Skip to content

python3Packages.vllm: 0.14.0 -> 0.15.1#483505

Merged
kirillrdy merged 5 commits into
NixOS:masterfrom
GaetanLepage:update/python3Packages.vllm
Feb 9, 2026
Merged

python3Packages.vllm: 0.14.0 -> 0.15.1#483505
kirillrdy merged 5 commits into
NixOS:masterfrom
GaetanLepage:update/python3Packages.vllm

Conversation

@GaetanLepage
Copy link
Copy Markdown
Contributor

@GaetanLepage GaetanLepage commented Jan 24, 2026
edited
Loading

Things done

cc @happysalada @CertainLach @daniel-fahey

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

@nixpkgs-ci nixpkgs-ci Bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 6.topic: python Python is a high-level, general-purpose programming language. labels Jan 25, 2026
@GaetanLepage
Copy link
Copy Markdown
Contributor Author

GaetanLepage commented Jan 25, 2026

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 483505
Commit: 96122a5a99dc5197d81885533511888663971e58

x86_64-linux

❌ 2 packages failed to build:
  • python313Packages.torchrl
  • python313Packages.torchrl.dist
✅ 6 packages built:
  • python313Packages.kserve
  • python313Packages.kserve.dist
  • python313Packages.vllm
  • python313Packages.vllm.dist
  • vllm
  • vllm.dist

@GaetanLepage
Copy link
Copy Markdown
Contributor Author

GaetanLepage commented Jan 25, 2026
edited
Loading

@GaetanLepage GaetanLepage marked this pull request as draft January 25, 2026 01:12
@nixpkgs-ci nixpkgs-ci Bot added the 8.has: package (update) This PR updates a package to a newer version label Jan 25, 2026
@GaetanLepage GaetanLepage force-pushed the update/python3Packages.vllm branch from 96122a5 to 7753e85 Compare January 31, 2026 12:57
@GaetanLepage GaetanLepage changed the title python3Packages.vllm: 0.14.0 -> 0.14.1 python3Packages.vllm: 0.14.0 -> 0.15.0 Jan 31, 2026
@GaetanLepage GaetanLepage force-pushed the update/python3Packages.vllm branch from 7753e85 to ffdaf9f Compare February 1, 2026 19:08
@GaetanLepage
Copy link
Copy Markdown
Contributor Author

GaetanLepage commented Feb 1, 2026

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 483505
Commit: ffdaf9faeaac40f38e121df45e97ed0d3e33bb71

x86_64-linux

✅ 8 packages built:
  • python313Packages.kserve
  • python313Packages.kserve.dist
  • python313Packages.torchrl
  • python313Packages.torchrl.dist
  • python313Packages.vllm
  • python313Packages.vllm.dist
  • vllm
  • vllm.dist

@nixpkgs-ci nixpkgs-ci Bot added 12.approvals: 1 This PR was reviewed and approved by one person. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages. labels Feb 1, 2026
@GaetanLepage GaetanLepage force-pushed the update/python3Packages.vllm branch from ffdaf9f to 22f6fcd Compare February 4, 2026 23:13
@GaetanLepage GaetanLepage changed the title python3Packages.vllm: 0.14.0 -> 0.15.0 python3Packages.vllm: 0.14.0 -> 0.15.1 Feb 4, 2026
@GaetanLepage GaetanLepage marked this pull request as ready for review February 8, 2026 23:21
@GaetanLepage GaetanLepage force-pushed the update/python3Packages.vllm branch from 22f6fcd to 80282ca Compare February 8, 2026 23:29
@GaetanLepage
Copy link
Copy Markdown
Contributor Author

GaetanLepage commented Feb 8, 2026

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 483505
Commit: 22f6fcdfe89356d35083ee33558ec1f00763d5d5

x86_64-linux

✅ 8 packages built:
  • python313Packages.kserve
  • python313Packages.kserve.dist
  • python313Packages.torchrl
  • python313Packages.torchrl.dist
  • python313Packages.vllm
  • python313Packages.vllm.dist
  • vllm
  • vllm.dist

@GaetanLepage
Copy link
Copy Markdown
Contributor Author

GaetanLepage commented Feb 9, 2026

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 483505 --extra-nixpkgs-config '{ allowUnfree = true; cudaSupport = true; }'
Commit: 80282ca350ec642a06fdba485d51390164b51704

x86_64-linux

✅ 9 packages built:
  • nixpkgs-manual
  • python313Packages.kserve
  • python313Packages.kserve.dist
  • python313Packages.torchrl
  • python313Packages.torchrl.dist
  • python313Packages.vllm
  • python313Packages.vllm.dist
  • vllm
  • vllm.dist

aarch64-linux

✅ 1 package built:
  • nixpkgs-manual

@nixpkgs-ci nixpkgs-ci Bot added 12.approvals: 2 This PR was reviewed and approved by two persons. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Feb 9, 2026
@kirillrdy kirillrdy added this pull request to the merge queue Feb 9, 2026
Merged via the queue into NixOS:master with commit d50383b Feb 9, 2026
27 checks passed
@GaetanLepage GaetanLepage deleted the update/python3Packages.vllm branch February 9, 2026 10:07
@LeSuisse
Copy link
Copy Markdown
Member

LeSuisse commented Feb 19, 2026

This fixes CVE-2026-22778 / #488751

Can one of the maintainers take a look at backporting the security fixes to stable branch which is currently using vLLM 0.11.2?

@LeSuisse LeSuisse added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Feb 19, 2026
@LeSuisse LeSuisse linked an issue Feb 19, 2026 that may be closed by this pull request
vLLM leaks a heap address when PIL throws an error #488751
Closed
@daniel-fahey daniel-fahey added the backport release-25.11 Backport PR automatically label Feb 19, 2026
@nixpkgs-ci
Copy link
Copy Markdown
Contributor

nixpkgs-ci Bot commented Feb 19, 2026

Backport failed for release-25.11, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-25.11
git worktree add -d .worktree/backport-483505-to-release-25.11 origin/release-25.11
cd .worktree/backport-483505-to-release-25.11
git switch --create backport-483505-to-release-25.11
git cherry-pick -x a1fe3d6f7e61ae658f7626f0176210e716f53631 715481ee1c4b46027087deff497d408e1111091b 315eefb91376ddd12e6de869997c728c478faca5 3dc1661ab4803bac458f65bbb5faac54a578c52b 80282ca350ec642a06fdba485d51390164b51704

@daniel-fahey daniel-fahey mentioned this pull request Feb 19, 2026
Draft
13 tasks
@daniel-fahey
Copy link
Copy Markdown
Contributor

daniel-fahey commented Feb 20, 2026
edited
Loading

This fixes CVE-2026-22778 / #488751

Can one of the maintainers take a look at backporting the security fixes to stable branch which is currently using vLLM 0.11.2?

Easier said than done @LeSuisse, but I think I've identified all the right cherry-picks, takes a while to test each time due to the long compile time, watch this space 💪

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kirillrdy kirillrdy kirillrdy approved these changes

@happysalada happysalada happysalada approved these changes

@CertainLach CertainLach Awaiting requested review from CertainLach

@daniel-fahey daniel-fahey Awaiting requested review from daniel-fahey

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: python Python is a high-level, general-purpose programming language. 8.has: package (update) This PR updates a package to a newer version 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 2 This PR was reviewed and approved by two persons. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages. backport release-25.11 Backport PR automatically

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

vLLM leaks a heap address when PIL throws an error

5 participants

@GaetanLepage @LeSuisse @daniel-fahey @kirillrdy @happysalada