Return to page

To report a possible security vulnerability, please email support@h2o.ai

 

8/10/23 – H2O-3 Incident Communication for  INC-4782

Dear valued customers,

 

H2O-3 is an open source product provided by H2O.ai - the source code is hosted in GitHub https://github.com/h2oai/h2o-3 and H2O.ai provides enterprise support to help customers with installation, deployment, security, and machine learning problems. Considering our community of users of H2O-3, the default configuration focuses on easy installation and use without any major obstacles. However, we also publish Security guidelines for end-users who would like to secure their open source installations.

 

Based on findings in the article published in https://mlsecops.com/resources/hacking-ai-h2o-exposes-entire-filesystem, we are going to highlight the Security guidelines documentation section and the importance of secure setup. Furthermore, we are going to make necessary changes in the product to simplify the secure setup for open-source users.


Sincerely,

H2O.ai Customer Support