3.6
3.6.0-funcrel
Note
- An in-place update from previous 3.x releases is supported for Microsoft Windows - see the documentation.
Shared folder access requirements updated:
The console service (part of "imaging-services") now requires direct read/write access to shared folders (delivery, deploy, common-data) alongside the "analysis-node" component. Please verify your deployment. For Microsoft Windows both services must run under the same service account with appropriate ACLs and mapped network drives. The installer now warns if shared-folder access is misconfigured. See Software requirements, Disk space requirements and Storage locations.
New Features
| Summary | Details |
|---|---|
| Technical > Resume failed "viewer" results import from the last completed step | Introduced "viewer" result import checkpoint mechanism that stores the last successfully completed pipeline step and a ZIP content checksum in Neo4j, allowing failed or interrupted import processes to resume instead of restarting from scratch. If a different ZIP is uploaded (checksum mismatch) or the checksum file is missing, the checkpoint is automatically cleared and a full import is run to avoid stale data. A "?force=true" parameter is also available to explicitly clear any existing checkpoint and force a full re-import. |
| Technical > Audit trail for key application/domain lifecycle events | Added an audit trail that records JSON-based events for key application operations (delete, rename, fast scan, deep analysis, and import to Viewer) along with domain operations (create, update, delete, attach), logging who performed the action, when, the result (CREATED/SUCCESS/FAILURE/CANCELED), and application details. Events are written to an audit file with automatic rotation and configurable retention, improving traceability and compliance. See the documentation. |
| UI (viewer) > Application executive summary report | Introduced a new "Application Executive Summary" report in the Reports dialog, offering a concise, executive-level overview of the application. This report complements existing CAST Imaging Discovery and AI Functional reports, providing key insights for stakeholders without requiring navigation through detailed technical sections. Users can access it by opening the Reports dialog and selecting Application Executive Summary. An AI provider API key is required to use this report. See the documentation. |
| UI > Configure analysis options pre-analysis | After onboarding and the initial fast scan, CAST Imaging now lets you adjust key analysis options before running the first full analysis: enable/disable Security Dataflow, choose how modules are created (full content, per technology, or per analysis unit), and configure technology‑specific options for Mainframe, JEE, and C/C++. These options apply only to applications scanned in this release (not applications that were created in previous releases) and currently exclude adding Security Dataflow black boxes or changing ignored file extensions. |
| UI (viewer) > Guided graph tour to explain graph elements | Introduced an in‑app Guided Graph Tour that helps users understand key elements of the application graph. The tour appears as a non‑blocking panel in the bottom‑right of the graph view, launches automatically for first‑time users (and can be reopened from the icon), and walks through nodes (with all seven node sub‑types), direct and indirect links, and node badges (Post‑it, Count, A2A, Start/End Point). Each step highlights the relevant elements on the graph and provides controls to navigate the tour while continuing to interact with the graph. See the documentation. |
| Technical > Swagger API documentation | Added an authenticated Swagger UI for CAST Imaging at "/api-docs/index.html", providing interactive documentation for Public API, Console, and Control Panel endpoints. Users can browse all available APIs and execute requests directly from Swagger (including authenticated calls), ensuring the documentation always reflects the deployed APIs. |
Feature Improvements
| Summary | Details |
|---|---|
| Technical > neo4j configuration | It is now possible to configure Neo4j by adding supported parameters directly to the "imaging-viewer" ".env" file, which are then applied to "neo4j.conf" at container startup. This aligns with Neo4j’s official Docker configuration guidance. See the documentation. |
| Technical > NO_OF_PARALLEL_JOBS_IN_NODE option | Added a NO_OF_PARALLEL_JOBS_IN_NODE option to the installer "configuration.conf" file to control how many jobs run in parallel per "analysis-node". See the install documentation or Configure parallel analyses. |
| Technical > Separate Keycloak admin login and service account | Introduced a dedicated Keycloak UI admin user "kcadmin" (can be customized during a fresh install using a KEYCLOAK_LOGIN_ADMIN_USER variable) with a forced password change on first UI login, while keeping the existing "admin" account as an internal service account only. Also added configuration to customize the Keycloak "admin" service account password during a fresh install via a KEYCLOAK_SERVICE_ACCOUNT_PASSWORD variable (available in the installation configuration.conf file) improving security and avoiding default-credential usage. See the documentation. |
