3.5
3.5.0-funcrel
Note
- An in-place update from previous 3.x releases is supported for Microsoft Windows - see the documentation.
- Critical security patches to address identified vulnerabilities.
Components included in this release:
- Embedded CAST Imaging Core release: 8.4.7 with internal analysis engine 3.1.16-funcrel.
New Features
| Summary | Details |
|---|---|
| Technical > API for Neo4j application export / import | A new API has been introduced specifically for exporting application results to ZIP file from a Neo4j database and then importing export ZIPs into a Neo4j database. This feature is mainly aimed at those who are using CAST Imaging in a read-only / standalone deployment scenarios for Viewer. See Using the export/import API. Note that the existing method using the "exportimport" executable has been removed. |
| Installation > Podman support | Podman is now supported as means to install CAST Imaging. See the installation documentation for more information, as well as Software requirements. |
| Technical > Domain/tenant mapping | A new option enables domain/tenant mapping, which creates a dedicated Neo4j database (tenant) for each domain. This keeps "imaging-viewer" application results isolated by domain. A key benefit of this option is that App to App Dependencies will now respect domain boundaries. Cross-application interactions are restricted to applications within the same domain, preventing unauthorized cross-domain data access. This feature also improves database scalability in environments with many large applications. See the documentation. |
Feature Improvements
| Summary | Details |
|---|---|
| Results > Search > Download all | A "Download all" option has been added to the existing "Download selected" option in the global search results dialog, enabling users to download to .csv file all objects matching the search string, see the documentation. |
| Results > Search > Tag selected / Tag all | "Tag selected" and "Tag all" options have been added to the global search results dialog, enabling users to tag objects matching the search string, see the documentation. |
| Results > Cypher Search > Display all | A "Display all" option has been added to the existing "Display selected" option in the global cypher search results dialog , enabling users to display all matching objects, see the documentation. |
| Results > History/Compare > Manage Analysis | The Manage Analysis feature allows users to assign a clear alias and description to specific application versions, making it easier to identify and work with them. In addition historic analyses can be deleted. These features require a user profile that includes the Admin or Application Owner roles. See the documentation. |
| Results > Add object | The existing "Add object" action has been improved to allow objects to be added to saved views created from an object level display. See the documentation. |
| Results > Application Overview | The key indicators listed at the top of the Application Overview page are now clickable - the global search dialog is opened with a corresponding list of items. See the documentation. |
| Results > Reports > AI and Application | The existing "AI functional report" and "Application discovery report" options are now available direct from the "Download reports" option (hamburger menu in top left corner). See Application discovery report and AI functional report. |
| Results > Improved link modal design | Clicking a link between items now opens a redesigned pop-up modal with enhanced usability and clearer information display. |
| Results > Global search > Insights | When filtering results by Insights, i.e. Cloud Maturity Blocker, it is now possible to filter on specific child rules from the parent Cloud Maturity Blocker (previously, it was only possible to filter on the parent Cloud Maturity Blocker). |
| Results > Path Finder improvements | Minor improvements have been made to the Path Finder feature: 1) the default "All Objects" path type has been removed and now "Callees" are display by default in the target object selection dialog. 2) Switching between path types in the target object selection dialog no longer requires the "Apply" button to be pressed. 3) A "Set hops" option has been introduced in order to force the depth of paths that will be searched - this can be useful when a significant number of paths exist between objects causing the process to take a long time to complete (or fail). See the documentation. |
| Results > Post-Its improvements | Minor improvements have been made to the Path Finder feature: it is now possible to create multiple Post-Its for the same view (previously this was not possible), the colour palette has been improved, as well as positioning and "dragability". In addition, the display of Post-Its in the right panel has been improved to ensure clear separation between view and object type Post-Its. |
