RATATOSKRATATOSK
ログイン

リリース

CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。

プロジェクト: KServe解除 ×

KServe

AI & ML2026年6月14日

KServe v0.19.0 is a large release focused heavily on LLMInferenceService (LLMISvc) maturity: better observability, autoscaling, routing, and a migration path for llm-d v0.6 upgrades. Two CVEs are patched.

  • securityPatch two CVEs before upgrading or apply independently

    v0.19.0 patches a vLLM/Pillow CVE and pins azure-core>=1.38.0 for CVE-2026-21226. If you are running KServe with vLLM runtimes or azure-core dependencies, upgrade to v0.19.0 or manually apply the azure-core pin to your environment. Check your current Pillow version in custom server images as well.

  • breakingRouter splitter off-by-one fix changes traffic split behavior

    The pickupRoute random range had an off-by-one error. After upgrading, traffic percentages in InferenceService splitter configurations will be computed correctly, which means observed traffic distribution will shift if your weights were tuned around the buggy behavior. Verify split configurations in staging before rolling to production.

  • enhancementLLMISvc autoscaling and status visibility are now production-ready

    HPA/KEDA scaling conditions are now visible in LLMISvc status, and readiness transitions emit k8s events. If you are operating LLMInferenceService, add these conditions to your monitoring dashboards and alerting. The --scaling flag in kserve-install.sh simplifies enabling autoscaling during fresh installs.

主な変更 (7)
  • CVE fixes: vLLM setup and Pillow vulnerability patched; azure-core pinned to >=1.38.0 to address CVE-2026-21226
  • LLMInferenceService gets HPA/KEDA scaling status bubbled up to service conditions, autoscaling e2e tests, and a --scaling flag in kserve-install.sh
  • New LLMISvc observability: k8s events on readiness transitions, routing topology in status, workload references in status, ConfigNotFound condition surfaced
  • Dual-protocol (REST/gRPC) routing added for InferenceService Standard mode
  • Off-by-one bug fixed in the router splitter's pickupRoute random range — affects traffic splitting correctness
  • LocalModelCache support added for LLMInferenceService; NodeSelector fix for jobs to fix PVC access
  • Migration logic added for llm-d v0.6 component upgrades
原文

KServe

AI & ML2026年5月22日

KServe v0.17.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

KServe

AI & ML2026年4月30日

KServe v0.18.0 is a large release dominated by LLMInferenceService (llmisvc) maturation, two CVE fixes, and multi-node inference groundwork—teams running LLM workloads should review carefully before upgrading.

  • securityApply immediately: three CVE fixes in this release

    CVE-2026-32597 (PyJWT critical header bypass), CVE-2026-33186 (gRPC authorization bypass), and CVE-2026-30922 (pyasn1 DoS) are all patched here. If you're running KServe with gRPC inference endpoints or Python-based runtimes exposed externally, these are not optional. Upgrade to v0.18.0 or apply the patches to your current version. The gRPC bypass in particular could allow unauthenticated requests to reach protected inference endpoints.

  • breakingPYTHONPATH is now blocked in webhooks—audit your ServingRuntimes

    A new webhook validation blocks PYTHONPATH from being set in InferenceService or ServingRuntime specs. If any of your custom ServingRuntimes or ISVCs set PYTHONPATH (a common pattern for custom Python module paths), they will be rejected at admission after this upgrade. Audit all your ServingRuntime and ISVC manifests before upgrading and remove or replace PYTHONPATH usage.

  • breakingHelm chart renamed to 'kserve-resources'—update your Helm releases

    The KServe Helm chart name changed from 'kserve' to 'kserve-resources'. If you manage KServe via Helm, a naive upgrade will not find the old release name. Plan a migration: either rename the existing Helm release or uninstall/reinstall. CI pipelines, GitOps configs, and any tooling referencing the chart name need updating before you run the upgrade.

  • enhancementLLMInferenceService autoscaling is production-ready—evaluate for LLM workloads

    v0.18.0 ships KEDA/HPA and WVA-based autoscaling for LLMInferenceService, plus LWS as an autoscaling target for multi-node workloads. If you're running vLLM-backed inference at scale and hitting manual scaling pain, now is a good time to test llmisvc autoscaling in staging. The WVA dependency was bumped to v0.6.0-rc3, so treat it as near-stable but not fully GA.

主な変更 (5)
  • Two CVEs patched: PyJWT critical-header validation (CVE-2026-32597), gRPC authorization bypass (CVE-2026-33186), and pyasn1 DoS (CVE-2026-30922)—security fixes affect Python serving runtimes and gRPC paths
  • LLMInferenceService gains autoscaling via KEDA/HPA/WVA, LWS multi-node autoscaling target, TLS support, storage migration, and InferencePool readiness evaluation
  • PYTHONPATH env var is now blocked in ISVC and ServingRuntime webhooks—any serving runtime injecting PYTHONPATH will fail admission
  • Namespace-scoped ModelCache added, with download jobs running in the job namespace
  • Helm chart renamed from 'kserve' to 'kserve-resources'; vLLM bumped to 0.19.0, MLServer to 1.7.1
原文

KServe

AI & ML2026年3月14日

v0.17.0 delivers substantial LLM-focused improvements with the new LLMInferenceService beta, enhanced storage parallelization, vLLM 0.15.1 upgrade, and important CVE fixes affecting production deployments.

  • securityApply critical CVE patches immediately

    This release addresses several high-impact CVEs including path traversal (storage-initializer), HTTP parser vulnerabilities (h11, starlette), and cryptography subgroup attacks. Update to v0.17.0 promptly, especially if you're using storage-initializer or external model downloads. Review your current CVE scanning results against the patched versions.

  • breakingPlan LLMInferenceService migration path

    The new LLMInferenceService CRD introduces a dedicated API for LLM workloads with different semantics than standard InferenceService. If you're running LLM models, evaluate migrating to this new resource type for better autoscaling, routing, and operational features. The CRD includes breaking changes in API structure.

  • enhancementLeverage parallel storage downloads for faster deployments

    Storage-initializer now downloads blobs in parallel from S3 and Azure, dramatically reducing model loading times for large models. This is particularly beneficial for LLM workloads. No configuration changes needed - the improvement is automatic upon upgrade.

主な変更 (5)
  • Introduced LLMInferenceService CRD with webhooks, autoscaling support, and comprehensive Gateway API integration
  • Added parallel blob downloads for S3 and Azure storage, significantly improving model loading performance
  • Upgraded vLLM runtime to 0.15.1 with enhanced startup probes and configuration flexibility
  • Fixed multiple CVEs including path traversal, HTTP parser vulnerabilities, and cryptography issues
  • Added OpenVINO model server runtime and predictive inference server for expanded model format support
原文