Bump Microsoft.ML.OnnxRuntime from 1.22.1 to 1.25.0

[dependabot]

Updated Microsoft.ML.OnnxRuntime from 1.22.1 to 1.25.0.

Release notes

Sourced from Microsoft.ML.OnnxRuntime's releases.

1.25.0

📢 Announcements & Breaking Changes

Build & Platform

• C++20 is now required to build ONNX Runtime from source. Minimum toolchains: MSVC 19.29+, GCC 10+, Clang 10+. Users of prebuilt packages are unaffected. (#​27178)
• CUDA minimum version raised to 12.0 — CUDA 11.x is no longer supported. Users pinned to CUDA 11.x should stay on ORT 1.24.x or upgrade their CUDA toolkit/driver. (#​27570)
• ONNX upgraded to 1.21.0 (#​27601)
• sympy is now an optional dependency for Python builds. (#​27200)

Execution Provider Changes

• ArmNN EP has been removed. Users should remove any --use_armnn build flags and migrate to the MLAS/KleidiAI-backed CPU EP or QNN EP for Qualcomm hardware. (#​27447)

API Version

• ORT_API_VERSION updated to 25. (#​27280)

---

🔒 Security Fixes

• Fixed potential integer truncation leading to heap out-of-bounds read/write (#​27544)
• Addressed Pad Reflect vulnerability (#​27652)
• Security fix for transpose optimizer (#​27555)
• Upgraded minimatch 3.1.2 → 3.1.4 for CVE-2026-27904 (#​27667)
• Hardened shell command handling for constant strings (#​27840)
• Added validation of onnx::TensorProto data size before allocation (#​27547)
• Cleaned up external data path validation (#​27539)
• Fixed misaligned address reads for tensor attributes from raw data buffers (#​27312)
• Fixed CPU Attention overflow issue (#​27822)
• Fixed CPU LRN integer overflow issues (#​27886)
• Additional input validation hardening:
  • Tile kernel dim overflow (#​27566)
  • Out-of-bounds read in cross entropy (#​27568)
  • TreeEnsembleClassifier attributes (#​27571)
  • AffineGrid (#​27572)
  • EmbedLayerNorm position_ids (#​27573)
  • RotaryEmbedding position_ids (#​27597)
  • RoiAlign batch_indices (#​27603)
  • MaxUnpool indices (#​27432)
  • QMoECPU swiglu OOB (#​27748)
  • SVMClassifier initializer (#​27699)
  • Col2Im SafeInt (#​27625)

---

✨ New Features

🔌 Execution Provider Plugin API & CUDA Plugin EP

... (truncated)

1.24.4

This is a patch release for ONNX Runtime 1.24, containing bug fixes and execution provider updates.

Bug Fixes

• Core: Added PCI bus fallback for Linux GPU device discovery in containerized environments (e.g., AKS/Kubernetes) where nvidia-drm is not loaded but GPU PCI devices are still exposed via sysfs. (#​27591)
• Plugin EP: Fixed null pointer dereference when iterating output spans in GetOutputIndex. (#​27644)
• Plugin EP: Fixed bug that incorrectly assigned duplicate MetaDef IDs to fused nodes in different GraphViews (e.g., then/else branches of an If node), causing session creation to fail with a conflicting kernel error. (#​27666)

Execution Provider Updates

• QNN EP: Enabled offline x64 compilation with memhandle IO type by deferring rpcmem library loading to inference time. (#​27479)
• QNN EP: Reverted QNN SDK logging verbosity changes that caused segmentation faults on backend destruction. (#​27650)

Build and Infrastructure

• Python: Updated python_requires from >=3.10 to >=3.11 to reflect dropped Python 3.10 support. (#​27354)
• Build: Replaced __builtin_ia32_tpause with the compiler-portable _tpause intrinsic to fix cross-compiler portability issues between GCC and LLVM. (#​27607)

Full Changelog: v1.24.3...v1.24.4

Contributors

@​derdeljan-msft, @​adrianlizarraga, @​apwojcik, @​baijumeswani, @​edgchen1, @​mocknen, @​tianleiwu, @​XXXXRT666

1.24.3

This is a patch release for ONNX Runtime 1.24, containing bug fixes, security improvements, performance enhancements, and execution provider updates.

