3.4
3.4.3-funcrel
Note
- An in-place update from previous 3.x releases is supported for Linux via Docker installations - see the documentation.
- Migration from CAST Console/CAST Imaging 2.x is NOT supported for Linux via Docker installations.
Components included in this release:
- Embedded CAST Imaging Core release: 8.4.6 with internal analysis engine 3.1.13-funcrel.
Other Updates
| Internal Id | Details |
|---|---|
| IMAGKSL-3431 | Fixes an issue causing the Dynamic Link Manager (DLM) rules execution to fail when CAST Imaging is configured to connect to a CAST Storage Service/PostgreSQL instance using TLS/SSL encryption, without certificates. |
| IMAGKSL-3495 | For more clarity the SSL option present in the database connection popup has been renamed now to "With SSL (requires client side certificate)". See the documentation. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 54070 | Fixes an issue causing ETL failure when CAST Imaging is configured to connect to a CAST Storage Service/PostgreSQL instance using TLS/SSL encryption, without certificates. |
3.4.2-funcrel
Note
- An in-place update from previous 3.x releases is supported for Linux via Docker installations - see the documentation.
- Migration from CAST Console/CAST Imaging 2.x is NOT supported for Linux via Docker installations.
Components included in this release:
- Embedded CAST Imaging Core release: 8.4.5 with internal analysis engine 3.1.13-funcrel.
New Features
| Summary | Details |
|---|---|
| Technical > Enhanced reverse proxy support with context path configuration | CAST Imaging now supports installation behind a reverse proxy with customizable context paths. This enhancement allows you to deploy CAST Imaging at specific URL paths within your existing infrastructure, such as "http://portal.domain.com/some-path", providing greater flexibility for enterprise environments and multi-application deployments.See the documentation. |
3.4.1-funcrel
Note
- An in-place update from previous 3.x releases is supported for Linux via Docker installations - see the documentation.
- Migration from CAST Console/CAST Imaging 2.x is NOT supported for Linux via Docker installations.
- Critical security patches to address identified vulnerabilities.
Components included in this release:
- Embedded CAST Imaging Core release: 8.4.5 with internal analysis engine 3.1.12.
New Features
| Summary | Details |
|---|---|
| Analysis > Support for C/C++ | This release provides changes to support the analysis of C/C++ via the com.castsoftware.cpp 3.0.0-beta1 extension. CAST Imaging Core 8.4.5 (or later) is also required (shipped with this release). See Using com.castsoftware.cpp 3.0 for more details. |
| Technical > Support for certificate-based authentication for database connections | Certificate-based authentication (with client certificate) is now supported for databases (CAST Storage Service/PostgreSQL). See Configuring certificate-based authentication for database connections. |
Feature Improvements
| Summary | Details |
|---|---|
| Results > Link characteristic improvements | Links generated via an SQL query are now flagged as such in the Characteristics section in the right panel. See the documentation. |
| Technical > Neo4j export/import CLI tool | Application results can now be exported to ZIP, and imported from ZIP from both Microsoft Windows and Linux via Docker installations. See Exporting and importing applications. |
Other Updates
| Internal Id | Details |
|---|---|
| IMAGSYS-20519 | Results > Fixes an issue where views were not displayed in the predefined "RDBMS Object Inventory" view. |
| IMAGSYS-20605 | Technical > Fixes an issue with the exportimport.exe CLI tool for Microsoft Windows. |
| IMAGSYS-20579 | Technical > Fixes various CVEs found in the "etl-service" image for Docker. |
| IMAGSYS-20599 | Technical > Fixes an issue with the exportimport.exe CLI tool to ensure datetime values are handled correctly. |
| IMAGSYS-20604 | Results > A change has been implemented in the way JV_FIELD items are handled - these are now handled as sub-objects and will be visible in the results (previously they were hidden). |
| IMAGSYS-20622 | Technical > Fixes an issue with the exportimport.exe CLI tool where "–listapplications" returns results even when an incorrect "–host" value is provided. |
| AIPLITE-1527 | CAST Imaging Core 8.4.5: Fixes an issue causing the error "Client triggered an unexpected error [Neo.DatabaseError.Statement.ExecutionFailed]" when generating "viewer" results after an analysis. |
| AIPLITE-1525 | CAST Imaging Core 8.4.5: Fixes an issue causing links between JV_METHOD items to differ when comparing analysis results of the same application analyzed in CAST v2/8.3. |
| AIPLITE-1528 | CAST Imaging Core 8.4.5: Fixes an issue causing the warning "JAVA121: Invalid parametrization for 'org.apache.log4j.Category.log(java.lang.String, org.apache.log4j.Priority, java.lang.Object, java.lang.Throwable)' parameter index out of bounds". |
| AIPLITE-1543 | CAST Imaging Core 8.4.5: Fixes an issue where a difference in result for the rule "Avoid Too Many Copy Pasted Artifacts" 7156 was observed when analyzing the same application with v2/8.3 and v3/8.4. |
