Content Comparison

Full List of Enhancements:

• Inventory & Reporting:

  • ModelOp-Managed Approvals: added support in the ModelOp UI to create ModelOp-managed approvals of different types. Each type has configurable titles and resolution states.

  • Comments Tracking: added UI support for comment tracking across users on the new ModelOp-Managed approvals

• Automated Risk Mapping:

  • Risk / Control Mapping: added support for automated risk and control mapping based on a set of list of criteria. This criteria is configurable by the Customer and can take into account any Use Case metadata to appropriately map the given set of risks and corresponding controls.

    • Delegate: added a delegate that inputs a DMN (of controls) and creates Risk Notifications for all matching rules within that DMN

  • File/Documentation Controls: added automated checks for specific files/documentation to satisfy a control

    • External Task: added an external task that would automatically check for the presence of a File and close the related ModelApprovalNotification that expects the file

• Governance Score:

  • Custom Form Data: updated the Governance Score calculations to support more than 50 custom fields in a given form

  • Assets by Regex: added capability to evaluate Assets by Regex (e.g. evaluated by Regex on the filename). Previously, an asset was evaluated only by Asset_Role (e.g. Design_Documentation)

    • Example: if the control is to ensure that a file of name “AI_monitoring_plan.docx” is uploaded, the Governance Score can be configured to find an asset by Regex on the file name.

    • This feature can be found in the Scores Admin page, under the Assets section:

    • 

• Custom Forms:

  • Field Structure: updated the structure for how each field in a custom form is stored for a given Use Case or Implementation. The new format includes a NEW “formFieldId” for each field in a custom form such that a field can more easily be referenced in MLC’s and DMN’s

    • For any Use Case or Implementation that contains a custom form, the New Structure will be as follows:

      • Code Block

        { "mocApplicationFormId": "7fef4718-a19e-4db0-b7b4-d4bdb0c7394b", "overview": { "1": { "question": "Division", "answer": "Finance" }, "2": { "question": "Purpose", "answer": "Probability of default predictor" }, "3": { "question": "Limitations", "answer": "Prime lending only" }, "name": "Overview" }, "accountability": { "1": { "question": "Business Owner/Sponsor", "answer": "Jane Doe" }, "2": { "question": "Governance Officer", "answer": "Jim Dean" }, "3": { "question": "Model Owner", "answer": "Jon B Goode" } "name": "Accountability" }

    • Referencing Custom Fields in a DMN’s: using this new structure allows for easier reference of the custom fields within a DMN:

      • Example: in the above example, the “Division” field can be referenced by a DMN with the following in this new structure:

        • Code Block
          modelMetaData.custom(overview)(1)(answer)

• Git:

Model Lifecycles:

• Dashboard & Tests/Monitors:

• Documentation Generation:

• PowerBI:

  ModelOp Runtime:

• Security:

  • Updated the Permissions page for administrators to allow the admin to set permissions across all groups

• Import Utility:

  • Enhanced the UI for the Excel import utility to allow users to more easily map the columns from the Excel sheet to the custom metadata

Bug Fixes:

• Git:

  • Addressed issue where the automated git sync process could not go through all the existing StoredModels when the number of StoredModels exceeds 1000 models

  • Addressed sporadic issue where the git sync would fail with a 504 error

• Tableau:

  • Addressed an issue where the Tableau connector was failing to import data when the custom metadata contained special characters

• Scheduler:

  • Addressed an issue with the advanced scheduler (cron) option, where if the users saves a Schedule with a invalid cron expression, other newer expressions are not saved either.

  • Additionally provided UI-based warnings if a user attempts to save an invalid cron expression

• Champion/Challenger:

  • Addressed a UI routing issue when attempting to open the Champion/Challenger view from the Inventory and Model Details page

• AWS SageMaker:

  • Addressed an issue in the UI where AWS SageMaker jobs could not be re-run

• Custom Form Configuration - Custom Field Types:

  • Addressed an issue with the Custom Field Types (in the Forms Configuration admin page) where the user could not change the name of the field when a custom field type was added to a form.