Security Fixes

• Core: Fixed GatherCopyData integer truncation leading to heap out-of-bounds read/write. (#​27444)
• Core: Fixed RoiAlign heap out-of-bounds read via unchecked batch_indices. (#​27543)
• Core: Prevent heap OOB from maliciously crafted Lora Adapters. (#​27518)
• Core: Fixed out-of-bounds access for Resize operation. (#​27419)

Bug Fixes

• Core: Fixed GatherND division by zero when batch dimensions mismatch. (#​27090)
• Core: Fixed validation for external data paths for models loaded from bytes. (#​27430)
• Core: Fixed SkipLayerNorm fusion incorrectly applied when gamma/beta are not 1D. (#​27459)
• Core: Fixed double-free in TRT EP custom op domain Release functions. (#​27471)
• Core: Fixed QMoE CPU Operator. (#​27360)
• Core: Fixed MatmulNBits prepacking scales. (#​27412)
• Python: Fixed refcount bug in map input conversion that caused shutdown segfault. (#​27413)
• NuGet: Fixed DllImportResolver. (#​27397)
• NuGet: Added OrtEnv.DisableDllImportResolver to prevent fatal error on resolver conflict. (#​27535)

Performance Improvements

• Core: QMoE CPU performance update (up to 4x on 4-bit). (#​27364)
• Core: Fixed O(n²) model load time for TreeEnsemble with categorical feature chains. (#​27391)

Execution Provider Updates

• NvTensorRtRtx EP:
  • Avoid repetitive creation of fp4/fp8 native-custom-op domains. (#​27192)
  • Added missing override specifiers to suppress warnings. (#​27288)
  • DQ→MatMulNBits fusion transformer. (#​27466)
• WebGPU:
  • Used embedded WASM module in Blob URL workers when wasmBinary is provided. (#​27318)
  • Fixed usage of wasmBinary together with a blob URL for .mjs. (#​27411)
  • Removed the unhelpful "Unknown CPU vendor" warning. (#​27399)
  • Allows new memory info name for WebGPU. (#​27475)
• MLAS:
  • Added DynamicQGemm function pointers and ukernel interface. (#​27403)
  • Fixed error where bytes is not assigned for dynamic qgemm pack b size. (#​27421)
• VitisAI EP: Removed s_kernel_registry_vitisaiep.reset() in deinitialize_vitisai_ep(). (#​27295)
• Plugin EPs: Added "library_path" metadata entry to OrtEpDevice instances for plugin and provider bridge EPs. (#​27522)

Build and Infrastructure

• Pipelines:
  • Build Windows ARM64X binaries as part of packaging pipeline. (#​27316)
  • Moved JAR testing pipelines to canonical pipeline template. (#​27480)
• Python: Enabled Python 3.14 CI and upgraded dependencies. (#​27401)
• Build: Suppressed spurious Array Out of Bounds warnings produced by GCC 14.2 compiler on Linux builds. (#​27454)
• Build: Fixed -Warray-bounds build error in MLAS on clang 17+. (#​27499)
• Telemetry: Added/Updated telemetry events. (#​27356)
• Config: Increased kMaxValueLength to 8192. (#​27521)

... (truncated)

1.24.2

This is a patch release for ONNX Runtime 1.24, containing several bug fixes, security improvements, and execution provider updates.

Bug Fixes

• NuGet: Fixed native library loading issues in the ONNX Runtime NuGet package on Linux and macOS. (#​27266)
• macOS: Fixed Java support and Jar testing on macOS ARM64. (#​27271)
• Core: Enable Robust Symlink Support for External Data for Huggingface Hub Cache. (#​27374)
• Core: Added boundary checks for SparseTensorProtoToDenseTensorProto to improve robustness. (#​27323)
• Security: Fixed an out-of-bounds read vulnerability in ArrayFeatureExtractor. (#​27275)

Execution Provider Updates

• MLAS: Fixed flakiness and accuracy issues in Lut GEMM (MatMulNBitsLutGemm). (#​27216)
• QNN: Enabled 64-bit UDMA mode for HTP target v81 or above. (#​26677)
• WebGPU:
  • Used LazyRelease for prepack allocator. (#​27077)
  • Fixed ConvTranspose bias validation in both TypeScript and C++ implementations. (#​27213)
• OpenVINO (OVEP): Patch to reduce resident memory by reusing weight files across shared contexts. (#​27238)
• DNNL: Fixed DNNL build error by including missing files. (#​27334)

Build and Infrastructure

• CUDA:
  • Added support for CUDA architecture family codes (suffix 'f') introduced in CUDA 12.9. (#​27278)
  • Fixed build errors and warnings for various CUDA versions (12.8, 13.0, 13.1.1). (#​27276)
  • Applied patches for Abseil CUDA warnings. (#​27096, #​27126)
• Pipelines:
  • Fixed Python packaging pipeline for Windows ARM64 and release. (#​27339, #​27350, #​27299)
  • Fixed DirectML NuGet pipeline to correctly bundle x64 and ARM64 binaries for release. (#​27349)
  • Updated Microsoft.ML.OnnxRuntime.Foundry package for Windows ARM64 support and NuGet signing. (#​27294)
• Testing: Updated BaseTester to support plugin EPs with both compiled nodes and registered kernels. (#​27176)
• Telemetry: Added service name and framework name to telemetry events for better usage understanding on Windows. (#​27252, #​27256)

