE.md
• 281c7d5 Update RELEASE.md
• 91ec75f Update RELEASE.md
• ed5ad82 Update RELEASE.md
• 1267bba Update RELEASE.md
• 13a4067 Update RELEASE.md
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 2.3.1

Release 2.3.1

Bug Fixes and Other Changes

• Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)
• Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
• Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
• Fixes several vulnerabilities in RaggedCountSparseOutput and SparseCountSparseOutput operations (CVE-2020-15196, CVE-2020-15197, CVE-2020-15198, CVE-2020-15199, CVE-2020-15200, CVE-2020-15201)
• Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
• Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)
• Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
• Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
• Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
• Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
• Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
• Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
• Fixes several vulnerabilities in TFLite implementation of segment sum (CVE-2020-15212, CVE-2020-15213, CVE-2020-15214)
• Updates sqlite3 to 3.33.00 to handle CVE-2020-15358.
• Fixes deprecated usage of collections API
• Removes scipy dependency from setup.py since TensorFlow does not need it to install the pip package

TensorFlow 2.3.0

Release 2.3.0

Major Features and Improvements

• tf.data adds two new mechanisms to solve input pipeline bottlenecks and save resources:
  • snapshot
  • tf.data service.

In addition checkout the detailed guide for analyzing input pipeline performance with TF Profiler.

• tf.distribute.TPUStrategy is now a stable API and no longer considered experimental for TensorFlow. (earlier tf.distribute.experimental.TPUStrategy).

• TF Profiler introduces two new tools: a memory profiler to visualize your model’s memory usage over time and a python tracer which allows you to trace python function calls in your model. Usability improvements include better diagnostic messages and profile options to customize the host and device trace verbosity level.

• Introduces experimental support for Keras Preprocessing Layers API (tf.keras.layers.experimental.preprocessing.*) to handle data preprocessing operations, with support for composite tensor inputs. Please see below for additional details on these layers.

• TFLite now properly supports dynamic shapes during conversion and inference. We’ve also added opt-in support on Android and iOS for XNNPACK, a highly optimized set of CPU kernels, as well as opt-in support for executing quantized models on the GPU.

• Libtensorflow packages are available in GCS starting this release. We have also started to release a nightly version of these packages.

• The experimental Python API tf.debugging.experimental.enable_dump_debug_info() now allows you to instrument a TensorFlow program and dump debugging information to a directory on the file system. The directory can be read and visualized by a new interactive dashboard in TensorBoard 2.3 called Debugger V2, which reveals the details of the TensorFlow program including graph structures, history of op executions at the Python (eager) and intra-graph levels, the runtime dtype, shape, and numerical composistion of tensors, as well as their code locations.

Breaking Changes

• Increases the minimum bazel version required to build TF to 3.1.0.
• tf.data
  • Makes the following (breaking) changes to the tf.data.
  • C++ API: - IteratorBase::RestoreInternal, IteratorBase::SaveInternal, and DatasetBase::CheckExternalState become pure-virtual and subclasses are now expected to provide an implementation.
  • The deprecated DatasetBase::IsStateful method is removed in favor of DatasetBase::CheckExternalState.
  • Deprecated overrides of DatasetBase::MakeIterator and MakeIteratorFromInputElement are removed.

... (truncated)

Sourced from tensorflow's changelog.

Release 2.3.1

Bug Fixes and Other Changes

• Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)
• Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
• Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
• Fixes several vulnerabilities in RaggedCountSparseOutput and SparseCountSparseOutput operations (CVE-2020-15196, CVE-2020-15197, CVE-2020-15198, CVE-2020-15199, CVE-2020-15200, CVE-2020-15201)
• Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
• Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)
• Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
• Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
• Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
• Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
• Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
• Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
• Fixes several vulnerabilities in TFLite implementation of segment sum (CVE-2020-15212, CVE-2020-15213, CVE-2020-15214)
• Updates sqlite3 to 3.33.00 to handle CVE-2020-15358.
• Fixes deprecated usage of collections API
• Removes scipy dependency from setup.py since TensorFlow does not need it to install the pip package

Release 2.2.1

... (truncated)

• fcc4b96 Merge pull request #43446 from tensorflow-jenkins/version-numbers-2.3.1-16251
• 4cf2230 Update version numbers to 2.3.1
• eee8224 Merge pull request #43441 from tensorflow-jenkins/relnotes-2.3.1-24672
• 0d41b1d Update RELEASE.md
• d99bd63 Insert release notes place-fill
• d71d3ce Merge pull request #43414 from tensorflow/mihaimaruseac-patch-1-1
• 9c91596 Fix missing import
• f9f12f6 Merge pull request #43391 from tensorflow/mihaimaruseac-patch-4
• 3ed271b Solve leftover from merge conflict
• 9cf3773 Merge pull request #43358 from tensorflow/mm-patch-r2.3
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 1.15.4

Release 1.15.4

Bug Fixes and Other Changes

• Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)
• Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
• Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
• Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
• Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)
• Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
• Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
• Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
• Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
• Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
• Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
• Updates sqlite3 to 3.33.00 to handle CVE-2020-9327, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13871, and CVE-2020-15358.
• Fixes #41630 by including max_seq_length in CuDNN descriptor cache key
• Pins numpy to 1.18.5 to prevent ABI breakage when compiling code that uses both NumPy and TensorFlow headers.

