SeldonIO · tyndria · Dec 3, 2025 · Oct 30, 2025 · Oct 30, 2025 · Oct 30, 2025
diff --git a/.github/workflows/alibidetect_tests.yml b/.github/workflows/alibidetect_tests.yml
@@ -2,28 +2,33 @@ name: V1 Alibi Detect Tests
 
 on:
   push:
-    branches: [ master ]
+    branches: "*" # TODO: return [master]
   pull_request:
-    # TODO revert before merge to master
-    branches: [ fix/core-1-CVEs ]
+    branches: "*" # TODO: return [master]
 
 jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python 3.8
+      - name: Free up disk space (android, haskell, dotnet)
+        run: |
+          sudo rm -rf /usr/local/lib/android || true
+          sudo rm -rf /opt/ghc || true
+          sudo rm -rf /usr/share/dotnet || true
+          df -h
+      - uses: actions/checkout@v4
+      - name: Set up Python 3.12
         uses: actions/setup-python@v4
         with:
-          python-version: 3.8
+          python-version: '3.12'
       - name: Install Poetry
         uses: snok/install-poetry@v1
         with:
-          version: 1.1.15
+          version: 2.1.2
           virtualenvs-create: false
       - name: Install dependencies
         run: |
-          pip install --upgrade pip setuptools
+          python -m pip install --upgrade pip setuptools
           make -C components/alibi-detect-server dev_install
       - name: Lint
         run: |
@@ -32,24 +37,30 @@ jobs:
   python-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - name: Free up disk space (android, haskell, dotnet)
+        run: |
+          sudo rm -rf /usr/local/lib/android || true
+          sudo rm -rf /opt/ghc || true
+          sudo rm -rf /usr/share/dotnet || true
+          df -h
+      - uses: actions/checkout@v4
       - name: Install Rclone
         run: |
-          wget https://downloads.rclone.org/v1.62.2/rclone-v1.62.2-linux-amd64.zip
-          unzip rclone-v1.62.2-linux-amd64.zip
-          mv rclone-v1.62.2-linux-amd64/rclone /usr/local/bin/rclone
-      - name: Set up Python 3.8
+          wget https://downloads.rclone.org/v1.71.2/rclone-v1.71.2-linux-amd64.zip
+          unzip rclone-v1.71.2-linux-amd64.zip
+          mv rclone-v1.71.2-linux-amd64/rclone /usr/local/bin/rclone
+      - name: Set up Python 3.12
         uses: actions/setup-python@v4
         with:
-          version: 1.1.15
-          python-version: 3.8
+          python-version: '3.12'
       - name: Install Poetry
         uses: snok/install-poetry@v1
         with:
+          version: 2.1.2
           virtualenvs-create: false
       - name: Install dependencies
         run: |
-          pip install --upgrade pip setuptools
+          python -m pip install --upgrade pip setuptools
           make -C components/alibi-detect-server dev_install
       - name: Test
         run: |

diff --git a/components/alibi-detect-server/Dockerfile b/components/alibi-detect-server/Dockerfile
@@ -1,63 +1,58 @@
 ARG VERSION
 ARG BASE_IMAGE
-FROM ${BASE_IMAGE}:${VERSION} as base
+FROM ${BASE_IMAGE}:${VERSION} AS base
 
 ARG VERSION
 LABEL name="Seldon Alibi Detect Server" \
-      vendor="Seldon Technologies" \
-      version="1.19.0-dev" \
-      release="1" \
-      summary="Alibi Detect Server for Seldon Core" \
-      description="The Alibi Detect Server provides outlier, drift and adversarial detection services for Seldon Core"
+    vendor="Seldon Technologies" \
+    version="1.19.0-dev" \
+    release="1" \
+    summary="Alibi Detect Server for Seldon Core" \
+    description="The Alibi Detect Server provides outlier, drift and adversarial detection services for Seldon Core"
 
-FROM base as builder
+FROM base AS builder
 
 USER root
 
 RUN microdnf update -y && \
     microdnf install -y \
-      unzip \
-      make \
-      automake \
-      gcc \
-      gcc-c++
+    unzip \
+    make \
+    automake \
+    gcc \
+    gcc-c++
 