• Model Implementations:

  • Addressed an issue in the Model Implementation Details page where all notifications were being shown, instead of notifications specific to that Model Implementation

• Compliance Overview Page:

  • Addressed issue where the compliance overview charts are not the same height, when no data is available

• Azure AD:

  • Addressed issue where the Azure AD group id is not getting replaced by the name on the stored model details page for some users

Deprecated Library Updates:

Updated or removed the following deprecated libraries:

• Remove Deprecated MomentJS Library

• Upgraded the EOL Joda-time v2.9 dependency in Eureka

• Upgrade the ORACLE JavaBeans Activation Framework 1.1 in MLC Service

  • Jobs with No Results: update the handling of Jobs that return no data.

    • Details: For Jobs (eg metrics jobs), if the runtime successfully establishes a connection to the Input Asset and the query / params are valid , but the input asset returns no data, then the runtime will now (1) return an empty data frame (2) log that “No results were returned for the specified input asset for the job”

  • ODBC Encoding Issues: updated the handling of ODBC sources where the odbc code can’t encode the data and gives back an error. Previously, it would crash the runtime. Now, the runtime handles it gracefully and (1) skips the record (2) identifies which record it skipped (3) lets the job complete (4) logs how many records were (a) successfully processed (b) skipped (c) total records

    • There are two new sccs properties to support this feature:

      • modelop.runtime.odbc-allowed-skipped-count (defaults to 100)

      • modelop.runtime.odbc-error-job-on-skip (defaults to false)

        • When error-job is set to true, and the number of skipped rows exceeds the value set by allowed-skipped-count (so if its set to 100, 101 rows must be skipped), the job won’t start and will instead error on input with 2025-01-06 20:06:01.733 [error] Too many records failed to decode while modelop.runtime.odbc-error-job-on-skip was enabled, reporting error...
2025-01-06 20:06:01.733 [info] Shutting down current batch early because of an error on input

• Security:

• Import Utility:

Bug Fixes:

• Security:

  • Addressed an issue where an incomplete RWX entry was being created for the ALL group when default-groups configuration is enabled

• PowerBI:

  • Addressed an issue where the ModelOp PowerBI Connector would fail if there was invalid/broken JSON

• UI:

  • Notification Details: addressed an issue with word wrap in the Risk details section of a Model Risk notification

  • Snapshot: updated the Snapshot page to hide the “Edit Snapshot” button for users that have READ-ONLY access permission for that snapshot

  • Assets: updated the Assets page to hide the “Edit Assets” button for users that have READ-ONLY permission for that item

• Runtime:

  • Addressed an issue where the Runtime would partially reset if the ModelOp Registry service went down. Now, the existing deployments on a Runtime will continue to operate unaffected if the Registry Service goes down.

Security Fixes/Patches:

NOTE: many of the below are NOT related to ModelOp software, but rather related to dependencies

• Addressed CVE-2023-34036 - Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers.

  • Issue Link: https://spring.io/security/cve-2023-34036

• Addressed CVE-2023-4759 - a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree

  • Issue Link: https://access.redhat.com/security/cve/cve-2023-4759

• Addressed CVE-2016-1000027 - Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE)

  • Issue Link: https://nvd.nist.gov/vuln/detail/cve-2016-1000027

• Addressed CVE-2023-6378 CVE-2023-6481 - Logback: Serialization vulnerability in logback receiver

  • Issue Link: https://access.redhat.com/security/cve/CVE-2023-6378

• Addressed CVE-2024-21634 - Allocation of Resources Without Limits or Throttling

  • Issue Link: https://access.redhat.com/security/cve/cve-2024-21634

• Addressed CVE-2024-38816 - spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

  • Issue Link: https://access.redhat.com/security/cve/cve-2024-38816

• Addressed CVE-2024-47554 commons-io on Document Service

  • Issue Link: https://access.redhat.com/security/cve/cve-2024-47554

• Addressed CVE-2022-40152 - DOS risk with Woodstock-core dependency

  • Issue Link: https://access.redhat.com/security/cve/cve-2022-40152