Release notes

For information about the new features for zSecure V2.2.1, see What's new for zSecure V2.2.1.

For information about the zSecure documentation and steps to obtain the licensed publications, see zSecure documentation.

If you are upgrading from a version of IBM Security zSecure that is older than V2.2.0, also see the Release Information for the versions that you skipped. You can find the documentation for all versions in the IBM Knowledge Center for IBM Security zSecure Suite.

Contents

• Announcement
• Supported platforms and applications
• System requirements
• Installing IBM Security zSecure
• Incompatibility warnings
• Limitations and known problems

Announcement

System requirements

Supported platforms and applications

Installing IBM Security zSecure

For a complete installation roadmap on all steps to install, configure, and deploy a new installation of zSecure or an upgrade to zSecure V2.2.1, see the IBM Security zSecure CARLa-Driven ComponentsInstallation and Deployment Guide.

This documentation is available with the product at the IBM Knowledge Center for IBM Security zSecure Suite V2.2.1.

Incompatibility warnings

Administration and operation

For IPv4 FTP client (118-3) SMF records, the following fields for NEWLIST TYPE=SMF are changed:

DSTIP

Now shows the local IP address instead of the remote IP address. So DSTIP is now an address of the local z/OS system writing the record, as it is with other FTP server and client SMF records.

SRCIP

Now shows the remote IP address instead of the local IP address. So SRCIP is now an address of the (remote) communication partner of the local z/OS system that is writing the record, as it is with other FTP server and client SMF records.

USER

Now shows the local user ID instead of the remote user ID, as it does for other FTP server and client SMF records.

R_USER

Now shows the remote user ID of 118-3 records.

Recreate user

As a result of updates in the user scripts CKRXRUS and CKGXRUS (for APAR OA50610), recreate user scripts CKRXRUS and CKGXRUS have been updated.

• If RA.4.6 Recreate user option Use CKGRACF to update the user profile is not selected:
  • The recreated user IDs are always protected.
  • The password interval settings of user IDs are not recreated.
• If RA.4.6 Recreate user option Use CKGRACF to update the user profile is selected, commands are generated to accurately recreate PROTECTED attributes and password interval settings.

Calling CKR4Z directly

If you disable 64-bit mode explicitly in zSecure 2.2.1 by calling CKR4Z directly, it might be necessary to set up Program Access to Data Sets (PADS) access for CKR4Z.

z/OS APAR OA50672

For the 64-bit engine, be aware of z/OS APAR OA50672 against HFS 64-bit support. Without the fix, you might experience CKR0915 messages when writing to a UNIX file within an HFS with RC 157 (MVS environment error) or incorrect RC values. If this happens, switch to the 31-bit engine, apply the fix for APAR OA50672 if available, or allocate a zFS, instead of an HFS, for your UNIX output. Note that the LEEF integrations with IBM QRadar SIEM use UNIX files.

Migration issues

Migrating QRadar SIEM feed from deprecated C2EQ* customization members to CKQ* customization members

When converting from C2E to CKQ members, you must customize the SIMULATE USER_PRIV_GROUP command with the groups that were previously coded in C2EQRENV (by default that was SYS1 and OMVS*). As USER_PRIV_GROUPS does not support a generic specification, you must add groups other than SYS1 and OMVS explicitly in CKQRENV.

Limitations and known problems

Limitations and problems that arise after publication are documented in technotes. Therefore, regularly scan for updates on IBM Security zSecure at IBM's Search support and downloads site. A general documentation technote lists all updates to the documentation of 2.2.1 since availability.

You might also want to scan the following recommended fixes. Some of these fixes introduce new functions and features.