25.07 (LTS) Release notes

Instabase 25.07 is a long-term support (LTS) major release that introduces new features, enhancements, and bug fixes. This version of Instabase platform is supported for two years.

Subsequent patch releases typically contain bug fixes along with testing, optimizations, security fixes, and other internal changes.

25.07.109

November 14, 2025

Security updates

• Upgraded libunbound8 to version 1.19.2-1ubuntu3.6 to address CVE-2025-11411.

• Upgraded torch to version 2.8.0 to address CVE-2025-3730.

25.07.108

November 6, 2025

This release contained no user-facing changes.

25.07.107

October 30, 2025

Security updates

• Upgraded glibc to version 2.40-136, 2.41-57 to address CVE-2025-5745.

25.07.106

October 23, 2025

Security updates

• Upgraded pypdf to version 6.1.3 to address CVE-2025-62707 and CVE-2025-62708.

• Upgraded redis to version 6.2.20 to address CVE-2025-49844.

• Upgraded glibc to version 2.39-209, 2.40-139, 2.41-60 to address CVE-2025-5702.

• Upgraded pypdf to version 1.27.9, 2.10.6, 3.17.0, 6.0.0 to address CVE-2023-36807, CVE-2023-36810, and CVE-2023-46250.

• Upgraded pypdf to version 6.0.0 to address CVE-2025-55197.

• Upgraded black to version 24.3.0 to address CVE-2024-21503.

25.07.105

October 16, 2025

Security updates

• Upgraded `redis-tools` to version 5:7.0.15-1ubuntu0.24.04.2 to address [CVE-2025-49844](https://nvd.nist.gov/vuln/detail/CVE-2025-49844).
• Upgraded `python3-pip-wheel` to version 21.3.1-2.amzn2023.0.14 to address [CVE-2025-8869](https://nvd.nist.gov/vuln/detail/CVE-2025-8869).
• Upgraded `openssl-libs` to version 1:3.2.2-1.amzn2023.0.2 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230) and [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231).
• Upgraded `curl` to version 8.14.1-r2 to address [CVE-2025-10148](https://nvd.nist.gov/vuln/detail/CVE-2025-10148) and [CVE-2025-9086](https://nvd.nist.gov/vuln/detail/CVE-2025-9086).
• Upgraded `coreutils-single` to version 8.32-30.amzn2023.0.4 to address [CVE-2025-5278](https://nvd.nist.gov/vuln/detail/CVE-2025-5278).
• Upgraded `expat` to version 2.6.3-1.amzn2023.0.3 to address [CVE-2025-59375](https://nvd.nist.gov/vuln/detail/CVE-2025-59375).
• Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230), [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231), and [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
• Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
• Upgraded `coreutils-single` to version 8.32-30.amzn2023.0.4 to address security vulnerabilities.
• Upgraded `libcrypto3` and `libssl3` to version 3.5.4-r0 to address [CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230), [CVE-2025-9231](https://nvd.nist.gov/vuln/detail/CVE-2025-9231), and [CVE-2025-9232](https://nvd.nist.gov/vuln/detail/CVE-2025-9232).
• Upgraded `stdlib` to version 1.25.1 to address [CVE-2025-47910](https://nvd.nist.gov/vuln/detail/CVE-2025-47910).
• Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47906](https://nvd.nist.gov/vuln/detail/CVE-2025-47906).
• Upgraded `github.com/go-viper/mapstructure/v2` to version 2.4.0 to address security vulnerabilities.
• Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907).

25.07.104

October 16, 2025

This release contained no user-facing changes.

25.07.103

October 9, 2025

Security updates

• Upgraded redis to version 6.2.20 to address CVE-2025-49844.

25.07.102

October 2, 2025

Security updates

• Upgraded openssl and libssl3t64 to version 3.0.13-0ubuntu3.6 to address CVE-2025-9231 and CVE-2025-9232.

25.07.101

September 25, 2025

Security updates

• Upgraded openssl to version 1.1.1x to address CVE-2021-3711, CVE-2021-3712, CVE-2022-1292, CVE-2022-2068, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-4807, CVE-2023-5678, and CVE-2024-0727.

• Upgraded busybox to version 1.36.1 to address CVE-2022-48174.

