3.2 - Security fixes

Security fixes provided in 3.2.3-funcrel

CAST image	CVE	Severity	Description	Affected CAST release
castimaging/admin-center	CVE-2025-22228	HIGH	spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length	3.2.0-funcrel
castimaging/analysis-node	CVE-2020-10683	CRITICAL	Upgrade org.dom4j:dom4j to version 2.0.3, 2.1.3	3.1.1-funcrel
castimaging/analysis-node	CVE-2019-20916	HIGH	Upgrade pip to version 19.2	3.1.1-funcrel
castimaging/analysis-node	CVE-2021-3572	HIGH	Upgrade pip to version 21.1	3.1.1-funcrel
castimaging/analysis-node	CVE-2022-40897	HIGH	Upgrade setuptools to version 65.5.1	3.1.1-funcrel
castimaging/analysis-node	CVE-2024-6345	HIGH	Upgrade etuptools to version 70.0.0	3.1.1-funcrel
castimaging/auth-service	CVE-2025-22228	HIGH	spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length	3.2.0-funcrel
castimaging/console	CVE-2025-22228	HIGH	spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length	3.2.2-funcrel
castimaging/console	CVE-2025-24970	HIGH	Upgrade io.netty:netty-handler to version 4.1.118.Final	3.1.1-funcrel; 3.2.2-funcrel
castimaging/console	CVE-2016-1000027	CRITICAL	Upgrade org.springframework:spring-web to version 6.0.0	3.1.1-funcrel
castimaging/console	CVE-2024-38816	HIGH	Upgrade org.springframework:spring-webflux to version 6.1.13; Upgrade org.springframework:spring-webmvc to version 6.1.13	3.1.1-funcrel
castimaging/console	CVE-2024-38819	HIGH	Upgrade org.springframework:spring-webflux to version 6.1.14; Upgrade org.springframework:spring-webmvc to version 6.1.14	3.1.1-funcrel
castimaging/console	CVE-2022-1471	HIGH	Upgrade org.yaml:snakeyaml to version 2.0	3.1.1-funcrel
castimaging/gateway	CVE-2025-22228	HIGH		3.2.2-funcrel

Security fixes provided in 3.2.2-funcrel

CAST image	CVE	Severity	Description	Affected CAST release
castimaging/admin-center	CVE-2024-47072	HIGH	com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream	3.2.0-funcrel
castimaging/admin-center	CVE-2019-17495	CRITICAL	Cross-site scripting in Swagger-UI	3.2.0-funcrel
castimaging/admin-center	CVE-2024-12797	HIGH	openssl: RFC7250 handshakes with unauthenticated servers don’t abort as expected	3.2.0-funcrel
castimaging/admin-center	CVE-2024-7254	HIGH	protobuf: StackOverflow vulnerability in Protocol Buffers	3.2.0-funcrel
castimaging/admin-center	CVE-2024-56337	HIGH	tomcat: Incomplete fix for	3.2.0-funcrel
castimaging/admin-center	CVE-2025-24813	CRITICAL	tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	3.2.0-funcrel
castimaging/admin-center	CVE-2024-50379	HIGH	tomcat: RCE due to TOCTOU issue in JSP compilation	3.2.0-funcrel
castimaging/admin-center	CVE-2025-24970	HIGH	Upgrade io.netty:netty-handler to version 4.1.118.Final	3.1.1-funcrel
castimaging/admin-center	CVE-2016-1000027	CRITICAL	Upgrade org.springframework:spring-web to version 6.0.0	3.1.1-funcrel
castimaging/admin-center	CVE-2024-38816	HIGH	Upgrade org.springframework:spring-webflux to version 6.1.13; Upgrade org.springframework:spring-webmvc to version 6.1.13	3.1.1-funcrel
