25.04 Release notes

Instabase 25.04 is a major release that introduces new features, enhancements, and bug fixes.

Subsequent patch releases typically contain bug fixes along with testing, optimizations, security fixes, and other internal changes.

25.04.6

June 10, 2025

This release contained no user-facing changes.

25.04.5

June 10, 2025

This release contained no user-facing changes.

25.04.4

June 6, 2025

This release contained no user-facing changes.

25.04.3

May 30, 2025

Security updates

• Upgraded spring-boot to version 3.4.5 to address CVE-2025-22235.

• Upgraded torch to version 2.6.0 to address CVE-2025-32434.

• Upgraded torch to version 2.6.0 to address CVE-2025-32434.

• Upgraded stdlib to version 1.23.8, 1.24.2 to address CVE-2025-22871.

• Upgraded github.com/mattn/go-sqlite3 to version 1.14.18 to address CVE-2023-7104.

• Upgraded ray to version 2.43.0 to address CVE-2025-1979.

• Upgraded ray to version 2.43.0 to address CVE-2025-1979.

• Upgraded ray to version 2.43.0 to address CVE-2025-1979.

• Upgraded org.eclipse.jetty:jetty-server to version 12.0.12 to address CVE-2024-6763.

• Upgraded github.com/go-jose/go-jose/v4 to version 4.0.5 to address CVE-2025-27144.

• Upgraded stdlib to version 1.22.11, 1.23.5, 1.24.0-rc.2 to address CVE-2024-45336.

• Upgraded stdlib to version 1.22.12, 1.23.6, 1.24.0-rc.3 to address CVE-2025-22866.

• Upgraded stdlib to version 1.22.11, 1.23.5, 1.24.0-rc.2 to address CVE-2024-45341.

Bug fixes

• Fixed an issue where deleting runs would fail with a database error.

25.04.2

May 14, 2025

This version contained no user-facing changes.

25.04.1

May 12, 2025

Enhancements

• You can run accuracy reports on ground truth sets with class names greater than 31 characters.

• Updated the bootstrap library to version 5.

Bug fixes

• Selected fields were unexpectedly deselected when you added arguments to custom functions.

• Deployment runs used the latest AI runtime version regardless of the connected app’s AI runtime version.

• Selected fields were unexpectedly deselected when you added arguments to custom functions.

• Deployment runs used the latest AI runtime version regardless of the connected app’s AI runtime version.

• PDFs were corrupted when processed under certain circumstances.

• Job access issues:

  • You couldn’t access resumed jobs if they were more than 24 hours old in the job service.
  • Searching by job ID didn’t work reliably for certain formats.

• Job log processing experienced issues:

  • Bottlenecks due to queue limitations.
  • Job logs could grow without limits because the maximum queue length configuration was not supported.

• Deleted .keys call in post flow task to reduce Redis CPU usage.

• Fixed missing ibuser attribute in MODEL_SERVICE_OPERATION audit logs.

• Human review did not correctly give some needed warnings.

• Errors with Azure Blob store storage systems were not translated into their corresponding HTTP error codes, but were logged as INTERNAL errors.

Security fixes

• Upgraded spring-boot to version 3.4.5 to address CVE-2025-22235.

• Upgraded spring-boot to version 3.4.5 to address CVE-2025-22235.

• Upgraded Flask to version 2.3.2 to address CVE-2023-30861.

• Removed wget from jaeger image to address CVE-2021-31879.

• Upgraded weaviate golang version to address CVE-2025-30204.

• Upgraded oauth2 to version 0.27.0 to address CVE-2025-22868.

• Fixed vulnerability in weaviate.

• Upgraded oauth2 to version v0.21.0.

• Upgraded keras to version 3.8.0 to address vulnerability CVE-2024-55459.

• Upgraded Gunicorn to version 23.0.0 to fix vulnerability CVE-2024-6827.

• Updated module github.com/golang-jwt/jwt/v5 to v5.2.2 to address vulnerability CVE-2025-30204.

• Resolved CVE-2024-45338: Updated golang.org/x/net to v0.33.0 in weaviate.

• Converted es-exporter to the Wolfi-based image.

• Updated jaeger with stdlib to version 1.19.6 or 1.20.1 (CVE-2022-41724).

• Updated setuptools in jaeger to version 70.0.0 (CVE-2024-6345).

• Updated pygments to version 2.15.1 to address a ReDoS vulnerability (CVE-2022-40896).

• Updated postgresql JDBC driver to address SQL injection vulnerabilities (CVE-2022-31197, CVE-2024-1597).

• Removed ray JAR files containing vulnerable dependencies (CVE-2018-8088).

• Updated netty-handler in table-tservice to 4.1.118.Final (CVE-2025-24970).

• Updated jackson-databind in opensearch from version 2.7.9.2 to 2.9.8 (CVE-2018-19360).

• Updated protobuf-java to 3.21.7 (CVE-2022-3171, CVE-2022-3509, CVE-2022-3510).

• Updated protobuf-java to 4.28.2 (CVE-2024-7254).

• Updated golang.org/x/net in weaviate (CVE-2023-45288).

• Upgraded maven-core package to version 3.8.1 (CVE-2021-26291).

• Upgraded jinja2 to version 3.1.5 (CVE-2024-56201).

• Upgraded the netty-common package to version 4.1.115 (CVE-2024-47535).

• Updated the commons-io:commons-io package to version 2.14.0 (CVE-2024-47554).

• Updated jaeger-agent to 1.62.0 (CVE-2024-8096).

• Updated the langchain package to version 0.2.5 (CVE-2024-8309).

• Removed git from the ray-head Docker image (CVE-2024-32002).

• Resolved CVE-2018-1000021 (no details given).

• Updated jinja package to version 3.1.5 (CVE-2024-56326).

• Updated the springframework#spring-context library to version 6.1.14 (CVE-2024-38820, CVE-2024-38827).

• Updated the crypto package to version 0.31.0 (CVE-2024-45337).

• Updated the jaeger package to version 1.65.0 (CVE-2024-45337).

• Updated the Python tornado package to version 6.4.2 (CVE-2024-52804).

• Updated the redis package to version 4.6.0 (CVE-2023-28859).

• Updated the redis package to version 4.5.3 (CVE-2023-28858).

• Updated the gin package to version 1.9.1 (CVE-2023-29401).

• Updated the ray package to version 2.39.0 (GHSA-78wr-2p64-hpwj).

• Updated the langchain package to version 0.2.10 (CVE-2024-3095).

• Updated werkzeug to version 3.0.6 (CVE-2024-49767).