3.6
3.6.3-funcrel
Note
- An in-place update from previous 3.x releases is supported for Microsoft Windows - see the documentation.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 58404 | A vulnerability scan identified several critical and high-severity CVEs in the "dashboards" component that blocked production deployment due to regulatory requirements. These CVEs have now been resolved via the upgrade of dependencies to patched versions. |
| 58170 | Fixed app-to-app exclusion rules not deleting links as expected - when users defined exclusion rules in the app-to-app configuration (e.g. to exclude links where the callee object type matched specific criteria), the rules were not being applied and links that should have been removed were still present after running app-to-app link generation. Exclusion rules now correctly delete matching links during app-to-app processing. |
| 58317 | A vulnerability scan identified critical and high-severity CVEs in Tomcat and Netty that blocked production deployment due to regulatory requirements. Fixed critical and high CVEs by upgrading Tomcat to 10.1.55. The Netty 4.1.133.Final upgrade is being addressed by Keycloak. |
3.6.2-funcrel
Note
- An in-place update from previous 3.x releases is supported for Microsoft Windows - see the documentation.
Feature Improvements
| Summary | Details |
|---|---|
| UI > New application dropdown list | A new application dropdown has been added to the header bar, allowing users to quickly switch between onboarded applications without navigating back to the landing page. |
Other Updates
| Internal Id | Details |
|---|---|
| IMAGKSL-3232 | Analysis > The "com.castsoftware.java.internal.grep" extension (see the documentation is now automatically installed for new application onboardings, deactivating legacy grep-based dynamic links to database objects in favor of more accurate Java Persistence links. Existing applications are unaffected by this change. |
| IMAGSYS-23878 | Results > Removed the following obsolete boolean fields from the "viewer" SQL Exporter output: is_dao, is_ws, is_thread, is_richclient, is_mvc_m, is_mvc_c, is_transac_cics, and is_transac_ims. These fields are no longer relevant and this cleanup reduces unnecessary data in the export and simplifies the schema. |
| IMAGSYS-24140 | Results > Fixed an issue where the "Export Objects and Links"feature was not working. The export functionality has been restored and operates correctly. |
| IMAGKSL-4746 / IMAGKSL-4774 | Administration > For Microsoft Windows installations, it is now possible to use an "application-default.yml file in "%PROGRAMFILES%\CAST\Imaging\<service-name>" (alongside the existing "application.yml") for the various "imaging-services" services. This file serves as the recommended location for user-specific configuration overrides (e.g., https configuration, email notifications, audit trail settings, standalone deployments). This ensures custom settings are preserved across future upgrades, since only application.yml is overwritten during an update. Note that you may need to create the application-default.yml manually in order to use it. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 56864 | Fixed an issue where the application status incorrectly displayed "Actions Pending" after deleting an old snapshot; the status now only changes to "Actions Pending" when the latest snapshot is deleted. Secondary admin jobs such as backup do not impact the application status on the landing page but can be followed on the settings page. |
| 57283 | Fixed an issue where Fast Scan and Deep Analysis failed due to an application management conflict when source code contained only COBOL-related file extensions (.jcl, .prc, .ctl) that were not listed in the analyzer configuration. |
| 57433 | Fixed an issue where migrated applications could not be deleted in CAST Imaging V3 when the Viewer component was not installed. |
| 56898 | Fixed an issue where the C/C++ analysis unit was not created after migration from V2, causing .cpp files to remain unanalyzed. |
| 56486 | Fixed an issue where the Generate View step failed during full workflow execution but succeeded when run independently. |
| 56495 | Fixed an issue where HTTPS configuration in gateway and auth service for Microsoft Windows installations was reverted to HTTP after upgrading. |
| 57024 | Fixed an issue where resuming a failed analysis via the cog wheel did not correctly set the resume parameter, causing a "Duplicated Package" error instead of properly cleaning up residual data from the previous run. |
Known Issues
| Internal Id | Details |
|---|---|
| IMAGKSL-4807 | After a fresh installation, the first application onboarding may fail with a 403 error and the message 'Unable to perform action, please try again later'. Clicking 'Run Scan' will successfully trigger the scan. This will be fixed in a future release. |
