|
Notification - Security Vulnerability - Please Read
Mark.Ackert@...
Hello Zowe Users, We were informed of a published vulnerability in NPM dependencies which affected Zowe CLI’s secure-credential-store during the time period of Nov 4th to Nov 5th. If you installed the plugin from npmjs.org during the vulnerable window of time via a direct command line install, you should follow the recommended resolution steps from the security advisory here: https://github.com/advisories/GHSA-g2q5-5433-rhrf. You are not affected if you downloaded the secure credential store plugin from zowe.org or a Zowe support conformant vendor (IBM or Broadcom). You are not affected if you downloaded from any source prior to Nov 4. The following component versions were affected: @zowe/secure-credential-store-for-zowe-cli@zowe-v1-lts @zowe/secure-credential-store-for-zowe-cli@latest If you issued one of these commands Nov 4 or Nov 5, you should follow the above resolution steps: “zowe plugins install @zowe/secure-credential-store-for-zowe-cli@zowe-v1-lts” “zowe plugins install @zowe/secure-credential-store-for-zowe-cli@latest” Hello Zowe Developers, We found additional Zowe components which the above vulnerability affects at development time, during the same time period of Nov 4th - Nov 5th. There was a second hijacked dependency, https://github.com/veged/coa/issues/99, which contained the same exploit. Conditions for vulnerability:
Thank you This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
|
||||||
|
|
||||||
|
z/OS 2.5 Compatibility
Forwarding your note along to the zowe-user email list. Thank you, John Mertic Director of Program Management - Linux Foundation Academy Software Foundation, LF Energy, Magma, Open Mainframe Project, and SODA Schedule a meeting with me at https://meetings.hubspot.com/jmertic ---------- Forwarded message --------- From: THUMMALAPENTA, Padmapriya <Padmapriya.THUMMALAPENTA@...> Date: Thu, Dec 9, 2021 at 5:31 AM Subject: z/OS 2.5 Compatibility To: info@... <info@...> Hi,
We are running with ZOWE 1.13 and planning to upgrade from z/OS 2.3 to z/OS 2.5 please provide the compatibility details to move to z/OS 2.5.
Thank you.
Warm Regards
This e-mail is sent by Suncorp Group Limited ABN 66 145 290 124 or one of its related entities "Suncorp". Suncorp may be contacted at Level 28, 266 George Street, Brisbane or on 13 11 55 or at suncorp.com.au. The content of this e-mail is the view of the sender or stated author and does not necessarily reflect the view of Suncorp. The content, including attachments, is a confidential communication between Suncorp and the intended recipient. If you are not the intended recipient, any use, interference with, disclosure or copying of this e-mail, including attachments, is unauthorised and expressly prohibited. If you have received this e-mail in error please contact the sender immediately and delete the e-mail and any attachments from your system.
|
||||||
|
|
||||||
|
Re: z/OS 2.5 Compatibility
Jack-Tiefeng Jia
Hi Padmapriya,
We did some test on v2.5 internally and here is what we found.
- We tested Zowe v1.23.0+ on z/OS v2.5 and we don’t see issues. We didn't go back to test Zowe v1.13.
- There was an issue related to Zowe playbooks running on z/OS 2.5 Fixpack 14. This issue doesn't exist with z/OS 2.5 Fixpack 6, and it disappeared on z/OS 2.5 Fixpack 18 on one of the system but still exist on another system. This failure does not affect Zowe runtime but only pipeline. So I think it's worthy to try to bring up Zowe v1.13 on z/OS v2.5. Currently we don't expect failures. If you do see something unexpected, please feel free to contact us.
----- Original message -----
|
||||||
|
|
||||||
|
test
Thank you, John Mertic Director of Program Management - Linux Foundation Academy Software Foundation, LF Energy, and Open Mainframe Project Schedule a meeting with me at https://meetings.hubspot.com/jmertic
|
||||||
|
|
||||||
|
*ZOWE V2 OFFICE HOURS* Notice for Zowe Consumers
Please mark your calendars or reference the OMP / Zowe Calendar for Zowe V2 Office Hours: https://lists.openmainframeproject.org/g/zowe-dev/calendar The Zowe Onboarding Squad is offering a series of Zowe V2 Office Hours, every Wednesday at 12pm ET throughout the month of April. These webinars will focus on Zowe V2 from a User perspective. Each session will cover a different Zowe component and will include:
Please consider attending our first session focused on API Mediation Layer. We look forward to your participation! Did you miss an Office Hours Session? Find prior session recordings and view the schedule here: https://www.zowe.org/vnext#office-hours Best Regards, The Zowe Onboarding Squad Jakub Balhar Michael DuBois Jan Prihoda Rose Sakach Joe Winchester This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
|
||||||
|
|
||||||
|
*ZOWE V2 OFFICE HOURS* Notice for Zowe Consumers
Please mark your calendars or reference the OMP / Zowe Calendar for Zowe V2 Office Hours: https://lists.openmainframeproject.org/g/zowe-dev/calendar The Zowe Onboarding Squad is offering a series of Zowe V2 Office Hours, every Wednesday at 12pm ET throughout the month of April. These webinars will focus on Zowe V2 from a User perspective. Each session will cover a different Zowe component and will include:
Please consider attending this upcoming session focused on Zowe CLI (Command Line Interface). We look forward to your participation! Did you miss an Office Hours Session? Find prior session recordings and view the schedule here: https://www.zowe.org/vnext#office-hours Best Regards, The Zowe Onboarding Squad Jakub Balhar Michael DuBois Jan Prihoda Rose Sakach Joe Winchester This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
|
||||||
|
|
||||||
|
*Zowe V2 OFFICE HOURS* Notice for Zowe Consumers
Please mark your calendars or reference the OMP / Zowe Calendar for Zowe V2 Office Hours: https://lists.openmainframeproject.org/g/zowe-dev/calendar The Zowe Onboarding Squad is offering a series of Zowe V2 Office Hours, every Wednesday at 12pm ET throughout the month of April. These webinars will focus on Zowe V2 from a User perspective. Each session will cover a different Zowe component and will include:
Please consider attending this upcoming session focused on Zowe Explorer (VS Code Extension). We look forward to your participation! Did you miss an Office Hours Session? Find prior session recordings and view the schedule here: https://www.zowe.org/vnext#office-hours Best Regards, The Zowe Onboarding Squad Jakub Balhar Michael DuBois Jan Prihoda Rose Sakach Joe Winchester This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
|
||||||
|
|
||||||
|
REMINDER *Zowe V2 OFFICE HOURS* Notice for Zowe Consumers
Please mark your calendars or reference the OMP / Zowe Calendar for Zowe V2 Office Hours: https://lists.openmainframeproject.org/g/zowe-dev/calendar The Zowe Onboarding Squad is offering a series of Zowe V2 Office Hours, every Wednesday at 12pm ET throughout the month of April. These webinars will focus on Zowe V2 from a User perspective. Each session will cover a different Zowe component and will include:
Please consider attending this upcoming session focused on Zowe Web UI / Zowe Desktop / App Framework. We look forward to your participation! Did you miss an Office Hours Session? Find prior session recordings and view the schedule here: https://www.zowe.org/vnext#office-hours Best Regards, The Zowe Onboarding Squad Jakub Balhar Michael DuBois Jan Prihoda Rose Sakach Joe Winchester This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
|
||||||
|
|
||||||