Announcements

  • Pleased to announce Rocket Open AppDev for Z v2.0.9 release!

    Hello users of our z/OS open-source ports, I am pleased to announce the release of Rocket Open AppDev for Z v2.0.9.

    This release includes the ports of the new tools, Bison, Flex and Libidn2, and version currency updates for cURL, Git, Less, Nano, PHP, IBM Python, Sudo, and Vim,as well as an extensive list of security fixes and other fixes for many other ports.

    For customers on a support contract, these latest builds are already available via conda or SMP/E.  For users not on a support contract, these builds will be made available on our public conda channel server on January 15th, 2025. 

    Version currency updates: 

    • Curl 8.8.0 
    • Git 2.45.1  
    • Less 661 
    • Nano 8.0 
    • PHP 8.3.8 
    • Python 3.12.1 New version of IBM python released 
    • Pytest 8.1.1 

     
    New supported tool:

    • Bison 3.8.2
    • Flex 2.6.4
    • Libidn2 2.3.7 

     
    CVEs published against earlier versions and resolved by V2.0.9:

    • Git CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465 fixes
    • Less CVE-2024-32487 fix
    • OpenSSL CVE-2024-4603, CVE-2024-4741, CVE-2024-5535 fixes
    • PHP CVE-2024-1874, CVE-2024-2756, CVE-2024-2757, CVE-2024-3096, CVE-2022-31629, CVE-2024-2408, CVE-2024-4577, CVE-2024-5458, CVE-2024-5585 fixes 

     

    Fixes/CVEs in dependencies:

    • Cert-bundle 2024.07.05 Certificate bundle update Ncurses 6.5.20240504 New version release (includes CVE-2023-45918, CVE-2023-50495 fixes)
    • Pluggy-1.4.0 New version release (pytest dependency)