3.3
3.3.0-funcrel
Note
- An in-place update from previous 3.2.2-funcrel or 3.2.3-funcrel releases is now supported for Linux via Docker installations - see the documentation.
- Migration from CAST Console/CAST Imaging 2.x is not supported for Linux via Docker installations.
- Embedded Dashboard release = 2.13.2-funcrel (additional Dashboard fixes/changes are provided in this release and are detailed below prefixed with "Dashboards").
- Embedded CAST Imaging Core release = 8.4.3 (all fixes/updates are listed below prefixed with "CAST Imaging Core 8.4.3").
- Security fixes included are listed in Security fixes.
New Features
| Summary | Details |
|---|---|
| Dashboards: Security Dashboard now available | The Security Dashboard is now provided as standard alongside the Management and Engineering Dashboards and can be accessed from the Application landing page via the Actions menu providing you have an appropriate license key. |
| Results: Support for AWS Bedrock AI | CAST Imaging can now supports AWS Bedrock AI services to power its AI features. An IAM access key/secret key pairing, a service location/region (such as us-east-1) and an LLM provider model ID are required. See AI Settings. |
| Results: Application discovery report | It is now possible to export a top-level report to Microsoft Word format, containing basic information about the contents of your application. See Generating an application report. |
Feature Improvements
| Summary | Details |
|---|---|
| Results > Historical "time travel" feature | The object and link historical "time travel" feature has been restructured and redesigned (in comparison to v. 3.2.x-funcrel). You can find out more about this in the documentation. |
| Results > Object and link historical comparison feature | The object and link historical comparison feature has been restructured and redesigned (in comparison to v. 3.2.x-funcrel). You can find out more about this in the documentation. |
| Settings: Enable/Disable the display of table column as node in viewer for an application | Adminstrator can now enable or disable the display of table columns as objects for one or multiple applications - see the documentation. |
| Technical: Support for Oracle Forms/Reports technology. | CAST Imaging v3 now supports the analysis of Oracle Forms/Reports technology via the extension com.castsoftware.formsreport. |
| Results: improved application statisics display | Application statistics (LOC values, number of transactions etc.) are now displayed at the top of the Overview/Welcome page when consulting results. See the documentation. |
| Administration: Assign applications to domains | It is now possible to assign an application to a domain from the application landing page via the "Assign to domain" action menu - previously this was only possible from the Administration settings panel. |
| Installation: Separation of the "dashboards" component | It is now possible to choose to install the CAST Dashboards (Engineering/Management) as a separate standalone component. Previously, this component was provided as part of the "imaging-services" component and was therefore always installed. Now, if you are not licensed for CAST Dashboards or you are not interested in them, you can choose not to install them. See Installation on Microsoft Windows. |
| Results: Data Sensitivity display | The display of Data Sensitivity indicators has been improved and available for table columns and other objects (custom indicators) in the Characteristics right panel. |
| Dashboards: New report for CWE Top 25 2024 | A new CWE Top 25 2024 has been added to the PDF report generation feature available in the Engineering Dashboard. |
| Dashboards: Improve LOC value display in tiles in dashboard | The LOC values available in tiles in all dashboards will now show both new (66071) and old (10151) metric IDs. Drill-downs continue to show the old (10151) metric ID. Tool tip info bubbles have been updated to explain the change. See Size Indicator tiles - Management Dashboard and Application Components tile - Engineering Dashboard. |
| Dashboards: New report for STIG V6 standard | A new STIG V6 report has been added to the PDF report generation feature available in the Engineering Dashboard. |
| Results: Improved structural flaws presentation | The way in which structural flaws are displayed direct from the "Improve application quality" tiles in the "Welcome page" has been improved with the addition of an intermediate page listing all rules and all flaws, therefore making it easier to navigate and find the objects containing the flaws. See the documentation. |
| Results: Complete and Incomplete transactions filter | When searching for transactions via the custom view search, it is now possible to filter on Complete (with end-points) and Incomplete (without end-points) transactions. |