| IMAGKSL-4756 | When using Microsoft Windows installer, if the configuration .conf file does not contain the API key for CAST Extend but does contain the license key, then an Administrator will need to add the CAST Extend API in admin center / system setting (in the UI) before onboarding an application. This will be fixed in a future release. |
Bug Fixes
| Details |
|---|
| Fixed an issue in the Job Status log viewer where clicking on a completed step's tab while a job was still running would automatically switch back to the in-progress step, preventing users from reviewing earlier logs during execution. Additionally, the tab section has been redesigned with clearer visual indicators - status icons now show whether each step is completed, in progress, pending, or interrupted, along with corresponding tooltip messages. This makes it much easier to understand overall job progress at a glance while navigating between steps. |
| Removig some inconsistence job steps labels having capitalization. The job step naming are consistent now. |
| Fixes an issue where the module option ONE_PER_AU used by console tool CLI was not taken in account. |
| Fixes an issue where, after migration and upgrading the Imaging Core, the “New Scan” button remained disabled on the Overview page, while the same option was enabled on the Landing page. |
| Fixes an issue where importing results for an existing viewer-only application failed if the application had been previously renamed. |
| Fixes an issue where for package wise installation, when using remove batch all console folders were not completely removed. |
| Fixes an issue on the Landing page where the size was displayed as N_A while importing application results. It now displays .. initially and updates with the correct size indicator once the information becomes available. |
| Microsoft Windows > Custom HTTPS configurations added to the keycloak.conf as part of enabling HTTPS for CAST Imaging are now preserved when upgrading to a new release. Previously, custom Keycloak configuration was lost after an update. |
3.6.1-funcrel
Note
- An in-place update from previous 3.x releases is supported for Microsoft Windows - see the documentation.
Other Updates
| Internal Id | Details |
|---|---|
| IMAGSYS-23852 | Resolved three OpenSSL CVEs (1 Critical – CVE-2025-9230, 2 High) in the AI service component by upgrading OpenSSL libraries. |
| IMAGSYS-23899 | Ongoing CVE remediation for all Imaging Viewer components based on scan reports. Addresses known vulnerabilities. |
| IMAGSYS-23892 | Fixed a regression where the Roles feature (role-based filters in global search, third-party components, Characteristics, and transaction search) was non-functional after upgrading to 3.6.0-funcrel. The root cause was build scripts referencing outdated 3.5.0-funcrel PackageReference artifacts; scripts now dynamically resolve the correct artifacts. |
| IMAGSYS-23915 | Upgraded the bundled Neo4j database to version 2026.03.1, picking up the latest fixes and security patches from the upstream graph database. |
| DASHBOARDS-5532 | Addressed known CVEs in the Dashboards identified via scan reports, ensuring all critical and high-severity vulnerabilities are resolved for the 3.6.1-funcrel release. |
| IMAGKSL-4673 | Addressed known CVEs (Common Vulnerabilities and Exposures) identified through daily security scans across multiple CAST Imaging backend services. Affected services: SSO Service, Gateway, Auth Service, Control Panel, Console. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 57967 | Fixed an issue where the ETL import would fail during the "Identification of deleted Transaction Links" step with a MemoryPoolOutOfMemoryError from Neo4j. The APOC iterate query could exceed the transaction memory limit on large applications, causing the entire import to abort. |
| 58035 | Fixed inconsistencies where the number of callers/references for an object differed between downloaded reports (e.g. Most Referenced Objects) and CSV exports from the Advanced Search UI. Counts are now consistent across all export paths. |
| 57956 | Fixed a bug where API key authentication only worked for GET requests against the Dashboard REST APIs (tags, common-categories) but failed for PUT operations, forcing users to fall back to cookie-based authentication. API key authentication now works for both GET and PUT operations. |
| 57801 | Fixes the Reference pattern detection missing for Go technology, causing absent links to PostgreSQL databases. |
Known Issues
| Internal Id | Details |
|---|---|
| IMAGKSL-4731 | File exclusion fails on Windows in CAST Core 8.4.10. Workaround : Manually place the 7za.exe executable at the root of the 8.4.10 installation directory. |
3.6.0-funcrel
Note
- An in-place update from previous 3.x releases is supported for Microsoft Windows - see the documentation.
