Version 1.28.5 (October 2023)
Version 1.28.5 (October 2023)
Welcome to the Zowe Version 1.28.5 release!
See Bug fixes for a list of issues addressed in this release.
Download v1.28.5 build: Want to try new features as soon as possible? You can download the v1.28.5 build from Zowe.org.
Bug fixes
Zowe Version 1.28.5 contains the bug fixes that are described in the following topics.
Zowe API Mediation Layer
- Fixed processing of Open API docs by API Catalog (JavaTimeModule) which was the cause of missing tiles. (#3040)
Zowe CLI
Zowe CLI (Core)
- Updated Imperative to version
4.18.19
to fix issues with normalizing newlines on file uploads, use@zowe/secrets-for-zowe-sdk
as the default credential manager, and update the semver transitive dependency for technical currency. (#1815)
Zowe CLI Imperative Framework
-
Replaced use of
node-keytar
with the newkeyring
module from@zowe/secrets-for-zowe-sdk
. (zowe-cli#1622) -
Updated semver transitive dependency for technical currency.
Zowe Explorer
- Replaced
keytar
dependency withkeyring
module from@zowe/secrets-for-zowe-sdk
. (#2358)
Vulnerabilities fixed
Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.
The following security issues were fixed by the Zowe security group in version 1.28.4.
- BDSA-2023-0357
- CVE-2023-28709 (BDSA-2023-1242)
- CVE-2022-31684
- CVE-2023-1370 (BDSA-2023-0616)
- CVE-2022-3517 (BDSA-2022-2922)
- CVE-2022-25883
- CVE-2023-20863 (BDSA-2023-0847)
- CVE-2023-20862 (BDSA-2023-0873)
- CVE-2023-34034 (BDSA-2023-1825)