| Version | Supported |
|---|---|
| 1.5.x | ✅ (current; v1.5.0 shipped 2026-05-31) |
| 1.4.x | ✅ (security-fix-only until v1.6.0; operators should plan migration to v1.5) |
| 1.3.x | ❌ (EOL with v1.5.0) |
| 1.2.x | ❌ (EOL with v1.4.0) |
| 1.1.x | ❌ (EOL with v1.2.0 — see GHSA-f65r-h4g3-3h9h below for the auth-bypass advisory affecting 1.1.0 / 1.1.1) |
| 1.0.x | ❌ (EOL with v1.1.0) |
| < 1.0 | ❌ |
Now that v1.5.0 has shipped, 1.4.x moves to security-fix-only support for one minor cycle (until v1.6.0); operators should plan migration to v1.5 within that window. The current minor + one back is always supported; older minors get security-only patches for one cycle, then EOL.
| Advisory | Affected | Patched | Severity | Title |
|---|---|---|---|---|
| GHSA-f65r-h4g3-3h9h | >=1.1.0, <1.2.0 (pip + npm) |
1.2.0 |
Critical (CVSS 9.8) | backprop ui --auth and backprop ui --share do not enforce authentication |
CVE IDs are requested at publish time and attached to the GHSA when GitHub Security Lab assigns them (typically 1-7 days post-publication).
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue — the report is visible to anyone the moment it's filed.
- Open a private security advisory via GitHub's Security tab.
- Or email the maintainer directly if the GitHub flow is blocked for you.
Email: 64996768+mcp-tool-shop@users.noreply.github.com
When reporting, please include:
- The
run_id(printed at startup asrun_started run_id=<uuid>, also exposed asTrainingRun.run_id/RunResult.run_id) if the issue surfaced during a training run. One UUID lets the maintainer correlate every log line, checkpoint, and SLAO merge for that exact run — without it, reproducing your timeline is much harder. - The structured error code (e.g.
[INPUT_AUTH_REQUIRED],[UI_OUTPUT_DIR_FORBIDDEN]) if one was emitted. The catalog at handbook/error-codes lists every stable code. - A minimal reproduction. Stderr in non-verbose mode is automatically redacted (Bearer /
sk-*/hf_*/ AWS keys,password=/token=/api_key=pairs) — safe to paste. For the full unredacted trace, re-run with--verbose(orBACKPROPAGATE_DEBUG=1) and review the output for any remaining secrets before posting.
- Acknowledgment: within 48 hours.
- Assessment: within 1 week — severity, scope, and a rough patch ETA.
- Fix: based on severity (Critical: hot-patch release; High: next patch; Medium/Low: next minor).
- Disclosure: GHSA publication coordinated with the reporter; CVE IDs requested at publish (typically 1–7 days post-publication, see existing advisories for examples).
- Never commit API keys or tokens
- Validate training data sources
- Keep dependencies updated
- When using
backprop ui, do not pass--sharewithout--auth(and on v1.1.x, do not pass either — see GHSA-f65r-h4g3-3h9h above; upgrade to v1.2.0). In v1.2.0+,--sharewithout--authhard-errors withRUNTIME_UI_AUTH_NOT_ENFORCED. For remote access without exposing the UI publicly, use SSH port-forwarding:ssh -L 7860:localhost:7860 <training-host>then openhttp://localhost:7860locally. - The UI sandboxes filesystem writes to a single base directory (
~/.backpropagate/ui-outputsby default; override viaBACKPROPAGATE_UI__OUTPUT_DIR). The override is denylist-validated — system / credential paths are refused with[UI_OUTPUT_DIR_FORBIDDEN].