Skip to content

chore(python,wrappers): Update protobuf version and update RedHat ubi image from 9 to 10 #6947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vtaskow merged 2 commits into from
Nov 21, 2025
Merged

chore(python,wrappers): Update protobuf version and update RedHat ubi image from 9 to 10 #6947

vtaskow merged 2 commits into from
Nov 21, 2025

Conversation

@vtaskow
Copy link
Contributor

@vtaskow vtaskow commented Nov 21, 2025
edited
Loading

Why

Motivation

In the RedHat ubi9 image, there are a lot of Medium and Low CVEs on the OS layer. Updating from 9 to 10 resolves those. Furthermore, updating the protobuf version to align with the one in alibi-explain and to resolve a CVE. Third, updating the pip version in the python wrapper Dockerfile to resolve a CVE.

What

Summary of changes

Python Microservice

  • Updated protobuf in the python folder to resolve a CVE and align with the protobuf version in alibi-explain-server component
  • Updated licenses

Wrappers

  • Updated the Dockerfile.conda in the wrappers folder to use ubi10 instead of ubi9 - multiple CVEs are resolved there
  • Updated the CONDA_BASE_IMAGE var in the wrappers folder's Makefile to use the newly updated ubi10 Dockerfile.conda image
  • Updated the pip version in the Dockerfile to resolve a High CVE

Alibi Server Wrappers

  • Updated the images of alibi-explain-server and alibi-detect-server use the newly updated ubi10 Dockerfile.conda image

Checklist

  • Added/updated unit tests
  • Added/updated documentation
  • Checked for typos in variable names, comments, etc.
  • Added licences for new files

Locally Built Images

All of the following images can be successfully built locally:

  • components/alibi-explain-server/Dockerfile ✔️
  • components/alibi-explain-server/Dockerfile.gpu ❌ Skipped, see note below
  • wrappers/s2i/python/Dockerfile.conda ✔️
  • wrappers/s2i/python/Dockerfile ✔️
  • wrappers/s2i/python/Dockerfile.gpu ✔️

Note:

There is a Dockerfile.gpu image in the wrappers/s2i/python folder - this Dockerfile's image is not used anywhere in the seldon-core repository. Furthermore, it has not been released for a few years and has a low number of downloads on Dockerhub. Therefore, it is a low priority to update. Updates to this file have to be managed carefully as a lot of system libraries contain CVEs and later versions of nvidia/cuda images(the first layer) contain a different version of cuda(cuda 9) which contains breaking changes.

@vtaskow vtaskow requested a review from tyndria November 21, 2025 15:59
@vtaskow vtaskow merged commit 4b6d1af into SeldonIO:release-1.19.0-prep Nov 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tyndria tyndria tyndria approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vtaskow @tyndria