| Results > Custom Aggregation improvements | Custom aggregation improvements: 1) Published custom aggregations can now be accessed from the left panel in the "Scope" drop down option "Custom aggregation" - then a choice of available and published custom aggregations is provided. 2) UI improvements have been made for accessing/publishing/sharing the aggregation and various buttons and labels have been re-named to improve usability, 3) improvements have been made to reduce the amount of time required to build a custom aggregation and to access it: it is now possible to clone a custom node that you add to the Custom Aggregation, and you can clone the entire custom aggregation. See the documentation. |
| Results > Add dependencies improvements | Improvements have been made to the right click contextual menu (object level) option "Add Dependencies": a clear separation of the different interaction types (direct and indirect) in the contextual menu is now provided, together with tooltips to help users quickly understand their purpose and directional arrows to indicate incoming or outgoing links. In addition, the Advanced Add dialog (available from the same contextual menu) has been improved to also include an "Interaction types" filter, so that direct/indirect" link types can easily be filtered. See the documentation. |
| Results > Cypher search | The "Search query" button has been replaced with a "start" query icon and a "stop" button while the query is running. Previously it was not possible to stop the search. See the documentation. |
| Results > Global search > Visualized objects | A new option is available in the global search dialog called "Visualized objects". This option is only visible after using the global search dialog to display a set of objects and then adding additional objects into that same tab - the option allows users to visualize a list of the objects that are already in the tab. See the documentation. |
| Technical > Named Application license key improvements | Minor improvements have been made to License Key management in the UI with regard to "Named Application" licenses: when renaming an existing application, a new matching license key must be uploaded before the rename action can complete - if the matching key has already been uploaded, then the key will automatically be populated in the application rename dialog. In addition, when onboarding, renaming or analyzing an application, the named application license field now shows an obscured license key for security reasons. |
| Technical > Standalone Viewer/Dashboard licensing | Applications imported into standalone Viewer/Dashboard deployments now require an appropriate license key, regardless of the license key mode in force ("Named Application" or "Contributing Developers"). See the documentation. |
| Technical > Licensing for "viewer" actions | UI improvements now enforce licensing requirements for viewer interactions. Users can only perform actions like "Import results" when they have the appropriate license. Actions are automatically disabled when licensing is unavailable. |
| Analysis Configuration > File filter export/import | It is now possible to download/export to .json file all file filter expressions and rules. This file can then be uploaded/imported back into the same CAST Imaging instance, or a different one. See the documentation. |
| Results > Summarize with AI | The Summarize with AI feature available in the Imaging Assistant has been updated to allow the generation of a summary for the Application scope, alongside existing supported scopes. Note that specifically and only for the Application scope, a connection to a data source (to retrieve code) is not required. See the documentation. |
| Analysis Configuration > Update Extensions | A new option "Update Extensions" has been made available in the advanced "Run Analysis" dialog available in the Analysis Configuration > Overview page. This option allows users to perform an update extensions job as part of a new analysis of existing source code. Ordinarily extensions set to auto update are not updated (if there are new releases available) as part of a new analysis: they are only auto updated when new source code is added. This new option allows the default behaviour to be overridden where required. See the documentation. |
| Analysis Configuration > Overview > Content: download to .csv | A new option "Download to .csv" (via a "cloud" icon) has been made available in the "Content" section in the Analysis Configuration > Overview page. This option allows users to download a .csv file listing all files listed in the right panel, together with a full relative path and their status for analysis (selected/not selected). See the documentation. |
| Analysis configuration > Analysis logs layout improvement | Improvements have been made to the layout of analysis logs: logs are now displayed in the left panel in a hierarchical fashion to make it easier to understand which steps are child and parent. See the documentation. |
Other Updates
| Internal Id | Details |
|---|---|
| IMAGSYS-21527 | The "imaging-viewer" part of the global installer for CAST Imaging has been updated to remove many configuration files, for example neo4j.conf, nginx.conf etc. These configuration files are now only available within individual containers and therefore if any customization is required, they must be exposed in a local volume mapped within the docker-compose.override.yml file. See Managing config files. Note that this change also impacts updates to this release (and all later releases) from 3.4.x-funcrel and earlier releases: any customizations made to files stored in `/opt/cast/installation/imaging-viewer` will be ignored post update. CAST recommends backing up these customizations so that they can be re-applied post update. |
