Hello users of our z/OS open-source ports,
I am pleased to announce the release of Rocket Open AppDev for Z v2.0.3. This release includes version currency updates of ant, Python and Vim, as well as a long list of security fixes and other fixes for most of our ports. For customers on support contract, these latest builds are already available via conda and will be available at the end of this week for those using SMP/E. For users not on support, these builds will be made available on our public conda channel server on July 17, 2023.
The new Rocket Open AppDev for Z release includes updated Miniconda for Z installer (miniconda-zos-2.0.3-01-17.run). The new version of Miniconda for Z is based on Python 3.10.7, has Bash 5.1 in the base environment and also contains the latest version of conda package and its dependencies. The updated packages come with a bunch of vulnerability fixes, therefore the upgrade is highly recommended.
Version currency updates:
- Vim 9.0.1050=6 This is a major version update (previous version supported on z/OS was v8.0). Full details on what is new in this version can be found here.
- ant 1.10.12=0
CVE and other fixes:
- cURL 7.77.0=18 CVE-2022-32221, CVE-2022-42916, CVE-2022-43551, CVE-43552
- gzip 1.9=7 CVE-2022-1271
- mktemp 1.7=2 Bug: “output to STDOUT in batch is in ASCII format, not EBCDIC”
- perl 5.32.1=11 CVE-2021-36770
- perl-dbi 1.643=pl532_5 CVE-2014-10402
- php 8.1.1=11 CVE-2022-37454
- python 3.10.7=17 new version release of IBM Python bundled with cffi-1.14.6, cryptography-3.3.2, numpy-1.21.2, pip-22.2.2, pycparser-2.20, setuptools-63.2.0, six-1.16.0
- sudo 1.8.21p2=10 CVE-2022-43995
- sudo_nokrb 1.8.21p2=6 CVE-2022-43995
Fixes in dependencies:
- libtag 1.7=10 Bugs:
“tag_version() function has the correct name everywhere”
“set_attr_stdio is visible in ebcdic mode”
- ncurses 6.1=16 CVE-2022-29458
Note, all bundled packages except Python 3.10.7 are compatible with the previous version of Miniconda for Z. Python 3.10.7 requires the latest version of Miniconda for Z.