Shared folder access requirements updated:
The console service (part of "imaging-services") now requires direct read/write access to shared folders (delivery, deploy, common-data) alongside the "analysis-node" component/service. Please verify your deployment. For Microsoft Windows both services must run under the same service account with appropriate ACLs and mapped network drives. The installer now warns if shared-folder access is misconfigured. See Software requirements, Disk space requirements and Storage locations.
New Features
| Summary | Details |
|---|---|
| Technical > Resume failed "viewer" results import from the last completed step | Introduced "viewer" result import checkpoint mechanism that stores the last successfully completed pipeline step and a ZIP content checksum in Neo4j, allowing failed or interrupted import processes to resume instead of restarting from scratch. If a different ZIP is uploaded (checksum mismatch) or the checksum file is missing, the checkpoint is automatically cleared and a full import is run to avoid stale data. A "?force=true" parameter is also available to explicitly clear any existing checkpoint and force a full re-import. |
| Technical > Audit trail for key application/domain lifecycle events | Added an audit trail that records JSON-based events for key application operations (delete, rename, fast scan, deep analysis, and import to Viewer) along with domain operations (create, update, delete, attach), logging who performed the action, when, the result (CREATED/SUCCESS/FAILURE/CANCELED), and application details. Events are written to an audit file with automatic rotation and configurable retention, improving traceability and compliance. See the documentation. |
| UI (viewer) > Application executive summary report | Introduced a new "Application Executive Summary" report in the Reports dialog, offering a concise, executive-level overview of the application. This report complements existing CAST Imaging Discovery and AI Functional reports, providing key insights for stakeholders without requiring navigation through detailed technical sections. Users can access it by opening the Reports dialog and selecting Application Executive Summary. An AI provider API key is required to use this report. See the documentation. |
| UI > Configure analysis options pre-analysis | After onboarding and the initial fast scan, CAST Imaging now lets you adjust key analysis options before running the first full analysis: enable/disable Security Dataflow, choose how modules are created (full content, per technology, or per analysis unit), and configure technology‑specific options for Mainframe, JEE, and C/C++. These options apply only to applications scanned in this release (not applications that were created in previous releases) and currently exclude adding Security Dataflow black boxes or changing ignored file extensions. |
| UI (viewer) > Guided graph tour to explain graph elements | Introduced an in‑app Guided Graph Tour that helps users understand key elements of the application graph. The tour appears as a non‑blocking panel in the bottom‑right of the graph view, launches automatically for first‑time users (and can be reopened from the icon), and walks through nodes (with all seven node sub‑types), direct and indirect links, and node badges (Post‑it, Count, A2A, Start/End Point). Each step highlights the relevant elements on the graph and provides controls to navigate the tour while continuing to interact with the graph. See the documentation. |
| Technical > Swagger API documentation | Added an authenticated Swagger UI for CAST Imaging at "/api-docs/index.html", providing interactive documentation for Public API, Console, and Control Panel endpoints. Users can browse all available APIs and execute requests directly from Swagger (including authenticated calls), ensuring the documentation always reflects the deployed APIs. |
Feature Improvements
| Summary | Details |
|---|---|
| UI (viewer) > Transaction search (start/end point role) | New Start Point Role and End Point Role filters for transaction searches have been added, using the same hierarchical parent–child role structure as the CAST Imaging global search. Users can select parent roles (which automatically include all child roles) or individual child roles, and the transaction list will show only transactions whose start or end points are associated with the selected roles. Roles information is available for applications imported with ≥ 3.6.0-funcrel. See the documentation. |