| AIPLITE-1548 | CAST Imaging Core 8.4.5: Fixes an issue where a "SegFault" error was observed during the metrics generation step. |
| AIPLITE-1554 | CAST Imaging Core 8.4.5: Fixes an issue causing the error "[ERROR] Agent 19 failed to start. Error code = 139" during an analysis. |
| AIPCORE-5588 | CAST Imaging Core 8.4.5: Fixes a CVE found in the "analysis-node" service. |
| AIPCORE-5588 | CAST Imaging Core 8.4.5: Fixes various Java related CVEs in v3/8.4. |
| AIPCORE-5539 | CAST Imaging Core 8.4.5: Fixes an error "[ERROR] Invalid path : The filename, directory name, or volume label syntax is incorrect " visible during the analysis. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 53899 | UI > Fixes an issue preventing the proxy configuration to be saved without username and password. Now credentials are not mandatory: only host and address must be entered. |
| 53230 | Analysis > Fixes an issue where the number of .NET Namespace Objects were higher than expected. |
Known Issues
| Internal Id | Details |
|---|---|
| IMAGKSL-3373 | Results > When using the dynamic link validator, the apply button is not enabled when a link is selected to review. A current workaround is to switch between the radio buttons to enable to apply button. |
| IMAGKSL-3310 | Results > Using the Config / Advanced / Dynamic Links option does not display the list of links for C/C++ related technologies. |
| IMAGKSL-3310 | Results > The Reference Finder feature currently cannot match C/C++ related technologies. |
| IMAGKSL-3386 | Technical > The "Control Panel" Microsoft Windows Service will fail to start if HTTPS is enabled and the path to the SSL key pair files is too long. This manifests in the service log as follows "ERROR: value too long for type character varying(255)". To workaround this issue, shorten the path to the SSL key pair files. This issue will be fixed in a future release. |
Bug Fixes
| Details |
|---|
| Technical > Fixes an issue preventing the "Console" service logs from being made available to end users. |
3.4.0-funcrel
Note
- An in-place update from previous 3.x releases is supported for Linux via Docker installations - see the documentation.
- Migration from CAST Console/CAST Imaging 2.x is NOT supported for Linux via Docker installations.
- Critical security patches to address identified vulnerabilities.
Components included in this release:
- Embedded CAST Imaging Core release: 8.4.4 with internal analysis engine 3.1.5.
New Features
| Summary | Details |
|---|---|
| Results > "What's this?" dialog | A new object/node right click contextual menu option called "What's this?" has been added to the view providing a basic overview of the seleced object and how it "fits in" with the rest of the application. See What's this?. |
| Results > AI functional report | It is now possible to export a top-level "AI functional report" to Microsoft Word format, containing basic information about the contents of your application. See Generating an AI functional report. |
| Installation/Deployment > Read-only Dashboards and Viewer for Microsoft Windows and Linux via Docker deployments | It is now possible to deploy CAST Imaging without an "analysis-node" component for situations where you would like to provide a "read-only" CAST Imaging instance specifically so that end-users can consults results either in the CAST Dashboards (Engineering/Management/Security) or in the "Viewer". Analysis results are generated in another separate CAST Imaging instance and are exported/imported into the read-only instance. See the installation documentation and standalone deployment workflow for more information. |
| Technical > Application analysis configuration download | A new option has been added at application analysis configuration level called "Download configuration". This downloads the entire set of analysis configuration settings to a .json file, providing a way to compare settings to ensure consistency throughout successive analyses. See the documentation. |
| Analysis Configuration > Transactions > View leaves | A new option has been added called "View leaves" available in the Analysis Configuration > Transactions panel. This can help understand why a call graph is incomplete and where it is broken. In addition, an option has been added "Hide full graph leaves" to remove certain items from the list. See the documentation. |
Feature Improvements
| Summary | Details |
|---|---|
| Results > Improved Graph Layout options for selected objects/nodes | It is now possible to select a subset of objects/nodes in the view and then choose a specific Graph Layout option just for those items: in this way, specific parts of the application can be arranged in a custom way. See Graph layout tool. |
| Results > Improved workflow for accessing Saved views | Improvements have been made to the way in which Saved views are accessed: when using the "Show saved views" menu option (available in the top left corner), a selection dialog is now displayed allowing users to select the view they require. Previously, the most recent Saved view would be automatically displayed when using this menu option. |
