From 9b66b5fd14a92b3340e0ccd8633fa01865c6b44d Mon Sep 17 00:00:00 2001 From: Greg Hendrickson Date: Tue, 3 Feb 2026 06:02:38 +0000 Subject: [PATCH] fix: Upgrade to torch 2.6+ for CVE-2025-32434 compliance - Use runpod/pytorch:1.0.3-cu1290-torch260-ubuntu2204 base image - Torch 2.6.0 required by transformers for secure model loading - CUDA 12.9 compatible --- components/runpod_trainer/Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/components/runpod_trainer/Dockerfile b/components/runpod_trainer/Dockerfile index 3284d20..7c58581 100644 --- a/components/runpod_trainer/Dockerfile +++ b/components/runpod_trainer/Dockerfile @@ -1,14 +1,12 @@ -FROM runpod/pytorch:2.4.0-py3.11-cuda12.4.1-devel-ubuntu22.04 +FROM runpod/pytorch:1.0.3-cu1290-torch260-ubuntu2204 WORKDIR /app # Copy requirements first for better caching COPY requirements.txt /app/requirements.txt -# Upgrade pip and install dependencies -# Force upgrade torch to ensure compatibility with transformers +# Install dependencies (torch 2.8 in base image satisfies CVE-2025-32434) RUN pip install --upgrade pip && \ - pip install --no-cache-dir torch==2.4.0 --force-reinstall && \ pip install --no-cache-dir -r requirements.txt # Copy handler and data