| UI (viewer) > Role filters for search and other modals | A "Role" filter has been added across various features within CAST Imaging (global search modal, third-party components list, Characteristics (right-panel), Application Discovery Report), allowing users to filter results by functional roles (parent and child roles, with multi‑select and parent‑select‑all behavior) so that only objects matching the selected roles are returned. See the global search modal documentation or the Third-party components feature as an example. |
| UI (viewer) > Characteristics improvements | A new Link Category property under "Characteristics" (right-panel) has been added, showing how links are classified as Static, Dynamic, or Remote based on link type and how each category maps to its corresponding sub‑category (for example, "Link Category: Static – inherit"). This is available for application results generated with 3.6.0-funcrel or later. |
| UI (viewer) > Exclude unused third‑party components | A new quick filter has been added to the Third‑Party Components view that hides components detected in the application but not used by any application objects, helping users focus on relevant, actually‑used components. See the documentation. |
| UI (viewer) > AI generated report | The AI generated functional report has been updated to enhance the AI-based Functional Report by providing clearer and more actionable insights. The revised version emphasizes summarization of key application workflows derived from transaction summaries and refines the Inputs/Outputs section to include relevant third-party components. The overall structure and presentation have been aligned with the latest documentation and visualization standards to ensure consistency across modules. See the documentation. |
| UI (viewer) > Data Sensitivity tiles | Added dedicated tiles in the Overview/Welcome page for CAST Sensitive Data, GDPR Sensitive Data, PCI‑DSS Sensitive Data, and Custom Sensitive Data, plus a Sensitivity Level filter (Highly sensitive / Very sensitive / Sensitive) so users can quickly locate and review sensitive tables across their applications. See the documentation. |
| UI (viewer) > Rename transactions and data call graphs | It is now possible to edit and rename Transactions/Data Call Graphs, with changes reflected across the left/right menus and searchable via both original and custom names. See the documentation. |
| UI (viewer) > Search modal improvements | A series of UI/UX improvements have been added in this release to CAST Imaging's search modals used throughout the product, addressing collected user feedback to make searching faster and more intuitive. See example global search documentation. |
| Technical > Parallel job execution | It is now possible to increase the default number of parallel jobs (2) that can be executed by CAST Imaging. See the documentation. |
| UI (viewer) > Transaction/Data Call Graph search improvements | A new "Transaction Status" column has been added to the Transaction/Data Call Graph search modal, indicating whether each transaction is Added, Modified, or Unchanged compared to the immediately previous analysis, with a multi‑select status filter and support for past analysis dates (for applications imported with ETL ≥ 3.2.0). See the documentation. |
| UI (analysis configuration) > Use exclusion templates in file filter | The File Filter option available in the Analysis Configuration - Overview page now lets users apply predefined exclusion templates created in Admin > Global configuration, making it easier to reuse standard exclude patterns instead of configuring them manually per application. See the documentation. |
| UI (viewer) > Right panel: About this view | Introduced a new "About this view" section in the right panel, consolidating existing view information and the AI-generated summary into dedicated tabs ("What’s this view" and "AI summary"), with support for generating/regenerating summaries, saving them as post-its, and viewing the content in an expandable window. See the documentation. |
| UI (viewer) > Optional Endpoint URL for OpenAI provider in AI Settings | Added an optional Endpoint URL field when registering OpenAI as an AI provider. This allows users who self-host OpenAI-compatible models (e.g., GPT OSS 120B) to point to their own server endpoint. When no endpoint URL is provided, the standard OpenAI API endpoint is used by default. |
| UI (viewer) > Characteristics panel community node naming helper | A "More Info" popup for Community objects in the Characteristics panel has been added, explaining how each Community is formed and grouped (per technology such as Java, ABAP, or COBOL). The popup is available only for "Community" nodes and is accessed via the info icon next to the Community name. See the documentation. |
