25.01 (LTS) Release notes
Instabase 25.01 is a long-term support (LTS) major release that introduces new features, enhancements, and bug fixes. This version of Instabase platform is supported for two years.
Subsequent patch releases typically contain bug fixes along with testing, optimizations, security fixes, and other internal changes.
25.01.56
November 14, 2025
Security updates
- Upgraded
libunbound8to version 1.19.2-1ubuntu3.6 to address CVE-2025-11411.
- Upgraded
torchto version 2.8.0 to address CVE-2025-3730.
25.01.55
November 6, 2025
This release contained no user-facing changes.
25.01.54
October 30, 2025
Security updates
- Upgraded
glibcto version 2.40-136, 2.41-57 to address CVE-2025-5745.
25.01.53
October 23, 2025
Security updates
-
Upgraded
pypdfto version 6.1.3 to address CVE-2025-62707 and CVE-2025-62708. -
Upgraded
redisto version 6.2.20 to address CVE-2025-49844. -
Upgraded
glibcto version 2.39-209, 2.40-139, 2.41-60 to address CVE-2025-5702. -
Upgraded
pypdfto version 1.27.9, 2.10.6, 3.17.0, 6.0.0 to address CVE-2023-36807, CVE-2023-36810, and CVE-2023-46250. -
Upgraded
pypdfto version 6.0.0 to address CVE-2025-55197. -
Upgraded
blackto version 24.3.0 to address CVE-2024-21503.
25.01.52
October 16, 2025
Security updates
- Upgraded `redis-tools` to version 5:7.0.15-1ubuntu0.24.04.2 to address [CVE-2025-49844](https://nvd.nist.gov/vuln/detail/CVE-2025-49844).
- Upgraded `python3-pip-wheel` to version 21.3.1-2.amzn2023.0.14 to address [CVE-2025-8869](https://nvd.nist.gov/vuln/detail/CVE-2025-8869).
- Upgraded `openssl-libs` to version 1:3.2.2-1.amzn2023.0.2 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230) and [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231).
- Upgraded `curl` to version 8.14.1-r2 to address [CVE-2025-10148](https://nvd.nist.gov/vuln/detail/CVE-2025-10148) and [CVE-2025-9086](https://nvd.nist.gov/vuln/detail/CVE-2025-9086).
- Upgraded `coreutils-single` to version 8.32-30.amzn2023.0.4 to address [CVE-2025-5278](https://nvd.nist.gov/vuln/detail/CVE-2025-5278).
- Upgraded `expat` to version 2.6.3-1.amzn2023.0.3 to address [CVE-2025-59375](https://nvd.nist.gov/vuln/detail/CVE-2025-59375).
- Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230), [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231), and [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
- Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
- Upgraded `coreutils-single` to version 8.32-30.amzn2023.0.4 to address security vulnerabilities.
- Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230), [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231), and [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
- Upgraded `stdlib` to version 1.25.1 to address [CVE-2025-47910](https://nvd.nist.gov/vuln/detail/CVE-2025-47910).
- Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47906](https://nvd.nist.gov/vuln/detail/CVE-2025-47906).
- Upgraded `github.com/go-viper/mapstructure/v2` to version 2.4.0 to address security vulnerabilities.
- Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907).
25.01.51
October 16, 2025
This release contained no user-facing changes.
25.01.50
October 9, 2025
Security updates
- Upgraded
redisto version 6.2.20 to address CVE-2025-49844.
25.01.49
October 2, 2025
Security updates
- Upgraded
opensslandlibssl3t64to version 3.0.13-0ubuntu3.6 to address CVE-2025-9231 and CVE-2025-9232.
25.01.48
September 25, 2025
Security updates
-
Upgraded
opensslto version 1.1.1x to address CVE-2021-3711, CVE-2021-3712, CVE-2022-1292, CVE-2022-2068, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-4807, CVE-2023-5678, and CVE-2024-0727. -
Upgraded
busyboxto version 1.36.1 to address CVE-2022-48174. -
Upgraded
golang.org/x/oauth2to version 0.27.0 to address CVE-2025-22868. -
Upgraded
github.com/go-viper/mapstructure/v2to version 2.4.0 to address GHSA-2464-8j7c-4cjm and GHSA-fv92-fjc5-jj9h. -
Upgraded
stdlibto version 1.23.12 to address CVE-2025-47907, CVE-2025-0913, and CVE-2025-4673. -
Upgraded
libxml2to version 2.13.6 to address CVE-2025-9714 and CVE-2025-13038. -
Upgraded
zstdto version 1.5.6 to address CVE-2022-4899.