• Upgraded golang.org/x/oauth2 to version 0.27.0 to address CVE-2025-22868.

• Upgraded github.com/go-viper/mapstructure/v2 to version 2.4.0 to address GHSA-2464-8j7c-4cjm and GHSA-fv92-fjc5-jj9h.

• Upgraded stdlib to version 1.23.12 to address CVE-2025-47907, CVE-2025-0913, and CVE-2025-4673.

• Upgraded libxml2 to version 2.13.6 to address CVE-2025-9714 and CVE-2025-13038.

• Upgraded zstd to version 1.5.6 to address CVE-2022-4899.

25.07.100

September 17, 2025

This release contains no user-facing changes.

25.07.99

September 17, 2025

Security updates

• Upgraded libxml2 to version 2.9.14+dfsg-1.3ubuntu3.5 to address CVE-2025-9714.

25.07.98

September 17, 2025

Security updates

• Upgraded github.com/miekg/dns to version 1.1.31 to address CVE-2017-3142.

• Upgraded requests Python package to version 2.32.4 to address CVE-2024-47081.

• Upgraded busybox to version 1.37.0-r50 to address CVE-2025-46394.

• Upgraded github.com/go-viper/mapstructure/v2 to version 2.3.0 to address CVE-2025-52893.

• Upgraded go/stdlib to version 1.24.6 to address CVE-2025-47907.

25.07.97

September 12, 2025

This release contained no user-facing changes.

25.07.96

September 4, 2025

Security updates

• Upgraded `stdlib` to version 1.24.6 to address [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907).
• Upgraded `libcrypto3` to version 3.5.1-r0 to address [CVE-2025-4575](https://nvd.nist.gov/vuln/detail/CVE-2025-4575).
• Upgraded `github.com/go-viper/mapstructure/v2` to version 2.3.0 to address security vulnerabilities.
• Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-22874](https://nvd.nist.gov/vuln/detail/CVE-2025-22874).
• Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-0913](https://nvd.nist.gov/vuln/detail/CVE-2025-0913).
• Upgraded `stdlib` to version 1.24.4 to address [CVE-2025-4673](https://nvd.nist.gov/vuln/detail/CVE-2025-4673).

25.07.95

August 27, 2025

This release contained no user-facing changes.

25.07.94

August 21, 2025

Security updates

• Upgraded stdlib to version 1.24.4 to address CVE-2025-22874, CVE-2025-4673, and CVE-2025-0913.

• Upgraded github.com/go-viper/mapstructure/v2 to version 2.3.0 to address security vulnerabilities.

25.07.93

August 21, 2025

Security updates

• Upgraded opentelemetry-instrumentation to version 0.41b0 to address CVE-2023-43810.

25.07.92

August 20, 2025

Security updates

• Upgraded `libxml2` to version 2.10.4-1.amzn2023.0.12 to address [CVE-2025-49794](https://nvd.nist.gov/vuln/detail/CVE-2025-49794), [CVE-2025-49795](https://nvd.nist.gov/vuln/detail/CVE-2025-49795), and [CVE-2025-49796](https://nvd.nist.gov/vuln/detail/CVE-2025-49796).
• Upgraded `libarchive` to version 3.7.4-2.amzn2023.0.4 to address [CVE-2025-5915](https://nvd.nist.gov/vuln/detail/CVE-2025-5915) and [CVE-2025-5917](https://nvd.nist.gov/vuln/detail/CVE-2025-5917).
• Upgraded `python3` and `python3-libs` to version 3.9.23-1.amzn2023.0.2 to address [CVE-2025-6069](https://nvd.nist.gov/vuln/detail/CVE-2025-6069).
• Upgraded `gnupg2-minimal` to version 2.3.7-1.amzn2023.0.5 to address [CVE-2025-30258](https://nvd.nist.gov/vuln/detail/CVE-2025-30258).
• Upgraded `opentelemetry-instrumentation` to version 0.41b0 to address [CVE-2023-43810](https://nvd.nist.gov/vuln/detail/CVE-2023-43810).

25.07.91

This version is the first generally available release of 25.07, using a newly aligned patch numbering scheme. Instabase platform patches released within the same week now share the same patch number (the ZZ in the XX.YY.ZZ versioning format).

