25.01 Release notes

Instabase 25.01 is a major release that introduces new features, enhancements, and bug fixes.

Subsequent patch releases typically contain bug fixes along with testing, optimizations, security fixes, and other internal changes.

25.01.14

April 16, 2025

This release contained no user-facing changes.

25.01.13

April 11, 2025

Security updates

• Upgraded keras to version 3.8.0 to address vulnerability CVE-2024-55459.

• Upgraded Gunicorn to version 23.0.0 to fix vulnerability CVE-2024-6827.

• Updated module github.com/golang-jwt/jwt/v5 to v5.2.2 to address vulnerability CVE-2025-30204.

• Removed wget from Dockerfile to fix vulnerability CVE-2021-31879.

25.01.12

April 9, 2025

No changes included with this release.

25.01.11

April 5, 2025

No changes included with this release.

25.01.10

April 2, 2025

Bug fixes

• You couldn’t access resumed jobs if they were more than 24 hours old in the job service.

• PDFs were corrupted when processed under certain circumstances.

• Job log processing experienced bottlenecks due to queue limitations.

Security updates

• Resolved CVE-2024-45338 | Updated golang.org/x/net to v0.33.0 in weaviate.

• Converted es-exporter to the Wolfi-based image.

• Resolved CVE-2024-45338 | Updated golang.org/x/net to v0.33.0.

25.10.09

March 28, 2025

Bug fixes

• Job logs could grow without limits because the maximum queue length configuration was not supported.

25.10.08

March 28, 2025

This release contained no changes.

25.01.7

March 19, 2025

Security updates

• Updated jaeger with stdlib to version 1.19.6 or 1.20.1. CVE-2022-41724

• Updated setuptools in jaeger to version 70.0.0. CVE-2024-6345

25.01.6

March 19, 2025

This release contained no user-facing changes.

25.01.5

March 12, 2025

Security updates

• Updated pygments to version 2.15.1 to address a ReDoS vulnerability. CVE-2022-40896

• Updated postgresql JDBC driver to address SQL injection vulnerabilities. CVE-2022-31197, CVE-2024-1597

• Removed ray JAR files containing vulnerable dependencies. CVE-2018-8088

Bug fixes

• Deleted .keys call in post flow task to reduce Redis CPU usage.

25.01.5

March 12, 2025

This release contained no user-facing changes.

25.01.4

March 6, 2025

This release contained no user-facing changes.

25.01.3

March 6, 2025

Bug fixes

• Fixed missing ibuser attribute in MODEL_SERVICE_OPERATION audit logs.

Security updates

• Updated netty-handler in table-tservice to 4.1.118.Final. CVE-2025-24970

• Updated jackson-databind in opensearch from version 2.7.9.2 to 2.9.8 to address a critical vulnerability related to polymorphic deserialization of the axis2-transport-jms class. CVE-2018-19360

25.01.2

February 27, 2025

Bug fixes

• Fixed missing ibuser attribute in MODEL_SERVICE_OPERATION audit logs.

Security updates

• Updated netty-handler to 4.1.118.Final. CVE-2025-24970

• Updated jackson-databind to 2.9.8. CVE-2018-19360

• Updated protobuf-java to 3.21.7. CVE-2022-3171, CVE-2022-3509, CVE-2022-3510

• Updated protobuf-java to 4.28.2. CVE-2024-7254

• Updated golang.org/x/net in weaviate. CVE-2023-45288

Release 25.01.1

Generally available February 25, 2025

Enhancements

• You can run accuracy reports on ground truth sets with class names greater than 31 characters.

Bug fixes

• Human review did not correctly give some needed warnings.

• Errors with Azure Blob store storage systems were not translated into their corresponding HTTP error codes, but were logged as INTERNAL errors.

• Updated the bootstrap library to version 5.

• Searching by job ID didn’t work reliably for certain formats.

Security fixes

• Resolved [CVE-2021-26291] | Upgraded maven-core package to version 3.8.1.

• Resolved CVE-2024-56201 | Upgraded jinja2 to version 3.1.5.

• Resolved [CVE-2024-47535] | Upgraded the netty-common package to version 4.1.115.

• Resolved [CVE-2024-47554] | Updated the commons-io:commons-io package to version 2.14.0.

• Resolved [CVE-2024-8096] | Updated jaeger-agent to 1.62.0.

• Resolved [CVE-2024-8309] | Updated the langchain package to version 0.2.5.

• Resolved [CVE-2024-32002] | Removed git from the ray-head Docker image.

• Resolved [CVE-2018-1000021]

• Resolved [CVE-2024-56326] | Update jinja package to version 3.1.5.

• Resolved [CVE-2024-38820], [CVE-2024-38827] | Updated the springframework#spring-context library to version 6.1.14.

• Resolved [CVE-2024-45337] | Updated the crypto package to version 0.31.0.

• Resolved [CVE-2024-45337] | Updated the jaeger package to version 1.65.0.

• Resolved [CVE-2024-52804] | Updated the Python tornado package to version 6.4.2.

• Resolved [CVE-2023-28859] | Updated the redis package to version 4.6.0.

• Resolved [CVE-2023-28858] | Updated the redis package to version 4.5.3.

• Resolved [CVE-2023-29401] | Updated the gin package to version 1.9.1.

• Resolved [GHSA-78wr-2p64-hpwj] | Updated the ray package to version 2.39.0.

• Resolved [CVE-2024-3095] | Updated the langchain package to version 0.2.10.

• Resolved [CVE-2024-49767] | Updated werkzeug to version 3.0.6.