25.01.47
Security updates
- Upgraded
libxml2to version 2.9.14+dfsg-1.3ubuntu3.5 to address CVE-2025-9714.
25.01.46
September 17, 2025
Security updates
-
Upgraded
github.com/miekg/dnsto version 1.1.31 to address CVE-2017-3142. -
Upgraded
requestsPython package to version 2.32.4 to address CVE-2024-47081. -
Upgraded
busyboxto version 1.37.0-r50 to address CVE-2025-46394. -
Upgraded
github.com/go-viper/mapstructure/v2to version 2.3.0 to address CVE-2025-52893. -
Upgraded
go/stdlibto version 1.24.6 to address CVE-2025-47907.
25.01.45
September 12, 2025
This release contained no user-facing changes.
25.01.44
September 12, 2025
Security updates
-
Upgraded
busyboxto version 1.37.0-r50 to address CVE-2025-46394. -
Upgraded
github.com/go-viper/mapstructure/v2to version 2.3.0 to address CVE-2025-52893. -
Upgraded
go/stdlibto version 1.24.6 to address CVE-2025-47907.
25.01.43
September 4, 2025
Security updates
- Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907).
- Upgraded `libcrypto3` to version 3.5.1-r0 to address [CVE-2025-4575](https://nvd.nist.gov/vuln/detail/CVE-2025-4575).
- Upgraded `github.com/go-viper/mapstructure/v2` to version 2.3.0 to address security vulnerabilities.
- Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-22874](https://nvd.nist.gov/vuln/detail/CVE-2025-22874).
- Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-0913](https://nvd.nist.gov/vuln/detail/CVE-2025-0913).
- Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-4673](https://nvd.nist.gov/vuln/detail/CVE-2025-4673).
25.01.42
August 27, 2025
This release contained no user-facing changes.
25.01.41
August 21, 2025
Security updates
-
Upgraded
stdlibto version 1.24.4 to address CVE-2025-22874, CVE-2025-4673, and CVE-2025-0913. -
Upgraded
github.com/go-viper/mapstructure/v2to version 2.3.0 to address security vulnerabilities.
25.01.40
August 21, 2025
Security updates
- Upgraded
opentelemetry-instrumentationto version 0.41b0 to address CVE-2023-43810.
25.01.39
August 20, 2025
Security updates
- Upgraded `libxml2` to version 2.10.4-1.amzn2023.0.12 to address [CVE-2025-49794](https://nvd.nist.gov/vuln/detail/CVE-2025-49794), [CVE-2025-49795](https://nvd.nist.gov/vuln/detail/CVE-2025-49795), and [CVE-2025-49796](https://nvd.nist.gov/vuln/detail/CVE-2025-49796).
- Upgraded `libarchive` to version 3.7.4-2.amzn2023.0.4 to address [CVE-2025-5915](https://nvd.nist.gov/vuln/detail/CVE-2025-5915) and [CVE-2025-5917](https://nvd.nist.gov/vuln/detail/CVE-2025-5917).
- Upgraded `python3` and `python3-libs` to version 3.9.23-1.amzn2023.0.2 to address [CVE-2025-6069](https://nvd.nist.gov/vuln/detail/CVE-2025-6069).
- Upgraded `gnupg2-minimal` to version 2.3.7-1.amzn2023.0.5 to address [CVE-2025-30258](https://nvd.nist.gov/vuln/detail/CVE-2025-30258).
- Upgraded `opentelemetry-instrumentation` to version 0.41b0 to address [CVE-2023-43810](https://nvd.nist.gov/vuln/detail/CVE-2023-43810).
25.01.38
August 15, 2025
Security updates
-
Upgraded
glibcto version 2.41-r56 to address CVE-2025-8058. -
Upgraded
nimbus-jose-jwtto version 10.0.2 to address CVE-2025-53864. -
Upgraded
helm.sh/helm/v3to version 3.17.3 to address CVE-2025-32386 and CVE-2025-32387. -
Upgraded
github.com/cloudflare/circlto version 1.6.1 to address security vulnerabilities. -
Upgraded
setuptoolsto version 78.1.1 to address CVE-2025-47273.
