ClearML Enterprise v3.29 builds on the governance and infrastructure foundations introduced in recent releases. This update focuses on giving administrators and AI teams more granular control over resource allocation, gateway access, and pipeline management while delivering a meaningful set of UI quality improvements across the platform.
⚠️ Important: Breaking Change for Docker Compose Deployments
Starting with v3.29, the apiserver and fileserver containers in Docker Compose deployments no longer run as root. They now run as a non-root user (UID 65532).
Before upgrading, administrators must update the ownership of existing data and log directories to UID 65532. If this step is not completed before upgrading, the containers will fail to start due to permission errors. Full upgrade instructions are available in the documentation.
If deploying via Docker Compose, follow the upgrade instructions to update directory ownership before upgrading to v3.29.
What’s New
Per-Task Resource Flexibility with Dynamic Resource Specification
Resource policy profiles in ClearML define how many resources a single job consumes: a 1-GPU profile, a 4-GPU profile, and so on. Until now, these were fixed at the profile level: every job submitted through a given queue received the same resource allocation.
v3.29 introduces dynamic resource specification to resource policy profiles, enabling per-task resource requirements. Administrators can now configure profiles that allow resource amounts to vary per task, rather than locking every submission to a single fixed allocation. This gives platform teams more flexibility to support workloads with variable resource footprints within a single governed queue, without needing to create separate profiles for every job size.
Review the dynamic resource specification options in your resource policy profiles to align allocation flexibility with your team’s workload patterns.
Endpoint-Scoped AI Application Gateway Tokens
The AI Application Gateway governs external access to ClearML model endpoints and applications through token-based authentication. In v3.29, a new endpoint scope for gateway tokens allows administrators to restrict a token’s access to a specific request target endpoint, rather than providing blanket access across all gateway-exposed services.
This means tokens can be issued with narrowly defined permissions, granting access to a production inference endpoint without also granting access to development environments, remote sessions, or other applications behind the same gateway. For organizations managing external API consumers, partner integrations, or customer-facing services, this reduces the blast radius of a compromised or leaked token.
This enhancement builds on the centralized token management interface introduced in v3.28, giving administrators the combination of a single place to manage tokens and the ability to scope each token precisely.
Audit your existing gateway tokens and consider reissuing them with endpoint-scoped access where appropriate.
Audit Logging for Administrator Configuration Vaults
Administrator configuration vaults inject credentials and configuration values into workloads at runtime for designated user groups. v3.29 adds a UI audit log for these vaults, giving administrators visibility into configuration changes: who modified a vault, what was changed, and when.
For organizations with compliance requirements around credential governance, this audit trail closes a gap that previously existed; vault contents were applied automatically, but changes to those vaults were not logged in a way that was visible to administrators through the UI. This makes vault management auditable alongside the rest of the platform’s access control configuration.
Enable audit logging visibility for administrator vaults in Settings to support compliance and change management processes.
Custom Expiration for API Credentials
API credentials in ClearML now support custom expiration periods. Administrators and users can set credential-specific expiration windows rather than relying on a single platform-wide default. This provides finer-grained control over credential lifecycle management, supporting security policies that require shorter-lived credentials for certain service accounts or integration types, without forcing the same expiry on all credentials across the workspace.
Pipeline and Workflow Improvements
v3.29 introduces several improvements to pipeline management and execution:
- Create a new pipeline from an existing run. Platform teams and ML engineers can now use a completed pipeline run as the starting point for a new pipeline definition, reducing the overhead of building pipelines from scratch when an existing run already captures the desired structure and configuration.
- New task selection interface for application launch forms. Application launch forms now include an improved task selection interface, making it easier to specify the task a deployed application should run.
- Export task and pipeline run details to JSON. Task and pipeline run details can now be exported to JSON directly from the UI, supporting integration with external reporting or audit workflows.
Dataset and Workload Improvements
- Publish Hyper-Dataset versions from the UI. Dataset versions can now be published directly through the UI, marking them as read-only and finalizing their contents for downstream use.
- Project-level workload storage mounts. Users can configure volumes to be automatically mounted onto workloads running within a project, simplifying storage access configuration for teams working with consistent data sources.
- Workloads tab visibility control. Administrators can now control whether the Workloads tab is visible to all users, restricted to specific roles, or admins only, providing more granular control over the platform UI surface area presented to different audiences.
UI Quality-of-Life Improvements
v3.29 includes a range of UI refinements across the platform:
- Task comparison actions. View task, rename, and archive actions are now available directly in the UI task comparison view.
- Line width control in comparison charts. Users can now adjust line width in UI comparison charts, improving readability when comparing multiple experiments with closely overlapping metrics.
- Status filter on Reports page. A new status filter on the Reports page allows users to narrow the report list by status, improving navigation in workspaces with large numbers of reports.
- Report filters. A status filter is now available on the UI Reports page.
- Clickable repository URLs. Repository URLs in the Task Execution tab are now clickable, providing direct navigation to the source repository from the task detail view.
Read the full release notes here.