This release contains in addition to what is listed below:
the same fixes and updates as provided in com.castsoftware.aip 8.3.61.
internal analysis engine v3.1.20-funcrel.
critical security patches to address identified vulnerabilities, listed in Security fixes.
Feature Improvements
Summary
Details
AIPCORE-5736, AIPLITE-1633, SAP-403
Enabled discovery for SAP/ABAP technologies, paving the way for supporting their analysis in the future.
Other Updates
Internal Id
Details
AIPLITE-1363
General codebase hardening and cleanup for stabilization, including removal of warnings and minor technical improvements.
AIPCORE-5687
Improved and corrected the detection of certain C/C++ file extensions to ensure that all files that should be analyzed are correctly flagged as such during the source code delivery.
AIPCORE-5720
Additional PostgreSQL binaries are now included. They are used for backup/restore operations. The new binaries provide support for PostgreSQL 17 and 18 as a storage host for CAST Imaging v3. See What are the database requirements?.
Resolved Issues
Customer Ticket Id
Details
55612
Fixed a crash where long‑running analyses completed but failed to save results (no UAX/JSON generated); analysis results are now correctly saved for very large applications
55065
Fixed a crash where long‑running analyses completed but failed to save results (no UAX/JSON generated); analysis results are now correctly saved for very large applications.
54934
Fixed an issue where analyses could fail due to file-name encoding errors with accented characters; such cases now generate warnings instead of stopping the analysis.
55023
Fixed an issue where source code delivery could fail during the “attach package to version” phase with a Selection (2001) error. Deliveries now complete successfully without fatal errors.
46440
Fixed an issue where VB.NET analysis units were not created when two .vbproj projects shared the same assembly name; both projects are now correctly discovered and analyzed.
Bug Fixes
Details
Simplified JSON-based AMT Injector handling by removing special processing of the fullPath string property (#103) and relying on existing path/bookmark attributes instead, reducing JSON size and avoiding inconsistencies.
Fixed an issue where concurrent upgrades after migration from Console v2 to v3 could corrupt the cast-ms.connectionProfiles.pmx file and cause the Core 8.3.60 to 8.4.7 upgrade to fail; connection profile handling is now robust against concurrent access.
8.4.7
Note
This release contains in addition to what is listed below:
the same fixes and updates as provided in com.castsoftware.aip 8.3.60.
internal analysis engine v3.1.16-funcrel.
critical security patches to address identified vulnerabilities, listed in Security fixes.
Feature Improvements
Summary
Details
Improved path handling for analyzers
Provides improvements (removes an extraneous trailing slash) with regard to the way in which include paths are referenced in the internal .castdelivery file. This will benefit analyzers such as C/C++ and provide more robust analysis results.
Other Updates
Internal Id
Details
AIPCORE-5669
An update has been made to ensure that global license keys are no longer written in plain text in analysis logs files.
Bug Fixes
Details
Fixes an issue causing erroneous data with regard to copy/paste metrics (some files were incorrectly recorded twice as being copies of themselves).
Fixes an issue where JEE objects and SQL objects referenced by the JEE objects were sharing the same ID range, causing them to be duplicated in the results display.
Fixes an issue where links between objects varied across successive analyses of identical source code. This occurred when the code matched multiple language patterns, each determining a different link type, and the results were processed in a non-deterministic order. The analysis engine now creates all applicable link types when code matches multiple patterns, then merges them into a single link when saving results.
Fixes an issue where the Shell extension preprocessor tool was not being called during a Shell analysis causing erroneous results.
Provides fixes to resolve CVEs found in com.castsoftware.imaging.core. See Security fixes.
A correction has been applied which affects violation counts for rules 7126 (Avoid Artifacts with high Commented-out Code Lines/Code Lines ratio) and 7156 (Avoid Too Many Copy Pasted Artifacts) when analyzing mainframe related code. Re-analyzing the same source code in release 8.4.7 will likely yield more violations for these rules, as the correction provides more accurate detection than previous releases.
