Full List of Enhancements:Java 21: upgraded core ModelOp Services to Java 21 Jira SDK: replaced the Atlassian Jira SDK with an upgraded Feign-based client Inventory & Reporting: Use Case Page: Added a list of Running Model Lifecycles to the Use Case page. Note that this will show ALL related running model lifecycles, across Use Cases, Model Implementations, or Snapshots of a Model Implementation Updated the Governance Score to refresh automatically upon saving of Custom Form Data
Governance Score: Updated the default Governance Score rules to look for Model Cards for a specific snapshot, instead of at the use case level Updated the default Governance Score rules to check that there are no high and open Notifications
Model Implementations: Assets: added support to upload an Asset to a specific directory, such that the assets can be materialized in that directory on a ModelOp Runtime when deployed for Model Scoring Metadata: added support to show the embedded model implementation custom metadata for a given Snapshot Details: updated the details tab to gray out the fields if a user has READ only permissions Add an Implementation: updated the Add an Implementation wizard to include the tags field
Git: Multiple Models: added support to allow multiple models to exist within a given git repository. Note that the models must exist under different folders within the Git repository. Force Sync: added the ability to allow a user to FORCE option for the manual git sync within the UI, which would cause ModelOp to reclone the git repo from scratch. This is helpful when there are git merge conflicts or other errors on the git repository side
My WorkModel Lifecycles: MLC: Dashboard & Tests/Monitors: Documentation Generation: PowerBI: ModelOp Runtime: CLI: Jupyter: Security: Installation / Configuration Import Utility:
Bug Fixes:Deprecated Library Updates:Updated or removed the following deprecated libraries: Remove Deprecated MomentJS Library Upgraded the EOL Joda-time v2.9 dependency in Eureka Upgrade the ORACLE JavaBeans Activation Framework 1.1 in MLC Service
Security Fixes/Patches: NOTE: many of the below are NOT related to ModelOp software, but rather related to dependencies Addressed CVE-2023-34036 - Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers. Addressed CVE-2023-4759 - a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree Addressed CVE-2016-1000027 - Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) Addressed CVE-2023-6378 CVE-2023-6481 - Logback: Serialization vulnerability in logback receiver Addressed CVE-2024-22243 & -21634 - Allocation of Resources Without Limits or Throttling Addressed CVE-2024-22259 - Spring framework: URL Parsing with Host validation.38816 - spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource Addressed CVE-2024-47554 commons-io on Document Service Addressed CVE-2022-40152 - DOS risk with Woodstock-core dependency
|