| Results > List/Graph View toggle moved | The toggle button to switch between Graph view (default) and List view has been moved into the view toolbar, freeing up space in the view. See View - Action options. |
| Results > Investigate button improvements | The "Investigate" button found across multiple features (Structural Flaws, Third-Party Components, Green Impacts, etc.) has been renamed to "Open in a new view" and now opens the target view in a new tab instead of the current one. The "Investigate" button found across multiple features (Structural Flaws, Third-Party Components, Green Impacts, etc.) has been renamed to "Open in a new view" and now opens the target view in a new tab instead of the current one. In addition, the current context is no longer retained in the new tab: scope will be set to "Pre-Defined" to match the current situation. |
| Results > Improved node categorization | Some minor changes have been made in Level 4 and 5 with regard to node categorization: "Frameworks" has been renamed to "Programming Technologies" (Level 4) and "Technologies" has been renamed "Technology Object Types" (Level 5). |
| Results > Characteristics section (right panel) improved with table index information | The Characteristics section located in the right panel has been improved to include information (for table database objects) about indexes and the columns they index. See Characteristics. |
| Results > Structural Flaws: link properties now available | Link properties are now available when investigating structural flaws: clicking a link will show the familiar "Characteristics" section including link history and source code (where available). See Improving code quality and ISO-5055 compliance. |
| Results > Third-party components: License information now available | License information for each component is now displays in the list of third-party components: licenses are categorised by colour according to compliance and clicking the icon will direct users to the external third-party license information. |
| Results > Cypher query: improved query entry field | The query entry field is now resizable instead of a fixed height of one line, allowing large queries to be displayed in their entirety. See Cypher search. |
| Results > Characteristics section (right panel) improved with info bubble | The Characteristics section in the right panel has been improved to include an info bubble explaining abbreviations such as PK, FK and UQ, specifically for table columns and indexes. |
| Results > UI alignment for Green Deficiencies, Cloud Maturity and Third-Party Components insights | The investigation UI for Green Deficiencies, Cloud Maturity, and Third-Party Components insights now matches the Structural Flaws UI for a more streamlined experience. |
| Results > Improved Graph Layout options | The Graph Layout options previously available in the Viewer preferences have been removed: now Graph Layout is managed solely in the view. A default layout will be applied and then any changes will persist through the session per scope. See the documentation. |
| Results > Improved History feature | The History feature is now available in Levels 1-5 and Custom Aggregations (previously only available at Object level). Additionally, a Global Context indicator has been added to improve usability and ensure consistency across tabs. See the documentation. |
| Results > Improved Compare feature | The Compare feature is now available in Levels 1-5 and Custom Aggregations (previously only available at Object level). See the documentation. |
| Analysis Configuration > Transactions > Check content results > Object ID | It is now possible to view an object's ID in the results iof the Check Content functionality in the transaction rules section. IDs are hidden by default but can be displayed using a column picker. See the documentation. |
| Installation/Deployment > License strategy change via UI | It is now possible to switch license strategy i.e. from "Named Application" to "Contributing Developers" and vice-versa via the UI. When switching to "Named Application", application specific licences will need to be applied after the strategy swap. See the documentation. |
| Results > Aggregated by scopes > Grouping on link drill down | Drilling down into linked nodes has been enhanced across Aggregated by > Module, Service, Project Structure, and Architecture Model scopes. When you double-click a link between nodes, objects now follow a two-tier grouping system: first by object type (such as Java Method), then by parent node (module, service, project, or model). This hierarchical organization makes it easier to distinguish object types both within individual nodes and across multiple nodes, creating a clearer visual structure. Previously, drill-down results appeared ungrouped. |
| Installation > Improved Docker container start-up | When CAST Imaging is installed on a single machine and the machine restarts, Docker containers now start up in the correct order, preventing situations where containers indefinitely wait for their dependencies to initialize. |
