MLflow 2.11.3 is a patch release that addresses a security exploit with the Open Source MLflow tracking server and miscellaneous Databricks integration fixes
Bug fixes:
[Security] Address an LFI exploit related to misuse of url parameters (#11473, @daniellok-db)
[Databricks] Fix an issue with Databricks Runtime version acquisition when deploying a model using Databricks Docker Container Services (#11483, @WeichenXu123)
[Databricks] Correct an issue with credential management within Databricks Model Serving (#11468, @victorsun123)
[Models] Fix an issue with chat request validation for LangChain flavor (#11478, @BenWilson2)
MLflow 2.11.2 is a patch release that introduces corrections for the support of custom transformer models, resolves LangChain integration problems, and includes several fixes to enhance stability.
Bug fixes:
[Security] Address LFI exploit (#11376, @WeichenXu123)
[Models] Fix transformers models implementation to allow for custom model and component definitions to be loaded properly (#11412, #11428@daniellok-db)
[Models] Fix the LangChain flavor implementation to support defining an MLflow model as code (#11370, @sunishsheth2009)
[Models] Fix LangChain VectorSearch parsing errors (#11438, @victorsun123)
[Models] Fix LangChain import issue with the community package (#11450, @sunishsheth2009)
[Models] Fix serialization errors with RunnableAssign in the LangChain flavor (#11358, @serena-ruan)
[Models] Address import issues with LangChain community for Databricks models (#11350, @liangz1)
[Registry] Fix model metadata sharing within Databricks Unity Catalog (#11357, #11392@WeichenXu123)
Small bug fixes and documentation updates:
MLflow 2.11.0 includes several major features and improvements
With the MLflow 2.11.0 release, we're excited to bring a series of large and impactful features that span both GenAI and Deep Learning use cases.
The MLflow Tracking UI got an overhaul to better support the review and comparison of training runs for Deep Learning workloads. From grouping to large-scale metric plotting throughout
the iterations of a DL model's training cycle, there are a large number of quality of life improvements to enhance your Deep Learning MLOps workflow.
Support for the popular PEFT library from HuggingFace is now available
in the mlflow.transformers flavor. In addition to PEFT support, we've removed the restrictions on Pipeline types
that can be logged to MLflow, as well as the ability to, when developing and testing models, log a transformers pipeline without copying foundational model weights. These
enhancements strive to make the transformers flavor more useful for cutting-edge GenAI models, new pipeline types, and to simplify the development process of prompt engineering, fine-tuning,
and to make iterative development faster and cheaper. Give the updated flavor a try today! (#11240, @B-Step62)
MLflow 2.11.3 is a patch release that addresses a security exploit with the Open Source MLflow tracking server and miscellaneous Databricks integration fixes
Bug fixes:
[Security] Address an LFI exploit related to misuse of url parameters (#11473, @daniellok-db)
[Databricks] Fix an issue with Databricks Runtime version acquisition when deploying a model using Databricks Docker Container Services (#11483, @WeichenXu123)
[Databricks] Correct an issue with credential management within Databricks Model Serving (#11468, @victorsun123)
[Models] Fix an issue with chat request validation for LangChain flavor (#11478, @BenWilson2)
MLflow 2.11.2 is a patch release that introduces corrections for the support of custom transformer models, resolves LangChain integration problems, and includes several fixes to enhance stability.
[Models] Fix transformers models implementation to allow for custom model and component definitions to be loaded properly (#11412, #11428@daniellok-db)
[Models] Fix the LangChain flavor implementation to support defining an MLflow model as code (#11370, @sunishsheth2009)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @amitschang.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps mlflow from 2.10.0 to 2.11.3.
Release notes
Sourced from mlflow's releases.
... (truncated)
Changelog
Sourced from mlflow's changelog.
... (truncated)
Commits
d41c775Deleting the global context for config path in langchain (#11494)2d53d94Runpython3 dev/update_mlflow_versions.py pre-release ...(#11487)114955cFix forget_databricks_host_credsin Model Serving Environment (#11468)6fe36b4Fix databricks runtime checking issue in databricks DCS cluster (#11483)d563339Fix an issue with chat request validation for LangChain flavor (#11478)2577d57Fix URI local path traversal (#11473)fee3067Making code_path as optional when the chain is a str path (#11436)c4bf4a9Runpython3 dev/update_mlflow_versions.py pre-release ...(#11465)ac713d0Cherry picks for 2.11.2 release (#11448)abad05eRunpython3 dev/update_mlflow_versions.py pre-release ...(#11340)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @amitschang.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show