castimaging/admin-center	CVE-2024-38819	HIGH	Upgrade org.springframework:spring-webflux to version 6.1.14; Upgrade org.springframework:spring-webmvc to version 6.1.14	3.1.1-funcrel
castimaging/admin-center	CVE-2022-1471	HIGH	Upgrade org.yaml:snakeyaml to version 2.0	3.1.1-funcrel
castimaging/ai-service	CVE-2024-39689	HIGH	Upgrade certifi to version 2024.07.04	3.1.1-funcrel
castimaging/ai-service	CVE-2024-1135	HIGH	Upgrade gunicorn to version 22.0.0	3.1.1-funcrel
castimaging/ai-service	CVE-2024-3651	HIGH	Upgrade idna to version 3.7	3.1.1-funcrel
castimaging/ai-service	CVE-2024-6345	HIGH	Upgrade setuptools to version 70.0.0	3.1.1-funcrel
castimaging/ai-service	CVE-2023-6730	CRITICAL	Upgrade transformers to version 4.36.0	3.1.1-funcrel
castimaging/ai-service	CVE-2023-7018	HIGH	Upgrade transformers to version 4.36.0	3.1.1-funcrel
castimaging/ai-service	CVE-2024-49768	HIGH	Upgrade waitress to version 3.0.1	3.1.1-funcrel
castimaging/ai-service	CVE-2024-49769	HIGH	Upgrade waitress to version 3.0.1	3.1.1-funcrel
castimaging/analysis-node	CVE-2024-47175	HIGH	cups: libppd: remote command injection via attacker controlled data in PPD file	3.2.0-funcrel
castimaging/analysis-node	CVE-2025-21172	HIGH	dotnet: .NET and Visual Studio Remote Code Execution Vulnerability	3.2.0-funcrel
castimaging/analysis-node	CVE-2025-21173	HIGH	dotnet: .NET Elevation of Privilege Vulnerability	3.2.0-funcrel
castimaging/analysis-node	CVE-2025-21176	HIGH	dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability	3.2.0-funcrel
castimaging/analysis-node	CVE-2024-2961	HIGH	glibc: Out of bounds write in iconv may lead to remote code execution	3.2.0-funcrel
castimaging/analysis-node	CVE-2024-10963	HIGH	pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass	3.2.0-funcrel
castimaging/analysis-node	CVE-2024-10041	HIGH	pam: libpam: Libpam vulnerable to read hashed password	3.2.0-funcrel
castimaging/analysis-node	CVE-2024-12085	HIGH	rsync: Info Leak via Uninitialized Stack Contents	3.2.0-funcrel
castimaging/analysis-node	CVE-2024-8508	HIGH	unbound: Unbounded name compression could lead to Denial of Service	3.2.0-funcrel
castimaging/analysis-node	CVE-2024-1488	HIGH	unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation	3.2.0-funcrel
castimaging/analysis-node	CVE-2025-21171	HIGH	dotnet: .NET Remote Code Execution Vulnerability	3.2.0-funcrel
castimaging/analysis-node	CVE-2024-7254	HIGH	Upgrade com.google.protobuf:protobuf-java to version 3.25.5, 4.27.5, 4.28.2	3.1.1-funcrel
castimaging/analysis-node	CVE-2023-24998	HIGH	Upgrade commons-fileupload:commons-fileupload to version 1.5	3.1.1-funcrel
castimaging/analysis-node	CVE-2024-47554	HIGH	Upgrade commons-io:commons-io to version 2.14.0	3.1.1-funcrel
castimaging/analysis-node	CVE-2012-6153	HIGH	Upgrade org.apache.httpcomponents:httpclient to version 4.2.3	3.1.1-funcrel
castimaging/analysis-node	CVE-2022-41404	HIGH	Upgrade org.ini4j:ini4j to version 0.5.4	3.1.1-funcrel
castimaging/analysis-node	CVE-2024-1597	HIGH	Upgrade org.postgresql:postgresql to version 42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2	3.1.1-funcrel
castimaging/analysis-node	CVE-2024-4340	HIGH	Upgrade sqlparse to version 0.5.0	3.1.1-funcrel
