Version 3.4.0 (January 2026)

Welcome to the Zowe Version 3.4.0 release!

See New features and enhancements for a full list of changes to the functionality. See Bug fixes for a list of issues addressed in this release.

Download v3.4.0 build: Want to try new features as soon as possible? You can download the v3.4.0 build from Zowe.org.

New features and enhancements

Zowe Version 3.4.0 contains the enhancements that are described in the following topics:

Server Install

• API ML now uses saf as its default authentication provider for new installations of Zowe. (#4573)
• The zwe validate config command has been added as an alias of zwe config validate for naming consistency with future zwe validate commands. The zwe validate port bind command has been added to validate if a Zowe component is likely to succeed at binding to a TCP socket, and is used at startup to reduce likelihood of misconfiguration.(#4447)
• Enhanced z/OSMF's registration to API ML single-service deployment to respect the authentication method specified in API ML single-service deployment configuration. In prior releases, access to z/OSMF would always use z/OSMF’s own authentication, such as LTPA or JWT, but now, if API ML single-service deployment is configured to use SAF directly instead of using z/OSMF as an authentication provider, then z/OSMF access will use passtickets. (#4563)
• Improved the Zowe installation process by enabling the API ML single-service deployment mode by default. (#4565)
• Enhanced zwe to detect whether the System Display and Search Facility (SDSF) is available on the z/OS system. (#4389)
• Enhanced the ZWEGEN00 application which allows to add a backslash (\) character to the end of paths to extend them to the next line. This allows you to use longer paths within the ZWEGENER job. (#4459)
• Removed the NodeJS dependency for all zwe commands. NodeJS is still required for running the app-server, but this change would allow you to run Zowe without NodeJS if you were for example only using APIML or ZSS. (#4307)

Zowe Application Framework

Zlux Server Framework

• Enhanced app-server to work with IPv6 addresses. This allows you to specify IPv6 addresses to the app-server in parameters which previously only allowed IPv4 and hostname values. (#614)
• Eureka registration to discovery server now handles IPv6 in URLs. (#614)

Zlux App Manager

• Added Zowe YAML parameter components.app-server.enablePasswordChange which has a default value of true. When set to false, you can disable the Change Password UI of the Zowe Desktop to fit your organization’s preference. (#672)

Zlux App-Server

• Built-in apps in Zowe such as zlux-editor, tn3270-ng2, vt-ng2 can now be enabled or disabled with the same syntax that you use for explorer-jes using settings in the zowe.yaml configuration file. (#346)
• Fixed the App-Server so that it stopped printing the contents of the zowe.sysMessages file. The contents are prevented from being unnecessarily captured by the system log messaging system used by the Zowe Launcher. (#352)
• Added new flag in zowe.yaml enablePasswordChange which controls the access to Change Password tool in Personalization Panel. (#347)

Zowe Common C

• Enhanced Zowe’s networking functions, such as tcpServer, tcpClient, httpServer, and httpClient to now support, recognize, and use IPv6 addresses. (#554, #539)

Zowe API Mediation Layer

• Technical Preview: Single-service deployment (modulith) of API Mediation Layer now provides the option to enable OTel data for API Mediation Layer itself. (#4380)
• Keyrings with HW based ICSF keys are now supported. (#4354)
• SAF is now set as the default authentication provider. (#4374)
• API ML now supports multiple OIDC providers at the same time. (#4295)
• API ML now supports mapping custom claims from OIDC token to mainframe identity. (#4300)

Zowe CLI

Zowe CLI (Core)

• Added support for providing options to both default and custom credential managers. (#2601)

Zowe CLI Imperative Framework

• Added support for providing options to both default and custom credential managers. (#2601)

Zowe Explorer

Zowe Explorer (Core)

• See the Zowe Explorer changelog for updates included in this release.

Zowe Explorer API

• See the Zowe Explorer API changelog for updates included in this release.

Zowe Explorer for IBM z/OS FTP

• See the Zowe® Explorer for IBM® z/OS® FTP changelog for updates included in this release.

Zowe Explorer ESLint Plug-in

• See the Zowe Explorer ESLint Plug-in changelog for updates included in this release.

Bug fixes

Zowe Version 3.4.0 contains the bug fixes that are described in the following topics:

Server Install

• Improved the startup process of Zowe by removing the outdated static definition files from the workspace/api-mediation/api-defs directory. (#4526)
• Fixed an issue where the --update-config command failed after you ran the command and specified a configuration file, which was a symbolic link (a shortcut to another file). (#4492)
• The Zowe PSWI installation now creates zowe.yaml in the zowe.workspaceDirectory rather than zowe.runtimeDirectory. (#4397)
• Zowe startup now removes outdated static definition files from zowe.workspaceDirectory/api-mediation/api-defs, which previously caused wrong or duplicate registrations of servers to APIML. (#4526)

Zowe Application Framework

Zlux Server Framework

• Fixed an issue where TN3270 and VT terminals of the Zowe Desktop would have blank screens when using AT-TLS. (#617)

Zlux App-Server

• App-server no longer prints out the contents of zowe.sysMessages, so that it will not get captured by the SYSLOG messaging system of the launcher. (#352)

Zowe API Mediation Layer

• Added service ID validation. (#4375)
• Fixed certificate chain parsing with Java JCA Hybrid provider. (#4376)
• Closed expired connections. (#4383)
• Corrected description in API doc (#4348)
• Fixed environment variable in start.sh for ICSF. (#4369)
• Fixed shell script. (#4357 and #4382)
• Fixed Spel expression in case of non-defined variable. (#4361)
• Fixed Integration tests to run with SAF auth provider. (#4386)
• Resolved conflicting beans. (#4387)
• Fixed URLs for onboarding when AT-TLS is enabled. (#4169)

Zowe CLI

Zowe CLI (Core)

DB2 Plug-in for Zowe CLI

• Updated glob dependency to resolve technical currency. (#2644)
• Updated js-yaml dependency to resolve technical currency. (#2640)
• Added support for the --overwrite option to all Download methods. The default behavior is no longer to always overwrite existing files. (#2620)

Zowe Explorer

Zowe Explorer (Core)

• See the Zowe Explorer changelog for updates included in this release.

Zowe Explorer API

• See the Zowe Explorer API changelog for updates included in this release.

Zowe Explorer for IBM z/OS FTP

• See the Zowe® Explorer for IBM® z/OS® FTP changelog for updates included in this release.

Zowe Explorer ESLint Plug-in

• See the Zowe Explorer ESLint Plug-in changelog for updates included in this release.

Vulnerabilities fixed

Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.

The following security issues were fixed by the Zowe security group in version 3.3:

• BDSA-2025-2047
• BDSA-2025-4006
• CVE-2022-40159 (BDSA-2022-3402)
• CVE-2022-40160 (BDSA-2022-3394)
• CVE-2025-31650 (BDSA-2025-3615)
• CVE-2025-31651 (BDSA-2025-3616)
• BDSA-2025-4728
• BDSA-2017-4131
• BDSA-2024-10360
• BDSA-2024-6246
• BDSA-2025-1828
• BDSA-2025-1027
• BDSA-2025-3548
• BDSA-2024-7393
• BDSA-2025-4226
• BDSA-2025-2271
• BDSA-2025-3483
• BDSA-2025-4341
• BDSA-2025-4727