Hello users of our z/OS open-source ports,
I am pleased to announce the release of Rocket Open AppDev for Z v2.0.17. This release includes version currency updates for PyJWT and Python, as well as an extensive list of security fixes and other fixes for many other ports. For customers on a support contract, these latest builds are already available via conda or SMP/E. For users not on a support contract, these builds will be made available on our public conda channel server on December 31st, 2026.
Version currency updates:
- PyJWT 2.13.0
- Python 3.13.13 New version of IBM python released
CVEs published against earlier versions and resolved by V2.0.15:
- PyJWT CVE-2026-32597, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526 fixes
- Python CVE-2025-12084, CVE-2025-13462, CVE-2025-13836, CVE-2025-13837, CVE-2025-6075, CVE-2026-3644, CVE-2026-4224, CVE-2026-4519 fixes
Fixes/CVEs in dependencies:
- Cert-bundle 2026.03.31 Certificate bundle update
- Urllib3 2.7.0 CVE-2026-44431 fix
Changes in install options:
- The local file channel installer for core AppDev 2.0.16 tools: appdev_local-2.0.17-2026-06-17.run.
- The separate local file channel installer: aitools_local-2.0.17-2026-06-17.run. It includes the python packages: Blinker, Flask-WTF, PyJWT, WTForms, that can be installed along with Pandas, Pluggy, Flask, and Gunicorn and their dependencies. The packages are also available on the secure channel – zoss-aitoolkit, and new PTF RD13005 includes these packages as well.