25.01.37
August 6, 2025
Security updates
• Upgraded glib2 to version 2.82.2-766.amzn2023 to address CVE-2025-3360 and CVE-2025-6052.
• Upgraded transformers to version 4.51.0 to address CVE-2025-3264 and CVE-2025-3263.
• Upgraded python3 to version 3.9.23-1.amzn2023.0.1 to address CVE-2025-4330, CVE-2025-4435, CVE-2024-12718, CVE-2025-4138, and CVE-2025-4517.
• Upgraded python3 to version 3.9.22-1.amzn2023.0.2 to address CVE-2025-4516.
• Upgraded libarchive to version 3.7.4-2.amzn2023.0.3 to address CVE-2025-5914.
• Upgraded curl-minimal to version 8.11.1-4.amzn2023.0.1 to address CVE-2024-9681.
• Upgraded libxml2 to version 2.10.4-1.amzn2023.0.11 to address CVE-2025-6021.
25.01.36
August 1, 2025
Security updates
- Upgraded
libunbound8to version 1.19.2-1ubuntu3.5 to address CVE-2025-5994.
25.01.35
July 31, 2025
Security updates
- Upgraded
cryptographyto version 44.0.1 to address CVE-2024-12797.
25.01.34
July 23, 2025
Security updates
-
Upgraded
libicuto version 50.2-4.amzn2.0.2 to address CVE-2025-5222. -
Upgraded
pythonandpython-libsto version 2.7.18-1.amzn2.0.13 to address CVE-2025-6069. -
Upgraded
stdlibto version 1.24.4 to address CVE-2025-4673. -
Upgraded
stdlibto version 1.24.4 to address CVE-2025-0913. -
Upgraded
go/stdlibto version 1.24.2 to address CVE-2025-22871. -
Updated Go base image to improve security.
25.01.33
July 16, 2025
Security updates
-
Upgraded
gitandgit-manto version 1.2.43.0-1ubuntu7.3 to address CVE-2025-48385, CVE-2025-46835, CVE-2025-27614, CVE-2025-48384, CVE-2025-48386, and CVE-2025-27613. -
Upgraded
libssh-4to version 0.10.6-2ubuntu0.1 to address CVE-2025-5449, CVE-2025-5318, CVE-2025-5351, CVE-2025-5372, CVE-2025-5987, and security vulnerabilities. -
Upgraded
libpython3.12-minimalto version 3.12.3-1ubuntu0.7 to address CVE-2025-4138, CVE-2024-12718, CVE-2025-4330, CVE-2025-4517, CVE-2025-4435, CVE-2025-4516, and CVE-2025-1795. -
Upgraded
pillowto version 11.3.0 to address CVE-2025-48379. -
Upgraded
libxml2to version 2.9.1-6.amzn2.5.18 to address CVE-2025-6021. -
Upgraded
libpam0gto version 1.5.3-5ubuntu5.4 to address CVE-2025-6020. -
Upgraded
libsystemd0to version 255.4-1ubuntu8.8 to address CVE-2025-4598. -
Upgraded
krb5-localesto version 1.20.1-6ubuntu2.6 to address CVE-2025-3576. -
Upgraded
gnupgto version 2.4.4-2ubuntu17.3 to address USN-7412-2.
25.01.32
July 11, 2025
This release contained no user-facing changes.
25.01.31
July 9, 2025
- Resolved security vulnerability CVE-2024-35195 by removing the affected service from the platform.
25.01.30
July 4, 2025
This release contained no user-facing changes.
25.01.29
June 28, 2025
Enhancements
- Upgraded
rabbitmqto version 4.1.1.
Security updates
- Updated
jaegerto address CVE-2025-22871.
25.01.28
June 18, 2025
This release contains no user-facing changes.
25.01.27
June 17, 2025
This release contained no user-facing changes.
25.01.26
June 16, 2025
This release contained no user-facing changes.
25.01.25
June 16, 2025
This release contained no user-facing changes.
25.01.24
June 10, 2025
This release contained no user-facing changes.
25.01.23
June 6, 2025
This release contained no user-facing changes.
25.01.22
May 30, 2025
Bug fixes
- Fixed an issue where deleting runs would fail with a database error.
