Changed functionality in Db2 11.5.9

Changed functionality typically involves changes in default values or an outcome different from what would have occurred in previous releases. For example, an SQL statement used in a previous release might produce different results in Db2 11.5.9

Attention: This mod pack release is currently available for the following Db2 products:

Db2 Distributed (on-premises)
The single container deployment of Db2 Warehouse.
The container micro-service deployment of Db2 on Red Hat OpenShift, the Amazon Elastic Kubernetes Service (EKS), the Red Hat OpenShift Service on AWS (ROSA), and the Azure Kubernetes Service (AKS).
Db2 for cloud service providers
Db2 on Cloud
Db2 Warehouse on Cloud

Maintaining application compatibility across releases is a key priority. However, some behavior has to change to take advantage of new functionality in the current release.

The following table lists changed functionality in Db2® 11.5.9:

Changed registry and environment variables

Table 1. Changed functionality in Db2 11.5.9
Affected command or database object	Changed behavior
The DB2_LOAD_RESTRICTED_IO_PATH miscellaneous variable is now available for IMPORT and EXPORT operations with the ADMIN_CMD procedure.	With the release of Db2 11.5.9, Db2 database administrators can now restrict use of the ADMIN_CMD IMPORT and EXPORT features to predefined paths, by using the DB2_LOAD_RESTRICTED_IO_PATH miscellaneous variable. For example, if the DB2_LOAD_RESTRICTED_IO_PATH option is enabled, the ADMIN_CMD(IMPORT) file path for `FROM filename`, and the path(s) for `LOBS FROM lob-path` and `XML FROM xml-path` must all exist within the restricted paths. Also, the ADMIN_CMD(EXPORT) file path for `TO filename`, and the path(s) for `LOBS TO lob-path` and `XML TO xml-path` must all exist within the restricted paths.

Changed database configuration parameters and driver properties

Table 2. Changed functionality in Db2 11.5.9
Affected command or database object	Changed behavior
New default setting for the IBM Data Server Driver for JDBC and SQLJ securityMechanism configuration keyword and property.	Before Db2 11.5.9 (IBM Data Server Driver for JDBC and SQLJ version 4.33), the default security mechanism was clear text password security (3). With the release of Db2 11.5.9 (IBM Data Server Driver for JDBC and SQLJ version 4.33): The default security mechanism is encrypted user ID and password security (9). If the data server does not support encrypted user ID and password security, but supports clear text password security, the driver changes the security mechanism to clear text password security and attempts to connect to the data server. When the driver retries the connection using clear text password security, performance might be degraded. To minimize the performance impact, take one of the following actions: Explicitly set the security mechanism to clear text password security (3) on the client side. Change the data server setting to support encrypted user ID and password security. Any mismatch in security mechanism support between the requester and the data server other than clear text password security and encrypted user ID and password security results in an error. A connection to a Db2 for z/OS subsystem or data sharing group that uses the default security mechanism of encrypted user ID and password security and AES encryption is successful only if the z/OS Integrated Cryptographic Service Facility (ICSF) is enabled on the z/OS system where each subsystem or data sharing member is installed. ICSF is required for decrypting the user ID and password. If ICSF is not installed, you need to set the security mechanism to clear text password security. For more information, see securityMechanism IBM data server driver configuration keyword (for the IBM Data Server Driver for JDBC and SQLJ)

Changed encrypted communication functionality

Table 3. Changed encrypted communication functionality in Db2 11.5.9
Affected command or database object	Changed behavior
Transport Layer Protocol (TLS) 1.2 is now the default TLS version in Db2.	With the release of Db2 11.5.9, TLS 1.2 is now the default TLS version when TLS is used to encrypt communication. TLS 1.0 and 1.1 are no longer enabled by default. To re-enable support for older TLS versions, refer to the following knowledge centre topics: SSL_VERSIONS TLSVersion Configuring the LDAP plug-in modules Ensure support for TLS 1.2 is available in all federated data sources before upgrading to 11.5.9. For the LDAP database directory and federation web services wrappers, refer to DB2_ENABLE_LEGACY_TLS_DEFAULTS Note: TLS 1.1 and 1.0 are deprecated, so it is not recommended to re-enable these versions unless absolutely necessary.