Version 3.1.4
Dave Trier
Version 3.1.4 is a maintenance release focused on specific fixes and minor enhancements. See below for the entire list.
Enhancements:
Added support to make the file upload size configurable |
Added support for multi-file uploads |
In the Runtimes list page, added support to distinguish between REST and BATCH deployments in the Last Activity Column |
Updated the error messages when the ModelOp runtime receives a malformed asset |
For the ModelOp Monitoring package, added support to allow non-predictor columns to be monitored for drift |
Added support to configure the client-registration-id to the Opaque query param Introspector. This update allows EndUsers to define the {{client-registration-id}} for the QueryParamIntrospector and AuthenticationManager, if added value is empty, then it will use the default one as {{query_param_introspector}} |
Added support to be able to do a hot-update of the list of protected endpoints through the Gateway, so that an admin can add/remove endpoints without having to redeploy / restart GW. |
Added additional optional access control for BPMN deployments to restrict to certain authorized groups |
Added support to automatically distinguish PySpark models from regular python models |
Addressed minor issue with the PowerBI plugin to handle Gateway link issues |
Upgraded ModelOp Center to use Angular 14 |
Added a new Custom Metadata UX for adding/editing custom metadata via the UI |
Optimized the ModelOp OOTB monitors to be more efficient in terms of memory usage |
Added support for the ModelOp runtimes to resolve configuration values from SCCS |
Added support to the ModelOp runtime to allow for more configuration tuning via configuration files |
Added support to select the Runtime kafka credentials based on producer/consumer and/or topic |
Added support to the ModelOp runtime for aws:kms encryption |
Allow multiclass classification metrics in the Performance Monitor: Classification Metrics |
Updated the MLC diagrams in the Snapshot and MLC pages to provide more detailed information when hovering over a step in the MLC |
Updated the Job Details page to make the Model Test Result more prominent |
Added a service alert banner if a core ModelOp Center service experiences degredation |
Updated deployments label in the Model Snapshot page |
Updated the labels in the Monitoring Scheduling tab |
Added support for further filtering in the Jobs page |
Added UI tabs for Associated Models in the business model and snapshot pages |
Added support to include the full Jenkins job error message when a Jenkins job fails in any type of Jenkins service interaction |
Added support to generate and verify schemas via a Jupyter notebook |
Updated the default "deployment" MLC to automatically add a standard set of monitors to the model snapshot |
Added a new Deployment details UI page to allow the user to see details of the deployment |
Added criteria to search for associatedModelSnapshotId in the MTRSummary findByOptional Endpoint |
Added the capability to add additionalAssets on a DeployedModel, such that a DMN (e.g. Dashboard dmn) can be added to the Deployment |
Added a new asset role DASHBOARD_RESULT_COMPARATOR (to be used in deployedModel for Dashboard recognition |
Updated the Jobs UI details page to handle jobs that do not contain a model |
Added support for external credentials for Gitlab pipeline integration |
Updated the Job details page to include more details of Jenkins and Gitlab pipeline job information |
Added support to re-run Jenkins or Gitlab Pipeline jobs |
Added a GitLab Service to talk to REST API client |
Added a GitLab Job MLC Delegate to launch jobs |
Added a GitLab Job Monitor to process Gitlab Pipelines |
Added support for a GitLab job output |
Added support for Gitlab Job input variables |
Created an updated ModelOp runtime image that includes support for loading CSV's directly into an R dataframe |
Optimized handling of json input files for metrics jobs to have the python runner read the files directly via a Pandas call |
Added support to store the output of Dashboard jobs in external storage (e.g. S3) |
Optimized the default bpmns and delegates to use object IDs instead of the fully hydrated objects, allowing for more efficient memory and storage usage for the mlc service |
