New-function APARs for Db2 13 in 2025

Tip: Depending on when and how you order the Db2 13 product code, you might find that external changes from any of the following APARs are already built-in when you install or migrate to Db2 13. Also, depending on your maintenance strategy, external changes from APARs that you did not apply in Db2 12 are likely to be already built-in when you migrate to Db2 13. See the descriptions of APARs with availability dates earlier than 2022-06 in New-function APARs for Db2 12.

RACF group support in the trusted context SYSTEM AUTHID clause

APAR PH64219 (July 2025) introduces support for specifying secondary authorization IDs, such as RACF groups, in the SYSTEM AUTHID clause when you create or alter a trusted context.

A trusted context is always based on a system authorization ID and connection attributes, and the system authorization ID for the trusted context must be unique. Before this enhancement, this unique system authorization ID requirement limited the number of trusted contexts for each primary authorization ID. However, a primary authorization ID can be associated with multiple RACF groups, so the enhancement in this APAR means that the unique system authorization ID requirement no longer restricts the number of trusted contexts for each primary authorization ID.

Related function levels for this APAR: FL 100 New function in this APAR takes effect after the PTF is applied at any function level; FL tbd The PTF for this APAR is expected to be verified by activating a to-be-determined future function level.

For more information, see the following related topics:

LISTDEF and Db2 installation CLIST enhancements for future catalog and directory conversions

APAR PH66270 (July 2025) enhances the LISTDEF utility and Db2 installation CLIST to support the future conversion of remaining non-UTS objects in the Db2 catalog an directory to universal table spaces (UTS).

The LISTDEF utility is enhanced to support specifying table names for Db2 catalog and directory in INCLUDE and EXCLUDE clauses of the LISTDEF control statement. Also, support is added for specifying the SYSUTILX directory table space and table names.

The enhancement to the Db2 installation CLIST includes changes to the following Db2 sample jobs: DSNTIJCX, DSNTIJDE, and DSNTIJIC.

Related function levels for this APAR: FL tbd The PTF for this APAR is expected to be verified by activating a to-be-determined future function level. ; FL 100 New function in this APAR takes effect after the PTF is applied at any function level

For more information, see the following related topics:

Added options for the START ML and STOP ML commands and updated DISPLAY ML command output

APAR PH66471 introduces changes to the -START ML, -STOP ML, and -DISPLAY ML commands, which activate, deactivate, and display the status of the Db2ZAI SQL optimization, System assessment, and Distributed connection control functions. For SQL optimization, this APAR introduces a new feature that supports the manual selection of dynamic applications for dynamic SQL based on the Client-Application-Name or Client-UserID. Also included is support for the importation of Db2 subsystem trace collection data. This leverages the Db2ZAI System assessment feature without directly connecting Db2ZAI to all Db2 systems.

For more information, see the following related topics:

Enhanced authorization and authentication in SQL Data Insights

APARs PH66445, PH66446, and PH66267 (June 2025) introduce important security enhancements to Db2 SQL Data Insights (SQL DI). With the security updates, you can use Db2 secondary authorization IDs to authorize SQL DI users for object and model management. You can also use RACF® PassTickets or authentication token files to access Db2 from the shell CLI or the REST API.

Currently, you grant SQL DI users the permissions for object and model management by running the DSNTIJAI sample JCL job in Db2. You must run the sample job to authorize each individual user one at a time, which is laborious and time consuming. After applying the updates, you have the option to grant the permissions to a Db2 secondary authorization ID in the JCL job. Then, specify the same secondary authorization ID in SQL DI when enabling an object for AI query. After the enablement, the specified secondary authorization ID, instead of the primary authorization ID of the individual user, owns the model table and index of the object. Users associated with the secondary authorization ID are automatically authorized all at the same time to manage the object and the model.

In addition, you currently access SQL DI and connect from SQL DI to Db2 by using a credentials file. The credentials file stores your user ID and password. With the credentials file, you do not need to enter your user ID and password manually and repeatedly whenever you access SQL DI or Db2. But each connection request still transmits the encrypted password across the network. After applying the updates, you have the option of using either an authentication token file to access SQL DI or a RACF PassTicket to connect to Db2, which eliminates the need to store the password and reduce the frequency to transmit it across the network.