| IMAGKSL-3542 | An improvement has been made to licensing: when a global license key is entered which does not include permission to use the "imaging-viewer" component, two changes have been applied: 1) a deep analysis will not trigger the generation of "imaging-viewer" results 2) a new status in the landing page will be displayed when the deep analysis is complete: "Ready to assess" - clicking this will take the end-user to the CAST Engineering Dashboard. |
| IMAGKSL-3339 | An improvement has been made to ensure that when the "imaging-viewer" component is down or not available this situation is handled correctly in the UI: import of applications will be disabled but users can onboard an application and will be able to run an analysis; rename and delete options will be disabled in landing page and in the administration section; App to app dependencies option will be hidden. |
| IMAGKSL-3608 | The "Development Environment" option available when configuring a C/C++ analysis has been removed from the UI. This option allowed end users to choose a specific IDE that was used to develop the source code they wanted to analyze. Now, the development environment is auto detected and appropriate analysis configuration settings are applied as a result. See also C/C++ analysis configuration. |
| IMAGKSL-3293 / IMAGKSL-3294 | An improvement has been made with regard to dashboard licensing: when a global license key is entered which does not include permission to use either the Security Dashboard, the Engineering Dashboard or the Management Dashboard, access is now prohibited in the UI (menus are disabled). In addition, access to function point and snapshot data is prohibited and snapshot consolidation (for the Management Dashboard) id disabled. |
| IMAGKSL-3108 | Improved UI messaging now clearly explains why users cannot access applications. Users will see specific explanations when: they have no assigned role, their current role doesn't grant access to any applications, applications are still being prepared (such as during ongoing analysis). This change reduces user confusion by providing context instead of showing empty screens without explanation. |
| IMAGKSL-3803 | The "Macros" option available when configuring a C/C++ analysis has been updated to allow macros to be added without requiring a value (previously a value was obligatory). This can be useful for example when using the "#ifdef" precompiler directive. See also C/C++ analysis configuration. |
| IMAGKSL-2934 | Minor improvements have been made to end-user notifications when an attempt is made to delete an application but the application is still assigned to a profile: the notification now explicitly explains that deleting the application means it will be no longer available. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 55345 | Fixes an issue where Docker installation failed in offline mode with the error “No such file or directory.” |
| 54584 | Results > Fixes an issue where it was not possible to create a custom aggregation view. |
| 54459 | Results > Fixes an issue causing the App-to-App Dependencies link generation to fail. |
| 54268 | Results > Fixes various CVE security issues. |
| 54029 | Results > Fixes an issue where App to App Dependency links are not generated for IMS DB objects. |
| 53923 | Results > Fixes an issue causing inconsistent results when using the Path Finder and Call Hierarchy features. |
| 53929 | Results > Fixes an issue where Java Field object types were not visible in the results. |
| 53304 | Results > Fixes an issue causing a "fetch data error" when attempting to expand a shared link in the custom aggregation view. |
| 53852 | Results > Fixes an issue where referential integrity (REFER links) were missing in the predefined "RDBMS Table Inventory View" despite the fact that Foreign Key Definitions were correct. |
| 53411 | Results > Fixes an issue causing a "truncated" branch in the Call Hierarchy results for RPG Subroutine/Programs. |
| 54189 | Results > Fixes an issue specific to CAST Imaging installed as a Docker container, where attempting to import application results results in the process hanging at the "Identification of Projects Objects" step. |
| 53854 | Results > Fixes an issue where analysis results fail to display. |
| 54363 | Results > Fixes an issue where the error "Too many tokens, please wait before trying again" is displayed when attempting to use the AI summary feature. |
| 53477 | Results > Fixes an issue where the cypher query "Display" button is greyed out despite a valid query being entered. |
| 53281 | Results > Fixes an issue where it is not possible to select all matching objects after searching through a cypher query. In addition, the "Display" option is disabled. |
| 51082 | Results > Fixes an issue with the "Filename" display information for Cobol Copybooks containing artifacts. |
