Model Server CVEs (#898)

backend/Dockerfile

@@ -1,7 +1,7 @@
 FROM python:3.11.7-slim-bookworm
 
 # Default DANSWER_VERSION, typically overriden during builds by GitHub Actions.
-ARG DANSWER_VERSION=0.2-dev
+ARG DANSWER_VERSION=0.3-dev
 ENV DANSWER_VERSION=${DANSWER_VERSION}
 RUN echo "DANSWER_VERSION: ${DANSWER_VERSION}"
 

backend/Dockerfile.model_server

@@ -1,27 +1,36 @@
 FROM python:3.11.7-slim-bookworm
 
 # Default DANSWER_VERSION, typically overriden during builds by GitHub Actions.
-ARG DANSWER_VERSION=0.2-dev
+ARG DANSWER_VERSION=0.3-dev
 ENV DANSWER_VERSION=${DANSWER_VERSION}
 RUN echo "DANSWER_VERSION: ${DANSWER_VERSION}"
 
 COPY ./requirements/model_server.txt /tmp/requirements.txt
 RUN pip install --no-cache-dir --upgrade -r /tmp/requirements.txt
 
+RUN apt-get remove -y --allow-remove-essential perl-base && \
+    apt-get autoremove -y
+
 WORKDIR /app
+
 # Needed for model configs and defaults
 COPY ./danswer/configs /app/danswer/configs
 COPY ./danswer/dynamic_configs /app/danswer/dynamic_configs
+
 # Utils used by model server
 COPY ./danswer/utils/logger.py /app/danswer/utils/logger.py
 COPY ./danswer/utils/timing.py /app/danswer/utils/timing.py
 COPY ./danswer/utils/telemetry.py /app/danswer/utils/telemetry.py
-# Version information
+
+# Place to fetch version information
 COPY ./danswer/__init__.py /app/danswer/__init__.py
+
 # Shared implementations for running NLP models locally
 COPY ./danswer/search/search_nlp_models.py /app/danswer/search/search_nlp_models.py
+
 # Request/Response models
 COPY ./shared_models /app/shared_models
+
 # Model Server main code
 COPY ./model_server /app/model_server
 

backend/danswer/__init__.py

@@ -1,3 +1,3 @@
 import os
 
-__version__ = os.environ.get("DANSWER_VERSION", "") or "0.2-dev"
+__version__ = os.environ.get("DANSWER_VERSION", "") or "0.3-dev"

backend/model_server/custom_models.py

@@ -4,12 +4,14 @@ from fastapi import APIRouter
 
 from danswer.search.search_nlp_models import get_intent_model_tokenizer
 from danswer.search.search_nlp_models import get_local_intent_model
+from danswer.utils.timing import log_function_time
 from shared_models.model_server_models import IntentRequest
 from shared_models.model_server_models import IntentResponse
 
 router = APIRouter(prefix="/custom")
 
 
+@log_function_time(print_only=True)
 def classify_intent(query: str) -> list[float]:
     tokenizer = get_intent_model_tokenizer()
     intent_model = get_local_intent_model()

deployment/docker_compose/docker-compose.dev.yml

@@ -199,6 +199,8 @@ services:
         envsubst '$$\{DOMAIN\}' < /etc/nginx/conf.d/app.conf.template.dev > /etc/nginx/conf.d/app.conf &&
         while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\""
   # Run with --profile model-server to bring up the danswer-model-server container
+  # Be sure to change MODEL_SERVER_HOST (see above) as well
+  # ie. MODEL_SERVER_HOST="model_server" docker-compose -f docker-compose.dev.yml -p danswer-stack --profile model-server up -d --build
   model_server:
     image: danswer/danswer-model-server:latest
     build:

web/Dockerfile

@@ -1,7 +1,7 @@
 FROM node:20-alpine AS base
 
 # Default DANSWER_VERSION, typically overriden during builds by GitHub Actions.
-ARG DANSWER_VERSION=0.2-dev
+ARG DANSWER_VERSION=0.3-dev
 ENV DANSWER_VERSION=${DANSWER_VERSION}
 RUN echo "DANSWER_VERSION: ${DANSWER_VERSION}"