What's new in CICS TS 6.3?

CICS® Transaction Server for z/OS®, Version 6 continues to enable development teams to create powerful mixed-language applications and to allow the operational teams to manage these applications from a single point of control.

Find out what CICS TS 6.3 offers. You might also like to refer to the CICS Transaction Server for z/OS Version 6.3 announcement letter.

Find the capabilities of CICS TS 6.2 in What's New for CICS TS 6.2 and the capabilities of CICS TS 6.1 in What's New for CICS TS 6.1.

For a summary of capabilities that were introduced before CICS Transaction Server for z/OS, Version 6, see Changes between releases. New features in CICS Explorer® are described in the CICS Explorer product documentation.

Release highlights

Highlights in CICS TS 6.3 summarized under three themes. 1. Reduced cost of management and resilience: Support for OpenTelemetry distributed tracing, simplified configuration through a new YAML-driven tool. CICS policies now cover the status of APPC connections and JVM servers and send information to the system log. 2. Improved security and compliance management: Builds on zero trust support of 6.2 to include CICS Explorer in analyzing and improving security definitions, enforcing secure TCP/IP connections, and improving AT-TLS and MFA functions. Security Definition Validation illustrates application security testing in a CI/CD pipeline. 3. Enhanced developer productivity: Support for Java 21, Jakarta 10 EE, MicroProfile 6, and Spring Boot 3. Developers can use VS Code extensions for CICS applications. AI agent support in CICS can quickly provide developer-relevant information about a live CICS environment, without requiring an administrator interface.

All the enhancements at a glance

Some enhancements are shown under more than one category; the information is the same in all cases.

What's new for the developer experience

Support for Java 21

CICS supports Java 21 using IBM® Semeru Runtime® Certified Edition for z/OS. A minimum version of 21.0.4.0 is required.

Calling CICS services on virtual threads is not supported.

Java 21 is not supported for use with SAML JVM servers at all CICS releases. To enable Db2® type 2 connectivity with Java 21, add LIBPATH_SUFFIX=/usr/lpp/db2v13/jdbc/lib to the JVM profile.

Java 17 remains supported.

Learn more about CICS and Java.

Changes to Java 8 and Java 11 support

CICS no longer supports Java 8 and Java 11.

To learn more about Java versions support, see Migrating applications to new Java versions.

JCICSX API support for latest Java versions and Enterprise Java versions

The JCICSX API is now compatible with a wider range of Java versions, such as Java 17 and Java 21 and Enterprise Java versions, such as Jakarta EE 8, Jakarta EE 9, and Jakarta EE 10.

A new feature, jcicsxClient-2.0, facilitates JCICSX client development for higher versions of Java and Jakarta EE.

The jcicsxServer-1.0 feature that runs on the server is updated to run in all supported environments, and is compatible with both versions of the client.

Learn more about CICS and Java.

Support for Spring Boot 3

Developers can use the latest features in Spring Boot 3 to build modern and lightweight applications with optimized access to CICS services and data.

This capability is also available on CICS TS 6.2 and CICS TS 6.1 with APAR PH60795.

Learn more about Spring Boot applications.

Support for OpenTelemetry Java for developers
Java applications in a CICS JVM server can use OpenTelemetry Java to generate and collect telemetry data. CICS provides the OpenTelemetry Java API and SDK in JVM servers when the controlling CICS region is configured to participate in OpenTelemetry scenarios.

By using OpenTelemetry Java, you can get detailed visibility into the behavior and performance of Java applications as part of CICS transactions.

Learn more about OpenTelemetry Java.

Support for Jakarta Enterprise Edition 10

The CICS Liberty JVM server now supports Jakarta Enterprise Edition (EE) 10.

Learn more about Liberty features supported for Jakarta EE 10.