For more information, see the following related topics:

PH66445
PH66446
PH66267

LOB support for IBM® Db2 Analytics Accelerator (phase 1)

APAR PH62993 (June 2025) introduces support in Db2 for z/OS® for the first phase of query acceleration support for large object (LOB) data types in IBM Db2 Analytics Accelerator for z/OS version 8, including support for LOB columns (for example CLOB, DBCLOB, and BLOB) and LOB expressions. The supported LOB expressions include LOB scalar functions such CLOB, TO_CLOB, DBCLOB, and BLOB, and CAST AS lob-data-type expressions.

In the first phase, tables with LOB columns up to 2 GB (or 1 GB for DBCLOB) length can be offloaded to the accelerator. However, LOB columns and expressions within the result set of a query have a maximum length of 32 K, and this limit is enforced by SQLCODE -904. LOB columns and expressions referenced elsewhere in the query can be up to 2 GB (1 GB for DBCLOB) length.

The offloading of LOB columns and expressions requires IBM Db2 Analytics Accelerator for z/OS version 8 or later. SQLCODE -4742 is updated with reason codes 43 for this requirement.

For more information, see the following related topics:

New diagnostic level in the profile attributes table to reduce console messages generated during Db2ZAI DCC training

APAR PH65972 (June 2025) introduces support for the value WARNING_DIAGLEVEL0 for the ATTRIBUTE1 column of the DSN_PROFILE_ATTRIBUTES profile table. This enhancement leverages the diagnostic level WARNING_DIAGLEVEL0 to prevent Db2ZAI Distributed Connection Control (DCC) recommended profiles from generating additional console messages during the training process. The value WARNING_DIAGLEVEL0 is only valid for the MONITOR ALL CONNECTIONS, MONITOR ALL THREADS, MONITOR CONNECTIONS, and MONITOR THREADS keywords in the profile attributes table. When DSN_PROFILE_ATTRIBUTES.ATTRIBUTE1=WARNING_DIAGLEVEL0, no console messages are issued when a connection or thread usage exceeds a defined threshold, and the existing IFCID statistics trace still records when each threshold is reached.

For more information, see the following related topics:

Support for a queue parameter in the CAF OPEN function

APAR PH65922 (May 2025) enhances the OPEN function for the call attachment facility (CAF) with a new optional queue parameter that specifies whether a thread is rejected instead of being queued based on the threshold of the CTHREAD subsystem parameter being reached.

The CTHREAD subsystem parameter specifies the maximum number of concurrent allied threads allowed by Db2 for z/OS. Any create thread request made after this threshold has been exceeded is queued for later processing once resources become available.

The queue parameter is an 8-byte area that contains the string 'NOQUEUE'. When 'NOQUEUE' is specified, a create thread request that would otherwise be queued based on the CTHREAD value is instead rejected with return code 8, and reason code 00F3005A is returned to the calling application.

For more information, see the following related topics:

Trusted context support for local and remote connections

APAR PH65634 (May 2025) introduces support for the same trusted contexts to be used for both local connections, such as batch, TSO, RRSAF, and CAF, and remote connections such as JDBC, and ODBC. With this capability, administrators and users can connect to Db2 and use the capability of the trusted context, regardless of how the trusted context was established.

A trusted context is an independent database entity that you can define based on a system authorization ID and connection trust attributes. The system authorization ID for a trusted context can be the primary authorization ID or one of the secondary authorization IDs, such as a RACF group. Before this APAR, the system authorization ID in a trusted context definition must be unique. That is, the connection trust attributes must be defined either for local connections or remote connections or remote, but not both. Also, a single trusted connection cannot be used for both connecting locally and connecting remotely.

APAR PH65634 removes a restriction on specifying both local and remote attributes in the same CREATE TRUSTED CONTEXT or ALTER TRUSTED CONTEXT statement, which is previously enforced by SQLCODE -628.

For more information, see the following related topics:

MODIFY RECOVERY utility DELETEDS override

APAR PH65233 (May 2025) introduces a new Db2 subsystem parameter, UTIL_MODIFY_REC_DELETEDS, that prevents the MODIFY RECOVERY utility from deleting image copy data sets when the DELETDS option is specified.