| 53689 | Results > Fixes an issue where the "Add objects in view" search output does not display the objects already in the view. |
| 53434 | Results > Fixes an issue where advanced regular expression searches were behaving abnormally. |
| 53633 | Results > Fixes an issue where the undo/redo action was not functional for node deletion actions. |
| 53359 | Results > Fixes an issue with the "add linked objects" option which was preventing all objects from being added in one go. |
| 53253 | Results > Fixes a UI issue where for custom aggregations the list of custom nodes was truncated. |
| 54362 | Results > Fixes an issue with the "Load all paths" action where it appears to produce the same output as "Load shortest path" action. |
| 53404 | Results > Fixes an issue where some links between objects are not displayed after updating an application. |
| 54986 | Results > Fixes an issue causing all links types to be missing in the App to App Dependency view. |
| 54520 | Results > Fixes an issue where the Module Assistant job functioned but failed to generate results. |
| 54090 | Results > Fixes an issue where the error "No relevant data found to generate the report" is displayed when trying to generate the report "Transactions Complexity". |
| 50765 | Results > Fixes an issue causing the incorrect categorization of external object types at level 5. |
| 54226 | Results > Fixes an issue where objects are missing in a transaction after application update though they are present in "is_tra_detail.csv". |
| 55183 | Results > Fixes an issue causing the generate views option to fail with "Import: error while importing the sub-graph". |
| 55205 | Results > Fixes a missing interaction in the App to App Dependencies view. |
| 55204 | Results > Fixes an issue causing some objects to be part of a transaction despite the fact that they are not present in "is_tra_detail.csv" in the current analysis which is leading to isolated objects. |
| 55163 | Results > Results export fails due to error "cannot change data type of view column". |
| 55145 | Results > Fixes an issue causing an error during the "Generate Views" step. |
| 55051 | Results > Fixes an issue where an application is duplicated in "viewer" after renaming in CAST Imaging UI. |
| 54173 | Results > Fixes an issue where app-to-app dependencies tags are missing after migration. |
| 53671 | Results > Fixes an issue where the Full Call Graph takes a long time to render and report downloads fail. |
| 53670 | Results > Fixes an issue where multiple copies of the same application are present dedicated Neo4j databases. |
| 53632 | Results > Fixes an issue where "Referenced Data - DB Table" link types are incorrectly ignored for App to App Dependencies interactions. |
| 54879 | Results > Fixes an issue where "HD" is displayed in the UI instead of "Management dashboard". |
| 54164 | Results > Fixes an issue where source code is not displayed when clicking the view source code button in the Action plan (Security Dashboard). |
| 53732 | Results > Fixes an issue causing items to be not available in the Security Dashboard Action plan. |
| 53512 | Results > Fixes an issue causing the incorrect business criterion to be displayed in the violations export file (CAST Dashboards). |
| 51948 | Results > Fixes a technical issue causing a deployment problem with the CAST Dashboards. |
| 55333 | Results > Fixes an issue where the report generation option does not function. |
| 52704 | Results > Fixes an issue causing a table link to be ignored in the App to App Dependency view. |
| 53437 | Technical UI > Admin users can now bulk update multiple applications when a new release of com.castsoftware.imaging.core is available. |
| 55088 | Technical > Fixes an issue which was preventing the validation of the custom port number for the Gateway service. |
| 54214 | Technical > Fixes an issue where the security dataflow option was disabled after adding an exclusion and re-analyzing within the same scan. Dataflow settings now persist as expected. |
| 54036 | Technical > Fixes an issue where the CAST Storage Service/PostgreSQL default password, as well as any other passwords, were stored in the database in plain text (now the passwords are encrypted). |
| 53986 | Technical > Fixes an issue in the "KB Update Tool" where the "Delete Link Between Objects" action failed to remove links. The links are now correctly removed after performing a Save and Run of the KB update. |
| 52891 | Technical > Fixes an issue where the Management dashboard was not loading because the measurement schema name was not stored in lower case. |
| 53187 | Technical > Fixes an issue where the default global exclusion pattern (such as ".git/") was unable to exclude test code. Now the exclude patterns which are by default ".git/" and any other folders or patterns added are considered and excluded at the beginning of analysis. |
Known Issues
| Internal Id | Details |
|---|---|
| IMAGKSL-3786 | The ability to "rename" an application has been temporarily removed from this release due to technical issues. It will be restored in a future release once IMAGKSL-3717 is fixed. |