8.4.6
Note
This release contains in addition to what is listed below:
the same fixes and updates as provided in com.castsoftware.aip 8.3.60.
internal analysis engine v3.1.13-funcrel.
Other Updates
Internal Id
Details
AIPCORE-5624
Fixes an issue causing DLM (Dynamic Link Manager) rule execution to fail when CAST Imaging is configured to connect to a CAST Storage Service/PostgreSQL instance using TLS/SSL encryption.
AIPCORE-5629
Fixes an issue causing the creation of CAST application schemas to fail when CAST Imaging is configured to connect to a CAST Storage Service/PostgreSQL instance using TLS/SSL encryption.
AIPCORE-5632
Fixes an issue causing CAST extensions to fail to install when CAST Imaging is configured to connect to a CAST Storage Service/PostgreSQL instance using TLS/SSL encryption and where the "sslmode=" option (defined in the .ini file) is set to "require" or "verify-ca". This issue was caused by a hostname check which should not be used with these modes.
AIPCORE-5282
The installer has been modified to prevent it creating unnecessary folders during the installation process.
8.4.5
Note
This release contains in addition to what is listed below:
the same fixes and updates as provided in com.castsoftware.aip 8.3.60.
internal analysis engine v3.1.13.
When you want to use a CSS database instance on the same Windows machine as Imaging Core 8.4.5, please make sure to install CSS BEFORE Imaging Core. Otherwise, you will face the Known Issue mentioned below (CSS-141).
Fixes an error "[ERROR] Invalid path : The filename, directory name, or volume label syntax is incorrect " visible during the analysis.
AIPCORE-5588
Fixes various Java related CVEs in v3/8.4.
AIPCORE-5588
Fixes a CVE found in the "analysis-node" service.
AIPLITE-1554
Fixes an issue causing the error "[ERROR] Agent 19 failed to start. Error code = 139" during an analysis.
AIPLITE-1548
Fixes an issue where a "SegFault" error was observed during the metrics generation step.
AIPLITE-1543
Fixes an issue where a difference in result for the rule "Avoid Too Many Copy Pasted Artifacts" 7156 was observed when analyzing the same application with v2/8.3 and v3/8.4.
AIPLITE-1528
Fixes an issue causing the warning "JAVA121: Invalid parametrization for 'org.apache.log4j.Category.log(java.lang.String, org.apache.log4j.Priority, java.lang.Object, java.lang.Throwable)' parameter index out of bounds"
AIPLITE-1525
Fixes an issue causing links between JV_METHOD items to differ when comparing analysis results of the same application analyzed in CAST v2/8.3.
AIPLITE-1527
Fixes an issue causing the error "Client triggered an unexpected error [Neo.DatabaseError.Statement.ExecutionFailed]" when generating "viewer" results after an analysis.
Known Issues
Internal Id
Details
AIPCORE-5624
Dynamic link rules are not supported when CAST Imaging is running on Linux and the database is configured to use an SSL connection. When you specify a DLM file for your application, a non-blocking error during the analysis will occur and the rules in the file will not be applied. I.e. dynamic links will not get validated or ignored based on the rules specified in the file. You specify a DLM file for your application under Config > Advanced > Dynamic Links > Rules.
CSS-141
When installing a database instance using version 4.13.21 of com.castsoftware.css, on the same Windows machine on which Imaging Core 8.4.5 has already been installed, the installation of CSS will fail with message "ERROR: The installation of Visual C redistribuables 2015 2022 x64 has failed." Workaround: Uninstall 8.4.5, install CSS 4.13.21, then reinstall 8.4.5.
8.4.4
Note
This release contains in addition to what is listed below:
the same fixes and updates as provided in com.castsoftware.aip 8.3.59.
internal analysis engine v3.1.7.
critical security patches to address identified vulnerabilities, listed in Security fixes.
Other Updates
Internal Id
Details
AIPLITE-1514
Fixes an issue where placeholder objects were not created for database tables and procedures whose source code is missing in the application source code.