August 15, 2025

Enhancements

• You can run accuracy reports on ground truth sets with class names greater than 31 characters.

• Updated the bootstrap library to version 5.

• Upgraded rabbitmq to version 4.1.1.

Bug fixes

• Fixed an issue where selected fields were unexpectedly deselected when you added arguments to custom functions.

• Fixed an issue where deployment runs used the latest AI runtime version regardless of the connected app’s AI runtime version.

• Fixed an issue where PDFs were corrupted when processed under certain circumstances.

• Fixed job access issues where you couldn’t access resumed jobs if they were more than 24 hours old in the job service, and searching by job ID didn’t work reliably for certain formats.

• Fixed job log processing issues including bottlenecks due to queue limitations and job logs growing without limits because the maximum queue length configuration wasn’t supported.

• Fixed missing ibuser attribute in MODEL_SERVICE_OPERATION audit logs.

• Fixed an issue where human review didn’t correctly give some needed warnings.

• Fixed an issue where errors with Azure Blob store storage systems wereot translated into their corresponding HTTP error codes, but were logged as INTERNAL errors.

• Fixed an issue where deleting runs would fail with a database error.

Security updates

• Upgraded glibc to version 2.41-r56 to address CVE-2025-8058.

• Upgraded nimbus-jose-jwt to version 10.0.2 to address CVE-2025-53864.

• Upgraded helm.sh/helm/v3 to version 3.17.3 to address CVE-2025-32386 and CVE-2025-32387.

• Upgraded github.com/cloudflare/circl to version 1.6.1 to address security vulnerabilities.

• Upgraded setuptools to version 78.1.1 to address CVE-2025-47273.

• Upgraded glib2 to version 2.82.2-766.amzn2023 to address CVE-2025-3360 and CVE-2025-6052.

• Upgraded transformers to version 4.51.0 to address CVE-2025-3264 and CVE-2025-3263.

• Upgraded python3 to version 3.9.23-1.amzn2023.0.1 to address CVE-2025-4330, CVE-2025-4435, CVE-2024-12718, CVE-2025-4138, and CVE-2025-4517.

• Upgraded python3 to version 3.9.22-1.amzn2023.0.2 to address CVE-2025-4516.

• Upgraded lib narchive to version 3.7.4-2.amzn2023.0.3 to address CVE-2025-5914.

• Upgraded curl-minimal to version 8.11.1-4.amzn2023.0.1 to address CVE-2024-9681.

• Upgraded libxml2 to versions 2.10.4-1.amzn2023.0.11 and 2.9.1-6.amzn2.5.18 to address CVE-2025-6021.

• Upgraded libunbound8 to version 1.19.2-1ubuntu3.5 to address CVE-2025-5994.

• Upgraded cryptography to version 44.0.1 to address CVE-2024-12797.

• Upgraded libicu to version 50.2-4.amzn2.0.2 to address CVE-2025-5222.

• Upgraded python and python-libs to version 2.7.18-1.amzn2.0.13 to address CVE-2025-6069.

• Upgraded stdlib to version 1.24.4 to address CVE-2025-4673 and CVE-2025-0913.

• Upgraded go/stdlib to version 1.24.2 to address CVE-2025-22871.

• Updated Go base image to improve security.

• Upgraded git and git-man to version 1.2.43.0-1ubuntu7.3 to address CVE-2025-48385, CVE-2025-46835, CVE-2025-27614, CVE-2025-48384, CVE-2025-48386, and CVE-2025-27613.

• Upgraded libssh-4 to version 0.10.6-2ubuntu0.1 to address CVE-2025-5449, CVE-2025-5318, CVE-2025-5351, CVE-2025-5372, CVE-2025-5987, and security vulnerabilities.

• Upgraded libpython3.12-minimal to version 3.12.3-1ubuntu0.7 to address CVE-2025-4138, CVE-2024-12718, CVE-2025-4330, CVE-2025-4517, CVE-2025-4435, CVE-2025-4516, and CVE-2025-1795.

• Upgraded pillow to version 11.3.0 to address CVE-2025-48379.