| Technical > Use external PostgreSQL instance during installation | It is now possible to configure a "from scratch" installation to use your own PostgreSQL instance (and not use the PostgreSQL instance provided by CAST) via the ""DB_MODE (embedded | external) variable and related parameters ("DB_HOST", "DB_PORT", "DB_NAME", "DB_USER", "DB_PASSWORD", "DB_ENCRYPTED_PASSWORD", "DB_DATABASE") available in the "configuration.conf" file. In embedded mode, CAST Imaging manages a local PostgreSQL container (with configurable settings except "DB_HOST"), while in external mode users must supply full connection details. See the installation variables. |
| Technical > Change to Keycloak data handling in installer | Keycloak database handling has been updated: new installs now use a dedicated "keycloak" schema within the "postgres" or other custom database (in previous releases a "keycloak_v3" database was created with required tables stored in the "public" schema). Updates to this release and any future release from a previous 3.x release preserve the existing Keycloak related database. See database requirements and installation variables. |
| UI (viewer) > Transaction search (start/end point role) | New Start Point Role and End Point Role filters for transaction searches have been added, using the same hierarchical parent–child role structure as the CAST Imaging global search. Users can select parent roles (which automatically include all child roles) or individual child roles, and the transaction list will show only transactions whose start or end points are associated with the selected roles. Roles information is available for applications imported with ≥ 3.6.0-funcrel. See the documentation. |
| UI (viewer) > Role filters for search and other modals | A "Role" filter has been added across various features within CAST Imaging (global search modal, third-party components list, Characteristics (right-panel), Application Discovery Report), allowing users to filter results by functional roles (parent and child roles, with multi‑select and parent‑select‑all behavior) so that only objects matching the selected roles are returned. See the global search modal documentation or the Third-party components feature as an example. |
| UI (viewer) > Characteristics improvements | A new Link Category property under "Characteristics" (right-panel) has been added, showing how links are classified as Static, Dynamic, or Remote based on link type and how each category maps to its corresponding sub‑category (for example, "Link Category: Static – inherit"). This is available for application results generated with 3.6.0-funcrel or later. |
| UI (viewer) > Exclude unused third‑party components | A new quick filter has been added to the Third‑Party Components view that hides components detected in the application but not used by any application objects, helping users focus on relevant, actually‑used components. See the documentation. |
| UI (viewer) > AI generated report | The AI generated functional report has been updated to enhance the AI-based Functional Report by providing clearer and more actionable insights. The revised version emphasizes summarization of key application workflows derived from transaction summaries and refines the Inputs/Outputs section to include relevant third-party components. The overall structure and presentation have been aligned with the latest documentation and visualization standards to ensure consistency across modules. See the documentation. |
| UI (viewer) > Data Sensitivity tiles | Added dedicated tiles in the Overview/Welcome page for CAST Sensitive Data, GDPR Sensitive Data, PCI‑DSS Sensitive Data, and Custom Sensitive Data, plus a Sensitivity Level filter (Highly sensitive / Very sensitive / Sensitive) so users can quickly locate and review sensitive tables across their applications. See the documentation. |
| UI (viewer) > Rename transactions and data call graphs | It is now possible to edit and rename Transactions/Data Call Graphs, with changes reflected across the left/right menus and searchable via both original and custom names. See the documentation. |
| UI (viewer) > Search modal improvements | A series of UI/UX improvements have been added in this release to CAST Imaging's search modals used throughout the product, addressing collected user feedback to make searching faster and more intuitive. See example global search documentation. |
| Technical > Parallel job execution | It is now possible to increase the default number of parallel jobs (2) that can be executed by CAST Imaging. See the documentation. |