Added support for sending custom variables when triggering an mlc signal (e.g. when sending a scheduler signal) |
Created a new MLC to send an email instead of opening a ticket if a Monitoring job fails |
Added new delegates for all ModelOp Center core objects that take a PATCH statement |
Addressed issue with "next gen" Jira environments where there can be duplicate issue type names with different ids |
Added support for mTLS configuration to the ModelOp runtime |
Added support for AzureAD for the ModelOp Center Tableau plugin |
Added support for AzureAD for the ModelOp Center PowerBI plugin |
Added support for AzureAD for the ModelOp Center SageMaker integration |
Added support for AzureAD for the ModelOp Center Jupyter integration |
Added support for AzureAD for the ModelOp Center Spark integration |
Added support for AzureAD for the ModelOp Center CLI |
Added support for Okta for the ModelOp Center Tableau plugin |
Added support for Okta for the ModelOp Center PowerBI plugin |
Added support to the standard MLC to configure how generic runtime matching should be done when group isolation is not required |
For the ModelOp monitoring package, for models where input features are not provided, added ability to to run comprehensive Volumetrics on the score fields to allow for univariate analysis. |
Added support for configuring the logging level of the ModelOp Center python packages. If the environment variable {{MODELOP_SDK_ENV_VAR_NAME}} is present then general LOG levels should be adjusted to the env variable value |
Added the ability to create generic bar, table, and line charts from a metrics model |
Updated the ModelOp UI tags to trim any whitespace, thus avoiding any issues in matching tags in the MLC |
Added support for a downloadable link to S3 assets for authorized users |
Updated the UX of Model Test Results when the model has a large number of columns |
Added business model name (reference model) in the main Job list page for each of the jobs |
Updated the OOTB Stability monitor to be able to run even without a Score column |
For the ModelOp monitoring package, added improve error messaging if the Identifier is not specified for the OOTB Volumetrics Comparison monitor |
Added support for creating snapshots of SageMaker models directly in the ModelOp Center UI |
Added Approval notification type and Approval section of the UI to distinguish specific model approvals throughout a model's life cycle |
Added support to the ModelOp Runtime to send an access token when connecting to the web socket in secured mode |
Addressed Vulnerability: <[https://nvd.nist.gov/vuln/detail/CVE-2019-17495|https://nvd.nist.gov/vuln/detail/CVE-2019-17495|smart-link] > - Critical - A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value |
For the ModelOp monitoring package, added a new OOTB Monitoring Model that calculates Data Drift using Wasserstein Distance |
Added UI support for custom fields in the Home Dashboard screen |
Fixed several styling issues with the charts/graphs in UI dark mode |
Updated the MLC tab of a Snapshot to sort the MLC's by start time |
Addressed a minor UI issue with the highlighting of sub-menu items |
Updated the Dashboard population approach to read the most recent model test results for a given model. This will allow more flexibility and improved performance for the Home Dashboard population |
Updated the Spark runtime service to support AWS Cognito |
Updated AWS Cognito support for the "refresh_token" mechanism |
Improved end user error messages for non source code files when failing with a git import issue |
Updated the Jobs UI page to allow for canceling Jenkins and Gitlab Pipeline jobs |
Created an updated ModelOp runtime image that includes support for R-4.2.1 |
Updated the Compliance report to include the Approvers for all Approvals |
Added support for AzureAD to feth the group-name in addition to the GroupID |
Updated the Oauth2 implemenation process to create default generic OAuth2 clients for existing idPs, following these providers definitions:
|
Added support for PingFederate integration to dynamically extract the user values from LDAP |