• Upgraded libpam0g to version 1.5.3-5ubuntu5.4 to address CVE-2025-6020.

• Upgraded libsystemd0 to version 255.4-1ubuntu8.8 to address CVE-2025-4598.

• Upgraded krb5-locales to version 1.20.1-6ubuntu2.6 to address CVE-2025-3576.

• Upgraded gnupg to version 2.4.4-2ubuntu17.3 to address USN-7412-2.

• Resolved security vulnerability CVE-2024-35195 by removing the affected service from the platform.

• Updated jaeger and jaeger-agent to various versions to address CVE-2025-22871, CVE-2022-41724, CVE-2024-45337, and CVE-2024-8096.

• Upgraded spring-boot to version 3.4.5 to address CVE-2025-22235.

• Upgraded torch to version 2.6.0 to address CVE-2025-32434.

• Upgraded stdlib to various versions to address CVE-2025-22871, CVE-2024-45336, CVE-2025-22866, and CVE-2024-45341.

• Upgraded github.com/mattn/go-sqlite3 to version 1.14.18 to address CVE-2023-7104.

• Upgraded ray to version 2.43.0 to address CVE-2025-1979.

• Upgraded org.eclipse.jetty:jetty-server to version 12.0.12 to address CVE-2024-6763.

• Upgraded github.com/go-jose/go-jose/v4 to version 4.0.5 to address CVE-2025-27144.

• Upgraded Flask to version 2.3.2 to address CVE-2023-30861.

• Removed wget from jaeger image to address CVE-2021-31879.

• Upgraded weaviate golang version to address CVE-2025-30204.

• Upgraded oauth2 to versions 0.27.0 and v0.21.0 to address CVE-2025-22868.

• Fixed vulnerability in weaviate.

• Upgraded keras to version 3.8.0 to address vulnerability CVE-2024-55459.

• Upgraded Gunicorn to version 23.0.0 to fix vulnerability CVE-2024-6827.

• Updated module github.com/golang-jwt/jwt/v5 to v5.2.2 to address vulnerability CVE-2025-30204.

• Resolved CVE-2024-45338: Updated golang.org/x/net to v0.33.0 in weaviate.

• Converted es-exporter to the Wolfi-based image.

• Updated setuptools in jaeger to version 70.0.0 (CVE-2024-6345).

• Updated pygments to version 2.15.1 to address a ReDoS vulnerability (CVE-2022-40896).

• Updated postgresql JDBC driver to address SQL injection vulnerabilities (CVE-2022-31197, CVE-2024-1597).

• Removed ray JAR files containing vulnerable dependencies (CVE-2018-8088).

• Updated netty-handler in table-tservice to 4.1.118.Final (CVE-2025-24970).

• Updated jackson-databind in opensearch from version 2.7.9.2 to 2.9.8 (CVE-2018-19360).

• Updated protobuf-java to versions 3.21.7 and 4.28.2 to address CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, and CVE-2024-7254.

• Updated golang.org/x/net in weaviate (CVE-2023-45288).

• Upgraded maven-core package to version 3.8.1 (CVE-2021-26291).

• Upgraded jinja2 to version 3.1.5 (CVE-2024-56201).

• Upgraded the netty-common package to version 4.1.115 (CVE-2024-47535).

• Updated the commons-io:commons-io package to version 2.14.0 (CVE-2024-47554).

• Updated the langchain package to versions 0.2.5 and 0.2.10 to address CVE-2024-8309 and CVE-2024-3095.

• Removed git from the ray-head Docker image (CVE-2024-32002).

• Resolved CVE-2018-1000021 (no details given).

• Updated the springframework#spring-context library to version 6.1.14 (CVE-2024-38820, CVE-2024-38827).

• Updated the crypto package to version 0.31.0 (CVE-2024-45337).

• Updated the Python tornado package to version 6.4.2 (CVE-2024-52804).

• Updated the redis package to versions 4.6.0 and 4.5.3 to address CVE-2023-28859 and CVE-2023-28858.

• Updated the gin package to version 1.9.1 (CVE-2023-29401).

• Updated the ray package to version 2.39.0 (GHSA-78wr-2p64-hpwj).

• Updated werkzeug to version 3.0.6 (CVE-2024-49767).