Version 1.28.6 (April 2024)

Welcome to the Zowe Version 1.28.6 release!

See Bug fixes for a list of issues addressed in this release.

Download v1.28.6 build: Want to try new features as soon as possible? You can download the v1.28.6 build from Zowe.org.

Bug fixes

Zowe Version 1.28.6 contains the bug fixes that are described in the following topics.

Zowe CLI

Zowe CLI (Core)

• Resolved technical currency by updating markdown-it dependency. [#2105]

• Resolved technical currency by updating socks transitive dependency. [#2050]

• Added missing npm-shrinkwrap. [#1979]

• Added missing z/OSMF connection options to the z/OS Logs command group. [#1848]

• Removed out of date Perf-Timing performance timing package. [#1848]

• Updated Imperative to version 4.18.19 to fix issues with normalizing newlines on file uploads [#1815]

Zowe CLI Imperative Framework

• Fixed normalization on stream chunk boundaries [#1815]

DB2 Plug-in for Zowe CLI

• Updated follow-redirects transitive dependency to resolve technical debt. [#146]

• Updated follow-redirects transitive dependency to resolve technical debt. [#138]

• Added missing npm-shrinkwrap. [#136]

• Updated ibm_db dependency to resolve technical debt. [#135]

IMS Plug-in for Zowe CLI

• Deprecated the IMS Plug-in for Zowe CLI due to compatibility issues between the plug-in, the Zowe IMS Operations API, and IBM IMS running on the mainframe. [#66]
• Added missing npm-shrinkwrap. [#61]

Zowe Explorer

Zowe Explorer (Core)

• See the Zowe Explorer changelog for updates included in this release.

Zowe Explorer API

• See the Zowe Explorer API changelog for updates included in this release.

Zowe Explorer FTP Extension

• See the Zowe Explorer FTP Extension changelog for updates included in this release.

Zowe Explorer ESLint Plug-in

• See the Zowe Explorer ESLint Plug-in changelog for updates included in this release.

Vulnerabilities fixed

Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.

The following security issues were fixed by the Zowe security group in version 1.28.5.

• CVE-2023-41080 (BDSA-2023-2250)
• CVE-2019-10202
• CVE-2019-10172 (BDSA-2019-4644)
• CVE-2020-8908
• CVE-2023-2976 (BDSA-2016-1748)
• CVE-2020-36518 (BDSA-2020-4752)
• CVE-2022-42003 (BDSA-2022-2765)
• CVE-2022-42004 (BDSA-2022-2768)
• CVE-2021-46877 (BDSA-2021-4830)
• CVE-2023-35116
• BDSA-2023-1491
• CVE-2023-33546 (BDSA-2023-1535)
• CVE-2021-28168 (BDSA-2021-1123)
• CVE-2021-28169 (BDSA-2021-1714)
• CVE-2021-34428 (BDSA-2021-1877)
• CVE-2021-34429 (BDSA-2021-2098)
• CVE-2022-2047 (BDSA-2022-1891)
• CVE-2022-2048 (BDSA-2022-1887)
• CVE-2023-26048 (BDSA-2023-0887)
• CVE-2023-26049 (BDSA-2023-0888)
• CVE-2020-15250 (BDSA-2020-2739)
• BDSA-2018-5289
• CVE-2023-34462 (BDSA-2023-1556)
• CVE-2022-1471 (BDSA-2022-3447)
• CVE-2023-20873 (BDSA-2023-0953)
• CVE-2023-20883 (BDSA-2023-1225)
• CVE-2023-20873
• CVE-2023-38286 (BDSA-2023-1804)
• CVE-2023-26136 (BDSA-2023-1661)