For the ModelOp monitoring package, added a new OOTB monitor for calculting Linearity metrics via Box-Tidwell |
Updated SparkSQL Support, including: |
Added the ModelOp runtime image name in the Platform information tab of the Runtime details UI page |
Formerly added support to the ModelOp runtime for reading/writing data sets from Redshift |
Added /actuator/refresh endpoint to runtimes to support reloading configuration from SCCS without having to restart the runtime. |
Updated how the MLC history is being managed to optimize overall memory and storage usage of the MLC service |
Added support for connecting to RDS through an IAM DB Auth Token |
Bug Fixes:
Updated Champion/Challenger user experience, including entering the comparison view from within a Snapshot |
Added a date range filter on the Model Test Results page |
Fixed a url redirect issue from the Dashboard to the model test result |
Fixed several Text styling issues in UI light mode |
Addressed a minor UI issue where a user is not logged out of all tabs for a given browser session |
Addressed minor issue when importing a new business model that requires writing external assets to Azure blob storage |
Updated error messages for Monitoring jobs when there are no available runtimes to execute the monitor |
Addressed minor UI issue for the "Filter by User" capability on the Business Models and Monitors inventory pages, when the User filter contains a comma |
Update the CreateModelNotification delegate to pass storedModelId OR deployableModelId |
Addressed minor issue when uploading assets to Azure blob store for a ModelOp Center environment that supports both Azure blob and S3-based assets |
Update ModelOp Center CLI support for Training job output |
Addressed minor issue in Model Test Result generation when an "\" escape character is included in the monitor job output |
Addressed minor UI issue where the Runtime "platform information" tab is not updated when the underlying runtime docker container is updated |
Addressed minor UI issue for SageMaker model import, where the UI creates the model under group="null" |
Addressed minor security issue to require valid credentials to view the backend Stomp queue messages |
Addressed UI filtering issue when a user provides a filter of {{(}} |
Addressed minor UI issue on the Runtimes page when sorting the runtimes by Name |
Addressed minor API issue when a user provides a non-existent group in an API call |
Addressed minor issue when a user provides a group in SCCS that includes "-" in the name |
Added additional error messaging support for model deployment edge cases |
Addressed minor issue with Jenkins job creation when the job generation would result in a redirection error |
Updated Annual Review MLC to create a refreshed Deployed Model entity upon the successful sign-off of the annual review, thus allowing for the Compliance charts to display correctly |
Addressed minor issue upon ModelOp Center upgrade process, if for some reason, a MongoDB index was not dropped successfully during the upgrade process |
Added support to allow the Delegate Annotation Framework to create Delegates with no input variables |
Optimized how the ModelOp runtime processes log messages to be more efficient with large logs |
Added support for REST-based data assets |
Added an error messaging when a gitlab pipeline job request does not include the branch of the gitlab pipeline repo. |
Addressed minor AzureAD issue when a new user logs in that is not associated with any existing groups |
Made multiple updates to Helm install support |
Addressed minor issue with the schema and assets links in a Jupyter notebook |
Added a configuration to not reload the default MLC's upon ModelOp Center restart |
Added enhanced error messages when BUILD_PARAMETERS are not sent in request for a JENKINS PIPELINE JOB that requires build parameters |
Addressed minor issue where MLC external tasks were limited to 100 active tickets |
Addressed issue where Jira Attachments were being re-uploaded after the document was deleted from the Jira ticket |
For the ModelOp Monitoring package, removed the requirement that dataframes must have the same column ordering |
For the ModelOp Monitoring package, addressed issue where the Summary methods return INFs if input data has INF values |
