Version 1.28.3 (March 2023)
Version 1.28.3 (March 2023)
Welcome to the Zowe Version 1.28.3 release!
See Bug fixes for a list of issues addressed in this release.
Download v1.28.3 build: Want to try new features as soon as possible? You can download the v1.28.3 build from Zowe.org.
Bug fixes
Zowe Version 1.28.3 contains the bug fixes that are described in the following topics.
API Mediation Layer
- Prevented null pointer exception in Swagger UI when buffer is missing. (#2857)
Zowe CLI
Zowe CLI (Core)
-
Updated dependencies for technical currency. (#1631)
-
Documented that token-type and token-value do not apply to SSH commands. (#1575)
Imperative CLI Framework
-
Fixed plug-in install error not displaying correctly. (#954)
-
Fixed plug-in install command for Windows when the file has spaces in the name. (#960)
-
Fixed
IO.writeFileAsync
method throwing uncatchable errors. (#896) -
Fixed chained command handlers causing plug-in validation to fail. (#320)
Zowe CLI FTP Plug-in
- Updated dependencies for technical currency. (#128)
Vulnerabilities fixed
Zowe discloses the vulnerabilities in a timely manner but giving the user time to upgrade. The fixed vulnerabilities will be available on the Zowe security page. Zowe won't disclose the vulnerabilities that are fixed in the latest release as we respect the need for at least 45 days to decide when and how users will upgrade Zowe.
The following security issues are fixed by the Zowe security group since 1.27.x.
- CVE-2022-23181 (BDSA-2022-0275)
- BDSA-2021-2621
- BDSA-2012-0001
- CVE-2022-0155 (BDSA-2022-0139)
- CVE-2022-0536 (BDSA-2022-0558)
- CVE-2022-25647 (BDSA-2021-4363)
- BDSA-2021-4363
- CVE-2018-10237 (BDSA-2018-1358)
- CVE-2020-8908 (BDSA-2020-3736)
- CVE-2020-36518 (BDSA-2020-4752)
- CVE-2021-3918 (BDSA-2021-3763)
- BDSA-2021-3401
- CVE-2021-42550 (BDSA-2021-3818)
- BDSA-2020-4373
- CVE-2021-44906 (BDSA-2022-0771)
- CVE-2021-43797 (BDSA-2021-3741)
- BDSA-2022-1283
- CVE-2022-0122 (BDSA-2022-0112)
- BDSA-2022-0111
- CVE-2022-24771 (BDSA-2022-1169)
- CVE-2022-24772 (BDSA-2022-1159)
- CVE-2022-24773 (BDSA-2022-1160)
- CVE-2016-1000027
- CVE-2021-22096 (BDSA-2021-3236)
- CVE-2021-22060 (BDSA-2022-0011)
- BDSA-2022-0847
- CVE-2022-22950 (BDSA-2022-0820)
- CVE-2022-22965 (BDSA-2022-0858)
- CVE-2022-22968 (BDSA-2022-1040)
- BDSA-2022-1329
- BDSA-2022-1330
- BDSA-2021-3236
- BDSA-2022-0858
- CVE-2021-43466