TensorFlow 1.15.3

Bug Fixes and Other Changes

• Updates sqlite3 to 3.31.01 to handle CVE-2019-19880, CVE-2019-19244 and CVE-2019-19645
• Updates curl to 7.69.1 to handle CVE-2019-15601
• Updates libjpeg-turbo to 2.0.4 to handle CVE-2018-19664, CVE-2018-20330 and CVE-2019-13960
• Updates Apache Spark to 2.4.5 to handle CVE-2019-10099, CVE-2018-17190 and CVE-2018-11770

Sourced from tensorflow's changelog.

Release 1.15.4

Bug Fixes and Other Changes

• Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)
• Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
• Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
• Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
• Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)
• Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
• Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
• Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
• Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
• Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
• Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
• Updates sqlite3 to 3.33.00 to handle CVE-2020-9327, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13871, and CVE-2020-15358.
• Fixes #41630 by including max_seq_length in CuDNN descriptor cache key
• Pins numpy to 1.18.5 to prevent ABI breakage when compiling code that uses both NumPy and TensorFlow headers.

Release 2.3.0

Major Features and Improvements

• tf.data adds two new mechanisms to solve input pipeline bottlenecks and save resources:

... (truncated)

• df8c55c Merge pull request #43442 from tensorflow-jenkins/version-numbers-1.15.4-31571
• 0e8cbcb Update version numbers to 1.15.4
• 5b65bf2 Merge pull request #43437 from tensorflow-jenkins/relnotes-1.15.4-10691
• 814e8d8 Update RELEASE.md
• 757085e Insert release notes place-fill
• e99e53d Merge pull request #43410 from tensorflow/mm-fix-1.15
• bad36df Add missing import
• f3f1835 No disable_tfrt present on this branch
• 7ef5c62 Merge pull request #43406 from tensorflow/mihaimaruseac-patch-1
• abbf34a Remove import that is not needed
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from requests's changelog.

2.20.0 (2018-10-18)

Bugfixes

• Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8).
• Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions.
• Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074)
• should_bypass_proxies now handles URIs without hostnames (e.g. files).

Dependencies

• Requests now supports urllib3 v1.24.

Deprecations

• Requests has officially stopped support for Python 2.6.

2.19.1 (2018-06-14)

Bugfixes

• Fixed issue where status_codes.py's init function failed trying to append to a __doc__ value of None.

2.19.0 (2018-06-12)

Improvements

• Warn user about possible slowdown when using cryptography version < 1.3.4
• Check for invalid host in proxy URL, before forwarding request to adapter.
• Fragments are now properly maintained across redirects. (RFC7231 7.1.2)
• Removed use of cgi module to expedite library load time.
• Added support for SHA-256 and SHA-512 digest auth algorithms.
• Minor performance improvement to Request.content.
• Migrate to using collections.abc for 3.7 compatibility.

Bugfixes

• Parsing empty Link headers with parse_header_links() no longer return one bogus entry.

... (truncated)

• bd84045 v2.20.0
• 7fd9267 remove final remnants from 2.6
• 6ae8a21 Add myself to AUTHORS
• 89ab030 Use comprehensions whenever possible
• 2c6a842 Merge pull request #4827 from webmaven/patch-1
• 30be889 CVE URLs update: www sub-subdomain no longer valid
• a6cd380 Merge pull request #4765 from requests/encapsulate_urllib3_exc
• bbdbcc8 wrap url parsing exceptions from urllib3's PoolManager
• ff0c325 Merge pull request #4805 from jdufresne/https
• b0ad249 Prefer https:// for URLs throughout project
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

• Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
• A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
• NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
• New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
• A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

• 4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release
• fd66547 REL: Prepare for the NumPy 1.22.0 release.
• 125304b wip
• c283859 Merge pull request #20682 from charris/backport-20416
• 5399c03 Merge pull request #20681 from charris/backport-20954
• f9c45f8 Merge pull request #20680 from charris/backport-20663
• 794b36f Update armccompiler.py
• d93b14e Update test_public_api.py
• 7662c07 Update init.py
• 311ab52 Update armccompiler.py
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.