For the ModelOp Monitoring package, added support to handle binary classification in bias with labels not in [0,1] |
For the ModelOp Center Jupyter notebooks, updated the error messaging for failure to authenticate to a Cognito-backed ModelOp Center instance |
Improved model import for SageMaker models that have a large number of artifacts and/or jobs so that the model can be imported without issue, despite how large it may be |
Addressed minor UI issue where the MLC diagram would re-center when the user tries to navigate on the MLC diagram or change the zoom level |
Addressed minor UI issue where the auto-refresh toggle would not turn back "on" |
Addressed minor UI issue on the MLC page where the breadcrumbs were not refreshing appropriately |
Addressed minor issue where scoring errors were not being propagated back to the appropriate REST handler in the ModelOp runtime |
Addressed minor UI issue where the browser zoom level caused unnecessary scroll bars in the ModelOp UI tables |
Addressed a minor issue with Model Test Results that contain "dots" as keys in the json job output |
Addressed minor UI issue where the "Non-compliant models in Production" chart was still showing tickets that were already CLOSED |
Added additional error handling support for when an input asset to a job mistakenly contains no data (null) |
Addressed an issue with the OpenAPI swagger generator where the enum collection was not being displayed in the swagger UI correctly |
Added support to use a Web Identity token for SageMaker models |
Addressed minor UI issue where the group information was not being correctly passed into the Add a Monitor wizard |
Addressed minor UI issue where Variable Name filtering was not working properly on the MLC process Instance page |
Addressed minor UI issue on the Home Dashboard - Cumulative Value card |
Improved the error messaging when a user uploads an invalid extended schema to a model |
Improved error handling when a Job fails due to schema-CSV header mismatch |
Addressed minor UI paging issue in the Deployments page when filters are applied |
Added support for importing a Git repository when the repository does not contain a recognized primary source code file |
Vulnerabilities Addressed:
Vulnerability: FasterXML, jackson-bind *Issue Link:* [https://access.redhat.com/security/cve/CVE-2022-42003|https://access.redhat.com/security/cve/CVE-2022-42003|smart-link] |
Addressed Vulnerability: HTTP Response Splitting when calling `DefaultHttpHeaders` on an iterator of values, because header value validation is not performed. *Issue Link:* |
Addressed Vulnerability: RHEL-8 - A flaw was found in the org.yaml.snakeyaml package *Issue Link:* [https://access.redhat.com/security/cve/CVE-2022-25857|https://access.redhat.com/security/cve/CVE-2022-25857|smart-link] |
Addressed Vulnerability: DoS org.yaml:snakeyaml *Issue Link:*Â [https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360|https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360|smart-link] |
Addressed Vulnerability: Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens *Issue Link:* |
Addressed Vulnerability: com.squareup.okhttp3:okhttp vulnerable to Information Exposure *Issue Link:* |
Addressed Vulnerability: Denial of Service by injecting highly recursive collections or maps in XStream Issues links: |
Addressed Vulnerability: Apache Commons Beanutils 1.9.2 *Issue Link:* [https://github.com/advisories/GHSA-6phf-73q6-gh87|https://github.com/advisories/GHSA-6phf-73q6-gh87|smart-link] |
Addressed Vulnerability: Denial of Service by stack overflow in the `map` parameter. *Issue link:* |
Addressed Vulnerability: org.codehaus.jettison:jettison *Issue Link:* [https://access.redhat.com/security/cve/CVE-2022-40150|https://access.redhat.com/security/cve/CVE-2022-40150|smart-link] |
Addressed Vulnerability: Cross-site scripting vulnerability in swagger-ui 3.26.2 Additional information: [https://www.tenable.com/plugins/was/113267|https://www.tenable.com/plugins/was/113267|smart-link] |
Addressed Vulnerability: SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754 |
Addressed Vulnerability: On com.google.code.gson-gson Additional details here: [https://access.redhat.com/security/cve/CVE-2022-25647|https://access.redhat.com/security/cve/CVE-2022-25647|smart-link]Â |
