Version 2.10.0 (July 2023)

Welcome to the Zowe Version 2.10.0 release!

See New features and enhancements for a full list of changes to the functionality. See Bug fixes for a list of issues addressed in this release.

Download v2.10.0 build: Want to try new features as soon as possible? You can download the v2.10.0 build from Zowe.org.

New features and enhancements

Zowe Version 2.10.0 contains the enhancements that are described in the following topics.

Zowe installation and packaging

• Added a new zwe diagnose command to get help on zowe error messages. (#3455)

Zowe Application Framework

Zowe API Mediation Layer

• The API Catalog now allows pre-defined style customizations. (#2965)

Zlux App Server

• Migrated app-server configuration options into a defaults.yaml file which adheres to the schema of the Zowe config. This allows users to see the default behaviors more clearly and can serve as an example by which users can customize their Zowe config to override such defaults. (#247)

Zlux Server Framework

• Avoid going directly to the Desktop when the gateway is active, by redirecting to the gateway equivalent homepage when the homepage is accessed. The redirect behavior can be prevented if desired by using the query parameter ?zwed-no-redirect=1 in your URL. (#449)

Zowe Common C

• The configmgr can now use the zos module in YAML config templates. The zos module is only added when run on zOS. For a list of available functions, see this link. (#384)

Zowe CLI

Zowe CLI Imperative Framework

• Performed back-end preparation for the upcoming ZOWE_V3_ERR_FORMAT environment variable to enable the ability to display errors in a more reader-friendly format. (Zowe CLI #935)

Bug fixes

Zowe Version 2.10.0 contains the bug fixes that are described in the following topics.

Zowe Application Framework

Zlux App Server

• Fixed the URLs that app-server would print in the logs describing where it was accessible from. Messages were incorrectly providing URLs indicating the app-server’s location from the discovery server instead of the gateway server. (#247)

Zlux App Manager

• Fixed a timing issue with the iframe-adapter for Firefox. (#532)

ZSS

• Datasets with VOLSER set to an MVS symbol would cause dataset read, write, and metadata API calls to fail for those datasets. It is fixed now.(#603)
• Previously, the zss/datasetMetadata API could encounter an 0C9-09 error when accessing a dataset with 0 block size. This is fixed. Now it does not have an error while accessing such datasets. (#606)

Zowe Common C

• configmgr parsing of YAML to JSON has been updated to 1024 characters to allow for up to max unix path strings. Earlier it was limited to 256 characters for strings. (#383)

Zowe API Mediation Layer

• The client is provided with information about an expired password. (c4dc217, closes #2969)

Zowe CLI

Zowe CLI (Core)

• Fixed the zowe files create data-set command failing when no additional options are specified. (#1736)
• Added check for invalid block size when creating a sequential data set. (#1439)
• Added the ability to list all data set members when some members have invalid names. (#1730)
• Removed extra calls to list data sets matching patterns if authentication to z/OSMF fails. (#1731, Zowe Explorer #2262)

Zowe CLI Imperative Framework

• Enabled NextVerFeatures.useV3ErrFormat() to form the right environment variable name even if Imperative.init() has not been called. (Zowe CLI #935)

• Handle logic for if a null command handler is provided. (#990)

Vulnerabilities fixed

Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.

The following security issues were fixed by the Zowe security group in version 2.9.

• BDSA-2023-1491
• CVE-2023-33546
• CVE-2022-1471 (BDSA-2022-3447)
• BDSA-2023-0953
• CVE-2023-20883 (BDSA-2023-1225)
• CVE-2023-20873