AIPLITE-1506
Fixes an issue causing links from "client side" code to database objects created by the com.castsoftware.sqlanalyzer extension to not be created.
AIPCORE-5490
Provides an improvement to the resolution of references to libraries used in JEE and .NET applications. The choice of a library version is now more accurate in case no version is specified in the reference. This also reduces the number of alerts of type "ambiguous reference" in the logs of the "prepare analysis" step.
8.4.3
Note
This release contains all fixes and updates provided in com.castsoftware.aip 8.3.59.
Critical security patches to address identified vulnerabilities have also been included.
Feature Improvements
Summary
Details
Technical: Support for PeopleSoft and Siebel technologies
CAST Imaging 8.4.3 now supports the analysis of PeopleSoft and Siebel technologies.
Technical: Support for PowerCenter technology
CAST Imaging 8.4.3 now supports the analysis of PowerCenter technology via the User Community extension com.castsoftware.uc.powercenter.
Other Updates
Internal Id
Details
AIPCORE-5437
Add Mainframe related file extension *.ctl (JCL Control Cards) to the list of recognised file extensions. This is required for com.castsoftware.mainframe 1.6 and above.
AIPLITE-1427
Fixes an issue causing many false violations for the Mainframe rule "Avoid Programs with lines exceeding the maximum length of characters" (5138).
Resolved Issues
Customer Ticket Id
Details
51243
Fixes an issue where the generation of a snapshot was taking a considerable amount of time to complete.
51426
Fixes an issue where CAST Storage Service/PostgreSQL credentials were visible in plain text in analysis log files.
50894
Fixes an issue where, after upgrade to a new release of CAST Imaging Core, differences in file sizes were reported despite the fact that the source code was unchanged.
8.4.2
Note
This release contains all fixes and updates provided in com.castsoftware.aip 8.3.59.
Other Updates
Internal Id
Details
AIPCORE-5437
CAST Imaging Core 8.4.2: Add Mainframe related file extension *.ctl (JCL Control Cards) to the list of recognised file extensions. This is required for com.castsoftware.mainframe 1.6 and above.
AIPCORE-5416
CAST Imaging Core 8.4.2: Security fixes - upgrade Python runtime from 3.9.13 to 3.9.19.
AIPCORE-5459
AST Imaging Core 8.4.2: Security fixes - upgrade Python pip and setup from 3.6 to 3.9.
AIPCORE-5456
CAST Imaging Core 8.4.2: Security fix - upgrade ini4j from 0.5.2 to 0.5.4.
AIPCORE-5455
CAST Imaging Core 8.4.2: Security fix - upgrade dom4j from 2.1.1 to 2.1.3.
AIPCORE-5454
CAST Imaging Core 8.4.2: Security fix - upgrade postgresql driver from 42.5.0 to 42.7.3.
AIPCORE-5429
CAST Imaging Core 8.4.2: Security fixes for internal tool "carl".
Resolved Issues
Customer Ticket Id
Details
51243
CAST Imaging Core 8.4.2: Fixes an issue where the generation of a snapshot was taking a considerable amount of time to complete.
51426
CAST Imaging Core 8.4.2: Fixes an issue where CAST Storage Service/PostgreSQL credentials were visible in plain text in analysis log files.
50894
CAST Imaging Core 8.4.2: Fixes an issue where, after upgrade to a new release of CAST Imaging Core, differences in file sizes were reported despite the fact that the source code was unchanged.
8.4.1
Note
This release contains all fixes and updates provided in com.castsoftware.aip 8.3.59.
Other Updates
Internal Id
Details
AIPCORE-5211
Fixes an issue causing the automated (via CAST Imaging) or manual (using the CSSBackup/CSSBackupAll tools) backup of CAST schemas to fail when the source CAST Storage Service/PostgreSQL instance is running PostgreSQL 16.x.