Changes to JCA local ECI support

CICS no longer supports the JCA local ECI resource adapter and the cicsts:jcaLocalEci-1.0 Liberty feature. The package com.ibm.connector2.cics is no longer available in CICS Explorer, or in the CICS JVM server class path. Use the JCICS Program class to link to CICS programs.

Support for Reactive features of Liberty

  • Developers can use the latest features in MicroProfile 6.0 and MicroProfile 6.1 to build resilient, secure, and easy-to-monitor microservices.

  • The Eclipse MicroProfile Reactive Messaging specification provides asynchronous messaging support based on Reactive Streams for MicroProfile.

    mpReactiveStreams-3.0 supports the MicroProfile Reactive Streams 3.0 API.

Learn more about Developing microservices with MicroProfile .

Changes to OSGi Application Projects (EBA) and OSGi Bundle Projects (WAB) support

The CICS build toolkit no longer supports OSGi Application Projects (EBA) and OSGi Bundle Projects (WAB).

Learn more about CICS application build automation with the CICS build toolkit.

CICS Explorer is now available on the Aqua 3.4 release train. To learn more about OSGi Application Projects (EBA) and OSGi Bundle Projects (WAB) support in CICS Explorer, see What's New in CICS Explorer.

Support for Model Context Protocol in CICS
CICS supports the Model Context Protocol (MCP) and provides an CICS MCP server. The CICS MCP server provides access to tools that AI agents use to help an LLM to get live or contextual information about CICS. For example, enabling an agentic solution that provides developers with information that they need about a live CICS environment, without requiring an administrator interface. IBM provides pre-built agents for CICS TS for z/OS.

Learn more about CICS and AI.

What's new for system management

Support for CICS participation in OpenTelemetry tracing
CICS participates in OTel tracing by propagating trace context and producing a span data record for each CICS transaction when a task completes.
  • The OTELTRACE system initialization (SIT) parameter supports configuration at CICS region level. The OTELEMIT and OTELPROP transaction definition attributes support configuration at the transaction level.
  • System programming interfaces (SPI) commands control OTel processing at the CICS region level and for each transaction.
  • New monitoring fields are available in the DFHOTEL performance class group.
  • New statistics fields are available in the transaction manager domain statistics DFHXMGDS and the transaction resource statistics DFHXMRDS.

Learn more about OpenTelemetry.

Learn more about CICS and OpenTelemetry.

Support for OpenTelemetry Java for system managers
Java applications in a CICS JVM server can use OpenTelemetry Java to generate and collect telemetry data. CICS provides the OpenTelemetry Java API and SDK in JVM servers when the controlling CICS region is configured to participate in OpenTelemetry scenarios.

By using OpenTelemetry Java, you can monitor end-to-end transaction flows with detailed trace data, to help identify performance issues or failures within distributed systems that include Java components.

Learn more about OpenTelemetry Java.

Simplified configuration

Configuring a CICS region can be complex, with many options and locations to specify values. To make configuration simpler, CICS regions can now be specified in a single easy-to-understand YAML file with in-editor contextual help, ready to be checked into source-code management systems, such as Git, for sharing, control, and automation. A beta command-line tool uses the YAML file to create and configure CICS regions, including their required datasets, system initialization parameters and startup JCL.

Learn more about CICS Transaction Server configuration tool beta.

Changes to XPI functions
  • The internal mechanism used to make an XPI call is changed in CICS TS 6.3. Exit programs that contain XPI calls and were assembled at an earlier release will no longer work. Reassemble all user exit programs that contain XPI calls. The RELSENSCALL option is no longer supported and you must change programs to use CALL instead of RELSENSCALL. Exit programs that are assembled with the CICS TS 6.3 version of the XPI macros can run on CICS TS 6.2 and earlier versions.
  • Monitoring XPI function; the DFHMNOTX call EXTRACT_OTEL returns the OpenTelemetry trace parent information that is associated with the current task to the exit program.
Enhancements to CICS policies
  • CICS policies that have an action to issue a message to the CSSL destination now also send the message to the system console. This enables system automation products that monitor the CICS system console to take further action when these messages are issued.

