Download Latest Version
v3.12.1 source code.tar.gz (1.7 MB)
Get an email when there's a new version of Keras
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-01-30 | 2.5 kB | |
| v3.13.2 source code.tar.gz | 2026-01-30 | 1.7 MB | |
| v3.13.2 source code.zip | 2026-01-30 | 2.4 MB | |
| Totals: 3 Items | 4.1 MB | 0 | |
Security Fixes & Hardening
This release introduces critical security hardening for model loading and saving, alongside improvements to the JAX backend metadata handling.
-
Disallow
TFSMLayerdeserialization insafe_mode(#22035)- Previously,
TFSMLayercould load external TensorFlow SavedModels during deserialization without respecting Kerassafe_mode. This could allow the execution of attacker-controlled graphs during model invocation. TFSMLayernow enforcessafe_modeby default. Deserialization viafrom_config()will raise aValueErrorunlesssafe_mode=Falseis explicitly passed orkeras.config.enable_unsafe_deserialization()is called.
- Previously,
-
Fix Denial of Service (DoS) in
KerasFileEditor(#21880)- Introduces validation for HDF5 dataset metadata to prevent "shape bomb" attacks.
- Hardens the
.kerasfile editor against malicious metadata that could cause dimension overflows or unbounded memory allocation (unbounded numpy allocation of multi-gigabyte tensors).
-
Block External Links in HDF5 files (#22057)
- Keras now explicitly disallows external links within HDF5 files during loading. This prevents potential security risks where a weight file could point to external system datasets.
- Includes improved verification for H5 Groups and Datasets to ensure they are local and valid.
Backend-specific Improvements (JAX)
- Set
mutable=Trueby default innnx_metadata(#22074)- Updated the JAX backend logic to ensure that variables are treated as mutable by default in
nnx_metadata. - This makes Keras 3.13.2 compatible with Flax 0.12.3 when the Keras NNX integration is enabled.
- Updated the JAX backend logic to ensure that variables are treated as mutable by default in
Saving & Serialization
- Improved H5IOStore Integrity (#22057)
- Refactored
H5IOStoreandShardedH5IOStoreto remove unused, unverified methods. - Fixed key-ordering logic in sharded HDF5 stores to ensure consistent state loading across different environments.
- Refactored
Contributors
We would like to thank the following contributors for their security reports and code improvements: @0xManan, @HyperPS, @hertschuh, and @divyashreepathihalli.
Full Changelog: https://github.com/keras-team/keras/compare/v3.13.1...v3.13.2