 # Install Rclone Binary to be present in the image
-RUN wget https://downloads.rclone.org/v1.64.2/rclone-v1.64.2-linux-amd64.zip && \
-    unzip rclone-v1.64.2-linux-amd64.zip && \
-    mv rclone-v1.64.2-linux-amd64/rclone /usr/bin/rclone && \
-    rm -rf rclone-v1.64.2-linux-amd64.zip rclone-v1.64.2-linux-amd64
-
-# Note that we need to force Conda to use the system's std-c++ library, as
-# otherwise PyStan won't compile with Conda's older stdc++ library:
-# https://github.com/stan-dev/pystan/issues/294#issuecomment-870711100
-RUN pip install --upgrade pip setuptools wheel && \
-    cd /opt/conda/lib && \
-      rm libstdc++.so libstdc++.so.6 && \
-      ln -s /usr/lib64/libstdc++.so.6.0.29 libstdc++.so && \
-      ln -s /usr/lib64/libstdc++.so.6.0.29 libstdc++.so.6
+RUN wget https://downloads.rclone.org/v1.71.2/rclone-v1.71.2-linux-amd64.zip && \
+    unzip rclone-v1.71.2-linux-amd64.zip && \
+    mv rclone-v1.71.2-linux-amd64/rclone /usr/bin/rclone && \
+    rm -rf rclone-v1.71.2-linux-amd64.zip rclone-v1.71.2-linux-amd64
 
 # Make home dir
 RUN mkdir microservice
 WORKDIR /microservice
 
 # Install Poetry
-ENV POETRY_HOME /microservice/.poetry
-RUN curl -sSL https://install.python-poetry.org | python3 - --version 1.1.15
+ENV POETRY_HOME=/microservice/.poetry
+RUN /opt/conda/bin/pip install --no-cache-dir "poetry==2.1.2"
 
-ENV PATH "$POETRY_HOME/bin:$PATH"
-ENV POETRY_VIRTUALENVS_CREATE false
+# Replace vulnerable pip wheel embedded inside virtualenv(CVE-2025-8869)
+RUN find /opt/conda/lib/python3.12/site-packages/virtualenv/seed/wheels/embed/ -name "pip-*.whl" -delete && \
+    /opt/conda/bin/pip wheel pip==25.3.0 --wheel-dir /opt/conda/lib/python3.12/site-packages/virtualenv/seed/wheels/embed/
+
+ENV PATH="$POETRY_HOME/bin:$PATH"
+ENV POETRY_VIRTUALENVS_CREATE=false
 
 # Install the server
 ## NOTE: Removing explicitly requirements.txt file from subdeps test
 ## dependencies causing false positives in Snyk.
 COPY poetry.lock pyproject.toml ./
 COPY _seldon_core ./_seldon_core
-RUN poetry install --no-dev && \
+RUN poetry install --no-root && \
     rm ~/.cache/pip -rf && \
-    rm -f /opt/conda/lib/python3.8/site-packages/gslib/vendored/boto/requirements.txt \
-          /opt/conda/lib/python3.8/site-packages/gslib/vendored/oauth2client/docs/requirements.txt \
-          /opt/conda/lib/python3.8/site-packages/tests/conda_env/support/requirements.txt
+    rm -f /opt/conda/lib/python3.12/site-packages/gslib/vendored/boto/requirements.txt \
+    /opt/conda/lib/python3.12/site-packages/gslib/vendored/oauth2client/docs/requirements.txt \
+    /opt/conda/lib/python3.12/site-packages/tests/conda_env/support/requirements.txt
 
 # Add licences
 RUN mkdir /licenses
@@ -70,7 +65,10 @@ COPY adserver adserver
 COPY README.md README.md
 COPY version.txt version.txt
 
-FROM base as final
+# Install the project code
+RUN poetry install
+
+FROM base AS final
 WORKDIR /microservice
 
 USER root
@@ -80,7 +78,7 @@ ENV RCLONE_CONFIG_GS_TYPE="google cloud storage" \
     DRIFT_ARTIFACTS_DIR="/mnt/artifacts/"
 
 # mesa-libGL: this is to avoid "ImportError: libGL.so.1" from opencv
-RUN  microdnf clean all && microdnf install -y mesa-libGL
+RUN microdnf clean all && microdnf install -y mesa-libGL
 RUN microdnf update -y
 
