Skip to main content
Version: v2.18.x

Version 2.11.0 (September 2023)

Version 2.11.0 (September 2023)

Welcome to the Zowe Version 2.11.0 release!

See New features and enhancements for a full list of changes to the functionality. See Bug fixes for a list of issues addressed in this release.

Download v2.11.0 build: Want to try new features as soon as possible? You can download the v2.11.0 build from Zowe.org.

New features and enhancements

Zowe Version 2.11.0 contains the enhancements that are described in the following topics.

find out more

To watch a demo of new enhancements and updated features included in a Zowe V2 minor release, look for the release demo recording in the Zowe V2 System Demo playlist on YouTube.

System demos are typically held the week after a minor release becomes available. Check the Open Mainframe Project Calendar for the latest schedule.

Zowe Installation and Packaging

  • Added zowe.sysMessages as a property to the Zowe YAML configuration file. This property is a new array that allows you to select messages that will be duplicated into the z/OS syslog, when found in Zowe’s job log. (#93)

Zowe Application Framework

  • The title and description of the app server tile within the API Catalog has been updated to be more accurate and detailed. (#497)

Zowe Common C

  • Functions for printing messages to z/OS syslog via WTO have been added to zos.(#397)

Zowe API Mediation Layer

Swagger is now validated for registered services whereby all endpoints listed in the swagger can be called and give a documented response. This feature also checks that the API is correctly versioned. (#3039)

Zowe CLI

Zowe CLI (Core)

  • Bumped Secrets SDK to 7.18.3. It uses more reliable resolution logic for prebuilds folder; adds static CRT for Windows builds. (#1791)
  • Updated daemon on MacOS to use universal binary which adds support for Apple Silicon. (#1766)
  • Added support for mutliple zowe auth login apiml operations on a single zowe config secure call. (#1734)
  • Replaced use of node-keytar with the keyring module from @zowe/secrets-for-zowe-sdk. See Secrets SDK for more information.
  • Updated the Imperative Framework to add support for unique cookie identifiers from API ML. (#1734)
  • Created zos-files edit commands to edit a data set or uss file locally. (PR #1672)

Zowe CLI Imperative Framework

  • Replaced use of node-keytar with the new keyring module from @zowe/secrets-for-zowe-sdk. See Secrets SDK for more information. (Zowe CLI #1622)
  • Added inSchema property for ProfileInfo to indicate if argument is a known schema argument. (#899)
  • Handled unique cookie identifier in the form of dynamic token types. (#966)
  • Added a new utility method to ImperativeExpect to match regular expressions. (#966)
  • Added support for multiple login operations in a single config secure command execution. (#966)

Bug fixes

Zowe Version 2.11.0 contains the bug fixes that are described in the following topics.

Zowe Installation and Packaging

  • Fixed a bug where using recent versions of Java 8 to generate a Zowe PKCS12 keystore would result in an unusable keystore to ZSS and other z/OS software that utilizes GSK / SystemSSL. The fix uses a compatibility option in Java to revert its keystore generation behavior to prior behavior that worked for Zowe.(#3507)

Zowe Application Framework

  • Fixed regression that prevented use of multiple certificatate authorities when specified via the zowe.certificate.pem.certificateAuthorities section of the Zowe YAML configuration file. (#266)

Zowe API Mediation Layer

  • The default value of nonStrictVerifySslCertificatesOfServices is now set to false. (#3029)
  • Fixed newlines and SSL error message in z/OSMF validation. (#3024)
  • Improvements have been made in z/OSMF logging in debug and error handling. (#2998)

Zowe CLI

Zowe CLI (Core)

  • Fixed an issue in the Daemon server which prevents users on Windows with uppercase letters in their username from using the Daemon. (#1765)
  • Added a check to the zowe files create data-set command to prevent users from specifying an invalid block size for sequential data sets with variable block format. (#1439)
  • Fixed a failure with the zowe auth logout apiml command that occurred if the user had an invalid or expired token. A user with an invalid or expired token can use the zowe auth logout apiml command to remove the expired token from their secure credential storage. (#1734)
  • Removed the need to check for basepath when the user was logging out to prevent misleading basePath error when credentials are invalid. (#1734)

Zowe CLI Imperative Framework

  • Fixed merging of profile properties in ProfileInfo.createSession. (#1008)
  • Fixed an issue to now allow a user to run the zowe auth logout apiml command multiple times without failing. (#966)
  • Updated the auto-init command to prevent an unwanted second login request if the user already has a token. (#966)

Vulnerabilities fixed

Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.

The following security issues were fixed by the Zowe security group in version 2.10.

  • BDSA-2023-1491
  • CVE-2023-33546
  • CVE-2022-1471 (BDSA-2022-3447)
  • BDSA-2023-0953
  • CVE-2023-20883 (BDSA-2023-1225)
  • CVE-2023-20873