Version 2.16.0 (May 2024)
Version 2.16.0 (May 2024)
Welcome to the Zowe Version 2.16.0 release!
See New features and enhancements for a full list of changes to the functionality. See Bug fixes for a list of issues addressed in this release.
Download v2.16.0 build: Want to try new features as soon as possible? You can download the v2.16.0 build from Zowe.org.
New features and enhancements
Zowe Version 2.16.0 contains the enhancements that are described in the following topics.
To watch a demo of new enhancements and updated features included in a Zowe minor release, look for the release demo recording in the Zowe V2 System Demo playlist on YouTube.
System demos are typically held the week after a minor release becomes available. Check the Open Mainframe Project Calendar for the latest schedule.
Zowe Install Packaging
- Reduced resource consumption by removal of one shell process per server that was used when starting each server. (#3812)
- The command
zwe support
now includesCEE Runtime
option output to better diagnose issues related to environment customization. (#3799)
Zowe Application Framework
Zowe Common C
- No YAML value converted to null. (#442)
- Added
zos.getZosVersion()
andzos.getEsm()
calls forconfigmgr QJS
. (#429) - For correct
base64
encoding scheme the buffer size is made to be divisible by 3. (#431) - Now the leap seconds are taken into account in
xmem log messages' timestamps
. (#432), (#433) - Using a temporary buffer pointer to avoid pointer corruption during file write. (#437).
Zowe API Mediation Layer
- The log message
ZWEAM001I
is now issued when API Mediation Layer starts. (#3523) - SSL is now disabled when profile
attls
is active to simplify AT-TLS configuration. (#3521) - Valid OIDC tokens are now forwarded to the downstream service when the distributed ID is not mapped. (#3497)
- Included OIDC JWKSet in the gateway JWKs. JWKs retrieved from the Identity Provider allow clients and services to validate the OIDC access token locally. (#3499)
- Moved OIDC access token from cookie to special header. If the user ID from the token cannot be mapped to a mainframe account, the access token is now sent via the request header OIDC-token. (#3513)
Zowe CLI
Zowe CLI (Core)
- Added a prompt for user ID/password on SSH commands when a token is stored in configuration. (#2081)
Zowe Explorer
Zowe Explorer (Core)
- See the Zowe Explorer changelog for updates included in this release.
Zowe Explorer API
- See the Zowe Explorer API changelog for updates included in this release.
Zowe Explorer FTP Extension
- See the Zowe Explorer FTP Extension changelog for updates included in this release.
Zowe Explorer ESLint Plug-in
- See the Zowe Explorer ESLint Plug-in changelog for updates included in this release.
Bug fixes
Zowe Version 2.16.0 contains the bug fixes that are described in the following topics.
Zowe Install Packaging
zowe.network.validatePortFree
andzowe.network.vipaIp
variables were moved fromzowe.network
tozowe.network.server
in the schema but not in the code, causing inability to use them without the workaround of specifying them as environment variables ZWE_NETWORK_VALIDATE_PORT_FREE and ZWE_NETWORK_VIPA_IP instead. Now, the variables match the schema:zowe.network.server
is used instead ofzowe.network
. (#3784)configmgr
operations now run withHEAPPOOLS64
set toOFF
to avoid abends caused when this parameter is notOFF
. (#3799)
Zowe Application Framework
Zluz App Server
- Removed message saying node not found prior to discovery of node. Now, you will only get an error message if node is not found after lookup in
NODE_HOME
. (#301)
ZSS
Zowe API Mediation Layer
- Allow key exchange port configuration (#3453)
- Changed the scheme of the service homepage when AT-TLS is enabled and fix a bug in the UI. (#3346)
- Checked for NullPointerException when the JWK key cannot be retrieved. (#3503)
- Fixed an issue when PAT passed as the authorization header with the auth scheme zoweJwt (#3505)
- Fixed the header position in the API Catalog. (#3345)
- Fixed the log message about unauthorized calls. (#3326)
- Allow for more general exception handling to detect TCP Stack restart. (#3462)
- Fixed configuration enabling JWT Token Refresh Functionality. (#3474)
- Fixed the Zowe logo and trademark info in the API Catalog. (#3338)
Zowe CLI
Zowe CLI (Core)
- Fixed the command
zowe daemon enable
installing an invalid daemon binary on macOS. (#2126) - Fixed error in the
zos-files list all-members
command that could occur when members contain control characters in the name. (#2104) - Resolved technical currency by updating the
tar
dependency. (#2101) - Resolved technical currency by updating the
markdown-it
dependency. (#2106) - Fixed default base profile missing in configuration generated by the
zowe config auto-init
command. (#2084) - Updated dependencies of the daemon client for technical currency. (#2076)
DB2 Plug-in for Zowe CLI
- Updated follow-redirects transitive dependency to resolve technical debt. (#147)
FTP Plug-in for Zowe CLI
- Fixed error when listing spool for active jobs to. Now prints a warning that says that no spool files are available. (#156)
Zowe Explorer
Zowe Explorer (Core)
- See the Zowe Explorer changelog for updates included in this release.
Zowe Explorer API
- See the Zowe Explorer API changelog for updates included in this release.
Zowe Explorer FTP Extension
- See the Zowe Explorer FTP Extension changelog for updates included in this release.
Zowe Explorer ESLint Plug-in
- See the Zowe Explorer ESLint Plug-in changelog for updates included in this release.
Vulnerabilities fixed
Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.
The following security issues were fixed by the Zowe security group in version 2.15.
- BDSA-2023-1804
- CVE-2023-46589 (BDSA-2023-3298)
- BDSA-2021-2621
- CVE-2023-45857 (BDSA-2023-2855)
- BDSA-2023-3572