1. BentoML Patches Critical Symlink Traversal Flaw in Build Pipeline via Security Update to v1.4.39
BentoML has released version 1.4.39 as a security-patched update addressing a critical information disclosure vulnerability tracked as CVE-2026-40610 (GHSA-mcfx-4vc6-qgxv). The flaw resides in the `bentoml build` packaging workflow, where an attacker-controlled symlink traversal within the build context could enable un...