The default for the new UTIL_MODIFY_REC_DELETEDS subsystem parameter is 'ALLOW,' which indicates that the DELETEDS option is allowed for the MODIFY RECOVERY utility. A Db2 system administrator can specify the 'IGNORE' option for UTIL_MODIFY_REC_DELETEDS. If the 'IGNORE' option is specified for UTIL_MODIFY_REC_DELETEDS, the DELETEDS option for the MODIFY RECOVERY utility will be ignored, even if specified.

For more information, see the following related topics:

Ability to store the expansion dictionary in the compression dictionary data set

Starting in Db2 13 with APAR PH64099 (May 2025) and function level 500 or higher, you can store the expansion dictionary in the compression dictionary data set (CDDS). The expansion dictionary is used to decompress compressed table space data that is returned in log records. The table space data can be compressed with either the fixed-length algorithm or the Huffman algorithm.

The ability to store the expansion dictionary in the CDDS can improve performance and availability for replication applications that use one of the following methods:

IFI READS calls for IFCID 306
IBM Integrated Synchronization in IBM Db2 Analytics Accelerator for z/OS Version 8.1 or later

Before this APAR and its pre-conditioning APARs, the expansion dictionary was stored in the table space whose data was being returned in log records. Storing the expansion dictionary in the CDDS can improve availability of the expansion dictionary.

Storing expansion dictionaries in the CDDS has the following advantages for decompressing log records for replication applications:

Compressed table spaces that are referenced in retrieved log records do not need to be opened when the table space data is decompressed, which has the following advantages:
- In a data sharing environment, when the table spaces are not open, they do not become GBP-dependent.
- Decompression failures because the table spaces are in the STOP state do not occur.
Db2 does not need to obtain a DBD lock or claim on the referenced table spaces. This lessens the occurrence of serialization issues with concurrently running data definition statements or utilities.
Db2 does not need to access expansion dictionaries from the logs. There is less performance degradation due to retrieval of the logs, especially when archive logs are on tape.

For more information, see the following related topics:

Storing the expansion dictionary for compressed log records in the compression dictionary data set
PH64099 (enabling APAR)
PH64098, PH64097, PH64096 (pre-conditioning APARs)
IBM Integrated Synchronization

Disable generation of GRANT statements for installation jobs

APAR PH63973 (April 2025) introduces the capability to control whether the Db2 installation CLIST includes GRANT statements in generated installation, migration, and IVP jobs. To support this new capability, a GRANT OPTION field is added to the DSNTIPG (INSTALLATION PREFERENCES) panel for users to specify the setting for a new DSNTIJRT/DSNTRIN GRANTOPT parameter and new installation configuration parameter, GRANTOPT. You can specify whether GRANT statements are issued, edited out, or commented out in the installation, migration, and IVP jobs that the Db2 installation CLIST.

The capability to edit out or comment out the GRANT statements is especially useful for customers who use external security with Db2, when auditors often require that no GRANT statements are issued. Before the availability of this capability, customers using external security for Db2 must either establish a process to comment out the GRANT statements after generating the jobs, or to revoke the grants after the installation process is complete.

For more information, see the following related topics:

Prefetch for refreshing cross-invalidated buffer pool pages

APAR PH65562 (April 2025) Db2 13 introduces a capability to enable prefetch to avoid synchronous read operations that occur due to cross invalidation and avoid the resulting synchronous reads and impact on online workload performance.

The cross invalidation of buffer pool pages occurs when Db2 automatically converts updated page sets or partitions from read-write intent to read-only intent state, which is controlled by the pseudo-close mechanism at the interval specified by the PCLOSET subsystem parameter value. When read-write activity starts again, the page set or partition switches to GBP dependency, and the pages in the buffer pools are cross invalidated again. Such repeated invalidation behavior can be painful for applications that depend on large indexes, which are expected to be mainly in memory.

To help you manage the cross invalidation of buffer pool pages for specific buffer pools, APAR PH65562 introduces two new option keywords for the ALTER BUFFERPOOL command:

REFPF

Specifies whether to refresh the cross-invalidated pages.

(NO): Pages are not refreshed after cross invalidation.
This value is the default.
(YES): Pages are refreshed after cross invalidation.