| UI (viewer) - Structural Flaws UI improvements | A new step‑based (accordion) representation of multiple violation paths has been introduced for the Structural Flaws UI, replacing the existing object graph view. See the documentation. |
| UI (viewer) > App to App Dependencies search improvements | The App‑to‑App Dependencies search behavior has been improved: search results list all applications with a "Visualize" option and a checkbox next to each application, allowing users to select one or more applications directly from either the full or filtered results list. See the documentation. |
| UI (viewer) > Third-party components | Updated the Third‑party components table to show an "Impacted objects column" (with tooltip) (the existing generic "Object count" column has been removed), and sort the table by impacted object count by default so users can immediately see which components affect the most objects. See the documentation. |
| UI (viewer) > Status column and filters for transaction and data call graph search modals | Added a Status column and filters to the Transaction and data call graph search modals to show how items have changed between analyses (Added / Modified / Unchanged). The column includes tooltips explaining each status for transactions and data call graphs, and a multi‑select Status filter is now available in the data call graph search modal to quickly focus on specific change types. |
| UI (viewer) > Compare feature enabled for saved views | Added historic comparison for saved views: users can load read‑only historical versions for a given analysis date, see only views valid on that date, and compare the latest saved view with any previous version. Differences in objects and links are highlighted (added/modified/deleted) within the saved view, with states automatically updated when underlying analyses are deleted. See the documentation. |
| Technical > Separate Keycloak admin login and service account | Introduced a dedicated Keycloak UI admin user "kcadmin" (can be customized during a fresh install using a KEYCLOAK_LOGIN_ADMIN_USER variable) with a forced password change on first UI login, while keeping the existing "admin" account as an internal service account only. See the documentation. |
| UI (viewer) > Tag use in custom aggregations | Introduced enhanced tagging behavior in custom aggregations: it is now possible to add tags to aggregated nodes, have those tags persist after saving, use them in search and filter options where applicable and access tag options from the custom aggregation toolbar.Note that tags and post‑its on custom nodes are searchable only once the custom aggregation is published. See the documentation. |
| Technical > Improvements to feature availability when no "analysis-node" is available | When no analysis-nodes are available, CAST Imaging now disables only job‑related actions (onboarding, rescan, run analysis, etc.) with a tooltip explaining the service is unavailable, while keeping other admin features (Global configuration, Extensions strategy, System settings, etc.) accessible (in contrast to previous releases). However, certain sections of the UI that rely on the node (e.g., Black Box in Security Dataflow, Snapshot strategy, application support log downloads) are hidden or disabled to avoid confusion. |
| Technical > Support for in-place updates for Podman | Support has been added for in-place updates to new releases of CAST Imaging when using the Podman container system. Support is available for updating from 3.5.x-funcrel (or later) to a newer release of CAST Imaging. See the documentation. |
| UI (viewer) > Application Discovery Report content | Updated the Application Discovery Report content, including: a Programming Languages overview (files, LOC, sizes by language), Impacted Objects Count for third‑party components, a Database Inventory summary table, an Actionable Insights section (top performance, security, Green IT, and cloud issues), clickable "View in Imaging" links for each graph, grouped multi‑link interactions, offloaded detailed tables to Excel/CSV, and focusing the Word report on Critical and High CVEs only. See the documentation. |
| UI (viewer) > triggeredBy link property | A new "triggeredBy" property will be shown in link characteristics for SQL queries, indicating which element or event triggers a given link, so users can better understand and analyze link behavior. See the documentation. |
