Security Bulletins

To report a possible security vulnerability, please email support@h2o.ai

8/10/23 – H2O-3 Incident Communication for INC-4782

Dear valued customers,

H2O-3 is an open source product provided by H2O.ai - the source code is hosted in GitHub https://github.com/h2oai/h2o-3 and H2O.ai provides enterprise support to help customers with installation, deployment, security, and machine learning problems. Considering our community of users of H2O-3, the default configuration focuses on easy installation and use without any major obstacles. However, we also publish Security guidelines for end-users who would like to secure their open source installations.

Based on findings in the article published in https://mlsecops.com/resources/hacking-ai-h2o-exposes-entire-filesystem, we are going to highlight the Security guidelines documentation section and the importance of secure setup. Furthermore, we are going to make necessary changes in the product to simplify the secure setup for open-source users.

Sincerely,

H2O.ai Customer Support

Generative AI

Predictive AI

Industry Solutions

Use Cases

H2O.ai Hospital Occupancy Simulator

Strategic Transformation

View All Case Studies

FINANCIAL SERVICES

TELECOM

HEALTHCARE

ENERGY

FINANCIAL INDUSTRIES

MARKETING

Partners

Resources

Open Source

Join H2O University

Support

Events

H2O.ai Wiki

Responsible AI

Company

What is an AI Cloud?

2023 Gartner® Magic Quadrant™

8/10/23 – H2O-3 Incident Communication for INC-4782

Why H2O.ai

Products

Resources

Insights