diff --git a/autogluon/inference/docker/1.2/py3/Dockerfile.cpu.os_scan_allowlist.json b/autogluon/inference/docker/1.2/py3/Dockerfile.cpu.os_scan_allowlist.json index 9fc990ce687e..c056b9e98e75 100644 --- a/autogluon/inference/docker/1.2/py3/Dockerfile.cpu.os_scan_allowlist.json +++ b/autogluon/inference/docker/1.2/py3/Dockerfile.cpu.os_scan_allowlist.json @@ -354,5 +354,36 @@ "title": "CVE-2024-11394 - transformers", "reason_to_ignore": "N/A" } + ], + "lightgbm": [ + { + "description": "LightGBM Remote Code Execution Vulnerability", + "vulnerability_id": "CVE-2024-43598", + "name": "CVE-2024-43598", + "package_name": "lightgbm", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/lightgbm-4.5.0.dist-info/METADATA", + "name": "lightgbm", + "package_manager": "PYTHONPKG", + "version": "4.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.1, + "cvss_v30_score": 0, + "cvss_v31_score": 8.1, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43598", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-43598 - lightgbm", + "reason_to_ignore": "No fix provided" + } ] } \ No newline at end of file diff --git a/autogluon/inference/docker/1.2/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json b/autogluon/inference/docker/1.2/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json index 40b6a48536b0..31878ec7a0ab 100644 --- a/autogluon/inference/docker/1.2/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json +++ b/autogluon/inference/docker/1.2/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json @@ -354,5 +354,36 @@ "title": "CVE-2024-11394 - transformers", "reason_to_ignore": "N/A" } + ], + "lightgbm": [ + { + "description": "LightGBM Remote Code Execution Vulnerability", + "vulnerability_id": "CVE-2024-43598", + "name": "CVE-2024-43598", + "package_name": "lightgbm", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/lightgbm-4.5.0.dist-info/METADATA", + "name": "lightgbm", + "package_manager": "PYTHONPKG", + "version": "4.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.1, + "cvss_v30_score": 0, + "cvss_v31_score": 8.1, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43598", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-43598 - lightgbm", + "reason_to_ignore": "No fix provided" + } ] } \ No newline at end of file diff --git a/autogluon/training/docker/1.2/py3/Dockerfile.cpu.os_scan_allowlist.json b/autogluon/training/docker/1.2/py3/Dockerfile.cpu.os_scan_allowlist.json index 4abba9950bf1..f59a53e6f37b 100644 --- a/autogluon/training/docker/1.2/py3/Dockerfile.cpu.os_scan_allowlist.json +++ b/autogluon/training/docker/1.2/py3/Dockerfile.cpu.os_scan_allowlist.json @@ -354,5 +354,36 @@ "title": "CVE-2024-11394 - transformers", "reason_to_ignore": "N/A" } + ], + "lightgbm": [ + { + "description": "LightGBM Remote Code Execution Vulnerability", + "vulnerability_id": "CVE-2024-43598", + "name": "CVE-2024-43598", + "package_name": "lightgbm", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/lightgbm-4.5.0.dist-info/METADATA", + "name": "lightgbm", + "package_manager": "PYTHONPKG", + "version": "4.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.1, + "cvss_v30_score": 0, + "cvss_v31_score": 8.1, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43598", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-43598 - lightgbm", + "reason_to_ignore": "No fix provided" + } ] } \ No newline at end of file diff --git a/autogluon/training/docker/1.2/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json b/autogluon/training/docker/1.2/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json index 9fc990ce687e..c056b9e98e75 100644 --- a/autogluon/training/docker/1.2/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json +++ b/autogluon/training/docker/1.2/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json @@ -354,5 +354,36 @@ "title": "CVE-2024-11394 - transformers", "reason_to_ignore": "N/A" } + ], + "lightgbm": [ + { + "description": "LightGBM Remote Code Execution Vulnerability", + "vulnerability_id": "CVE-2024-43598", + "name": "CVE-2024-43598", + "package_name": "lightgbm", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/lightgbm-4.5.0.dist-info/METADATA", + "name": "lightgbm", + "package_manager": "PYTHONPKG", + "version": "4.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.1, + "cvss_v30_score": 0, + "cvss_v31_score": 8.1, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43598", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-43598 - lightgbm", + "reason_to_ignore": "No fix provided" + } ] } \ No newline at end of file diff --git a/available_images.md b/available_images.md index 2ac404863edd..42c54c3e27ff 100644 --- a/available_images.md +++ b/available_images.md @@ -193,7 +193,7 @@ Starting LMI V10 (0.28.0), we are changing the name from LMI DeepSpeed DLC to LM |-----------------------------------------------------------------------------------------------------------------------------|-----------|-------------|------------------------|-------------------------------------------------------------------------------------------| | DJLServing 0.31.0 with LMI Dist 13.0.0, vLLM 0.6.3.post1, HuggingFace Transformers 4.45.2, and HuggingFace Accelerate 1.0.1 | inference | GPU | 3.11 (py311) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/djl-inference:0.31.0-lmi13.0.0-cu124 | | DJLServing 0.30.0 with LMI Dist 12.0.0, vLLM 0.6.2, HuggingFace Transformers 4.45.2, and HuggingFace Accelerate 1.0.1 | inference | GPU | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/djl-inference:0.30.0-lmi12.0.0-cu124 | -| DJLServing 0.30.0 with TensorRT-LLM 0.12.0, HuggingFace Transformers 4.44.2, and HuggingFace Accelerate 0.33.0 | inference | GPU | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/djl-inference:0.30.0-tensorrtllm0.12.0 | +| DJLServing 0.30.0 with TensorRT-LLM 0.12.0, HuggingFace Transformers 4.44.2, and HuggingFace Accelerate 0.33.0 | inference | GPU | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/djl-inference:0.30.0-tensorrtllm0.12.0-cu125 | | DJLServing 0.30.0 with Neuron SDK 2.20.1, TransformersNeuronX 0.12.313, and HuggingFace Transformers 4.45.2 | inference | Neuron | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/djl-inference:0.30.0-neuronx-sdk2.20.1 | | DJLServing 0.29.0 with TensorRT-LLM 0.11.0, HuggingFace Transformers 4.42.4, and HuggingFace Accelerate 0.32.1 | inference | GPU | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/djl-inference:0.29.0-tensorrtllm0.11.0-cu124 | | DJLServing 0.29.0 with LMI Dist 11.0.0, HuggingFace Transformers 4.43.2, HuggingFace Accelerate 0.32.1 | inference | GPU | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/djl-inference:0.29.0-lmi11.0.0-cu124 | diff --git a/release_images_inference.yml b/release_images_inference.yml index 1e24848094be..1d06dc432366 100644 --- a/release_images_inference.yml +++ b/release_images_inference.yml @@ -57,19 +57,6 @@ release_images: disable_sm_tag: False force_release: False 5: - framework: "djl" - version: "0.27.0" - arch_type: "x86" - inference: - device_types: [ "gpu" ] - python_versions: [ "py310" ] - os_version: "ubuntu22.04" - deepspeed_version: "0.12.6" - cuda_version: "cu121" - example: False - disable_sm_tag: True - force_release: False - 6: framework: "huggingface_pytorch" version: "2.1.0" hf_transformers: "4.37.0" @@ -81,7 +68,7 @@ release_images: example: False disable_sm_tag: False force_release: False - 7: + 6: framework: "huggingface_pytorch" version: "2.1.0" hf_transformers: "4.37.0" @@ -94,7 +81,7 @@ release_images: example: False disable_sm_tag: False force_release: False - 8: + 7: framework: "huggingface_pytorch" version: "1.13.1" arch_type: "x86" @@ -107,7 +94,7 @@ release_images: example: False disable_sm_tag: True force_release: False - 9: + 8: framework: "huggingface_pytorch" version: "1.13.1" arch_type: "x86" @@ -120,7 +107,7 @@ release_images: example: False disable_sm_tag: False force_release: False - 10: + 9: framework: "huggingface_pytorch" version: "2.1.2" arch_type: "x86" @@ -133,7 +120,7 @@ release_images: example: False disable_sm_tag: True force_release: False - 11: + 10: framework: "autogluon" version: "1.1.1" arch_type: "x86" @@ -145,3 +132,55 @@ release_images: example: False disable_sm_tag: False force_release: False + 11: + framework: "djl" + version: "0.27.0" + arch_type: "x86" + inference: + device_types: [ "gpu" ] + python_versions: [ "py310" ] + os_version: "ubuntu22.04" + tensorrtllm_version: "0.8.0" + cuda_version: "cu122" + example: False + disable_sm_tag: True + force_release: False + 12: + framework: "djl" + version: "0.28.0" + arch_type: "x86" + inference: + device_types: [ "gpu" ] + python_versions: [ "py310" ] + os_version: "ubuntu22.04" + tensorrtllm_version: "0.9.0" + cuda_version: "cu122" + example: False + disable_sm_tag: True + force_release: False + 13: + framework: "djl" + version: "0.29.0" + arch_type: "x86" + inference: + device_types: [ "gpu" ] + python_versions: [ "py310" ] + os_version: "ubuntu22.04" + tensorrtllm_version: "0.11.0" + cuda_version: "cu124" + example: False + disable_sm_tag: True + force_release: False + 14: + framework: "djl" + version: "0.30.0" + arch_type: "x86" + inference: + device_types: [ "gpu" ] + python_versions: [ "py310" ] + os_version: "ubuntu22.04" + tensorrtllm_version: "0.12.0" + cuda_version: "cu125" + example: False + disable_sm_tag: True + force_release: False diff --git a/test/sagemaker_tests/huggingface/inference/integration/local/test_serving.py b/test/sagemaker_tests/huggingface/inference/integration/local/test_serving.py index 85c7cdc51b50..af4d2c8648a1 100644 --- a/test/sagemaker_tests/huggingface/inference/integration/local/test_serving.py +++ b/test/sagemaker_tests/huggingface/inference/integration/local/test_serving.py @@ -19,6 +19,7 @@ from sagemaker.predictor import Predictor from sagemaker.serializers import JSONSerializer from sagemaker.deserializers import JSONDeserializer +from packaging.version import Version from ...integration import model_dir, ROLE, pt_model, tf_model from ...utils import local_mode_utils @@ -60,6 +61,8 @@ def _assert_prediction(predictor): @pytest.mark.model("tiny-distilbert") @pytest.mark.team("sagemaker-1p-algorithms") def test_serve_json(docker_image, framework_version, sagemaker_local_session, instance_type): + if "huggingface-pytorch" in docker_image and Version(framework_version) < Version("2.4"): + pytest.skip("Skipping distilbert SM local tests for PT") with _predictor( model_dir, docker_image, framework_version, sagemaker_local_session, instance_type ) as predictor: