25.04 Release notes

Instabase 25.04 is a major release that introduces new features, enhancements, and bug fixes.

Subsequent patch releases typically contain bug fixes along with testing, optimizations, security fixes, and other internal changes.

25.04.39

November 14, 2025

Security updates

• Upgraded libunbound8 to version 1.19.2-1ubuntu3.6 to address CVE-2025-11411.

• Upgraded torch to version 2.8.0 to address CVE-2025-3730.

25.04.38

November 6, 2025

This release contained no user-facing changes.

25.04.37

October 30, 2025

Security updates

• Upgraded glibc to version 2.40-136, 2.41-57 to address CVE-2025-5745.

25.04.36

October 23, 2025

Security updates

• Upgraded pypdf to version 6.1.3 to address CVE-2025-62707 and CVE-2025-62708.

• Upgraded redis to version 6.2.20 to address CVE-2025-49844.

• Upgraded glibc to version 2.39-209, 2.40-139, 2.41-60 to address CVE-2025-5702.

• Upgraded pypdf to version 1.27.9, 2.10.6, 3.17.0, 6.0.0 to address CVE-2023-36807, CVE-2023-36810, and CVE-2023-46250.

• Upgraded pypdf to version 6.0.0 to address CVE-2025-55197.

• Upgraded black to version 24.3.0 to address CVE-2024-21503.

25.04.35

October 16, 2025

Security updates

• Upgraded `redis-tools` to version 5:7.0.15-1ubuntu0.24.04.2 to address [CVE-2025-49844](https://nvd.nist.gov/vuln/detail/CVE-2025-49844).
• Upgraded `python3-pip-wheel` to version 21.3.1-2.amzn2023.0.14 to address [CVE-2025-8869](https://nvd.nist.gov/vuln/detail/CVE-2025-8869).
• Upgraded `openssl-libs` to version 1:3.2.2-1.amzn2023.0.2 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230) and [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231).
• Upgraded `curl` to version 8.14.1-r2 to address [CVE-2025-10148](https://nvd.nist.gov/vuln/detail/CVE-2025-10148) and [CVE-2025-9086](https://nvd.nist.gov/vuln/detail/CVE-2025-9086).
• Upgraded `coreutils-single` to version 8.32-30.amzn2023.0.4 to address [CVE-2025-5278](https://nvd.nist.gov/vuln/detail/CVE-2025-5278).
• Upgraded `expat` to version 2.6.3-1.amzn2023.0.3 to address [CVE-2025-59375](https://nvd.nist.gov/vuln/detail/CVE-2025-59375).
• Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230), [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231), and [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
• Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
• Upgraded `coreutils-single` to version 8.32-30.amzn2023.0.4 to address security vulnerabilities.
• Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230), [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231), and [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
• Upgraded `stdlib` to version 1.25.1 to address [CVE-2025-47910](https://nvd.nist.gov/vuln/detail/CVE-2025-47910).
• Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47906](https://nvd.nist.gov/vuln/detail/CVE-2025-47906).
• Upgraded `github.com/go-viper/mapstructure/v2` to version 2.4.0 to address security vulnerabilities.
• Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907).

25.04.34

October 16, 2025

This release contained no user-facing changes.

25.04.33

October 9, 2025

Security updates

• Upgraded redis to version 6.2.20 to address CVE-2025-49844.

25.04.32

October 2, 2025

Security updates

• Upgraded openssl and libssl3t64 to version 3.0.13-0ubuntu3.6 to address CVE-2025-9231 and CVE-2025-9232.

25.04.31

September 25, 2025

Security updates

• Upgraded openssl to version 1.1.1x to address CVE-2021-3711, CVE-2021-3712, CVE-2022-1292, CVE-2022-2068, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-4807, CVE-2023-5678, and CVE-2024-0727.

• Upgraded busybox to version 1.36.1 to address CVE-2022-48174.

• Upgraded golang.org/x/oauth2 to version 0.27.0 to address CVE-2025-22868.

• Upgraded github.com/go-viper/mapstructure/v2 to version 2.4.0 to address GHSA-2464-8j7c-4cjm and GHSA-fv92-fjc5-jj9h.

• Upgraded stdlib to version 1.23.12 to address CVE-2025-47907, CVE-2025-0913, and CVE-2025-4673.

• Upgraded libxml2 to version 2.13.6 to address CVE-2025-9714 and CVE-2025-13038.

• Upgraded zstd to version 1.5.6 to address CVE-2022-4899.

25.04.30

September 17, 2025

Security updates

• Upgraded libxml2 to version 2.9.14+dfsg-1.3ubuntu3.5 to address CVE-2025-9714.

25.04.29

September 12, 2025

Security updates

• Upgraded busybox to version 1.37.0-r50 to address CVE-2025-46394.

• Upgraded github.com/go-viper/mapstructure/v2 to version 2.3.0 to address CVE-2025-52893.

• Upgraded go/stdlib to version 1.24.6 to address CVE-2025-47907.

25.04.28

September 12, 2025

This release contains no user-facing changes.

25.04.27

September 4, 2025

Security updates

• Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907).
• Upgraded `libcrypto3` to version 3.5.1-r0 to address [CVE-2025-4575](https://nvd.nist.gov/vuln/detail/CVE-2025-4575).
• Upgraded `github.com/go-viper/mapstructure/v2` to version 2.3.0 to address security vulnerabilities.
• Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-22874](https://nvd.nist.gov/vuln/detail/CVE-2025-22874).
• Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-0913](https://nvd.nist.gov/vuln/detail/CVE-2025-0913).
• Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-4673](https://nvd.nist.gov/vuln/detail/CVE-2025-4673).

25.04.26

August 27, 2025

This release contained no user-facing changes.

25.04.25

August 21, 2025

Security updates

• Upgraded stdlib to version 1.24.4 to address CVE-2025-22874, CVE-2025-4673, and CVE-2025-0913.

• Upgraded github.com/go-viper/mapstructure/v2 to version 2.3.0 to address security vulnerabilities.

25.04.24

August 21, 2025

Security updates

• Upgraded opentelemetry-instrumentation to version 0.41b0 to address CVE-2023-43810.

25.04.23

August 20, 2025

Security updates

• Upgraded `libxml2` to version 2.10.4-1.amzn2023.0.12 to address [CVE-2025-49794](https://nvd.nist.gov/vuln/detail/CVE-2025-49794), [CVE-2025-49795](https://nvd.nist.gov/vuln/detail/CVE-2025-49795), and [CVE-2025-49796](https://nvd.nist.gov/vuln/detail/CVE-2025-49796).
• Upgraded `libarchive` to version 3.7.4-2.amzn2023.0.4 to address [CVE-2025-5915](https://nvd.nist.gov/vuln/detail/CVE-2025-5915) and [CVE-2025-5917](https://nvd.nist.gov/vuln/detail/CVE-2025-5917).
• Upgraded `python3` and `python3-libs` to version 3.9.23-1.amzn2023.0.2 to address [CVE-2025-6069](https://nvd.nist.gov/vuln/detail/CVE-2025-6069).
• Upgraded `gnupg2-minimal` to version 2.3.7-1.amzn2023.0.5 to address [CVE-2025-30258](https://nvd.nist.gov/vuln/detail/CVE-2025-30258).
• Upgraded `opentelemetry-instrumentation` to version 0.41b0 to address [CVE-2023-43810](https://nvd.nist.gov/vuln/detail/CVE-2023-43810).

25.04.22

August 15, 2025

Security updates

• Upgraded glibc to version 2.41-r56 to address CVE-2025-8058.

• Upgraded nimbus-jose-jwt to version 10.0.2 to address CVE-2025-53864.

• Upgraded helm.sh/helm/v3 to version 3.17.3 to address CVE-2025-32386 and CVE-2025-32387.

• Upgraded github.com/cloudflare/circl to version 1.6.1 to address security vulnerabilities.

• Upgraded setuptools to version 78.1.1 to address CVE-2025-47273.

25.04.21

August 6, 2025

Security updates

• Upgraded glib2 to version 2.82.2-766.amzn2023 to address CVE-2025-3360 and CVE-2025-6052.

• Upgraded transformers to version 4.51.0 to address CVE-2025-3264 and CVE-2025-3263.

• Upgraded python3 to version 3.9.23-1.amzn2023.0.1 to address CVE-2025-4330, CVE-2025-4435, CVE-2024-12718, CVE-2025-4138, and CVE-2025-4517.

• Upgraded python3 to version 3.9.22-1.amzn2023.0.2 to address CVE-2025-4516.

• Upgraded libarchive to version 3.7.4-2.amzn2023.0.3 to address CVE-2025-5914.

• Upgraded curl-minimal to version 8.11.1-4.amzn2023.0.1 to address CVE-2024-9681.

• Upgraded libxml2 to version 2.10.4-1.amzn2023.0.11 to address CVE-2025-6021.

25.04.20

August 1, 2025

Security updates

• Upgraded libunbound8 to version 1.19.2-1ubuntu3.5 to address CVE-2025-5994.

25.04.19

July 31, 2025

Security updates

• Upgraded cryptography to version 44.0.1 to address CVE-2024-12797.

25.04.18

July 23, 2025

Security updates

• Upgraded libicu to version 50.2-4.amzn2.0.2 to address CVE-2025-5222.

• Upgraded python and python-libs to version 2.7.18-1.amzn2.0.13 to address CVE-2025-6069.

• Upgraded stdlib to version 1.24.4 to address CVE-2025-4673.

• Upgraded stdlib to version 1.24.4 to address CVE-2025-0913.

• Upgraded go/stdlib to version 1.24.2 to address CVE-2025-22871.

• Updated Go base image to improve security.

25.04.17

July 16, 2025

Security updates

• Upgraded git and git-man to version 1.2.43.0-1ubuntu7.3 to address CVE-2025-48385, CVE-2025-46835, CVE-2025-27614, CVE-2025-48384, CVE-2025-48386, and CVE-2025-27613.

• Upgraded libssh-4 to version 0.10.6-2ubuntu0.1 to address CVE-2025-5449, CVE-2025-5318, CVE-2025-5351, CVE-2025-5372, CVE-2025-5987, and security vulnerabilities.

• Upgraded libpython3.12-minimal to version 3.12.3-1ubuntu0.7 to address CVE-2025-4138, CVE-2024-12718, CVE-2025-4330, CVE-2025-4517, CVE-2025-4435, CVE-2025-4516, and CVE-2025-1795.

• Upgraded pillow to version 11.3.0 to address CVE-2025-48379.

• Upgraded libxml2 to version 2.9.1-6.amzn2.5.18 to address CVE-2025-6021.

• Upgraded libpam0g to version 1.5.3-5ubuntu5.4 to address CVE-2025-6020.

• Upgraded libsystemd0 to version 255.4-1ubuntu8.8 to address CVE-2025-4598.

• Upgraded krb5-locales to version 1.20.1-6ubuntu2.6 to address CVE-2025-3576.

• Upgraded gnupg to version 2.4.4-2ubuntu17.3 to address USN-7412-2.

25.04.16

July 11, 2025

This release contained no user-facing changes.

25.04.15

July 9, 2025

• Resolved security vulnerability CVE-2024-35195 by removing the affected service from the platform.

25.04.14

July 9, 2025

This release contained no user-facing changes.

25.04.13

July 6, 2025

This release contained no user-facing changes.

25.04.12

July 5, 2025

This release contained no user-facing changes.

25.04.11

June 30, 2025

Enhancements

• Upgraded rabbitmq to version 4.1.1.

Security updates

• Updated jaeger to address CVE-2025-22871.

25.04.10

June 18, 2025

This release contains no user-facing changes.

25.04.9

June 17, 2025

This release contained no user-facing changes.

25.04.8

June 16, 2025

This release contained no user-facing changes.

25.04.7

June 16, 2025

This release contained no user-facing changes.

25.04.6

June 10, 2025

This release contained no user-facing changes.

25.04.5

June 10, 2025

This release contained no user-facing changes.

25.04.4

June 6, 2025

This release contained no user-facing changes.

25.04.3

May 30, 2025

Security updates

• Upgraded spring-boot to version 3.4.5 to address CVE-2025-22235.

• Upgraded torch to version 2.6.0 to address CVE-2025-32434.

• Upgraded torch to version 2.6.0 to address CVE-2025-32434.

• Upgraded stdlib to version 1.23.8, 1.24.2 to address CVE-2025-22871.

• Upgraded github.com/mattn/go-sqlite3 to version 1.14.18 to address CVE-2023-7104.

• Upgraded ray to version 2.43.0 to address CVE-2025-1979.

• Upgraded ray to version 2.43.0 to address CVE-2025-1979.

• Upgraded ray to version 2.43.0 to address CVE-2025-1979.

• Upgraded org.eclipse.jetty:jetty-server to version 12.0.12 to address CVE-2024-6763.

• Upgraded github.com/go-jose/go-jose/v4 to version 4.0.5 to address CVE-2025-27144.

• Upgraded stdlib to version 1.22.11, 1.23.5, 1.24.0-rc.2 to address CVE-2024-45336.

• Upgraded stdlib to version 1.22.12, 1.23.6, 1.24.0-rc.3 to address CVE-2025-22866.

• Upgraded stdlib to version 1.22.11, 1.23.5, 1.24.0-rc.2 to address CVE-2024-45341.

Bug fixes

• Fixed an issue where deleting runs would fail with a database error.

25.04.2

May 14, 2025

This version contained no user-facing changes.

25.04.1

May 12, 2025

Enhancements

• You can run accuracy reports on ground truth sets with class names greater than 31 characters.

• Updated the bootstrap library to version 5.

Bug fixes

• Selected fields were unexpectedly deselected when you added arguments to custom functions.

• Deployment runs used the latest AI runtime version regardless of the connected app’s AI runtime version.

• Selected fields were unexpectedly deselected when you added arguments to custom functions.

• Deployment runs used the latest AI runtime version regardless of the connected app’s AI runtime version.

• PDFs were corrupted when processed under certain circumstances.

• Job access issues:

  • You couldn’t access resumed jobs if they were more than 24 hours old in the job service.
  • Searching by job ID didn’t work reliably for certain formats.

• Job log processing experienced issues:

  • Bottlenecks due to queue limitations.
  • Job logs could grow without limits because the maximum queue length configuration was not supported.

• Deleted .keys call in post flow task to reduce Redis CPU usage.

• Fixed missing ibuser attribute in MODEL_SERVICE_OPERATION audit logs.

• Human review did not correctly give some needed warnings.

• Errors with Azure Blob store storage systems were not translated into their corresponding HTTP error codes, but were logged as INTERNAL errors.

Security fixes

• Upgraded spring-boot to version 3.4.5 to address CVE-2025-22235.

• Upgraded Flask to version 2.3.2 to address CVE-2023-30861.

• Removed wget from jaeger image to address CVE-2021-31879.

• Upgraded weaviate golang version to address CVE-2025-30204.

• Upgraded oauth2 to version 0.27.0 to address CVE-2025-22868.

• Fixed vulnerability in weaviate.

• Upgraded oauth2 to version v0.21.0.

• Upgraded keras to version 3.8.0 to address vulnerability CVE-2024-55459.

• Upgraded Gunicorn to version 23.0.0 to fix vulnerability CVE-2024-6827.

• Updated module github.com/golang-jwt/jwt/v5 to v5.2.2 to address vulnerability CVE-2025-30204.

• Resolved CVE-2024-45338: Updated golang.org/x/net to v0.33.0 in weaviate.

• Converted es-exporter to the Wolfi-based image.

• Updated jaeger with stdlib to version 1.19.6 or 1.20.1 (CVE-2022-41724).

• Updated setuptools in jaeger to version 70.0.0 (CVE-2024-6345).

• Updated pygments to version 2.15.1 to address a ReDoS vulnerability (CVE-2022-40896).

• Updated postgresql JDBC driver to address SQL injection vulnerabilities (CVE-2022-31197, CVE-2024-1597).

• Removed ray JAR files containing vulnerable dependencies (CVE-2018-8088).

• Updated netty-handler in table-tservice to 4.1.118.Final (CVE-2025-24970).

• Updated jackson-databind in opensearch from version 2.7.9.2 to 2.9.8 (CVE-2018-19360).

• Updated protobuf-java to 3.21.7 (CVE-2022-3171, CVE-2022-3509, CVE-2022-3510).

• Updated protobuf-java to 4.28.2 (CVE-2024-7254).

• Updated golang.org/x/net in weaviate (CVE-2023-45288).

• Upgraded maven-core package to version 3.8.1 (CVE-2021-26291).

• Upgraded jinja2 to version 3.1.5 (CVE-2024-56201).

• Upgraded the netty-common package to version 4.1.115 (CVE-2024-47535).

• Updated the commons-io:commons-io package to version 2.14.0 (CVE-2024-47554).

• Updated jaeger-agent to 1.62.0 (CVE-2024-8096).

• Updated the langchain package to version 0.2.5 (CVE-2024-8309).

• Removed git from the ray-head Docker image (CVE-2024-32002).

• Resolved CVE-2018-1000021 (no details given).

• Updated jinja package to version 3.1.5 (CVE-2024-56326).

• Updated the springframework#spring-context library to version 6.1.14 (CVE-2024-38820, CVE-2024-38827).

• Updated the crypto package to version 0.31.0 (CVE-2024-45337).

• Updated the jaeger package to version 1.65.0 (CVE-2024-45337).

• Updated the Python tornado package to version 6.4.2 (CVE-2024-52804).

• Updated the redis package to version 4.6.0 (CVE-2023-28859).

• Updated the redis package to version 4.5.3 (CVE-2023-28858).

• Updated the gin package to version 1.9.1 (CVE-2023-29401).

• Updated the ray package to version 2.39.0 (GHSA-78wr-2p64-hpwj).

• Updated the langchain package to version 0.2.10 (CVE-2024-3095).

• Updated werkzeug to version 3.0.6 (CVE-2024-49767).