 COPY --from=builder /microservice /microservice
@@ -89,7 +87,7 @@ COPY --from=builder /usr/bin/rclone /usr/bin/rclone
 COPY --from=builder /licenses /licenses
 
 # This is to have writable numba and keops cache directories
-ENV NUMBA_CACHE_DIR /tmp/numba-cache
+ENV NUMBA_CACHE_DIR=/tmp/numba-cache
 RUN mkdir -p /.cache && \
     chown -R 8888:0 /.cache && \
     chmod -R 776 /.cache

diff --git a/components/alibi-detect-server/Makefile b/components/alibi-detect-server/Makefile
@@ -3,7 +3,7 @@ SHELL := /bin/bash
 VERSION ?= $(shell cat ../../version.txt)
 DOCKER_REGISTRY ?= seldonio
 
-BASE_IMAGE ?= ${DOCKER_REGISTRY}/conda-ubi10
+BASE_IMAGE ?= ${DOCKER_REGISTRY}/conda-ubi9
 IMAGE ?= ${DOCKER_REGISTRY}/alibi-detect-server
 KIND_NAME ?= kind
 
@@ -12,7 +12,7 @@ SELDON_CORE_DIR=../..
 
 get_local_repo: clean
 	cp $(SELDON_CORE_DIR)/version.txt version.txt
-	cp -rT $(SELDON_CORE_DIR)/python/ _seldon_core/
+	cp -R "$(SELDON_CORE_DIR)/python/." _seldon_core/
 
 clean:
 	rm version.txt || true
@@ -28,7 +28,7 @@ type_check:
 
 .PHONY: test
 test: type_check
-	pytest -W ignore adserver
+	poetry run pytest -W ignore adserver
 
 .PHONY: lint
 lint:
@@ -39,28 +39,24 @@ lint:
 #
 
 run-outlier-detector-tensorflow:
-	python -m adserver --model_name cifar10od --http_port 8080 --protocol tensorflow.http --event_type org.kubeflow.serving.inference.outlier --storage_uri gs://seldon-models/alibi-detect/od/OutlierVAE/cifar10 --event_source http://localhost:8080 OutlierDetector
+	TF_USE_LEGACY_KERAS=1 python -m adserver --model_name cifar10od --http_port 8080 --protocol tensorflow.http --event_type org.kubeflow.serving.inference.outlier --storage_uri gs://seldon-models/alibi-detect/od/OutlierVAE/cifar10 --event_source http://localhost:8080 OutlierDetector
 
 run-outlier-detector-v2:
-	python -m adserver --model_name cifar10od --http_port 8080 --protocol kfserving.http --event_type org.kubeflow.serving.inference.outlier --storage_uri gs://seldon-models/alibi-detect/od/OutlierVAE/cifar10 --event_source http://localhost:8080 OutlierDetector
+	TF_USE_LEGACY_KERAS=1 python -m adserver --model_name cifar10od --http_port 8080 --protocol kfserving.http --event_type org.kubeflow.serving.inference.outlier --storage_uri gs://seldon-models/alibi-detect/od/OutlierVAE/cifar10 --event_source http://localhost:8080 OutlierDetector
 
 run-metrics-server:
-	SELDON_DEPLOYMENT_ID="sdepname" PREDICTIVE_UNIT_ID="modelname" PREDICTIVE_UNIT_IMAGE="adserver:0.1" PREDICTOR_ID="pred" \
+	TF_USE_LEGACY_KERAS=1 SELDON_DEPLOYMENT_ID="sdepname" PREDICTIVE_UNIT_ID="modelname" PREDICTIVE_UNIT_IMAGE="adserver:0.1" PREDICTOR_ID="pred" \
 		 python -m adserver --model_name model --http_port 8080 --protocol seldonfeedback.http --event_type io.seldon.serving.feedback --storage_uri "adserver.cm_models.binary_metrics.BinaryMetrics" --event_source http://localhost:8080 MetricsServer
 
