Skip to main content
Version: v2.18.x

Version 2.16.0 (May 2024)

Version 2.16.0 (May 2024)

Welcome to the Zowe Version 2.16.0 release!

See New features and enhancements for a full list of changes to the functionality. See Bug fixes for a list of issues addressed in this release.

Download v2.16.0 build: Want to try new features as soon as possible? You can download the v2.16.0 build from Zowe.org.

New features and enhancements

Zowe Version 2.16.0 contains the enhancements that are described in the following topics.

find out more

To watch a demo of new enhancements and updated features included in a Zowe minor release, look for the release demo recording in the Zowe V2 System Demo playlist on YouTube.

System demos are typically held the week after a minor release becomes available. Check the Open Mainframe Project Calendar for the latest schedule.

Zowe Install Packaging

  • Reduced resource consumption by removal of one shell process per server that was used when starting each server. (#3812)
  • The command zwe support now includes CEE Runtime option output to better diagnose issues related to environment customization. (#3799)

Zowe Application Framework

Zowe Common C

  • No YAML value converted to null. (#442)
  • Added zos.getZosVersion() and zos.getEsm() calls for configmgr QJS. (#429)
  • For correct base64 encoding scheme the buffer size is made to be divisible by 3. (#431)
  • Now the leap seconds are taken into account in xmem log messages' timestamps. (#432), (#433)
  • Using a temporary buffer pointer to avoid pointer corruption during file write. (#437).

Zowe API Mediation Layer

  • The log message ZWEAM001I is now issued when API Mediation Layer starts. (#3523)
  • SSL is now disabled when profile attls is active to simplify AT-TLS configuration. (#3521)
  • Valid OIDC tokens are now forwarded to the downstream service when the distributed ID is not mapped. (#3497)
  • Included OIDC JWKSet in the gateway JWKs. JWKs retrieved from the Identity Provider allow clients and services to validate the OIDC access token locally. (#3499)
  • Moved OIDC access token from cookie to special header. If the user ID from the token cannot be mapped to a mainframe account, the access token is now sent via the request header OIDC-token. (#3513)

Zowe CLI

Zowe CLI (Core)

  • Added a prompt for user ID/password on SSH commands when a token is stored in configuration. (#2081)

Zowe Explorer

Zowe Explorer (Core)

  • See the Zowe Explorer changelog for updates included in this release.

Zowe Explorer API

Zowe Explorer FTP Extension

Zowe Explorer ESLint Plug-in

Bug fixes

Zowe Version 2.16.0 contains the bug fixes that are described in the following topics.

Zowe Install Packaging

  • zowe.network.validatePortFree and zowe.network.vipaIp variables were moved from zowe.network to zowe.network.server in the schema but not in the code, causing inability to use them without the workaround of specifying them as environment variables ZWE_NETWORK_VALIDATE_PORT_FREE and ZWE_NETWORK_VIPA_IP instead. Now, the variables match the schema: zowe.network.server is used instead of zowe.network. (#3784)
  • configmgr operations now run with HEAPPOOLS64 set to OFF to avoid abends caused when this parameter is not OFF. (#3799)

Zowe Application Framework

Zluz App Server

  • Removed message saying node not found prior to discovery of node. Now, you will only get an error message if node is not found after lookup in NODE_HOME. (#301)

ZSS

  • AUX should take leap seconds into account in their log messages' timestamp. (#690), (#691)

Zowe API Mediation Layer

  • Allow key exchange port configuration (#3453)
  • Changed the scheme of the service homepage when AT-TLS is enabled and fix a bug in the UI. (#3346)
  • Checked for NullPointerException when the JWK key cannot be retrieved. (#3503)
  • Fixed an issue when PAT passed as the authorization header with the auth scheme zoweJwt (#3505)
  • Fixed the header position in the API Catalog. (#3345)
  • Fixed the log message about unauthorized calls. (#3326)
  • Allow for more general exception handling to detect TCP Stack restart. (#3462)
  • Fixed configuration enabling JWT Token Refresh Functionality. (#3474)
  • Fixed the Zowe logo and trademark info in the API Catalog. (#3338)

Zowe CLI

Zowe CLI (Core)

  • Fixed the command zowe daemon enable installing an invalid daemon binary on macOS. (#2126)
  • Fixed error in the zos-files list all-members command that could occur when members contain control characters in the name. (#2104)
  • Resolved technical currency by updating the tar dependency. (#2101)
  • Resolved technical currency by updating the markdown-it dependency. (#2106)
  • Fixed default base profile missing in configuration generated by the zowe config auto-init command. (#2084)
  • Updated dependencies of the daemon client for technical currency. (#2076)

DB2 Plug-in for Zowe CLI

  • Updated follow-redirects transitive dependency to resolve technical debt. (#147)

FTP Plug-in for Zowe CLI

  • Fixed error when listing spool for active jobs to. Now prints a warning that says that no spool files are available. (#156)

Zowe Explorer

Zowe Explorer (Core)

  • See the Zowe Explorer changelog for updates included in this release.

Zowe Explorer API

Zowe Explorer FTP Extension

Zowe Explorer ESLint Plug-in

Vulnerabilities fixed

Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.

The following security issues were fixed by the Zowe security group in version 2.15.

  • BDSA-2023-1804
  • CVE-2023-46589 (BDSA-2023-3298)
  • BDSA-2021-2621
  • CVE-2023-45857 (BDSA-2023-2855)
  • BDSA-2023-3572