Skip to content

Update onnx upper bound to allow 1.21.0 (CVE-2026-27489)#29

Open
wjhrdy wants to merge 1 commit into
amd:release/0.11from
wjhrdy:fix/update-onnx-for-cve-2026-27489
Open

Update onnx upper bound to allow 1.21.0 (CVE-2026-27489)#29
wjhrdy wants to merge 1 commit into
amd:release/0.11from
wjhrdy:fix/update-onnx-for-cve-2026-27489

Conversation

@wjhrdy

@wjhrdy wjhrdy commented Apr 17, 2026

Copy link
Copy Markdown

Summary

Relax the onnx version constraint in requirements.txt from <=1.19.0 to <=1.21.0 to allow installation of onnx 1.21.0, which fixes CVE-2026-27489 (CVSS 8.7 HIGH — path traversal via symlink in external data loading).

Changes

-onnx>=1.16.0,<=1.19.0
+onnx>=1.16.0,<=1.21.0

Context

Downstream projects that depend on Quark inherit this constraint and are currently unable to upgrade to the patched onnx version.

Fixes #28

onnx < 1.21.0 is affected by CVE-2026-27489 (CVSS 8.7 HIGH), a path
traversal vulnerability via symlink in external data loading. Relax
the upper bound from <=1.19.0 to <=1.21.0 so downstream users can
install the patched version.

Fixes amd#28

Signed-off-by: Will Hardy <whardy@redhat.com>
Deepali1999 pushed a commit to Deepali1999/vllm-cpu that referenced this pull request Jul 7, 2026
This commit removes amd-quark>=0.8.99 from requirements/rocm.txt to
allow upgrading onnx from 1.19.0 to 1.21.0, which is required to fix
CVE-2026-27489.

## Problem

amd-quark 0.11.2 (latest version) pins onnx<=1.19.0, creating an
impossible constraint conflict:
- amd-quark requires: onnx<=1.19.0,>=1.16.0
- CVE fix requires: onnx>=1.21.0
- No version of onnx satisfies both constraints

Build failure:
```
ERROR: Unable to resolve requirement specifier onnx<=1.19.0,>=1.16.0
with constraint onnx==1.21.0
```

## Evidence that amd-quark is not a hard dependency

1. **Already validated in rhai/0.18.0 branch:**
   - Commit: f178b3e92fb493b05ad7770c04ee72b5cc19edaa
   - PR red-hat-data-services#469: "Remove amd-quark from ROCm requirements for onnx CVE fix"
   - Full accept-sync run 24567391901: ALL TESTS PASSED
     * Build ✅
     * Image ✅
     * LM-EVAL (solo + duo) ✅
     * GuideLLM (6 models including 2x FP8-dynamic) ✅
     * Quantized Models test partition ✅

2. **Only MXFP4/MXFP6 quantized models affected:**
   - FP8 W8A8 models use vLLM native Fp8Config, not QuarkConfig
   - Standard models completely unaffected
   - Only affects specific quantization formats (MXFP4/MXFP6)

3. **Temporary removal until upstream fix:**
   - Upstream PR pending: amd/Quark#29
   - Will re-add once amd/Quark bumps their onnx pin
   - This is a temporary workaround to unblock the CVE fix

## Related Tickets

- INFERENG-7300: Update onnx to 1.21.0 in ROCm variant to fix CVE
- INFERENG-6173: Original tracker for amd-quark removal
- AIPCC-14368: AIPCC pipeline onnx CVE fix

## Downstream Impact

This change enables pipeline to upgrade onnx to 1.21.0 without
constraint conflicts. RHAIIS 3.5-EA1 uses vLLM 0.19.1 from main
branch, so removing amd-quark here unblocks the downstream fix.

Signed-off-by: Tahmid Muttaki <tmuttaki@redhat.com>
Deepali1999 pushed a commit to Deepali1999/vllm-cpu that referenced this pull request Jul 7, 2026
…hat-data-services#522)

## Summary

Removes `amd-quark>=0.8.99` from `requirements/rocm.txt` to unblock the
onnx upgrade required for CVE-2026-27489 fix.

## Problem

**Constraint conflict preventing onnx CVE fix:**

```
ERROR: Unable to resolve requirement specifier onnx<=1.19.0,>=1.16.0 
with constraint onnx==1.21.0
```

- **amd-quark 0.11.2** (latest) requires: `onnx<=1.19.0,>=1.16.0`
- **CVE fix** requires: `onnx>=1.21.0`
- **No version of onnx** satisfies both constraints

## Evidence that amd-quark is NOT a hard dependency

### ✅ Already validated in rhai/0.18.0 branch

- **Commit:** `f178b3e92fb493b05ad7770c04ee72b5cc19edaa`
- **PR:** red-hat-data-services#469 - "Remove amd-quark from ROCm requirements for onnx CVE
fix (rhai/0.18.0)"
- **Validation run:**
[24567391901](https://github.com/neuralmagic/nm-cicd/actions/runs/24567391901)

**All tests passed:**
- ✅ Build
- ✅ Image
- ✅ LM-EVAL (solo + duo)
- ✅ GuideLLM (6 models including 2x FP8-dynamic)
- ✅ Quantized Models test partition

### 📋 Impact Assessment

**Not affected:**
- ✅ FP8 W8A8 models (use vLLM native `Fp8Config`, not `QuarkConfig`)
- ✅ Standard unquantized models
- ✅ All standard quantization formats

**Affected (limited scope):**
- ⚠️ MXFP4/MXFP6 quantized models only

### 🔄 Temporary Removal

This is a **temporary removal** until upstream fixes the onnx pin:
- **Upstream PR:** amd/Quark#29
- **Re-add when:** amd/Quark bumps their onnx constraint
- **Tracking:** Will monitor upstream PR and re-enable once available

## Related Tickets

- **INFERENG-7300:** Update onnx to 1.21.0 in ROCm variant to fix CVE
- **INFERENG-6173:** Original tracker for amd-quark removal validation
- **AIPCC-14368:** AIPCC pipeline onnx CVE fix

## Downstream Impact

**RHAIIS 3.5-EA1** uses vLLM 0.19.1 from the main branch. This change
unblocks:
1. Pipeline MR to upgrade onnx==1.21.0 in ROCm constraints
2. Downstream CVE remediation for RHAIIS releases
3. Container image security scans passing

## Testing Plan

- [ ] Run accept-sync workflow on this branch
- [ ] Verify build completes successfully
- [ ] Confirm lm-eval tests pass
- [ ] Validate guidellm benchmarks
- [ ] Check quantized model tests (excluding MXFP4/MXFP6)

---

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Update onnx dependency upper bound to allow 1.21.0 (CVE-2026-27489 fix)

1 participant