| UI (viewer) > Transaction/Data Call Graph search improvements | A new "Transaction Status" column has been added to the Transaction/Data Call Graph search modal, indicating whether each transaction is Added, Modified, or Unchanged compared to the immediately previous analysis, with a multi‑select status filter and support for past analysis dates (for applications imported with ETL ≥ 3.2.0). See the documentation. |
| UI (analysis configuration) > Use exclusion templates in file filter | The File Filter option available in the Analysis Configuration - Overview page now lets users apply predefined exclusion templates created in Admin > Global configuration, making it easier to reuse standard exclude patterns instead of configuring them manually per application. See the documentation. |
| UI (viewer) > Right panel: About this view | Introduced a new "About this view" section in the right panel, consolidating existing view information and the AI-generated summary into dedicated tabs ("What’s this view" and "AI summary"), with support for generating/regenerating summaries, saving them as post-its, and viewing the content in an expandable window. See the documentation. |
| UI (viewer) > Optional Endpoint URL for OpenAI provider in AI Settings | Added an optional Endpoint URL field when registering OpenAI as an AI provider. This allows users who self-host OpenAI-compatible models (e.g., GPT OSS 120B) to point to their own server endpoint. When no endpoint URL is provided, the standard OpenAI API endpoint is used by default. |
| UI (viewer) > Characteristics panel community node naming helper | A "More Info" popup for Community objects in the Characteristics panel has been added, explaining how each Community is formed and grouped (per technology such as Java, ABAP, or COBOL). The popup is available only for "Community" nodes and is accessed via the info icon next to the Community name. See the documentation. |
| UI (viewer) - Structural Flaws UI improvements | A new step‑based (accordion) representation of multiple violation paths has been introduced for the Structural Flaws UI, replacing the existing object graph view. See the documentation. |
| UI (viewer) > App to App Dependencies search improvements | The App‑to‑App Dependencies search behavior has been improved: search results list all applications with a "Visualize" option and a checkbox next to each application, allowing users to select one or more applications directly from either the full or filtered results list. See the documentation. |
| UI (viewer) > Third-party components | Updated the Third‑party components table to show an "Impacted objects column" (with tooltip) (the existing generic "Object count" column has been removed), and sort the table by impacted object count by default so users can immediately see which components affect the most objects. See the documentation. |
| UI (viewer) > Status column and filters for transaction and data call graph search modals | Added a Status column and filters to the Transaction and data call graph search modals to show how items have changed between analyses (Added / Modified / Unchanged). The column includes tooltips explaining each status for transactions and data call graphs, and a multi‑select Status filter is now available in the data call graph search modal to quickly focus on specific change types. |
| UI (viewer) > Compare feature enabled for saved views | Added historic comparison for saved views: users can load read‑only historical versions for a given analysis date, see only views valid on that date, and compare the latest saved view with any previous version. Differences in objects and links are highlighted (added/modified/deleted) within the saved view, with states automatically updated when underlying analyses are deleted. See the documentation. |
| Technical > Separate Keycloak admin login and service account | Introduced a dedicated Keycloak UI admin user "kcadmin" (can be customized during a fresh install using a KEYCLOAK_LOGIN_ADMIN_USER variable) with a forced password change on first UI login, while keeping the existing "admin" account as an internal service account only. See the documentation. |
| UI (viewer) > Tag use in custom aggregations | Introduced enhanced tagging behavior in custom aggregations: it is now possible to add tags to aggregated nodes, have those tags persist after saving, use them in search and filter options where applicable and access tag options from the custom aggregation toolbar.Note that tags and post‑its on custom nodes are searchable only once the custom aggregation is published. See the documentation. |
| Technical > Improvements to feature availability when no "analysis-node" is available | When no analysis-nodes are available, CAST Imaging now disables only job‑related actions (onboarding, rescan, run analysis, etc.) with a tooltip explaining the service is unavailable, while keeping other admin features (Global configuration, Extensions strategy, System settings, etc.) accessible (in contrast to previous releases). However, certain sections of the UI that rely on the node (e.g., Black Box in Security Dataflow, Snapshot strategy, application support log downloads) are hidden or disabled to avoid confusion. |