Full Changelog: v1.24.1...v1.24.2

Contributors

@​tianleiwu, @​hariharans29, @​edgchen1, @​xiaofeihan1, @​adrianlizarraga, @​angelser, @​angelserMS, @​ankitm3k, @​baijumeswani, @​bmehta001, @​ericcraw, @​eserscor, @​fs-eire, @​guschmue, @​mc-nv, @​qjia7, @​qti-monumeen, @​titaiwangms, @​yuslepukhin

1.24.1

📢 Announcements & Breaking Changes

Platform Support Changes

• Python 3.10 wheels are no longer published — Please upgrade to Python 3.11+
• Python 3.14 support added
• Free-threaded Python (PEP 703) — Added support for Python 3.13t and 3.14t in Linux (#​26786)
• x86_64 binaries for macOS/iOS are no longer provided and minimum macOS is raised to 14.0

API Version

• ORT_API_VERSION updated to 24 (#​26418)

---

✨ New Features

🤖 Execution Provider (EP) Plugin API

A major infrastructure enhancement enabling plugin-based EPs with dynamic loading:

• Initial kernel-based EP support (#​26206)
• Weight pre-packing support for plugin EPs (#​26754)
• EP Context model support (#​25124)
• Control flow kernel APIs (#​26927)
• OrtKernelInfo APIs for kernel-based plugin EPs (#​26803)

🔧 Core APIs

• OrtApi::CreateEnvWithOptions() and OrtEpApi::GetEnvConfigEntries() (#​26971)
• EP Device Compatibility APIs (#​26922)
• External Resource Importer API for D3D12 shared resources (#​26828)
• Session config access from KernelInfo (#​26589)

📊 Dependencies & Integration

• ONNX upgraded to 1.20.1 (#​26579)
• Protobuf updated from 3.20.3 → 4.25.8 (#​26910)
• CUDA Graph enabled by default (#​26929)

---

🖥️ Execution Provider Updates

NVIDIA

• CUDA EP: Flash Attention updates, GQA kernel fusion, BF16 support for MoE/qMoE/MatMulNBits, CUDA 13.0 support
• TensorRT EP: Upgraded to TensorRT 10.14, automatic plugin loading, NVFP4 custom ops
• TensorRT RTX EP: RTX runtime caching, CUDA graph support, BFloat16, memory-mapped engines

Qualcomm QNN EP

• QNN SDK upgraded to 2.42.0 with new ops (RMSNorm, ScatterElements, GatherND, STFT, RandomUniformLike)
• Gelu pattern fusion, LPBQ quantization support, ARM64 wheel builds, v81 device support

Intel & AMD

• OpenVINO EP: Upgraded to 2025.4.1
• VitisAI EP: External EP loader, compiled model compatibility API
  ... (truncated)

1.23.2

1.23.1

What's Changed

• Fix Attention GQA implementation on CPU (#​25966)
• Address edge GetMemInfo edge cases (#​26021)
• Implement new Python APIs (#​25999)
• MemcpyFromHost and MemcpyToHost support for plugin EPs (#​26088)
• [TRT RTX EP] Fix bug for generating the correct subgraph in GetCapability (#​26132)
• add session_id_ to LogEvaluationStart/Stop, LogSessionCreationStart (#​25590)
• [build] fix WebAssembly build on macOS/arm64 (#​25653)
• [CPU] MoE Kernel (#​25958)
• [CPU] Block-wise QMoE kernel for CPU (#​26009)
• [C#] Implement missing APIs (#​26101)
• Regenerate test model with ONNX IR < 12 (#​26149)
• [CPU] Fix compilation errors because of unused variables (#​26147)
• [EP ABI] Check if nodes specified in GetCapability() have already been assigned (#​26156)
• [QNN EP] Add dynamic option to set HTP performance mode (#​26135)

Full Changelog: microsoft/onnxruntime@v1.23.0...v1.23.1

1.23.0

Announcements

• This release introduces Execution Provider (EP) Plugin API, which is a new infrastructure for building plugin-based EPs. (#​24887 , #​25137, #​25124, #​25147, #​25127, #​25159, #​25191, #​2524)

• This release introduces the ability to dynamically download and install execution providers. This feature is exclusively available in the WinML build and requires Windows 11 version 25H2 or later. To leverage this new capability, C/C++/C# users should use the builds distributed through the Windows App SDK, and Python users should install the onnxruntime-winml package(will be published soon). We encourage users who can upgrade to the latest Windows 11 to utilize the WinML build to take advantage of this enhancement.

