26.01 (LTS) Release notes

Instabase 26.01 is a major release that introduces security and platform updates.

Subsequent patch releases typically contain bug fixes along with testing, optimizations, security fixes, and other internal changes.

26.01.0

RC January 2026

Security updates

• Upgraded helm.sh/helm/v3 to version 3.18.5 to address CVE-2025-55199.

• Upgraded urllib3 to a safe version to address CVE-2025-66418, CVE-2025-66471, and CVE-2024-37891.

• Applied a vulnerability fix for the Weaviate component to address CVE-2025-10954.

• Upgraded pdfminer.six from v20221105 to v20251107 to address CVE-2025-64512.

• Upgraded langchain-core in api-server and model-service to address CVE-2025-68664.

• Upgraded OpenSearch to 2.19.4 to address CVE-2025-61725.

• Upgraded Scrapy to 2.13.4 to address CVE-2025-6176

• Upgraded Keras to 3.12 to address CVE-2025-12060, CVE-2025-9906, CVE-2025-62593, CVE-2025-62708, and CVE-2025-12058.

• Upgraded Go to 1.24.11 (platform) and 1.25.2 in the Weaviate component to address CVE-2025-61729.

Platform updates

Python 3.11 upgrade

The platform and Python-based images were upgraded to Python 3.11 (previously Python 3.9). This also updates the Python runtime used for running UDFs on the platform. We recommend checking UDF code for any incompatibility due to the updated Python 3.11 runtime. Refer to the Python 3.11 changelog and Python 3.10 changelog for details.

Package upgrades also included in this change are as follows:

• Upgraded html5lib to version 1.1

• Upgraded numpy to version 1.26.4

• Upgraded parsimonious to version 0.10.0

• Upgraded python-pptx to version 1.0.2

• Upgraded pyyaml to 6.0

• Upgraded scikit-learn to 1.5.0

• Upgraded scipy to 1.10.1

• Upgraded regex to 2022.3.15

• Upgraded pandas to 1.5.3

• Upgraded sentencepiece to 0.1.98

• Upgraded yappi to 1.4.0