Version 2.18.1 (March 2025)

Welcome to the Zowe Version 2.18.1 release!

See Bug fixes for a list of issues addressed in this release.

Download v2.18.1 build: Want to try new features as soon as possible? You can download the v2.18.1 build from Zowe.org.

New features and enhancements

Zowe Version 2.18.1 contains the following enhancement:

ZSS

• Added an enhancement to make the functions of the new cross-memory server available in dynlink. (#714)

Zowe API Mediation Layer

• The Zowe client AT-TLS setting network.tls.client.attls is now supported. (#3825)

Bug fixes

Zowe Version 2.18.1 contains the bug fixes that are described in the following topics:

Server Install

• Fixed an issue such that while logging the zwe command, sometimes the log file had a wrong tag and the file was unreadable. (#4071)
• Fixed an issue such that after you specified the --log-dir parameter type as a file applied to the zwe command, the InternalError: stack overflow error occured. (#4064)
• Fixed an issue of the Error message ZWEL0141E. Error message now print a user ID. (#3971)

Application Framework

• Fixed an issue where the app-server caused Zowe to print "FSUM7422 node is not found" and "Node found in NODE_HOME" upon startup. This avoids confusion about whether the node requirements are met. (#324)
• Fixed an issue where it was not possible to configure the app-server as the configuration property components.app-server.node.mediationLayer.eureka was not documented in the schema. (#336)
• Fixed an issue where the app-server could not register with the discovery server after AT-TLS was enabled for the app-server. (#581)
• Fixed an issue that prevented the Desktop from selecting the most efficient route to access ZSS. After the fix, the Desktop has the necessary information to identify and use a direct route to access ZSS. (#589)
• Fixed an issue where troubleshooting information was unavailable when there was a network failure during the eureka registration process. The components.app-server.node.mediationLayer.traceTls property was introduced to troubleshoot TLS issues. The property can trace the connection the app-server forms with the discovery server, revealing the cause of low-level networking issues. (#591)

ZSS

• Fixed an issue where the support for the cross-memory server failed if the number of parameters were more than 128. (#684)
• Fixed an issue where the ZSS package was not accessible from the Gateway when AT-TLS was used. (#748)
• Fixed an issue where the support line broke after the number of parameter values for the support cross-memory server exceeded the limit of 128-characters. Structures of the configuration cross-memory service server and the cross-memory server now extend to support parameter names over 72 characters and values over 128 characters, while maintaining backward compatibility. (#684)
• Fixed an issue where the IARV64 results were not checked for 0x7FFFF000. (#474)
• Introduced an additional NULL check to fix an issue where SLH did not ABEND when MEMLIMIT was reached. ([#476])(https://github.com/zowe/zowe-common-c/pull/476)
• Fixed a leak in the rsusermap code. (#467)
• Fixed an issue so that the HEAPPOOLS and HEAPPOOLS64 parameters no longer need to be set to OFF for configuration manager. (#498)
• Fixed an issue so that CEE3ERP is invoked in LE 31-bit XPLINK. (#503)

Zowe API Mediation Layer

• Fixed login filter check causing 400 Invalid credentials. (#4014)
• Added missing OIDC documentation to OpenAPI. (#4013)
• Added newPassword to Open API Documentation of the login endpoint. (#4002)
• Fixed four slashes support in SSE class. (#4001)
• Fixed failing LoginFilter in AccessToken generate filter chain. (#3984)
• Fixed the ssl.protocol default value. (#3994)
• Improved PassTicket logging. (#3996)
• Fixed 'exampleSetFlag' leaking in api doc. (#3934)
• Fixed Cloud Gateway configuration. (#3956)
• Fixed initialization of the API Catalog. (#3959)
• Improved error handling in case of failure when retrieving API doc. (#3936)
• Improved untrusted certificate message when certificate is not forwarded. (#3926)
• User can now configure the TLS version and cipher suite list. (#3943)
• Fixed order of Cloud Gateway filters and solve the conflict with RequestAttributesProvider. (#3965)
• Fixed z/OSMF static definition file processing. (#3975)
• Removed global setup of keystores. (#3702)
• Fixed Sonar analysis issues. (#3800)
• Changed port to handle AT-TLS client aware mode. (#3863)
• Updated default javax.net.ssl log level. (#3872)
• The insecureHttpWarning message is now thrown only when AT-TLS is not enabled. (#3810)
• Fixed WebSocket session opening to be non-blocking and callback-based. (#3695)
• Fixed Zowe CLI plugin and enable manual trigger only. (#3804)

Zowe CLI

Zowe CLI (Core)

• Added support for the --encoding flag to the zowe upload dir-to-uss command to allow for encoding uploaded directories for command group consistency. (#2356)

Zowe CLI Imperative Framework

• Updated transitive dependencies for technical currency. (#2425)
• Resolved an issue where extraneous base profiles were created in project configurations when a nested profile property was updated. (#2404)
• Fixed an issue where the ProfileInfo.profileManagerWillLoad method failed if profiles were not yet read from disk. (#2284)
• Fixed an issue where the ProfileInfo.updateKnownProperty method could rewrite the team configuration file to disk without any changes when storing a secure value. (#2324)
• Updated the cross-spawn dependency for technical currency. (#2374)
• Fixed issues flagged by Coverity. (#2292)
• Updated dataobject-parser dependency for technical currency. (#2262)
• Updated fs-extra and jsonfile dependencies for technical currency. (#2264)

CICS Plug-in for Zowe CLI

• Removed bundled dependencies from npm package and restored the npm-shrinkwrap file. (#188)

DB2 Plug-in for Zowe CLI

• Updated ibm_db dependency to support Node.js 22 on Windows.

Zowe Explorer

Zowe Explorer (Core)

• See the Zowe Explorer changelog for updates included in this release.

Zowe Explorer API

• See the Zowe Explorer API changelog for updates included in this release.

Zowe Explorer FTP Extension

• See the Zowe Explorer FTP Extension changelog for updates included in this release.

Zowe Explorer ESLint Plug-in

• See the Zowe Explorer ESLint Plug-in changelog for updates included in this release.

Vulnerabilities fixed

Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.

The following security issues were fixed by the Zowe security group in version 2.18.0.

• BDSA-2024-4117
• BDSA-2024-3717
• BDSA-2024-0402
• BDSA-2024-0625
• BDSA-2024-1160