VPCLOSET (integer)

Changes the pseudo-close interval for the buffer pool. The value of integer specifies the number of minutes that a partition or page set remains read-write after it is last updated. After the specified number of minutes, Db2 converts the set or partition to read-only.

The value of integer must be 0–32767, inclusive. The initial default value is 0.

If VPCLOSET(0) is specified, the PCLOSET subsystem parameter value specifies the pseudo-close interval for the buffer pool. For more information, see RO SWITCH TIME field (PCLOSET subsystem parameter).

The DISPLAY BUFFERPOOL command output displays the specified value of this setting in the DSNB404I message. If this setting is 0, the PCLOSET subsystem parameter value is displayed.

For NOT LOGGED table spaces, Db2 converts the page set or partition from read-write to read-only after one minute, regardless of the value of VPCLOSET.

The DISPLAY BUFFERPOOL command output is also enhanced to report the REFPF setting in the existing DSNB406I message and to report the VPCLOSET value for a buffer pool in the DSNB404I message.

For more information, see the following related topics:

IPv4 and IPv6 subnet address support for trusted contexts ADDRESS attribute

Starting in Db2 13, APAR PH64533 (April 2025) introduces support for specifying IPv4 and IPv6 subnet addresses for Db2 trusted contexts ADDRESS attribute. This capability is especially useful for using trusted contexts to control access from cloud-based clients or specific portions of the network. Before this APAR, the ADDRESS attribute only supported an IPv4 address, an IPv6 address, or a domain name. With this enhancement, the ADDRESS attribute includes support for IPv4 and IPv6 subnet addresses.

For more information, see the following related topics:

Forward-fit of DSNTXAZP enhancements to Db2 13

In Db2 13, APAR PH63793 (April 2025) enhances the DSNTXAZP tool with new capabilities that were previously introduced in two phases in Db2 12 new-function APARs.