Resolved Issues
Customer Ticket Id
Details
50877
Fixes an issue causing the PostgreSQL error "date/time field value out of range: "MM-DD-YY HH:MM:SS" Indice: Perhaps you need a different "datestyle" setting".
50371
Fixes an issue causing some rules to be erroneously flagged as critical both when creating a new application in CAST Imaging v3/8.4 and when migrating an application from CAST Imaging v2/8.3.
50294
Fixes an issue causing a fatal error "java.security.NoSuchAlgorithmException: PBEWithMD5AndDES SecretKeyFactory not available" in the "Prepare environment step" (creation of application schemas) when attempting to run an analysis.
8.4.0
Note
Initial funcrel release:
CAST Imaging Core 8.4 is the "analysis engine" providing core services to the CAST analyzers for CAST Imaging v3 and must be installed on every single "node" in your CAST Imaging installation (this includes the single machine installation scenario).
For installations of CAST Imaging v3 on Docker/Linux, CAST Imaging Core is provided as a Docker image and is downloaded and installed automatically.
For installations of CAST Imaging v3 on Microsoft Windows, CAST Imaging Core is provided as a traditional installer and must be downloaded and installed separately. CAST Imaging Core 8.4 can co-exist on machines where CAST AIP Core (com.castsoftware.aip) 8.3 has been installed, but it cannot be used with CAST Imaging/Console v1/v2 releases.
This release contains all fixes and updates provided in com.castsoftware.aip 8.3.58.
Note that some technologies are not supported by CAST Imaging Core 8.4 although they are supported by CAST AIP Core (com.castsoftware.aip) 8.3 - see What's changed in CAST Imaging v3 for more details.
Other Updates
Internal Id
Details
AIPCORE-5147
Fixes an issue causing discrepancies in LOC values for .NET source code when compared with LOC values generated by com.castsoftware.aip.
AIPCORE-5146
Fixes an issue where some logs generated by some extensions are not visible in CAST Imaging UI.
AIPCORE-5143
Fixes an issue causing a Dynamic Link Manager log file to be physically missing on disk.
AIPCORE-5141
Fixes an issue where the latest release of the com.castsoftware.omg-atdm extension was causing analyses to fail.
AIPCORE-5135
Fixes an issue for Linux/Docker deployments where an embedded JRE was missing.
AIPCORE-5124
Fixes an issue causing transaction creation to not function, resulting in the UI reporting all transactions as "incomplete".
AIPCORE-5122
Fixes a minor issue in the embedded documentation for a CLI tool.
AIPCORE-5120
Fixes an issue for Linux/Docker deployments where the "locate_plugins_folder" referenced in various APIs was not recognised.
AIPCORE-5105
Fixes an issue causing some .sql files to be ignored during an analysis.
AIPCORE-5083
Fixes a technical issue with regard to analysis logs and the ability to correctly report them in the UI.
AIPCORE-5081
Fixes an issue which causes an attempt to analyze C++ source code when it is not currently supported, leading to an analysis failure. Now, C++ source code is ignored.
AIPCORE-5078
Fixes an issue causing the following error in an analysis log: " 'C:/Program' is not recognized as an internal or external command".
AIPCORE-5068
Fixes an issue preventing com.castsoftware.imaging.core from being installed on a machine where com.castsoftware.aip is already installed. This co-existence on the same machine is permitted.
AIPCORE-87
Fixes an issue causing problems viewing violation bookmarks in source code in Engineering Dashboard where multiple bookmarks exist in the same file.
8.4.0-beta1
Feature Improvements
Summary
Details
Support for installation on Linux
This release can now be installed on a Linux OS via a Docker container (in addition to the existing support for direct installation on Microsoft Windows).
Performance improvements
This release provides some analysis performance improvements in comparison with previous releases.
Parallel analysis
Analyses can now be run in parallel.
Offline analysis
Analyzers no longer connect to the database during the analysis process to save results. Instead, results are saved temporarily on disk and uploaded to the database when the analysis is complete