| UI (viewer) > Application Report styling improvements | Refined the Application Discovery Report styling and layout, including a redesigned cover page (header, date format, alignment), improved index (leader dots, indentation, clickable navigation), modernized tables (colors, padding/margins, sticky headers), standardized font sizes and heading conventions, removed unnecessary page breaks for a continuous flow, and expanded section descriptions for clearer explanations of each view. See the documentation. |
| UI > About dialog improvements | Updated the About dialog to display package names, versions, and build numbers for key components (Imaging Services, Analysis Node, Imaging Viewer, and Dashboards), making it easier to verify installed versions for support and troubleshooting. |
Other Updates
| Internal Id | Details |
|---|---|
| IMAGSYS-21880 | UI (viewer) > Updated App‑to‑App view terminology so the scope previously labelled "Search in CAST Imaging" is now called "Search Applications", improving clarity and consistency in the search UI. See the documentation. |
| IMAGSYS-22923 | UI (viewer) > Reintroduced the ability to bulk add tags and post‑its to multiple objects by uploading a filled‑in template from the "Upload" tab in "Bulk Tag / Post-it" on the "Customize Results" page, including options to link or unlink post‑its to modules through Advanced Configuration. This feature was disabled in previous releases. See the documentation. |
| IMAGSYS-22008 | UI (viewer) > Switched the UI from "sidebar drawers" to floating dialogs for Call Hierarchy, Start/End points, and Update Transaction features, plus revised fallback pop-up messages when no results are available. |
| IMAGSYS-23145 / IMAGKSL-4346 | UI > Aligned the CAST Imaging branding with current marketing guidelines by updating the logo and font. |
| IMAGSYS-22499 | UI (viewer) > Historic analysis deletion: users can now select and delete up to five analyses at once via the updated UI, with a confirmation prompt before final removal, while ensuring at least one base analysis always remains for each application. |
| IMAGSYS-21887 | UI (viewer) > Refined context‑menu labels and tooltips in the App‑to‑App Dependency view for application nodes, including renaming options like "View external libraries" to "View external objects" and "View orphans" to "View orphan objects," and using "application" instead of "object" where applicable. Mixed selections that include non‑application nodes continue to use the original "objects" terminology. |
| IMAGKSL-4523 | Shared folders > Requirements have been updated to ensure that the "console" service (part of "imaging-services") has direct read/write access to shared folders (delivery, deploy, common-data) alongside the "analysis-node" component (see the documentation. For Linux/Kubernetes deployments, both services must share a File Storage (RWX) volume and run with the same container UID. For Windows deployments, both services must run under the same service account with appropriate ACLs and mapped network drives, and the installer now warns if shared-folder access is not correctly configured. |
| IMAGSYS-22396 | UI (viewer) > Enabled bulk "Tag all" and "Download all" actions for Cypher search results, allowing users to tag or export all returned items in a single operation. These options were disabled in previous releases. |
| IMAGSYS-22160 | UI (viewer) > Multi-selection of transactions for defining aggregated nodes has been enabled (previously only single transactions could be selected) .Selecting multiple transactions (i.e. X and Y) will return all objects from transaction X + all objects from transaction Y and selections can be combined with other filters. This is particularly useful for customers that want to create a functional group comprised of multiple entry-points (of multiple transactions). NOT, AND and OR operators are provided in the custom node dialog to further filter the required transactions. |
| IMAGSYS-21913 | UI (admin) > Refined the Admin Center panel for App‑to‑App dependency settings, updating section and table headings and adding previously missing table headers so the UI terminology and help content are clearer and fully aligned. See the documentation. |
| IMAGSYS-22955 | UI (viewer) > Improvements made to predefined views so they now have dedicated, persistent URL routes (instead of redirecting to a generic search view) and a read‑only Type field in the Investigate menu, covering views such as RDBMS Object Inventory, Database Storage Objects, Database Access View, and the various Sensitive Data views. |
| IMAGSYS-21886 | UI (viewer) > Updated right‑panel labels and tooltips in the App‑to‑App Dependency view to better describe applications and their interactions, including renamed tag subsections (Application Object Properties, Application Technologies, User Defined) and improved guidance in header, tags, and characteristics sections. These changes apply only to the App‑to‑App Dependency view, not to other predefined scopes. |