castimaging/auth-service	CVE-2024-47554	HIGH	apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader	3.2.0-funcrel
castimaging/auth-service	CVE-2024-47072	HIGH	com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream	3.2.0-funcrel
castimaging/auth-service	CVE-2024-12797	HIGH	openssl: RFC7250 handshakes with unauthenticated servers don’t abort as expected	3.2.0-funcrel
castimaging/auth-service	CVE-2024-38819	HIGH	org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks	3.2.0-funcrel
castimaging/auth-service	CVE-2024-38821	CRITICAL	Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications	3.2.0-funcrel
castimaging/auth-service	CVE-2024-38816	HIGH	spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource	3.2.0-funcrel
castimaging/auth-service	CVE-2025-24970	HIGH	Upgrade io.netty:netty-handler to version 4.1.118.Final	3.1.1-funcrel
castimaging/auth-service	CVE-2024-57699	HIGH	Upgrade net.minidev:json-smart to version 2.5.2	3.1.1-funcrel
castimaging/console	CVE-2024-47072	HIGH	com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream	3.1.1-funcrel
castimaging/console	CVE-2024-12797	HIGH	Upgrade libcrypto3 to version 3.3.3-r0; Upgrade libssl3 to version 3.3.3-r0; Upgrade openssl to version 3.3.3-r0	3.1.1-funcrel
castimaging/etl-service	CVE-2021-43565	HIGH	Upgrade golang.org/x/crypto to version 0.0.0-20211202192323-5770296d904e	3.1.1-funcrel
castimaging/etl-service	CVE-2022-27191	HIGH	Upgrade golang.org/x/crypto to version 0.0.0-20220314234659-1baeb1ce4c0b	3.1.1-funcrel
castimaging/etl-service	CVE-2024-45337	HIGH	Upgrade golang.org/x/crypto to version 0.31.0	3.1.1-funcrel
castimaging/etl-service	CVE-2022-29526	HIGH	Upgrade golang.org/x/sys to version 0.0.0-20220412211240-33da011f77ad	3.1.1-funcrel
castimaging/etl-service	CVE-2023-29403	CRITICAL	Upgrade stdlib to version 1.19.10, 1.20.5	3.1.1-funcrel
castimaging/etl-service	CVE-2023-29406	HIGH	Upgrade stdlib to version 1.19.11, 1.20.6	3.1.1-funcrel
castimaging/etl-service	CVE-2023-29409	HIGH	Upgrade stdlib to version 1.19.12, 1.20.7, 1.21.0-rc.4	3.1.1-funcrel
castimaging/etl-service	CVE-2023-39325	HIGH	Upgrade stdlib to version 1.20.10, 1.21.3	3.1.1-funcrel
castimaging/etl-service	CVE-2023-45283	HIGH	Upgrade stdlib to version 1.20.11, 1.21.4, 1.20.12, 1.21.5	3.1.1-funcrel
castimaging/etl-service	CVE-2024-24790	CRITICAL	Upgrade stdlib to version 1.21.11, 1.22.4	3.1.1-funcrel
castimaging/etl-service	CVE-2024-24791	HIGH	Upgrade stdlib to version 1.21.12, 1.22.5	3.1.1-funcrel
castimaging/etl-service	CVE-2023-45289	HIGH	Upgrade stdlib to version 1.21.8, 1.22.1	3.1.1-funcrel
castimaging/etl-service	CVE-2023-45290	HIGH	Upgrade stdlib to version 1.21.8, 1.22.1	3.1.1-funcrel
castimaging/etl-service	CVE-2024-24783	HIGH	Upgrade stdlib to version 1.21.8, 1.22.1	3.1.1-funcrel
castimaging/etl-service	CVE-2024-24784	HIGH	Upgrade stdlib to version 1.21.8, 1.22.1	3.1.1-funcrel
castimaging/etl-service	CVE-2024-24785	HIGH	Upgrade stdlib to version 1.21.8, 1.22.1	3.1.1-funcrel
castimaging/etl-service	CVE-2023-45288	HIGH	Upgrade stdlib to version 1.21.9, 1.22.2	3.1.1-funcrel