Security updates
-
Upgraded
torchto version 2.6.0 to address CVE-2025-32434. -
Upgraded
stdlibto version 1.23.8, 1.24.2 to address CVE-2025-22871. -
Upgraded
github.com/mattn/go-sqlite3to version 1.14.18 to address CVE-2023-7104. -
Upgraded
rayto version 2.43.0 to address CVE-2025-1979. -
Upgraded
org.eclipse.jetty:jetty-serverto version 12.0.12 to address CVE-2024-6763. -
Upgraded
github.com/go-jose/go-jose/v4to version 4.0.5 to address CVE-2025-27144. -
The
fastapipackage was updated from version 0.85.2 to 0.109.1 to resolve CVE-2024-24762. -
The
starlettepackage was updated from version 0.20.4 to 0.40.0 to resolve CVE-2024-47874. -
The
SixLabors.ImageSharppackage was updated from version 3.1.5 to 3.1.7 to resolve CVE-2025-27598. -
The
github.com/getkin/kin-openapipackage was updated to version 0.131.0 to resolve CVE-2025-30153. -
The
github.com/openfga/openfgapackage was updated from version 1.8.6 to 1.8.11 to resolve CVE-2025-46331. -
The
tornadopackage was updated from version 6.4.2 to version 6.5.0 to resolve CVE-2025-47287. -
The
stdlibpackage was updated to version 1.22.11/1.23.5/1.24.0-rc.2 to resolve CVE-2024-45336 and CVE-2024-45341. -
The
stdlibpackage was updated to version 1.22.12/1.23.6/1.24.0-rc.3 to resolve CVE-2025-22866. -
Fixed SQLServer TLS certificate handling issue with negative numbers in CI environment to resolve security vulnerability.
-
Updated Grafana to latest version to address security vulnerabilities.
25.01.21
May 15, 2025
Security updates
- Upgraded
spring-bootto version 3.4.5 to address CVE-2025-22235.
25.01.20
May 8, 2025
This release contained no user-facing changes.
25.01.19
May 1, 2025
Security updates
-
Fixed Git vulnerability in Redis.
-
Upgraded
jinja2to version 3.1.6 to address CVE-2025-27516. -
Upgraded Loki to address CVE-2025-22870.
-
Upgraded VictoriaMetrics to address CVE-2025-22872.
-
Upgraded VictoriaMetrics to address CVE-2025-22870.
25.01.18
April 25, 2025
This release contained no user-facing changes.
25.01.17
April 29, 2025
Security updates
-
Upgraded
Flaskto version 2.3.2 to address CVE-2023-30861. -
Removed
wgetfrom jaeger image to address CVE-2021-31879. -
Upgraded weaviate golang version to address CVE-2025-30204.
-
Upgraded
oauth2to version 0.27.0 to address CVE-2025-22868.
25.01.16
April 24, 2025
This release contained no user-facing changes.
25.01.15
April 23, 2025
Security updates
-
Fixed vulnerability in
weaviate. -
Upgraded
oauth2to version v0.21.0. -
Upgraded
flaskto version 2.3.2.
25.01.14
April 16, 2025
This release contained no user-facing changes.
25.01.13
April 11, 2025
Security updates
-
Upgraded
kerasto version 3.8.0 to address vulnerability CVE-2024-55459. -
Upgraded
Gunicornto version 23.0.0 to fix vulnerability CVE-2024-6827. -
Updated module
github.com/golang-jwt/jwt/v5to v5.2.2 to address vulnerability CVE-2025-30204. -
Removed
wgetfrom Dockerfile to fix vulnerability CVE-2021-31879.
25.01.12
April 9, 2025
No changes included with this release.
25.01.11
April 5, 2025
No changes included with this release.
25.01.10
April 2, 2025
Bug fixes
-
You couldn’t access resumed jobs if they were more than 24 hours old in the job service.
-
PDFs were corrupted when processed under certain circumstances.
-
Job log processing experienced bottlenecks due to queue limitations.
Security updates
-
Resolved CVE-2024-45338 | Updated
golang.org/x/netto v0.33.0 in weaviate. -
Converted
es-exporterto the Wolfi-based image. -
Resolved CVE-2024-45338 | Updated
golang.org/x/netto v0.33.0.
25.10.09
March 28, 2025
Bug fixes
- Job logs could grow without limits because the maximum queue length configuration was not supported.