| IMAGSYS-21980 | UI (viewer) > Added new tooltips for Level 1 - Level 5 in the left navigation panel, clarifying the meaning of each level to improve usability and discoverability. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 56215 | Improved Services view performance and timeouts so large customer datasets now load reliably within acceptable time. |
| 57701 | Removed the confusing “version name” in Dashboard v3 for scans/rescans, hiding internal technical versioning from end users. |
| 48610 | Fixed inconsistencies in LOC figures between the Management Dashboard and the “Module’s Complexity” report. |
| 56722 | Ensured data sensitivity indicators are consistently available at column level, not just at table level. |
| 57350 | Fixed failures in generated views, ensuring views can be created successfully. |
| 55489 | Standardized “M lines of code” labelling across products to remove “m/M” typography inconsistencies. |
| 56711 | Clarified and corrected relationship counts between v2 and v3.5.2 migrations, aligning CAST Imaging UI with exported link counts. |
| 57094 | Fixed "viewer" history deletion so analysis history can now be reliably purged without backend errors. |
| 56958 | Fixed "viewer" upgrade failures related to Neo4j 5 "–update" flag handling, improving reliability of viewer upgrades. |
| 56674 | Corrected missing table‑column children and enabled “open in new view” from table columns to support deeper drill‑downs. |
| 56312 | Now, System Settings and Extend Strategy are accessible independently from the Analysis Node. |
| 57540 | Fixed export of objects and links from drilled‑down app‑to‑app dependency views to CSV/XLSX so large exports no longer fail. |
| 55050 | Ensured updated object names are correctly synchronized after re‑imports or rescans, so CAST Imaging reflects latest analysis results. |
| 57595 | Fixed an issue where uploading configuration rule files containing "type=Generic sets" could fail with a "NoResultException" during analysis. Custom TCCSetup files using Generic Sets (including add, delete, and import) are now fully supported restoring the behavior available in Imaging Console V2. |
| 56935 | Fixed incorrect C# - SQL mappings and ensured CAST Imaging reflects updated relationships after DLM changes. |
| 56673 | Improved Imaging import performance for medium and small applications, significantly reducing import and generate‑views times. |
| 56685 | Resolved missing SQL query details when clicking JPQL links so that underlying queries are now visible in CAST Imaging views. |
| 54965 | Users can now configure mainframe technology options before running the first analysis. |
| 56541 | Addressed failures in “Generate Views” caused by Neo4j memory‑limit issues, improving robustness for large databases. |
| 56730 | Resolved an issue where searching for objects of type "SQL Server Table Column" returned no results even when the "Table columns as objects/nodes" option was enabled. The underlying Neo4j search query now correctly includes the TableInfo label, ensuring table column objects appear in search results as expected. |
| 57018 | A new icon in the File Filter (next to the expression field) allows to apply predefined exclusion templates to exclusion patterns. |
| 57069 | Corrected the contributed‑indicator tooltip for ISO 5055 CWEs so it now lists the correct contributing indices and criteria, aligned with standalone dashboards. |
| 56219 | Restored missing JPA entity objects in Level‑5 drill‑downs so all JPA entities are visible according to their correct level and type. |
| 56489 | Fixes the issue preventing users from adding file extensions to Mainframe AU and having them analyzed. |
| 56350 | Ensured Green IT tiles are enabled by default in Dashboard Docker images by updating initialization scripts to inject the required panels automatically. |
| 57656 | Reworked the exporter to use streaming reads instead of loading all data in memory, reducing exporter memory usage to ~140 MB for most tasks and improving reliability on very large datasets. |
| 55364 | Provided and fixed support for running v2 Standalone Dashboards on Google Cloud SQL Proxy without a database password, including configuration updates for domain and application properties. |
| 57020 | Corrected missing links in complex search views when adding objects via regex, so all expected relationships are displayed. |
| 56973 | Fixes the issue preventing the Analysis Node from being updated when using a secure connection. |
| 56844 | Enabled adding tags to applications directly from the V3 Infrastructure Dashboard, ensuring the tag button and flow work as expected. |