Vulnerabilities: Apache Xalan Java XSLT library- GHSA-9339-86wc-4qgf [poi-ooxml] - CVE-2022-34169 Additional Info: [https://github.com/advisories/GHSA-9339-86wc-4qgf|https://github.com/advisories/GHSA-9339-86wc-4qgf|smart-link]Â |
Addressed Vulnerability: Document-Service - SNYK-JAVA-XALAN-2953385 - [poi-ooxml] [xalan:xalan|http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22xalan%22] is a XSLT processor for transforming XML documents into HTML, text, or other XML document types |
Addressed Vulnerability: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check, related to the same CVE-2022-42003 |
Vulnerability: Parsing a XML document with the XML_PARSE_HUGE option enabled can result in an integer overflow. Additional Info:Â [https://access.redhat.com/security/cve/CVE-2022-40303|https://access.redhat.com/security/cve/CVE-2022-40303|smart-link]Â |
Addressed Vulnerability: [Git]- Integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution. CVE’s: |
Addressed Vulnerability: <[https://nvd.nist.gov/vuln/detail/CVE-2016-3086|https://nvd.nist.gov/vuln/detail/CVE-2016-3086|smart-link] > - Critical - The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. |
Addressed Vulnerability: |[CVE-2017-1000190|https://us-east-2.console.aws.amazon.com/inspector/v2/home?region=us-east-2#/findings?by=all&findingArn=arn:aws:inspector2:us-east-2:685917037183:finding/1081782d6faf01e0f61cf1fe918a77ab]|org.simpleframework:simple-xml|CRITICAL|SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. |
Addressed Vulnerability: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed |
Addressed Vulnerability: Upgrade org.apache.poi ; org.apache.poi.poi-ooxml and org.apache.poi.poi-scratchpad from 5.0.0Â |
Addressed Vulnerability: org.apache.santuario:xmlsec - [poi-ooxml] - GHSA-j8wc-gxx9-82hx - CVE-2021-40690 Additional info: [https://access.redhat.com/security/cve/CVE-2021-40690|https://access.redhat.com/security/cve/CVE-2021-40690|smart-link]Â |
Vulnerability :Â org.apache.xmlgraphics:xmlgraphics-commons - [poi-ooxml] - GHSA-fmj2-7wx8-qj4v CVE-2020-11988 More info: [https://github.com/advisories/GHSA-fmj2-7wx8-qj4v|https://github.com/advisories/GHSA-fmj2-7wx8-qj4v|smart-link]Â |
Addressed Vulnerability: org.apache.xmlgraphics:batik-svgbrowser - [poi-ooxml] - SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1074910Â - CVE-2022-41704 Additional info: [https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1074910|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1074910] |
Addressed Vulnerability: org.apache.xmlgraphics:batik - [poi-ooxml] - https://access.redhat.com/security/cve/CVE-2022-40146 - CVE-2022-40146Â - CVE-2020-11987 - GHSA-2h63-qp69-fwvw - CVE-2022-42890 Additional info here: [https://access.redhat.com/security/cve/CVE-2022-40146|https://access.redhat.com/security/cve/CVE-2022-40146|smart-link]Â |
Vulnerability: Upgrade org.apache.pdfbox:pdfbox to version 2.0.23 or higher - [poi-ooxml] - SNYK-JAVA-ORGAPACHEPDFBOX-1088012 - SNYK-JAVA-ORGAPACHEPDFBOX-1088011 - SNYK-JAVA-ORGAPACHEPDFBOX-1304912 - SNYK-JAVA-ORGAPACHEPDFBOX-1304913 Additional Info: [org.apache.pdfbox:pdfbox|http://pdfbox.apache.org/] is an open source Java tool for working with PDF documents. Affected versions of this package are vulnerable to Denial of Service (DoS) |
Addressed Vulnerability: Upgrade org.apache.xmlgraphics:batik-bridge to version 1.15 or higher - [poi-ooxml] - SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031729 - SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3031730 - CVE-2022-40152 Additional info: |
Addressed Remove dependency `Apache Commons JXPath package` with identified vulnerability Additional Info: [https://access.redhat.com/security/cve/CVE-2022-41852|https://access.redhat.com/security/cve/CVE-2022-41852|smart-link]: A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack{quote} |
Addressed Vulnerability: Cross-site scripting at api level. Reflected Cross-site Scripting (XSS) is another name for non-persistent or Type-II XSS, in which the attack doesn't load with the vulnerable web application but is instead originated by the victim loading the offending URI. |