V3.3.1 Release Notes
- Dave Trier
What’s New:
ModelOp Center v3.3.1 is a maintenance released focused on the following:
Java 21 Upgrade — ModelOp Center’s core services were upgraded to Java 21, including the requisite upgrades to Spring Boot (upgraded to v3.3.2) and Camunda (upgraded to Camunda v7.21.0). This allows ModelOp to take advantage of the latest underlying Java capabilities, as well as ensuring that related EoL components are upgraded to the latest stable versions
Jira SDK Upgrade — Replaced the Atlassian Jira SDK with an upgraded version, allowing ModelOp to overcome the issue where Customers had more than 500 custom fields within their Jira projects.
UI Enhancements — multiple UI enhancements including updates to the Home Dashboard, Use Case page, Inventory search, Model Cards, and MLC pages.
Release Details:
Full List of Enhancements:
Java 21: upgraded core ModelOp Services to Java 21
Upgraded Spring Boot to v3.3.2
Upgraded Camunda to v7.21.0
Jira SDK: replaced the Atlassian Jira SDK with an upgraded Feign-based client
Overcomes the issue where Customers had more than 500 custom fields within their Jira projects.
Inventory & Reporting:
Use Case Page:
Added a list of Running Model Lifecycles to the Use Case page. Note that this will show ALL related running model lifecycles, across Use Cases, Model Implementations, or Snapshots of a Model Implementation
Updated the Governance Score to refresh automatically upon saving of Custom Form Data
Governance Score:
Updated the default Governance Score rules to look for Model Cards for a specific snapshot, instead of at the use case level
Updated the default Governance Score rules to check that there are no high and open Notifications
Model Implementations:
Assets: added support to upload an Asset to a specific directory, such that the assets can be materialized in that directory on a ModelOp Runtime when deployed for Model Scoring
Metadata: added support to show the embedded model implementation custom metadata for a given Snapshot
Details: updated the details tab to gray out the fields if a user has READ only permissions
Add an Implementation: updated the Add an Implementation wizard to include the tags field
Git:
Multiple Models: added support to allow multiple models to exist within a given git repository. Note that the models must exist under different folders within the Git repository.
Force Sync: added the ability to allow a user to FORCE option for the manual git sync within the UI, which would cause ModelOp to reclone the git repo from scratch. This is helpful when there are git merge conflicts or other errors on the git repository side
Model Lifecycles:
REST Delegate: Added ability to post to a REST endpoint and wait for a response. The wait can used REGEX to filter the response for a specific value
Dashboard & Tests/Monitors:
Privacy (PII Detection): added the PII detection monitor to the OOTB standard risk tests, allowing users to detect any potential PII leakage in a model output
Dashboard:
Updated the Default Dashboard Monitor to support LLM-based metrics, including PII detection and SBert Similarity analysis.
Also updated the Default Dashboard Monitor to include Risk Tier and Governance Score, by default
Added support to filter the Models by the available columns (e.g. Business Unit). This includes support for any custom columns defined by the Customer.
Added a “summary section” to a Model Test Result page that allows the Model Test Result to display a configurable heatmap to summarize the contents of the test result. This is useful for situations where the user may want to analyze different segments of a model in a detail, but still have a rollup across all segments.
Updated the Home Dashboard to allow an individual Red / Green / Yellow item in the heatmap to be clickable, thus directing the user to the specific metrics that generated the heatmap item
OOTB Monitors:
Job Errors: Updated the default behavior of the OOTB monitors to WARN instead of ERROR out a job, should there be a python-based warning in the monitor execution
Performance Monitors:
Updated the OOTB performance-regression monitor to fix NaN and Column Types, should the input data have blank values
Addressed issue where the OOTB Performance Classification Monitor errors out when bigint data type is used.
Documentation Generation:
Updated the styling of the LLM Risk Test and Standard Risk Test document templates
Made minor updates to the content of the LLM Risk Test and Standard Risk Test model card templates
PowerBI:
Updated connector to include new core metadata fields (e.g. modelStage) that were introduced in v3.3.x
ModelOp Runtime:
Added the ability to allow Runtimes to use HTTPS for Eureka connections
Added support to rotate the Runtime logs after the max size has been reached
CLI:
Added ability to copy existing associations when creating a new snapshot via the CLI
Jupyter:
Upgraded the Jupyter plugin to display an error when a user attempts to perform an action for which they do not have the appropriate READ/WRITE/EXECUTE privilege
Security:
Updated the Permissions page for administrators to allow the admin to set permissions across all groups
Import Utility:
Enhanced the UI for the Excel import utility to allow users to more easily map the columns from the Excel sheet to the custom metadata
Bug Fixes:
Git:
Addressed issue where the automated git sync process could not go through all the existing StoredModels when the number of StoredModels exceeds 1000 models
Addressed sporadic issue where the git sync would fail with a 504 error
Tableau:
Addressed an issue where the Tableau connector was failing to import data when the custom metadata contained special characters
Scheduler:
Addressed an issue with the advanced scheduler (cron) option, where if the users saves a Schedule with a invalid cron expression, other newer expressions are not saved either.
Additionally provided UI-based warnings if a user attempts to save an invalid cron expression
Champion/Challenger:
Addressed a UI routing issue when attempting to open the Champion/Challenger view from the Inventory and Model Details page
AWS SageMaker:
Addressed an issue in the UI where AWS SageMaker jobs could not be re-run
Custom Form Configuration - Custom Field Types:
Addressed an issue with the Custom Field Types (in the Forms Configuration admin page) where the user could not change the name of the field when a custom field type was added to a form.
Model Implementations:
Addressed an issue in the Model Implementation Details page where all notifications were being shown, instead of notifications specific to that Model Implementation
Compliance Overview Page:
Addressed issue where the compliance overview charts are not the same height, when no data is available
Azure AD:
Addressed issue where the Azure AD group id is not getting replaced by the name on the stored model details page for some users
Deprecated Library Updates:
Updated or removed the following deprecated libraries:
Remove Deprecated MomentJS Library
Upgraded the EOL Joda-time v2.9 dependency in Eureka
Upgrade the ORACLE JavaBeans Activation Framework 1.1 in MLC Service
Security Fixes/Patches:
NOTE: many of the below are NOT related to ModelOp software, but rather related to dependencies
Addressed CVE-2023-34036 - Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers.
Addressed CVE-2023-4759 - a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree
Addressed CVE-2016-1000027 - Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE)
Issue Link: NVD - cve-2016-1000027
Addressed CVE-2023-6378 CVE-2023-6481 - Logback: Serialization vulnerability in logback receiver
Addressed CVE-2024-21634 - Allocation of Resources Without Limits or Throttling
Addressed CVE-2024-38816 - spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
Addressed CVE-2024-47554 commons-io on Document Service
Addressed CVE-2022-40152 - DOS risk with Woodstock-core dependency