    This capability is also available in CICS TS 6.2, and in CICS TS 6.1 with APAR PH62711 and 5.6 with APAR PH62710.

  • System rule type: APPC(LU62) connection status

    Use this rule type to define the action to take when the status of a CICS APPC LU6.2 connection changes from or to a specific state.

    Learn more about the APPC(LU62) connection status system rule.

  • System rule type: JVM server enable status

    Use this rule type to define the action to take when the enable status of a JVM server changes from or to a specific state.

    Learn more about the JVM server enable status system rule.

  • Filter options for system rule type: Compound condition

    The two new system rule types, APPC(LU62) connection status and JVM server enable status, are added as optional filters on the compound condition system rule type.

    Learn more about the Compound condition system rule.

Learn more about Policy system rules.

File close time set in interval statistics records and end of day statistics records

A17LCLST (local time file closed) and A17GCLST (GMT time file closed) are now set in interval statistics records and end of day statistics records.

When viewed through the CICSPlex® SM API, LOCFILE_TIMECLOSE and LOCFILE_GMTFILECLS contain a valid time.

Learn more about Files: Resource statistics - resource information.

Using the IBM Function Registry for z/OS
From z/OS 3.1, CICS adds an entry for each region into the IBM Function Registry for z/OS. Message, DFHKE0600 is issued when an entry is added into the IBM Function Registry.

What's new for security

Analyzing security definition using the To-Do List view in CICS Explorer

The To-Do list view in CICS Explorer scans the contents in the editor and identifies anomalies in your existing security definitions. It helps to identify invalid role names, duplicate role accesses, and other issues with users, roles, member lists, and resources. You can rename roles, rearrange the grouping of users, convert accesses to specific permissions, and refine overall user access.

Learn more about Analyzing security definitions using To-Do List in CICS Explorer.

Example implementation of Security Definition Validation (SDV) for CICS TS

SDV for CICS TS is an example implementation of a CI/CD pipeline that introduces CICS application security testing into its flow. Use the example implementation to see how you might introduce CICS application security testing into a CI/CD pipeline.

If a request in the pipeline flow to change application code results in a change to the security definitions that are required for that application to run, an approval process for the security administrator is initiated. The application code change request is blocked until the security administrator approves it.

SDV is not part of CICS TS, nor is it an installable product. It is an example implementation of security definition validation that uses the security definition capture in CICS TS 6.2 onwards.

Learn more about Security Definition Validation for CICS TS.

Enforce the use of secure TCP/IP connections

The system initialization (SIT) parameter, SECURETCPIP, controls whether TCP/IP connections managed as part of IPCONN, TCPIPSERVICE, and client URIMAP resources must be secure. If SECURETCPIP=YES is in effect, then all IPCONN, TCPIPSERVICE, and client URIMAPs must be secured directly by CICS or by using AT-TLS. This setting also applies to connections created as part of EXEC CICS WEB OPEN and EXEC CICS INVOKE SERVICE commands where there is no matching URIMAP.

Learn more about SECURETCPIP.

Multi-factor Authentication (MFA) terminal signon improvement for users with expired credentials

You can now activate the IDTDATA class in RACF® to logon and change expired credentials.

This capability is also available on CICS TS 6.2 and CICS TS 6.1 with APAR PH63625.

Learn more about Multi-factor authentication (MFA).

