The human-centric platform for production ML & AI

Outerbounds

Hi @here. I'm trying to patch some CVEs in the Docker images from the <https://gallery.ecr.aws/outerbounds/metaflow_ui|Outerbounds public ECR> and ran into a bit of a puzzle.

The recent images seem to have older version tags, build numbers, and commit hashes. For example, the latest image I found for the UI was `1.3.5-159-g643ae52-obp` (7 hours ago), but there's a `1.3.13-5-g5dd049e` from 2 months ago, while `1.3.13` itself (<https://github.com/Netflix/metaflow-ui/releases/tag/v1.3.13|the latest version>) is from 9 months ago.

Could you help me understand your tagging system and how you handle CVE patches? (I'm hoping I don't have to build the images myself to get them patched :eyes: )
Thanks!

I'm not sure why there is activity in the older tags, will have to look into it if someone is working on an older branch.

In short, only the main semver tags are 'released' versions, e.g. `1.3.13` which should be the latest version. The other tags that also include a build number and a hash are pre-release/development builds used for testing