Behavioral changes

To eliminate security risks associated with token exposure, the Authorization: Bearer header is now automatically stripped from incoming requests after JWT-based authentication with Knox completes. Previously, this token was forwarded upstream to Cloudera AI Inference service Applications and Model Endpoints.

The Registered Models page now loads model repositories on-demand per selected registry, replacing the previous behavior of attempting to fetch all registry data simultaneously when the page loads. This change isolates data requests, ensuring that an accessibility restriction (such as a 403 Forbidden error) on one registry displays an localized informational notice instead of triggering a full page-level crash. This allows users to seamlessly switch and view data from other authorized registries.

Cloudera AI Inference service Python client library is now renamed from caiiclient to cloudera-ai-inference. This breaking change requires you to update your package dependencies and code import paths (import cloudera.ai.inference). The library now uses a standard PEP 420 namespace package architecture to better support future ecosystem components.

Spark 2.4.8, 3.2, and 3.3 add-ons are no longer pre-bundled with Cloudera AI Workbench. If you require these add-ons in the new workbench, you must install them manually using the API v2 endpoints. For more information, see Uploading runtime add-on repository files using API v2 endpoint.