Extension of AT-TLS Aware
  • IPIC connections can now be fully secured by using AT-TLS. The TCPIPSERVICE and IPCONN definitions are updated to allow SSL(ATTLSAWARE) to be specified for IPIC. This change means that an IPIC connection can be fully secured with AT-TLS and specify LINKAUTH(CERTUSER) or use ATTACHSEC(VERIFY) with a partner system that is not in the same sysplex.
  • URIMAPs for USAGE(CLIENT) can now specify ATTLS(AWARE) so CICS enforces that the outbound connection is secured by using AT-TLS. To use ATTLS(AWARE), specify USAGE(CLIENT) and SCHEME(HTTP) and do not specify CERTIFICATE and CIPHERS. It is recommended that you update existing client URIMAPs that are already secured using AT-TLS to specify ATTLS(AWARE).
Learn more about...
Changes to support for 2-digit ciphers

CICS no longer supports 2-digit ciphers in IPCONN, TCPIPSERVICE, and URIMAP resources. Redefine these resources to use a suitable ciphers file such as defaultciphers.xml. If you install one of these resources without specifying the ciphers file, CICS uses the defaultciphers.xml instead of the CIPHERS value in the resource definition. The messages DFHIS1060, DFHSO0178, and DFHWB1561 are issued for IPCONN, TCPIPSERVICE, and URIMAP respectively for each affected resource.

EXEC CICS WEB OPEN and EXEC CICS INVOKE SERVICE commands that do not specify a URIMAP for a secure outbound connection use the defaultciphers.xml. EXEC CICS WEB OPEN command no longer supports CIPHERS and NUMCIPHERS options. These options are ignored and CICS uses the defaultciphers.xml. Programs that contain EXEC CICS WEB OPEN CIPHERS NUMCIPHERS commands are reported in the DFHWB0768 message. DFHWB0768 is issued once for each affected program.

Review the contents of defaultciphers.xml and make sure that the list of ciphers meet your needs.

Changes to support for SAML using the CICS STS

CICS no longer supports SAML using the CICS Security Token Service.

Changes to support for signing and encrypting SOAP messages for the WS-Security feature

CICS no longer supports the use of WS-Security protocols to sign and encrypt SOAP messages. This change does not affect securing SOAP messages with Transport Layer Security (TLS). This partial withdrawal of WS-Security support also removes the dependencies on the XML Toolkit for z/OS.

Other aspects of the WS-Security feature that relate to identity propagation and trust are supported in CICS TS 6.3.

For more information about support for the WS-Security feature, see the Security for SOAP web services.

System initialization parameter to support future FIPS 140-3 standard
A system initialization parameter, FIPS supports FIPS 140-3 standard in the future when it becomes available by System SSL for z/OS. If this parameter is set to 1403 before the support is introduced, CICS generates a warning message and ignores the parameter. To learn more about FIPS 140-2 support, see NISTSP800131A system initialization parameter and System SSL and FIPS 140-2 in z/OS documentation.

What's new for resilience

Automatic redirecting of HTTP response for INVOKE SERVICE command

The INVOKE SERVICE command has been updated to allow for redirects of the HTTP response to the information contained in the location header.

This capability is also available on CICS TS 6.2 and CICS TS 6.1 with APAR PH63742, and on CICS TS 5.6 with APAR PH61670.

Learn more about INVOKE SERVICE.

What's new for documentation and other information

AI augmented search
CICS TS 6.x documentation augments standard search with IBM watsonx.ai™. Enter a search query of three words or more in CICS TS 6.x documentation in IBM Docs and you get an AI-generated answer, with links to the sources of information that were used. Standard search results are also displayed. IBM watsonx.ai uses both HTML and PDF content in the CICS TS 6.x documentation to provide answers. You can use the thumbs up and thumbs down icons to rate the answer and send feedback directly to the CICS TS documentation team.
Removal of CICS executable modules list
The reference list of CICS executable modules, and its equivalent PDF, are removed. This information remains available as-is in Version 5.
Intention to remove data areas
In future, IBM intends to remove the CICS data areas from the documentation. These will be provided in PDF with the product.
Enhanced content for CICS application development
New topics have been added to the Fundamentals section to explain key concepts, including how CICS acts as an application server, the programming languages that are supported by CICS, and the CICS application workflow.

Learn more about What documentation is available?.