| Technical > Support for in-place updates for Podman | Support has been added for in-place updates to new releases of CAST Imaging when using the Podman container system. Support is available for updating from 3.5.x-funcrel (or later) to a newer release of CAST Imaging. See the documentation. |
| UI (viewer) > Application Discovery Report content | Updated the Application Discovery Report content, including: a Programming Languages overview (files, LOC, sizes by language), Impacted Objects Count for third‑party components, a Database Inventory summary table, an Actionable Insights section (top performance, security, Green IT, and cloud issues), clickable "View in Imaging" links for each graph, grouped multi‑link interactions, offloaded detailed tables to Excel/CSV, and focusing the Word report on Critical and High CVEs only. See the documentation. |
| UI (viewer) > triggeredBy link property | A new "triggeredBy" property will be shown in link characteristics for SQL queries, indicating which element or event triggers a given link, so users can better understand and analyze link behavior. See the documentation. |
| UI (viewer) > Application Report styling improvements | Refined the Application Discovery Report styling and layout, including a redesigned cover page (header, date format, alignment), improved index (leader dots, indentation, clickable navigation), modernized tables (colors, padding/margins, sticky headers), standardized font sizes and heading conventions, removed unnecessary page breaks for a continuous flow, and expanded section descriptions for clearer explanations of each view. See the documentation. |
| UI > About dialog improvements | Updated the About dialog to display package names, versions, and build numbers for key components (Imaging Services, Analysis Node, Imaging Viewer, and Dashboards), making it easier to verify installed versions for support and troubleshooting. |
Other Updates
| Internal Id | Details |
|---|---|
| IMAGSYS-23831 | When running an in-place update to 3.6.0-funcrel only (for Docker/Podman installations), you can optionally pass the "–skip-neo4j-migration" parameter to skip the entire imaging-viewer Neo4j migration step during the update (i.e. the update process for the database itself). This can significantly reduce update time for installations with large Neo4j databases. See the documentation. |
| IMAGSYS-21880 | UI (viewer) > Updated App‑to‑App view terminology so the scope previously labelled "Search in CAST Imaging" is now called "Search Applications", improving clarity and consistency in the search UI. See the documentation. |
| IMAGSYS-22923 | UI (viewer) > Reintroduced the ability to bulk add tags and post‑its to multiple objects by uploading a filled‑in template from the "Upload" tab in "Bulk Tag / Post-it" on the "Customize Results" page, including options to link or unlink post‑its to modules through Advanced Configuration. This feature was disabled in previous releases. See the documentation. |
| IMAGSYS-22008 | UI (viewer) > Switched the UI from "sidebar drawers" to floating dialogs for Call Hierarchy, Start/End points, and Update Transaction features, plus revised fallback pop-up messages when no results are available. |
| IMAGSYS-23145 / IMAGKSL-4346 | UI > Aligned the CAST Imaging branding with current marketing guidelines by updating the logo and font. |
| IMAGSYS-22499 | UI (viewer) > Historic analysis deletion: users can now select and delete up to five analyses at once via the updated UI, with a confirmation prompt before final removal, while ensuring at least one base analysis always remains for each application. |
| IMAGSYS-21887 | UI (viewer) > Refined context‑menu labels and tooltips in the App‑to‑App Dependency view for application nodes, including renaming options like "View external libraries" to "View external objects" and "View orphans" to "View orphan objects," and using "application" instead of "object" where applicable. Mixed selections that include non‑application nodes continue to use the original "objects" terminology. |
| IMAGKSL-4523 | Shared folders > Requirements have been updated to ensure that the "console" service (part of "imaging-services") has direct read/write access to shared folders (delivery, deploy, common-data) alongside the "analysis-node" component (see the documentation. For Linux/Kubernetes deployments, both services must share a File Storage (RWX) volume and run with the same container UID. For Windows deployments, both services must run under the same service account with appropriate ACLs and mapped network drives, and the installer now warns if shared-folder access is not correctly configured. |
| IMAGSYS-22396 | UI (viewer) > Enabled bulk "Tag all" and "Download all" actions for Cypher search results, allowing users to tag or export all returned items in a single operation. These options were disabled in previous releases. |