 #
 # Docker Run
 #
 
 docker-run-outlier-detector-tensorflow:
-	docker run --name cifar10od -it --rm -p 8080:8080 ${IMAGE}:${VERSION} --model_name cifar10od --http_port 8080 --protocol tensorflow.http --event_type org.kubeflow.serving.inference.outlier --storage_uri gs://seldon-models/alibi-detect/od/OutlierVAE/cifar10 --event_source http://localhost:8080 OutlierDetector
+	docker run --name cifar10od -e TF_USE_LEGACY_KERAS=1 -it --rm -p 8080:8080 ${IMAGE}:${VERSION} --model_name cifar10od --http_port 8080 --protocol tensorflow.http --event_type org.kubeflow.serving.inference.outlier --storage_uri gs://seldon-models/alibi-detect/od/OutlierVAE/cifar10 --event_source http://localhost:8080 OutlierDetector
 
 docker-run-drift-detector-tensorflow:
-	docker run --name cifar10cd  -it --rm -p 8080:8080 ${IMAGE}:${VERSION} --model_name cifar10cd --http_port 8080 --protocol tensorflow.http --event_type org.kubeflow.serving.inference.drift --storage_uri gs://seldon-models/alibi-detect/cd/ks/cifar10-0_4_3 --event_source http://localhost:8080 DriftDetector --drift_batch_size=2
-
-docker-run-drift-detector-torch:
-	docker run --name cifar10cd  -it --rm -p 8080:8080 ${IMAGE}-gpu:${VERSION} --model_name cifar10cd --http_port 8080 --protocol tensorflow.http --event_type org.kubeflow.serving.inference.drift --storage_uri gs://seldon-models/alibi-detect/cd/mmd/cifar10_mmd_torch --event_source http://localhost:8080 DriftDetector --drift_batch_size=2
-
+	docker run --name cifar10cd -e TF_USE_LEGACY_KERAS=1 -it --rm -p 8080:8080 ${IMAGE}:${VERSION} --model_name cifar10cd --http_port 8080 --protocol tensorflow.http --event_type org.kubeflow.serving.inference.drift --storage_uri gs://seldon-models/alibi-detect/cd/ks/cifar10-0_6_2 --event_source http://localhost:8080 DriftDetector --drift_batch_size=2
 
 #
 # Test curls
@@ -76,40 +72,32 @@ curl-detector-v2-outlier:
 	curl -v localhost:8080/ -d @./cifar10-v2-outlier.json -H "ce-namespace: default" -H "ce-modelid: cifar10" -H "ce-type: io.seldon.serving.inference.request" -H "ce-id: 1234" -H "ce-source: localhost" -H "ce-specversion: 1.0"
 
 curl-tensorflow-outlier-detector-scores:
-	curl -v localhost:8080/ -d @./cifar10.json -H "Alibi-Detect-Return-Feature-Score: true" -H "Alibi-Detect-Return-Instance-Score: true"
+	curl -v localhost:8080/ -d @./cifar10.json -H "ce-source: localhost" -H "ce-type: io.seldon.serving.inference.request" -H "ce-id: 1234" -H "ce-specversion: 1.0" -H "Alibi-Detect-Return-Feature-Score: true" -H "Alibi-Detect-Return-Instance-Score: true"
 
-curl-metrics-server:
-	curl -v -X POST -H 'Content-Type: application/json' \
-	   -d '{"truth": {"data": {"ndarray": [0]}}, "response": {"data": {"ndarray": [1]}}}' \
-		http://localhost:8080/
 
-curl-metrics-server-elasticsearch:
+curl-metrics-server-feedback:
 	curl -v -X POST -H 'Content-Type: application/json' \
-		-H 'Ce-Requestid: 7983e38c-29dc-45ff-8ffb-77252e7ac86d' \
-		-H 'Ce-Namespace: seldon' \
-		-H 'Ce-Inferenceservicename: seldon' \
-		-d '{"truth": {"data": {"ndarray": [0]}}}' \
+	 	-H "ce-source: localhost" \
+		-H "ce-type: io.seldon.serving.feedback" \
+		-H "ce-id: 1234" \
+		-H "ce-specversion: 1.0" \
+		-d '{"truth": {"data": {"ndarray": [0]}}, "response": {"data": {"ndarray": [1]}}}' \
 		http://localhost:8080/
 
-curl-metrics-server-metrics:
+
+curl-metrics-server-get:
 	curl http://localhost:8080/v1/metrics
 
 
 