| Technical: Support for PowerCenter technology | CAST Imaging Core 8.4.3: The analysis of PowerCenter technology via the User Community extension com.castsoftware.uc.powercenter is now supported. |
| In-place update improvements | The process of updating to a new release of CAST Imaging has been improved: an update script is now provided that will handle all actions automatically (previously a manual update process was required using docker compose) - see the documentation. |
Other Updates
| Internal Id | Details |
|---|---|
| IMAGKSL-2668 | The Keycloak authentication component has been updated to v. 26.0.x. |
| IMAGSYS-18493 | Results: A minor update has been implemented to ensure that when multiple items are selected in the view, and then the right click menu option Add Dependencies > Add Parent or Add > Children is chosen, the action applies to all selected nodes. Currently the action is applied to only one of the selected items. |
| IMAGSYS-18357 | Results: A minor update has been implemented to change the location where Data Sensitivity information is provided. Previously this information was made available in the right-panel under "Additional Details": now this information is displayed in the Characteristics section in the same panel. You can find out more about Data Sensitivity here. |
| IMAGSYS-18002 | Results: A minor update has been implemented to change the default drill-down behaviour when double-clicking a node at Level 5: previously the behaviour was to display objects using the "Expand objects with caller/callee, group by communities" option where objects are grouped together, however the new behaviour is to use the simple "Expand objects" option. The same applies when double clicking items at object level. The previous "communities" drill-down behaviour is still available at object level via the "Drill mode options" option in the left panel. |
| AIPCORE-5437 | CAST Imaging Core 8.4.3: Add Mainframe related file extension *.ctl (JCL Control Cards) to the list of recognised file extensions. This is required for com.castsoftware.mainframe 1.6 and above. |
| AIPLITE-1427 | CAST Imaging Core 8.4.3: Fixes an issue causing many false violations for the Mainframe rule "Avoid Programs with lines exceeding the maximum length of characters" (5138). |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 52016 | Transaction call graph for very large graph now displays an accurate message to the user, explaing the existing limits. It is possible to view an optimized version of the graph (which excludes the external objects). |
| 50864 | Dashboards: Fixes various Spring related security violation for versions 5.7 prior to 5.7.13, 5.8 prior to 5.8.15, 6.0 prior to 6.0.13, 6.1 prior to 6.1.11, 6.2 prior to 6.2.7, and 6.3 prior to 6.3.4. |
| 50801 | Dashboards (HD/MD): Fixes an issue causing the Technical size value to be displayed as null. |
| 50917 | Dashboards (ED): Fixes an issue where the sort option does not function correctly in the exclusion list. |
| 50938 | Dashboards: Fixes an issue where an incorrect download link is provided when using the "Check for update" option. |
| 51086 | Dashboards (ED): Fixes an issue causing the need to action a manual reload after removing re-solved violations. |
| 51307 | Dashboards (ED): Fixes an issue where the Size Snapshot comparison displays percentage instead on numeric value (for ISO view). |
| 51573 | Dashboards (ED): Fixes an issue causing performance issues while loading the violations. |
| 51737 | Dashboards (ED): Fixes an issue where the CWE Assessment Model (added in the latest release of the com.castsoftware.owasp-index extension) is missing from the Security Dashboard. |
| 51885 | Results: Fixes an issue where technology LOC (line of code) values are missing if only one single user defined module (based on a technology) is defined. |
Known Issues
| Internal Id | Details |
|---|---|
| IMAGKSL-2625 | Users with only dashboard-related roles (such as "Quality Manager") can incorrectly access viewer results. |
| IMAGKSL-2702 | Results generation from the UI fails with an SSL argument error when PostgreSQL is configured with SSL enabled. |
| IMAGKSL-2730 | Line of code counts differ between the CAST Imaging and CAST Dashboards due to the different scopes used by analyzers and scans. |
| IMAGKSL-2737 | The Architecture Studio is incorrectly accessible to unauthorized users, causing check model operations to fail when these users attempt to use them. |
| IMAGKSL-2793 | Exclusion patterns are not preserved when initiating a new scan from the landing page with the analysis option enabled. |
Bug Fixes
| Internal Id | Details |
|---|---|
| IMAGKSL-2316 | Fixes an issue that prevented users with the Application User profile from viewing source code. |