Skip to main content
Version: v1.28.x

Version 1.28.0 (May 2022)

Version 1.28.0 (May 2022)

Welcome to the Version 1.28.0 release of Zowe!

To see a full list of release enhancements and fixes, see New features and enhancements and Bug fixes.

Download v1.28.0 build: Want to try new features as soon as possible? You can download the v1.28.0 build from Zowe.org.

New features and enhancements

Zowe API Mediation Layer

  • Enhance SAF IDT authentication scheme to support client certificates and APPL keyword (#2223) (e3f54d2), closes #2223
  • New endpoint to retrieve default API doc for service (#2327) (502ba3c), closes #2327
  • Enhanced Discovery service health check (#2312) (2f167ff), closes #2312
  • Support for TLS v1.3 (#2314) (e96135a), closes #2314 #2269
  • Enhance x509 authentication scheme to support client certificates (#2285) (a053b00), closes #2285
  • Enhance zowejwt authentication scheme to support client certificates (#2292) (c602080), closes #2292
  • Enhance z/OSMF authentication scheme to support client certificates (#2207) (5750072), closes #2207
  • Add support to change password via z/OSMF (#2095) (51e8bd3), closes #2095
  • Enable Discovery Service and Gateway Service native library extensions (#1987) (fd03db5), closes #1987
  • Add methods for ZaaS client to support password change (#1991) (7597bd7), closes #1991
  • API ML sample extension (#1947) (a085cf3), closes #1947

Zowe CLI

The following enhancements were added to Zowe CLI:

  • Added support for --record format on zowe zos-files download (data-set|all-members) and zowe zos-files upload (dir-to-pds|file-to-data-set|stdin-to-data-set) (#539)
  • Added the exec-data option for zowe jobs list jobs command to return execution data about the job in addition to the default information (#1158).

Bug fixes

Zowe API Mediation Layer

  • Add server-side logging for swagger handling code (#2328) (7b0455d), closes #2328
  • Preserve request cookies (#2293) (71c6649), closes #2293 #2269
  • ZaaS client compatibility with Zowe v2 (#2227) (abdf995), closes #2227
  • Add BearerContent filter to enable bearer auth (#2197) (1d41704), closes #2197
  • Configure southbound timeout with APIML_GATEWAY_TIMEOUT_MILLIS (#2154) (6af5d6f), closes #2154
  • Improve error handling for API diff endpoint (#2178) (1581e39), closes #2178
  • Update data model for infinispan storage in Caching service (#2156) (38a1348), closes #2156
  • Versioning in image publishing workflow (#2159) (db52527), closes #2159
  • Add x509 auth information to gw api doc (#2142) (0205470), closes #2142
  • Properly remove services when instances are removed from Discovery Service (#2128) (c675b91), closes #2128
  • Use ribbon LB for Web sockets (#2147) (4751dbc), closes #2147
  • Add missing fields in error response (#2118) (3b9745c), closes #2118
  • Do not require keyAlias for SSL configuration (#2110) (03bee79), closes #2110
  • Add log masking class for sensitive logs (#2003) (994b483), closes #2003

Zowe Application Framework

zLUX App Manager

  • Provided a fix that would prevent using the password reset tool for auth plug-ins that implemented more than one auth category

zLUX Server Framework

  • Pass through tlsOptions object when making a proxy from an 'external'-type service, and allow the services to individually control tls verification strictness of their own proxy.
  • keyring_js did not work properly for finding CAs due to using an older version in package.json than needed for the listKeyring function
  • Prevent loop upon EACCES error encountered when doing a TCP port bind
  • Avoid retrying APIML login if initial attempt fails for any reason

ZSS

  • ZSS had a jobname prefix regression for several releases when it received an incorrect value for ZOWE_PREFIX when LAUNCH_COMPONENT_GROUPS included GATEWAY

zLUX App Server

  • App-server had a jobname prefix regression for several releases when it received an incorrect value for ZOWE_PREFIX when LAUNCH_COMPONENT_GROUPS included GATEWAY

Zowe CLI

The following bugs were fixed in core Zowe CLI:

  • Provided more accurate output for zowe zos-jobs delete job and zowe zos-jobs cancel job commands (#1333).
  • Fixed inconsistent case on the modify-version option for zowe zos-jobs delete job and zowe zos-jobs cancel job commands (#1333).
  • Fixed issue where SSH command waits forever when user has an expired password (#989).

The following bugs were fixed in the Imperative CLI Framework:

  • Updated the Imperative version to remove the moment dependency.
  • Updated Imperative to fix plugins uninstall command failing when there is a space in the installation path.
  • Updated Imperative to potentially improve performance of commands that output CLI tables.

Vulnerabilities fixed

Zowe discloses the vulnerabilities in a timely manner but giving the user time to upgrade. The fixed vulnerabilities will be available on the Zowe security page. Zowe won't disclose the vulnerabilities that are fixed in the latest release as we respect the need for at least 45 days to decide when and how will the users upgrade Zowe.

The following security issues are fixed by the Zowe security group in 1.27.

  • CVE-2019-10172 (BDSA-2019-4644)
  • CVE-2021-34429 (BDSA-2021-2098)
  • CVE-2021-41720
  • CVE-2021-42340 (BDSA-2021-3085)
  • CVE-2021-44228