25.10.08
March 28, 2025
This release contained no changes.
25.01.7
March 19, 2025
Security updates
-
Updated
jaegerwithstdlibto version 1.19.6 or 1.20.1. CVE-2022-41724 -
Updated
setuptoolsinjaegerto version 70.0.0. CVE-2024-6345
25.01.6
March 19, 2025
This release contained no user-facing changes.
25.01.5
March 12, 2025
Security updates
-
Updated
pygmentsto version 2.15.1 to address a ReDoS vulnerability. CVE-2022-40896 -
Updated
postgresqlJDBC driver to address SQL injection vulnerabilities. CVE-2022-31197, CVE-2024-1597 -
Removed
rayJAR files containing vulnerable dependencies. CVE-2018-8088
Bug fixes
- Deleted
.keyscall in post flow task to reduce Redis CPU usage.
25.01.5
March 12, 2025
This release contained no user-facing changes.
25.01.4
March 6, 2025
This release contained no user-facing changes.
25.01.3
March 6, 2025
Bug fixes
- Fixed missing
ibuserattribute inMODEL_SERVICE_OPERATIONaudit logs.
Security updates
-
Updated
netty-handlerintable-tserviceto 4.1.118.Final. CVE-2025-24970 -
Updated
jackson-databindin opensearch from version 2.7.9.2 to 2.9.8 to address a critical vulnerability related to polymorphic deserialization of the axis2-transport-jms class. CVE-2018-19360
25.01.2
February 27, 2025
Bug fixes
- Fixed missing
ibuserattribute inMODEL_SERVICE_OPERATIONaudit logs.
Security updates
-
Updated
netty-handlerto 4.1.118.Final. CVE-2025-24970 -
Updated
jackson-databindto 2.9.8. CVE-2018-19360 -
Updated
protobuf-javato 3.21.7. CVE-2022-3171, CVE-2022-3509, CVE-2022-3510 -
Updated
protobuf-javato 4.28.2. CVE-2024-7254 -
Updated
golang.org/x/netin weaviate. CVE-2023-45288
Release 25.01.1
Generally available February 25, 2025
Enhancements
- You can run accuracy reports on ground truth sets with class names greater than 31 characters.
Bug fixes
-
Human review did not correctly give some needed warnings.
-
Errors with Azure Blob store storage systems were not translated into their corresponding HTTP error codes, but were logged as INTERNAL errors.
-
Updated the
bootstraplibrary to version 5. -
Searching by job ID didn’t work reliably for certain formats.
Security fixes
-
Resolved [CVE-2021-26291] | Upgraded
maven-corepackage to version 3.8.1. -
Resolved CVE-2024-56201 | Upgraded
jinja2to version 3.1.5. -
Resolved [CVE-2024-47535] | Upgraded the
netty-commonpackage to version 4.1.115. -
Resolved [CVE-2024-47554] | Updated the
commons-io:commons-iopackage to version 2.14.0. -
Resolved [CVE-2024-8096] | Updated
jaeger-agentto 1.62.0. -
Resolved [CVE-2024-8309] | Updated the
langchainpackage to version 0.2.5. -
Resolved [CVE-2024-32002] | Removed
gitfrom theray-headDocker image. -
Resolved [CVE-2018-1000021]
-
Resolved [CVE-2024-56326] | Update
jinjapackage to version 3.1.5. -
Resolved [CVE-2024-38820], [CVE-2024-38827] | Updated the
springframework#spring-contextlibrary to version 6.1.14. -
Resolved [CVE-2024-45337] | Updated the
cryptopackage to version 0.31.0. -
Resolved [CVE-2024-45337] | Updated the
jaegerpackage to version 1.65.0. -
Resolved [CVE-2024-52804] | Updated the Python
tornadopackage to version 6.4.2. -
Resolved [CVE-2023-28859] | Updated the
redispackage to version 4.6.0. -
Resolved [CVE-2023-28858] | Updated the
redispackage to version 4.5.3. -
Resolved [CVE-2023-29401] | Updated the
ginpackage to version 1.9.1. -
Resolved [GHSA-78wr-2p64-hpwj] | Updated the
raypackage to version 2.39.0. -
Resolved [CVE-2024-3095] | Updated the
langchainpackage to version 0.2.10. -
Resolved [CVE-2024-49767] | Updated
werkzeugto version 3.0.6.