| Installation > Offline mode for Linux via Docker | It is now possible to run the Linux via Docker installer in "offline mode" for installation of CAST Imaging in air gapped/secure environments without internet connections. All Docker images must be present on the relevant machine when running the installer. See the documentation. |
| Installation/Deployment > Named Application license bulk upload | It is now possible to bulk upload one or more Named Application license keys via a .txt file. This can be actioned before an application is created, or post-creation in the case of a license strategy switch from Contributing Developers to Named Application. See the documentation. |
Other Updates
| Internal Id | Details |
|---|---|
| IMAGSYS-19426 | Results > The "Clear Graph" option available in the left panel in some scopes has been removed from the UI. |
| IMAGSYS-19212 | Results > Object IDs (numeric and UUIDs) have been removed from the results of all export features across the platform to improve usability. These have been replaced with a timestamp entry (YYYY-MM-DD). |
| IMAGSYS-20004 | Results > Third-party components > Minor improvement to add a tooltip to the "Licenses" column to explain the various license risk profiles. See the documentation for more information on this feature. |
| IMAGKSL-3104 | Installation > The "admin-center" Docker container has been renamed to "control-panel" to match this service's functionality. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 52495 | Results > Fixes an issue causing the full count of object links to fail to be included in a Saved View export action. |
| 52750 | Installation > Fixes an issue where the Linux via Docker installer fails to use images already present on the machine in a sandboxed secure enviroment with no internet connection: now the installer can be configured to function in "offline" mode. See the documentation. |
| 52749 | Results > Fixes an issue where the cypher query input field size is too small: the field is now multi-line. |
| 53047 | Results > Fixes an issue where the App-to-App dependency 'Export all objects and links' feature is displaying the Source and Target columns in reverse order, and the 'Link Type' column is missing from the results. |
| 53168 | Results > Fixes an issue where the custom aggregation "collaborate with" list is not sorted alphabetically. |
| 53216 | Results > Fixes an issue where the number of code lines appears twice erroneously. |
| 53278 | Results > Fixes an issue where the custom aggregation "aggregated by" list is not sorted alphabetically. |
| 53500 | Results > Fixes an issue occuring when searching for objects individually and adding them to the view: the associated links are not displayed. |
| 53501 | Results > Fixes an issue where the parent program object is not always displayed below the subroutine name. |
| 53493 | Results (Dashboards) > Fixes an issue where the a link to the documentation fails to resolve. |
| 53438 | Results (Dashboards) > Fixes an issue where the Management Dashboard displayed the technologies overview tile as N/A. |
| 53397 | Results (Dashboards) > Fixes an issue where dashboards not accessible after adding users/roles due to null values being created when assigning a role to multiple users. |
| 52552 | Results (Dashboards) > Fixes an issue where it is not possible to download a CWE report from the Engineering Dashboard. |
| 52485 | Results (Dashboards) > Fixes an issue where the REST API fails to function. |
| 51572 | Results (Dashboards) > Fixes an issue where the Health Factor report downloaded from the advanced search page shows empty module information for objects related to certain technologies. |
| 53508 | Results > Fixes an issue where the LOC (Lines of Code) count remains unchanged when an application is updated, even when the list of technologies involved has changed. |
| 52947 | Results > Fixes an issue where the "Generate AI summary" feature is failing for some .NET transactions. |
Known Issues
| Internal Id | Details |
|---|---|
| IMAGKSL-3234 | Analysis > The "Download analysis configuration" option is not available for the application whose status is 'require attention'. i.e deep analysis is failed. This will be fixed in a future release. |
| IMAGKSL-3259 | Analysis > The number of duplicated files listed in an analysis alert may not match the reality. |
Bug Fixes
| Details |
|---|
| Analysis > Fixes an issue preventing the retention of exclusion patterns when running a new scan with analysis from the landing page. |
| Technical > Fixes an issue where when deleting an application the related LISA and LTSA folders are now correctly removed as well. |
| Analysis > Fixes an issue where content discovery was failing to recognise *.tsql files. |
| UI/Admin > Fixes a UI issue preventing the addition or removal of a source folder location path. |
| Technical > The Architecture Studio feature is now not available for users who do not have required permissions. Available for those with the admin, application creator, or application owner profiles. |