| IMAGSYS-22160 | UI (viewer) > Multi-selection of transactions for defining aggregated nodes has been enabled (previously only single transactions could be selected) .Selecting multiple transactions (i.e. X and Y) will return all objects from transaction X + all objects from transaction Y and selections can be combined with other filters. This is particularly useful for customers that want to create a functional group comprised of multiple entry-points (of multiple transactions). NOT, AND and OR operators are provided in the custom node dialog to further filter the required transactions. |
| IMAGSYS-21913 | UI (admin) > Refined the Admin Center panel for App‑to‑App dependency settings, updating section and table headings and adding previously missing table headers so the UI terminology and help content are clearer and fully aligned. See the documentation. |
| IMAGSYS-22955 | UI (viewer) > Improvements made to predefined views so they now have dedicated, persistent URL routes (instead of redirecting to a generic search view) and a read‑only Type field in the Investigate menu, covering views such as RDBMS Object Inventory, Database Storage Objects, Database Access View, and the various Sensitive Data views. |
| IMAGSYS-21886 | UI (viewer) > Updated right‑panel labels and tooltips in the App‑to‑App Dependency view to better describe applications and their interactions, including renamed tag subsections (Application Object Properties, Application Technologies, User Defined) and improved guidance in header, tags, and characteristics sections. These changes apply only to the App‑to‑App Dependency view, not to other predefined scopes. |
| IMAGSYS-21980 | UI (viewer) > Added new tooltips for Level 1 - Level 5 in the left navigation panel, clarifying the meaning of each level to improve usability and discoverability. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 56215 | Improved Services view performance and timeouts so large customer datasets now load reliably within acceptable time. |
| 57701 | Removed the confusing “version name” in Dashboard v3 for scans/rescans, hiding internal technical versioning from end users. |
| 48610 | Fixed inconsistencies in LOC figures between the Management Dashboard and the “Module’s Complexity” report. |
| 56722 | Ensured data sensitivity indicators are consistently available at column level, not just at table level. |
| 57350 | Fixed failures in generated views, ensuring views can be created successfully. |
| 55489 | Standardized “M lines of code” labelling across products to remove “m/M” typography inconsistencies. |
| 56711 | Clarified and corrected relationship counts between v2 and v3.5.2 migrations, aligning CAST Imaging UI with exported link counts. |
| 57094 | Fixed "viewer" history deletion so analysis history can now be reliably purged without backend errors. |
| 56958 | Fixed "viewer" upgrade failures related to Neo4j 5 "–update" flag handling, improving reliability of viewer upgrades. |
| 56674 | Corrected missing table‑column children and enabled “open in new view” from table columns to support deeper drill‑downs. |
| 56312 | Now, System Settings and Extend Strategy are accessible independently from the Analysis Node. |
| 57540 | Fixed export of objects and links from drilled‑down app‑to‑app dependency views to CSV/XLSX so large exports no longer fail. |
| 55050 | Ensured updated object names are correctly synchronized after re‑imports or rescans, so CAST Imaging reflects latest analysis results. |
| 57595 | Fixed an issue where uploading configuration rule files containing "type=Generic sets" could fail with a "NoResultException" during analysis. Custom TCCSetup files using Generic Sets (including add, delete, and import) are now fully supported restoring the behavior available in Imaging Console V2. |
| 56935 | Fixed incorrect C# - SQL mappings and ensured CAST Imaging reflects updated relationships after DLM changes. |
| 56673 | Improved Imaging import performance for medium and small applications, significantly reducing import and generate‑views times. |
| 56685 | Resolved missing SQL query details when clicking JPQL links so that underlying queries are now visible in CAST Imaging views. |
| 54965 | Users can now configure mainframe technology options before running the first analysis. |
| 56541 | Addressed failures in “Generate Views” caused by Neo4j memory‑limit issues, improving robustness for large databases. |
| 56730 | Resolved an issue where searching for objects of type "SQL Server Table Column" returned no results even when the "Table columns as objects/nodes" option was enabled. The underlying Neo4j search query now correctly includes the TableInfo label, ensuring table column objects appear in search results as expected. |
| 57018 | A new icon in the File Filter (next to the expression field) allows to apply predefined exclusion templates to exclusion patterns. |
| 57069 | Corrected the contributed‑indicator tooltip for ISO 5055 CWEs so it now lists the correct contributing indices and criteria, aligned with standalone dashboards. |
