Release 1.15.4

Bug Fixes and Other Changes

• Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)
• Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
• Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
• Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
• Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)
• Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
• Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
• Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
• Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
• Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
• Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
• Updates sqlite3 to 3.33.00 to handle CVE-2020-9327, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13871, and CVE-2020-15358.
• Fixes #41630 by including max_seq_length in CuDNN descriptor cache key
• Pins numpy to 1.18.5 to prevent ABI breakage when compiling code that uses both NumPy and TensorFlow headers.