WML containers include scikit-learn. Scikit-learn includes joblib and pickle to cache and load models. Pickle (and joblib by extension), has some issues regarding maintainability and security. Because of this, usage of the joblib.load() function in scikit-learn must be done in a responsible manner.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Watson Machine Learning Community Edition | 1.6.2 |
IBM Watson Machine Learning Community Edition | 1.7.0 |
CVE-2020-13092
<https://nvd.nist.gov/vuln/detail/CVE-2020-13092>
This should make it possible to check that the cross-validation score is in the same range as before.
Since a model internal representation may be different on two different architectures, dumping a model on one architecture and loading it on another architecture is not supported.
CPE | Name | Operator | Version |
---|---|---|---|
ibm powerai | eq | 1.6.2 | |
ibm powerai | eq | 1.7.0 |