| 54010 | Fixes an out‑of‑memory error when installing on a FIPS‑enabled PostgreSQL database. |
| 57572 | Fixed missing drop‑down controls in the Management Dashboard’s module treemap so users can consistently navigate module views. |
| 52834 | Reduced app‑to‑app dependency link‑generation time for very large environments by optimizing long‑running REST‑scanning steps. |
| 57098 | Resolved cases where imported applications showed “No object found” at all levels despite successful analysis, ensuring objects appear correctly in dashboards. |
Known Issues
| Internal Id | Details |
|---|---|
| IMAGKSL-4656 | Microsoft Windows > When upgrading from a previous version installed at a custom location, the upgrade process incorrectly looks for ProgramData at the default path (C:\ProgramData\CAST\Imaging) instead of the custom location specified in the .install folder, causing the upgrade to fail. This will be addressed in a future release. |
| IMAGSYS-23833 | Docker/Podman > Custom port configuration is not supported. This will be addressed in a future release. |
| IMAGKSL-4439 | For migrated applications that are not managed, the analysis options are not available prior to running the first analysis. This will be addressed in a future release. |
| IMAGKSL-4677 | The update process to 3.6.0-funcrel may fail at the control-panel-service step for some early V3 customer installations (particularly environments created before the move of "analysis_node" schema to "control_panel"). The failure is triggered by a PostgreSQL/Liquibase error with duplicate key violation on properties_pkey (e.g., Key (id)=(2) already exists) during the update process. Workaround: run the following SQL query against the "control_panel" schema to resynchronize the "control_panel.properties.id" sequence, then re-run the update: SELECT setval(pg_get_serial_sequence('control_panel.properties', 'id'), COALESCE((SELECT MAX(id) FROM control_panel.properties), 0) ); |
| IMAGKSL-4655 | When uploading a configuration file containing custom rules, all previously defined custom rules are removed. For example, uploading a file with a "Generic set" custom rule will delete any existing custom rules such as transaction entry points. This will be addressed in a future release. |
| IMAGSYS-23892 | Microsoft Windows > The new feature where object "roles" have been made available in various parts of the UI (e.g. in global search) does not currently function. This will be fixed in a future release. |
| IMAGKSL-4525 | Microsoft Windows > When performing an uninstallation in a distributed installation,folders under "ProgramData" and "Program Files" are not completely removed. A manual cleanup of these folders is required before performing a fresh installation. This only impacts uninstallation of 3.6.0-funcrel and will be addressed in a future release. |
| IMAGKSL-4535 | Microsoft Windows > If the service account (used to run the Microsoft Windows services) password contains special characters (e.g. !), the installer or updater may fail to create the service correctly. As a workaround, the service password must be updated manually after installation. This will be addressed in a future release. |
| IMAGKSL-4464 | Changes made to file extensions under Analysis Configuration are not taken into account. This will be addressed in a future release. |
Bug Fixes
| Details |
|---|
| Technical > The authentication service no longer requires certificate files when using basic SSL mode. |
| Technical > Improved admin‑center responses so monitoring data remains available even when some nodes are down. |
| Technical > Corrected user permission handling so rights are revoked when a profile is downgraded. |
| UI (admin) > Updated icons so admin groups and the admin user are visually distinct in the User Permission/ Users section. |
| Technical > Optimized snapshot indicators generation to reduce database disk usage and prevent “disk full” errors. |
| Technical > Removed spurious session reload warnings when accessing the Engineering Dashboard. |
| UI (admin) > Improved the Extension Strategy page UI for better readability and usability. |
| UI (viewer) > Aligned the header submenu on admin pages rendered by the Imaging Viewer with other admin pages so that "Profile" opens the correct user page, "About" shows version information, and "Logout" uses the standard sign‑out flow, ensuring consistent and context‑relevant options across all admin pages. |
| Technical > Fixed the “Refresh extension cache” operation so extension data is properly refreshed. |
| Technical > Fixed inconsistencies in the “Logout from all sessions” feature. |