Merged
Conversation
skottmckay
approved these changes
Apr 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Remove deprecated Azure custom operators
Motivation
This PR addresses a security issue: the Azure custom operators (
AzureTextToText,AzureAudioToText,OpenAIAudioToText,AzureTritonInvoker) accept user-controlled endpoint URIs and auth tokens, enabling non-blind SSRF from any host running an ONNX Runtime session with these ops loaded. An attacker who controls model inputs can make the host issue authenticated HTTP requests to arbitrary endpoints and read back the full response body.These operators have been deprecated since v0.12 and are disabled by default (
OCOS_ENABLE_AZURE=OFF). They are not shipped in any official packages. Rather than trying to bolt on URL-allowlisting (which would break the operators' core design), we are removing them entirely.Changes
Deleted:
operators/azure/— all 12 source files (~1,157 lines)cmake/externals/triton.cmake,triton_cmake.patch,curl.cmaketest/test_azure_ops.py,test/shared_test/test_ortops_azure.cc,test/data/azure/(17 test data files)Edited:
CMakeLists.txt— removedOCOS_ENABLE_AZUREoption, env-var override, platform exclusion block, source glob, compile definition, and triton/curl/openssl linker block (~120 lines)include/ocos.h— removedCustomAzureStructmacro andENABLE_AZUREexternshared/lib/ops_registry.cc— removedLoadCustomOpClasses_Azureregistrationcmake/ext_java.cmake— removed curl/openssl copy block for Android AAR.pyproject/cmdclass.py— removedno_azurebuild optiontools/gen_selectedops.py— removedOCOS_ENABLE_AZUREop mappingtools/test_cibuildwheel.sh,.bat— removed azure test invocationstools/install_deps.sh,.bat— removed openssl/vcpkg installs (only used by azure ops).pipelines/wheels_linux.yml,tools/ci_build/github/azure-pipeline/wheels_linux.yml,templates/build-package-for-linux.yml) — removedOCOS_ENABLE_AZUREreferencesdocs/custom_ops.md— removed Azure operator documentation sectioncgmanifest.json— removed triton, rapidjson, openssl, zlib, curl, vcpkg entriesThirdPartyNotices.txt— removed corresponding license noticesTesting
OCOS_ENABLE_CTEST=ONOCOS_ENABLE_AZURE/ENABLE_AZUREreferences in source