The TensorFlow project will release new versions of all supported release versions (i.e., last 3 releases) on or shortly after Monday, January 1st, 2021 (we estimate a maximum delay of at most 2 days). These releases will be followed by TensorFlow 2.8.0 final release, which also includes the fixes for the vulnerabilities.
We have a total of 59 vulnerabilities to patch (a small number of them only apply to the newest release, but the large majority apply to all releases):
* Critical vulnerabilities: 1
* High severity issues: 8
* Moderate severity issues: 37
* Low severity issues: 13
The fixes are already in the TensorFlow's r2.5, r2.6, r2.7 and r2.8 branches. The branches will be frozen to further updates, except those needed during the release process and critical cherrypicks.
Tensors must flow securely