Upcoming Changes

• The next release will stop providing x86_64 binaries for macOS and iOS operating systems.
• The next release will increase the minimum supported macOS version from 13.4 to 14.0.
• The next release will stop providing python 3.10 wheels.

Execution & Core Optimizations

Shutdown logic on Windows is simplified

Now on Windows some global object will be not destroyed if we detect that the process is being shutting down(#​24891) . It will not cause memory leak as when a process ends all the memory will be returned to the operating system. This change can reduce the chance of having crashes on process exit.

AutoEP/Device Management

Now ONNX Runtime has the ability to automatically discovery computing devices and select the best EPs to download and register. The EP downloading feature currently only works on Windows 11 version 25H2 or later.

Execution Provider (EP) Updates

ROCM EP was removed from the source tree. Users are recommended to use Migraphx or Vitis AI EPs from AMD.
A new EP, Nvidia TensorRT RTX, was added.

Web

EMDSK is upgraded from 4.0.4 to 4.0.8

WebGPU EP

Added WGSL template support.

QNN EP

SDK Update: Added support for QNN SDK 2.37.

KleidiAI

Enhanced performance for SGEMM, IGEMM, and Dynamic Quantized MatMul operations, especially for Conv2D operators on hardware that supports SME2 (Scalable Matrix Extension v2).

Known Problems

• There was a change in build.py that was related to KleidiAI that may cause build failures when doing cross-compiling (#​26175) .

Contributions

Contributors to ONNX Runtime include members across teams at Microsoft, along with our community members:

@​1duo, @​Akupadhye, @​amarin16, @​AndreyOrb, @​ankan-ban, @​ankitm3k, @​anujj, @​aparmp-quic, @​arnej27959, @​bachelor-dou, @​benjamin-hodgson, @​Bonoy0328, @​chenweng-quic, @​chuteng-quic, @​clementperon, @​co63oc, @​daijh, @​damdoo01-arm, @​danyue333, @​fanchenkong1, @​gedoensmax, @​genarks, @​gnedanur, @​Honry, @​huaychou, @​ianfhunter, @​ishwar-raut1, @​jing-bao, @​joeyearsley, @​johnpaultaken, @​jordanozang, @​JulienMaille, @​keshavv27, @​kevinch-nv, @​khoover, @​krahenbuhl, @​kuanyul-quic, @​mauriciocm9, @​mc-nv, @​minfhong-quic, @​mingyueliuh, @​MQ-mengqing, @​NingW101, @​notken12, @​omarhass47, @​peishenyan, @​pkubaj, @​qc-tbhardwa, @​qti-jkilpatrick, @​qti-yuduo, @​quic-ankus, @​quic-ashigarg, @​quic-ashwshan, @​quic-calvnguy, @​quic-hungjuiw, @​quic-tirupath, @​qwu16, @​ranjitshs, @​saurabhkale17, @​schuermans-slx, @​sfatimar, @​stefantalpalaru, @​sunnyshu-intel, @​TedThemistokleous, @​thevishalagarwal, @​toothache, @​umangb-09, @​vatlark, @​VishalX, @​wcy123, @​xhcao, @​xuke537, @​zhaoxul-qti

1.22.2

What's new?

This release adds an optimized CPU/MLAS implementation of DequantizeLinear (8 bit) and introduces the build option client_package_build, which enables default options that are more appropriate for client/on-device workloads (e.g., disable thread spinning by default).

Build System & Packages

• Add –client_package_build option (#​25351) - @​jywu-msft
• Remove the python installation steps from win-qnn-arm64-ci-pipeline.yml (#​25552) - @​snnn

CPU EP

• Add multithreaded/vectorized implementation of DequantizeLinear for int8 and uint8 inputs (SSE2, NEON) (#​24818) - @​adrianlizarraga

QNN EP

• Add support for the Upsample, Einsum, LSTM, and CumSum operators (#​24265, #​24616, #​24646, #​24820) - @​quic-zhaoxul, @​1duo, @​chenweng-quic, @​Akupadhye
• Fuse scale into Softmax (#​24809) - @​qti-yuduo
• Enable DSP queue polling when performance is set to “burst” mode (#​25361) - @​quic-calvnguy
• Update QNN SDK to version 2.36.1 (#​25388) - @​qti-jkilpatrick
• Include the license file from QNN SDK in the Microsoft.ML.OnnxRunitme.QNN NuGet package (#​25158) - @​HectorSVC

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like Microsoft.ML.OnnxRuntime is no longer updatable, so this is no longer needed.