castimaging/etl-service	CVE-2025-22866	HIGH	Upgrade stdlib to version 1.22.12, 1.23.6, 1.24.0-rc.3	3.1.1-funcrel
castimaging/etl-service	CVE-2024-34155	HIGH	Upgrade stdlib to version 1.22.7, 1.23.1	3.1.1-funcrel
castimaging/etl-service	CVE-2024-34156	HIGH	Upgrade stdlib to version 1.22.7, 1.23.1	3.1.1-funcrel
castimaging/etl-service	CVE-2024-34158	HIGH	Upgrade stdlib to version 1.22.7, 1.23.1	3.1.1-funcrel
castimaging/gateway	CVE-2024-47072	HIGH	com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream	3.2.0-funcrel
castimaging/gateway	CVE-2024-47072	HIGH	com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream	3.2.0-funcrel
castimaging/gateway	CVE-2024-38819	HIGH	org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks	3.2.0-funcrel
castimaging/gateway	CVE-2024-38819	HIGH	org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks	3.2.0-funcrel
castimaging/gateway	CVE-2024-7254	HIGH	protobuf: StackOverflow vulnerability in Protocol Buffers	3.2.0-funcrel
castimaging/gateway	CVE-2024-38816	HIGH	spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource	3.2.0-funcrel
castimaging/gateway	CVE-2024-38816	HIGH	spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource	3.2.0-funcrel
castimaging/gateway	CVE-2024-56337	HIGH	tomcat: Incomplete fix for	3.2.0-funcrel
castimaging/gateway	CVE-2024-50379	HIGH	tomcat: RCE due to TOCTOU issue in JSP compilation	3.2.0-funcrel
castimaging/gateway	CVE-2025-24813	HIGH	tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	3.2.0-funcrel
castimaging/gateway	CVE-2025-24970	HIGH	Upgrade io.netty:netty-handler to version 4.1.118.Final	3.1.1-funcrel
castimaging/gateway	CVE-2025-24970	HIGH	Upgrade io.netty:netty-handler to version 4.1.118.Final	3.1.1-funcrel
castimaging/gateway	CVE-2024-12797	HIGH	Upgrade libcrypto3 to version 3.3.3-r0; Upgrade libssl3 to version 3.3.3-r0; Upgrade openssl to version 3.3.3-r0	3.1.1-funcrel
castimaging/gateway	CVE-2024-12797	HIGH	Upgrade libcrypto3 to version 3.3.3-r0; Upgrade libssl3 to version 3.3.3-r0; Upgrade openssl to version 3.3.3-r0	3.1.1-funcrel
castimaging/sso-service	CVE-2024-7341	HIGH	wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters	3.2.0-funcrel
castimaging/sso-service	CVE-2024-8698	HIGH	keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak	3.2.0-funcrel
castimaging/viewer	CVE-2024-45337	HIGH	Upgrade golang.org/x/crypto to version 0.31.0	3.1.1-funcrel
castimaging/viewer	CVE-2024-45337	HIGH	Upgrade golang.org/x/crypto to version 0.31.0	3.1.1-funcrel
castimaging/viewer	CVE-2024-45338	HIGH	Upgrade golang.org/x/net to version 0.33.0	3.1.1-funcrel
castimaging/viewer	CVE-2024-24791	HIGH	Upgrade stdlib to version 1.21.12, 1.22.5	3.1.1-funcrel
castimaging/viewer	CVE-2025-22866	HIGH	Upgrade stdlib to version 1.22.12, 1.23.6, 1.24.0-rc.3	3.1.1-funcrel
castimaging/viewer	CVE-2024-34155	HIGH	Upgrade stdlib to version 1.22.7, 1.23.1	3.1.1-funcrel
castimaging/viewer	CVE-2024-34156	HIGH	Upgrade stdlib to version 1.22.7, 1.23.1	3.1.1-funcrel
castimaging/viewer	CVE-2024-34158	HIGH	Upgrade stdlib to version 1.22.7, 1.23.1	3.1.1-funcrel