 # image building logic
 
 docker-build: get_local_repo
-	docker build -f Dockerfile --build-arg BASE_IMAGE=${BASE_IMAGE} --build-arg VERSION=${VERSION} -t ${IMAGE}:${VERSION} .
-
-docker-build-gpu:
-	docker build -f Dockerfile.gpu -t ${IMAGE}-gpu:${VERSION} .
+	docker build --platform linux/amd64 -f Dockerfile --build-arg BASE_IMAGE=${BASE_IMAGE} --build-arg VERSION=${VERSION} -t ${IMAGE}:${VERSION} .
 
 docker-push:
 	docker push ${IMAGE}:${VERSION}
 
-docker-push-gpu:
-	docker push ${IMAGE}-gpu:${VERSION}
-
 kind_load: docker-build
 	kind load docker-image ${IMAGE}:${VERSION} --name ${KIND_NAME}
 

diff --git a/components/alibi-detect-server/README.md b/components/alibi-detect-server/README.md
@@ -1,3 +1,41 @@
 # Alibi-Detect CloudEvents Server
 
 Extends the [Seldon CloudEvents Server](https://github.com/SeldonIO/seldon-models/tree/master/servers/cloudevents) to allow Alibi Detect models to be loaded and events processed.
+
+## Maintanence
+
+In order to build and test integration with the Alibi Detect library, ensure to execute the following commands after pulling changes:
+
+```bash
+
+make dev_install
+make test
+
+
+```
+
+This will install the Alibi Detect library in the development environment and run the tests.
+
+There is also a possibility to quickly run sanity checks in this way:
+
+```bash
+
+make run-outlier-detector-tensorflow # to run the outlier detector server with tensorflow locally
+make curl-detector-tensorflow # to send a test request to the server
+make curl-tensorflow-outlier-detector-scores # to send a test request to get outlier scores
+
+make run-outlier-detector-v2 # to run the outlier detector server with kfserving protocol locally
+make curl-detector-v2 # to send a test request to the server
+make curl-detector-v2-outlier # to send a test request to get outlier scores
+
+make run-metrics-server # to run the metrics server locally
+make curl-metrics-server-feedback # to submit a test feedback with truth
+make curl-metrics-server-get # to get metrics from the server
+```
+
+In order to run the integration tests in the Kubernetes cluster, build the Docker image first: `make docker-build`.
+Then, as part of the cluster and ecosystem setup in the `testing/scripts` folder, [this test](../../testing/scripts/test_alibi_detect_server.py) can be executed to validate the Alibi Detect server functionality.
+
+## Deprecation Notice for GPU image (starting from Core 1.19.0 release)
+
+GPU image for Alibi Detect server is deprecated and won't be maintained starting from Seldon Core 1.19.0 release.
diff --git a/...onents/alibi-detect-server/Dockerfile.gpu → ...-detect-server/_DEPRECATED_Dockerfile.gpu b/...onents/alibi-detect-server/Dockerfile.gpu → ...-detect-server/_DEPRECATED_Dockerfile.gpu
diff --git a/.../alibi-detect-server/requirements-gpu.txt → ...t-server/_DEPRECATED_requirements-gpu.txt b/.../alibi-detect-server/requirements-gpu.txt → ...t-server/_DEPRECATED_requirements-gpu.txt
diff --git a/components/alibi-detect-server/adserver/server.py b/components/alibi-detect-server/adserver/server.py
@@ -277,7 +277,7 @@ def create_cloud_event(
     event_type: str,
     event_source: str,
     extensions: dict,
-    event_id: str = None,
+    event_id: Optional[str] = None,
 ) -> v1.Event:
     """
     Create a CloudEvent

diff --git a/components/alibi-detect-server/adserver/tests/test_ad_model.py b/components/alibi-detect-server/adserver/tests/test_ad_model.py
@@ -40,7 +40,7 @@ def test_basic(self):
         req = [1, 2]
         headers = {}
         res = ad_model.process_event(req, headers)
-        self.assert_(res is not None)
+        self.assertIsNotNone(res)
         self.assertEqual(res.data["data"]["is_adversarial"], 1)
 
     def test_no_return_instance_score(self):
@@ -55,5 +55,5 @@ def test_no_return_instance_score(self):
         req = [1, 2]
         headers = {HEADER_RETURN_INSTANCE_SCORE: "false"}
         res = ad_model.process_event(req, headers)
-        self.assert_(res is not None)
+        self.assertIsNotNone(res)
         self.assertEqual(res.data["data"]["is_adversarial"], expected_is_adversarial)