3.4 - Security fixes

---

Security fixes provided in 3.4.1-funcrel

CAST image	CVE	Severity	Description	Affected CAST release
admin-center	CVE-2022-41404	HIGH	org.ini4j: unspecified DoS	3.4.0-funcrel
admin-center	CVE-2025-6965	CRITICAL	sqlite: Integer Truncation in SQLite	3.4.0-funcrel
analysis-node	CVE-2022-41404	HIGH	org.ini4j: unspecified DoS	3.4.0-funcrel_core8.4.4
analysis-node	CVE-2025-30761	HIGH	openjdk: Improve scripting supports (Oracle CPU 2025-07)	3.4.0-funcrel_core8.4.4
analysis-node	CVE-2025-48976	HIGH	apache-commons-fileupload: Apache Commons FileUpload DoS via part headers	3.4.0-funcrel_core8.4.4
auth-service	CVE-2025-6965	CRITICAL	sqlite: Integer Truncation in SQLite	3.4.0-funcrel
console	CVE-2025-6965	CRITICAL	sqlite: Integer Truncation in SQLite	3.4.0-funcrel
dashboards	CVE-2022-41404	HIGH	org.ini4j: unspecified DoS	3.4.0-funcrel
etl-service	CVE-2025-22868	HIGH	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws	3.4.0-funcrel
etl-service	CVE-2025-6965	CRITICAL	sqlite: Integer Truncation in SQLite	3.4.0-funcrel
gateway	CVE-2025-6965	CRITICAL	sqlite: Integer Truncation in SQLite	3.4.0-funcrel
sso-service	CVE-2025-30749	HIGH	openjdk: Better Glyph drawing (Oracle CPU 2025-07)	3.4.0-funcrel
sso-service	CVE-2025-49146	HIGH	pgjdbc: pgjdbc insecure authentication in channel binding	3.4.0-funcrel
sso-service	CVE-2025-50059	HIGH	openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)	3.4.0-funcrel
sso-service	CVE-2025-50106	HIGH	openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)	3.4.0-funcrel
viewer	CVE-2025-22868	HIGH	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws	3.4.0-funcrel
viewer	CVE-2025-30749	HIGH	openjdk: Better Glyph drawing (Oracle CPU 2025-07)	3.4.0-funcrel
viewer	CVE-2025-50059	HIGH	openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)	3.4.0-funcrel
viewer	CVE-2025-50106	HIGH	openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)	3.4.0-funcrel

Security fixes provided in 3.4.0-funcrel-funcrel

CAST image	CVE	Description	Affected CAST release
admin-center	CVE-2025-48988	tomcat: Apache Tomcat DoS in multipart upload	3.3.0-funcrel
admin-center	CVE-2025-49146	pgjdbc: pgjdbc insecure authentication in channel binding	3.3.0-funcrel
auth-service	CVE-2025-41235	Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies	3.3.0-funcrel
ai-service	CVE-2024-12718	cpython: python: Bypass extraction filter to modify file metadata outside extraction directory	3.3.0-funcrel
ai-service	CVE-2025-29087	sqlite: Integer Overflow in SQLite concat_ws Function	3.3.0-funcrel
ai-service	CVE-2025-4138	cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory	3.3.0-funcrel
ai-service	CVE-2025-4330	cpython: python: Extraction filter bypass for linking outside extraction directory	3.3.0-funcrel
ai-service	CVE-2025-4517	python: cpython: Arbitrary writes via tarfile realpath overflow	3.3.0-funcrel
ai-service	CVE-2025-4565	python-protobuf: Unbounded recursion in Python Protobuf	3.3.0-funcrel
ai-service	CVE-2025-47273	setuptools: Path Traversal Vulnerability in setuptools PackageIndex	3.3.0-funcrel
analysis-node	CVE-2025-48379	python-pillow: pillow: Pillow DDS Heap Buffer Overflow	3.3.0-funcrel_core8.4.3
console	CVE-2025-41235	Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies	3.3.0-funcrel
dashboards	CVE-2025-22235	org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed	3.3.0-funcrel
dashboards	CVE-2025-48988	tomcat: Apache Tomcat DoS in multipart upload	3.3.0-funcrel
dashboards	CVE-2025-49146	pgjdbc: pgjdbc insecure authentication in channel binding	3.3.0-funcrel
etl-service	CVE-2025-22874	crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509	3.3.0-funcrel
gateway	CVE-2025-41235	Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies	3.3.0-funcrel
gateway	CVE-2025-48988	tomcat: Apache Tomcat DoS in multipart upload	3.3.0-funcrel
neo4j	CVE-2025-1948	jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability	3.3.0-funcrel
sso-service	CVE-2025-3501	org.keycloak.protocol.services: Keycloak hostname verification	3.3.0-funcrel
viewer	CVE-2024-12718	cpython: python: Bypass extraction filter to modify file metadata outside extraction directory	3.3.0-funcrel
viewer	CVE-2025-22874	crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509	3.3.0-funcrel
viewer	CVE-2025-4138	cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory	3.3.0-funcrel
viewer	CVE-2025-4330	cpython: python: Extraction filter bypass for linking outside extraction directory	3.3.0-funcrel
viewer	CVE-2025-4517	python: cpython: Arbitrary writes via tarfile realpath overflow	3.3.0-funcrel