| 56219 | Restored missing JPA entity objects in Level‑5 drill‑downs so all JPA entities are visible according to their correct level and type. |
| 56489 | Fixes the issue preventing users from adding file extensions to Mainframe AU and having them analyzed. |
| 56350 | Ensured Green IT tiles are enabled by default in Dashboard Docker images by updating initialization scripts to inject the required panels automatically. |
| 57656 | Reworked the exporter to use streaming reads instead of loading all data in memory, reducing exporter memory usage to ~140 MB for most tasks and improving reliability on very large datasets. |
| 55364 | Provided and fixed support for running v2 Standalone Dashboards on Google Cloud SQL Proxy without a database password, including configuration updates for domain and application properties. |
| 57020 | Corrected missing links in complex search views when adding objects via regex, so all expected relationships are displayed. |
| 56973 | Fixes the issue preventing the Analysis Node from being updated when using a secure connection. |
| 56844 | Enabled adding tags to applications directly from the V3 Infrastructure Dashboard, ensuring the tag button and flow work as expected. |
| 54010 | Fixes an out‑of‑memory error when installing on a FIPS‑enabled PostgreSQL database. |
| 57572 | Fixed missing drop‑down controls in the Management Dashboard’s module treemap so users can consistently navigate module views. |
| 52834 | Reduced app‑to‑app dependency link‑generation time for very large environments by optimizing long‑running REST‑scanning steps. |
| 57098 | Resolved cases where imported applications showed “No object found” at all levels despite successful analysis, ensuring objects appear correctly in dashboards. |
Known Issues
| Internal Id | Details |
|---|---|
| IMAGKSL-4656 | Microsoft Windows > When upgrading from a previous version installed at a custom location, the upgrade process incorrectly looks for ProgramData at the default path (C:\ProgramData\CAST\Imaging) instead of the custom location specified in the .install folder, causing the upgrade to fail. This will be addressed in a future release. |
| IMAGSYS-23833 | Docker/Podman > Custom port configuration is not supported. This will be addressed in a future release. |
| IMAGKSL-4439 | For migrated applications that are not managed, the analysis options are not available prior to running the first analysis. This will be addressed in a future release. |
| IMAGKSL-4655 | When uploading a configuration file containing custom rules, all previously defined custom rules are removed. For example, uploading a file with a "Generic set" custom rule will delete any existing custom rules such as transaction entry points. This will be addressed in a future release. |
| IMAGKSL-4525 | Microsoft Windows > When performing an uninstallation in a distributed installation,folders under "ProgramData" and "Program Files" are not completely removed. A manual cleanup of these folders is required before performing a fresh installation. This only impacts uninstallation of 3.6.0-funcrel and will be addressed in a future release. |
| IMAGKSL-4535 | Microsoft Windows > If the service account (used to run the Microsoft Windows services) password contains special characters (e.g. !), the installer or updater may fail to create the service correctly. As a workaround, the service password must be updated manually after installation. This will be addressed in a future release. |
| IMAGKSL-4464 | Changes made to file extensions under Analysis Configuration are not taken into account. This will be addressed in a future release. |
Bug Fixes
| Details |
|---|
| Technical > The authentication service no longer requires certificate files when using basic SSL mode. |
| Technical > Improved admin‑center responses so monitoring data remains available even when some nodes are down. |
| Technical > Corrected user permission handling so rights are revoked when a profile is downgraded. |
| UI (admin) > Updated icons so admin groups and the admin user are visually distinct in the User Permission/ Users section. |
| Technical > Optimized snapshot indicators generation to reduce database disk usage and prevent “disk full” errors. |
| Technical > Removed spurious session reload warnings when accessing the Engineering Dashboard. |
| UI (admin) > Improved the Extension Strategy page UI for better readability and usability. |
| UI (viewer) > Aligned the header submenu on admin pages rendered by the Imaging Viewer with other admin pages so that "Profile" opens the correct user page, "About" shows version information, and "Logout" uses the standard sign‑out flow, ensuring consistent and context‑relevant options across all admin pages. |
| Technical > Fixed the “Refresh extension cache” operation so extension data is properly refreshed. |
| Technical > Fixed inconsistencies in the “Logout from all sessions” feature. |