Attribute category	Settings
Application programming defaults	DSNHDECP (APPL DEFAULTS)
Authorization ID preferences for Db2-supplied routines, migration jobs, and IVP jobs	AUTHID (ROUTINES CREATOR) SECDEFID (SEC DEF CREATOR) INSSQLID (INSTALL SQL ID) INSPKOWN (INSTALL PKG OWNER) INSGRLST (INSTALL GRANTEE(S)) IVPSSQLID (IVP SQL ID) IVPPKOWN (IVP PKG OWNER) IVPGRLST (IVP GRANTEE(S))
BSDS and active logs parameters	BSDSNAM1 (BSDS COPY 1 NAME) BSDSNAM2 (BSDS COPY 2 NAME) LOGSPRE1 (COPY 1 PREFIX) LOGSPRE2 (COPY 2 PREFIX) VBSDSLOG (BSDS AND ACTIVE LOG ICF CATALOG ALIAS) VOLSDAT6 (LOG COPY 1, BSDS 2 VOL/SER) DATACLS6 (LOG COPY 1, BSDS 2 SMS DATA CLASS) MGMTCLS6 (LOG COPY 1, BSDS 2 SMS MGMT CLASS) STORCLS6 (LOG COPY 1, BSDS 2 SMS STOR CLASS VOLSDAT7(LOG COPY 2, BSDS 1 VOL/SER) DATACLS7 (LOG COPY 2, BSDS 1 SMS DATA CLASS) MGMTCLS7 (LOG COPY 2, BSDS 1 SMS MGMT CLASS) STORCLS7 (LOG COPY 2, BSDS 1 SMS STOR CLASS) LOGSNUM (NUMBER OF LOGS)
Data parameters	VOLSDAT3 (VOL/SER) DATACLS3 (SMS DATA CLASS) MGMTCLS3 (SMS MGMT CLASS) STORCLS3 (SMS STOR CLASS)
Db2 catalog sizes	NUMDATAB (DATABASES) NUMTABLE (TABLES) NUMCOLUM (COLUMNS) NUMVIEWS (VIEWS) NUMTABSP (TABLE SPACES) NUMPLANS (PLANS) NUMPKGS (PACKAGES) NUMPKSTS (PACKAGE STATEMENTS) NUMPLPL (PACKAGE LISTS)
Distributed Data Facility (DDF) parameters	DDLOC (DB2 LOCATION NAME) DDLUNAM (DB2 VTAM LUNAME) GENLUNM (DB2 GENERIC LUNAME) IPNAME (DB2 TCP/IP IPNAME) TCPPORT (TCP/IP PORT) SECPORT (SECURE PORT) RESYNPRT (RESYNC PORT)
Default WLM environment names for Db2-supplied routines	WLMENVG (FOR MOST DB2 ROUTINES) WLMENVP (FOR ROUTINES IDENTIFIED TO PROGRAM CONTROL) WLMENV1 (FOR SERIALIZED ROUTINES) WLMENVU (FOR DB2 UTILITIES ROUTINES) WLMENVX (FOR DB2 XML PROCESSING ROUTINES) WLMENVJ (FOR DB2 JAVA ROUTINES) WLMENVR (FOR DB2 REXX ROUTINES) WLMENVD (FOR UNIFIED DEBUGGER ROUTINES) WLMENVC (FOR THE DB2 CICS ROUTINE) WLMENVM (FOR DB2 MQSERIES ROUTINES) WLMENVW (FOR DB2 WEB SERVICES ROUTINES)
Installation preferences (for COPY data sets)	INSICPRE (INSTALL IC PREFIX)
IRLM startup parameters	IRLMTRAC (START IRLM CTRACE) IRLMPGPR (PAGE PROTECT) IRLMMLTU (MAX LOCK STORAGE UNIT) IRLMMLMT (MAX STORAGE FOR LOCKS) IRLMIDEN (MEMBER IDENTIFIER) IRLMGRPN (IRLM XCF GROUP NAME) IRLMLKSZ (LOCK ENTRY SIZE) IRLMLTE (NUMBER OF LOCK ENTRIES) IRLMDISC (DISCONNECT IRLM)
MVS `parmlib`	MVSSPREF (COMMAND PREFIX)
Preferences for data sharing groups	SGRPATNM (SUBGRP ATTACH)
Preferences for storage groups used by DSNTIJRT/DSNTRIN for objects supporting Db2-supplied routines	STGIJRT (INDEX STORAGE GROUP) STOGJRT (DATABASE AND TABLESPACE STORAGE GROUP)
Work file database and table spaces	WKDBNAME (WORK FILE DB) S4KNOTS (4K SORT WORK TS'S) S4KSGSZ (4K SORT WORK SEG SIZE) S32KNOTS (32K SORT WORK TS'S) S32KSGSZ (32K SORT WORK SEG SIZE) T4KNOTS (4K TEMP WORK TS'S) T4KSGSZ (4K TEMP WORK SEG SIZE) T32KNOTS (32K TEMP WORK TS'S) T32KSGSZ (32K TEMP WORK SEG SIZE)
Access control list, package owner, and WLM application environment for Db2-supplied routines	RT`xnn`ACL (GRANT EXECUTE) RT`xnn`PKO (PACKAGE OWNER) RT`xnn`WLM (WLM ENV NAME) Where `x` is a letter B–Q and `nn` is numerals 01–44.

Addition of the current schema name for dynamic SQL statements to IFCID 350 trace records

APAR PH65474 (March 2025) adds the current schema name for dynamic SQL statements to IFCID 350 trace records. This change provides better performance analysis for tuning and troubleshooting SQL applications.

For more information, see the following related topics:

Externalize statement-level zIIP statistics

APAR PH64742 (March 2025) makes the following changes to provide more information about IBM z Integrated Information Processor (zIIP) usage by Db2:

Adds fields to the IFCID 58, 316, and 401 trace records that record the accumulated CPU time that is consumed on an IBM specialty engine during SQL statement execution.
Adds new column STAT_ZIIP_CPU in the DSN_STATEMENT_CACHE_TABLE table to record the accumulated CPU time that is consumed on an IBM specialty engine during SQL execution.

Related function levels for this APAR: FL 100 New function in this APAR takes effect after the PTF is applied at any function level; FL 507 Activating function level 507 or higher verifies that this APAR is applied.

For more information, see the following related topics:

Datagram message support in MQListener

APAR PH63420 (February 2025) enhances the MQListener support in Db2 12 or later to send reply messages for datagram messages.

For more information, see the following related topics:

Enhanced monitoring of work file usage for sorts

APAR PH62780 (February 2025) introduces new trace fields to monitor the current usage and highest usage since Db2 was started (high-water mark) for 4 KB and 32 KB work file pages that are used during the sort process.

The new fields can assist users in determining the answers to questions like these:

How much work file space needs to be defined on a Db2 subsystem?
How much work file space is needed by the largest sorts that are performed?
How much work file space is consumed at various times during the day?

For more information, see the following related topics:

Abbreviated spelling APPLCOMPAT supported in SQL syntax

With the PTF for APAR PH64377 (January 2025) applied at any function level, Db2 13 supports the abbreviated spelling, APPLCOMPAT where APPLICATION COMPATIBILITY is used in any SQL statement that references the CURRENT APPLICATION COMPATIBILITY special register, and wherever USING APPLICATION COMPATIBILITY is specified inside the REGENERATE clauses of the following ALTER statements:

For more information, see the following related topics:

New REST API and shell CLI for SQL Data Insights server administration and AI object-related management

APARs PH64220 and PH64221 (January 2025) introduce the RESTful application programming interface (API) and the shell command-line interface (CLI) of SQL Data Insights (SQL DI). The new interfaces enable you to use OpenAPI-compliant REST API requests and shell CLI commands to administer SQL DI server settings and manage its connections, AI objects, and object models.

Without this update, you manually perform SQL DI server administration and object-related management tasks by using the web user interface (UI) only. After applying the update, you can automate these tasks with the REST API, the shell CLI, or both.

For more information, see the following related topics:

EXPLAIN(ONLY) support for Db2 native REST services

Starting in Db2 13, APAR PH63990 (January 2025) introduces support for the EXPLAIN(ONLY) option for the Db2 native REST services createService API, and the BIND SERVICE and REBIND PACKAGE commands. This enhancement allows you to obtain access path information without having to create the native REST service. For an existing native REST service, this enhancement allows you to obtain the current access path information without updating the application package, which can potentially change the access paths.

Before this APAR, users could only obtain access path information by creating the native REST service. And for existing native REST services, users could only obtain access path information by using the REBIND PACKAGE command with the EXPLAIN(YES) option. This option modifies the existing package and potentially forces you to commit to access path changes before knowing what the changes are.

For more information, see the following related topics:

AUTHID based monitoring with security profiles

APAR PH63652 (January 2025) introduces the capability to filter profiles that monitor security based on the authorization ID of the connection. The AUTHID can be provided as a fully specified value, a set characters followed by an asterisk (*) wildcard, or a single-byte asterisk value. When multiple profiles apply to the same connection a profile with a more specific value takes precedence over one that uses wild cards.

The new AUTHID filtering capability can help you to discover and enforce secure connectivity for applications when you know the authorization IDs that are associated with each application, without requiring that you know which IP addresses the applications are using.

Before this enhancement, the MONITOR product-type CONNECTIONS FOR SECURITY keyword can only be specified for profiles with LOCATION based filtering (default, subnet, or specific IP address) in the DSN_PROFILE_TABLE.

For more information, see the following related topics:

Reduced z/OS console flooding by DSNL030I messages

APAR PH62137 (January 2025) reduces situations where Db2 for z/OS server authentication failures, such as invalid user IDs or passwords, can cause DSNL030I and ICH408I messages to flood the z/OS console. This situation can also potentially cause the ssnmMSTR address space to abnormally terminate because it reaches the maximum number of lines.

With this APAR, Db2 no longer issues DSNL030I messages for every authentication error event. Instead, Db2 issues a new DSNL061I message at a minimal interval of 5 minutes for each client identified by unique combination of the reason code, IP address, user ID, and product identifier. Db2 also suppresses the corresponding RACF ICH408I console messages to reduce flooding of the z/OS console and risk of the ssnmMSTR breakdowns.

The DSNL061I message reports specific authentication errors with ‘00F300xx’X reason codes. As a result, z/OS system administrators and Db2 database administrators can better see other important messages.

When Db2 issues the DSNL061I message, the EXTSEC subsystem parameter controls whether it returns information about the security mechanism used in the thread information. That is, Db2 includes the security mechanism information in DSNL061I messages only when YES is specified for the EXTSEC value.

For more information, see the following related topics: