Changes to externals in this release

CICS® Transaction Server for z/OS®, Version 6 Release 2 changes a number of externals, including commands, transactions, resources, system initialization parameters, messages, trace, and user exits.

For a summary of changes across all supported releases, see Changes between releases in the Upgrading information.

Changes in CICS Transaction Server for z/OS, Version 6 Release 2

Changes to externals are presented by functional area. The links below take you to each section that describes the external changes in detail. These changes are not exclusive to each of the roles shown; some will be of interest across roles. The Any changes in this release column indicates whether any external changes have been introduced in a specific functional area in this release.

Installing CICS TS Any changes in this release? For application programmers For system programmers
Changes to installing Yes  
Changes to samples Yes  
Developing and deploying applications Any changes in this release? For application programmers For system programmers
Changes to CICS API Yes  
Changes to CICS EXCI Yes  
Changes to JCICS API - removed classes and methods Yes  
Changes to JCICS API - new, changed, and deprecated functions Yes  
Changes to JCICS API - changes to classes and methods Yes  
Changes to JCICS API - changes to the holder classes No  
Changes to JCICSX API Yes  
Changes to CICS support for application programming languages Yes  
Changes to Liberty features Yes  
Changes to JVM server profile options Yes  
Changes to JVM system properties Yes  
Changes to context containers Yes  
Changes to the CICS assistants No  
Changes to compiler and translator support No  
Configuring and administering CICS Any changes in this release? For application programmers For system programmers
Changes to CICS storage Yes  
Changes to toggle-enabled features Yes  
Changes to resource definitions Yes
Changes to SIT parameters Yes  
Changes to CICS transactions Yes  
Changes to CEMT Yes  
Changes to CICS SPI Yes  
Changes to JVM profiles Yes  
Changes to CICS utilities Yes
Changes to GLUEs and TRUEs Yes  
Changes to XPI functions Yes  
Changes to user-replaceable programs No  
Changes to control tables No  
Changes to CICS policies Yes  
Changes to event processing adapters and formats No  
CICSPlex® System Manager Any changes in this release? For application programmers For system programmers
Changes to installation and definition of CICSPlex SM Yes  
Changes to configuration and initialization of CICSPlex SM No  
Changes to CICSPlex SM behavior and operation Yes  
Changes to CICSPlex SM resource tables Yes  
Security Any changes in this release? For application programmers For system programmers
Changes to security Yes
Changes to RACF classes No  
Monitoring Any changes in this release? For application programmers For system programmers
Changes to CICS monitoring Yes  
Changes to CICS statistics Yes  
Troubleshooting Any changes in this release? For application programmers For system programmers
Changes to messages Yes  
Changes to abend codes Yes  

Installing CICS TS

Changes to installing

System programmers

  • New compatibility group DFHCOMPK introduced for sharing CSD with earlier releases.

Changes to samples

System programmers

Table 1. Changes to the samples provided with CICS in this release
Sample This release
  REMOVED:
  NEW:
  CHANGED:

Developing and deploying applications

Changes to CICS API

Application programmers

Table 2. Changes to EXEC CICS commands in this release
API This release
CHANGE PASSWORD CHANGED: New INVREQ with RESP2 value of 32.
CHANGE PHRASE CHANGED: New INVREQ with RESP2 value of 32.
PUT CONTAINER (CHANNEL) CHANGED: New option PREPEND, which requests that the data passed is prepended to the existing data in the container.
PUT64 CONTAINER CHANGED: New option PREPEND, which requests that the data passed is prepended to the existing data in the container.
RUN TRANSID CHANGED: New condition NOSTART with RESP2 value of 1, which is returned when the PURGETHRESH limit has been reached for the TRANCLASS to which the TRANSID belongs and, based on the PURGEACTION setting, CICS discards any request to start new transactions belonging to the TRANCLASS.
START ATTACH CHANGED: New condition NOSTART with RESP2 value of 1, which is returned when the PURGETHRESH limit has been reached for the TRANCLASS to which the TRANSID belongs and, based on the PURGEACTION setting, CICS discards any request to start new transactions belonging to the TRANCLASS.
START BREXIT CHANGED: New condition NOSTART with RESP2 value of 1, which is returned when the PURGETHRESH limit has been reached for the TRANCLASS to which the TRANSID belongs and, based on the PURGEACTION setting, CICS discards any request to start new transactions belonging to the TRANCLASS.
QUERY SECURITY CHANGED:
  • Enhanced protection. Monitoring and statistics are recorded for this command.
  • New INVREQ with RESP2 value of 13.

Changes to CICS EXCI

Application programmers

Table 3. Changes to the external CICS interface (EXCI) commands in this release
Command This release
PUT CONTAINER (EXCI) CHANGED: New option PREPEND, which requests that the data passed is prepended to the existing data in the container.
 
   
   

Changes to JCICS API

Application programmers

Table 4. Removed JCICS classes and methods in this release. Previously deprecated methods and classes have been removed in this release. Any applications that use these methods and classes must be changed before moving to this release of CICS.
Class/Interface Methods This release
     
     
Table 5. New, changed, and deprecated JCICS API functions in this release
Function This release
  CHANGED:
  NEW:
  NEW:
Table 6. Changes to JCICS classes and methods in this release. This table lists classes that are new or deprecated in this release. It also lists, by class, new, changed, or deprecated methods in this release.
Class Methods This release
AsyncService

AsyncServiceImpl

runTransactionId()

CHANGED: New StartFailedException is thrown when the start of a transaction is prevented because its associated TRANCLASS has reached the purge threshold and the TRANCLASS specifies PURGEACTION(DISCARD).
Channel

getContainerNames()

CHANGED: The method getContainerNames() cannot throw a ContainerErrorException. The throws declaration for ContainerErrorException is removed from the method signature.

If your application uses this method and handles the ContainerErrorException, the catch block can be removed.
Container

prepend(byte[] byteArrayData)

prepend(byte[] byteArrayData, java.lang.String fromCodePage)

prependString(java.lang.String stringData)

NEW: The prepend methods add data to the beginning of existing data in a container.
     
     
Table 7. Changes to JCICS holder classes in this release. A number of classes which were used to hold data for objects (such as the CWA, TSQ items, file records, the commarea, and more) previously exposed public data fields. These fields were deprecated at CICS TS 5.1 and must now be accessed using an appropriate getter or setter method. Direct access to these fields has now been removed.
Class Removed field(s) Getter(s) Setter(s)
       
       

Changes to JCICSX API

Table 8. Changes to JCICSX classes and methods in this release. This table lists classes that are new or deprecated in this release. It also lists, by class, new, changed, or deprecated methods in this release.
Class Methods This release
WriteableContainer

prepend(T)

NEW: The prepend methods adds data to the beginning of existing data in a container.

BITContainer

WritableBITContainer

prepend(byte[])

prependWith(com.ibm.cics.jcicsx.Serializer, T)

prependWith(com.ibm.cics.jcicsx.Serializer, int, T)

NEW: The prepend and prependWith methods add data to the beginning of existing data in a container.

CHARContainer

WritableCHARContainer

WritableContainer

prepend(java.lang.String)

NEW: The prepend method adds data to the beginning of existing data in a container.
     
     
     
     

Changes to CICS support for application programming languages

Table 9. Changes to CICS support for application programming languages in this release
Product name
PID
 This release
IBM® Open Enterprise SDK for Node.js, 18.0
5655-NOJ
 NEW: Enabled support at this release
IBM Open Enterprise SDK for Node.js, 12.0
5655-NOD
 CHANGED: Removed support at this release

Changes to Liberty features

System programmers

Table 10. New, changed, and deprecated Liberty features in this release
Feature This release
federatedRegistry-1.0 NEW: This newly supported feature allows the federation of one or more user registries.
collectiveController-1.0 NEW: This newly supported feature allows a server to become the controller for a management collective.
collectiveMember-1.0 NEW: This newly supported feature enables a server to be a member of a management collective.
clusterMember-1.0 NEW: This newly supported feature allows a collective member to participate in a static cluster.
dynamicRouting-1.0 NEW: This newly supported feature enables a server to run a REST service to which the WebSphere® plug-in for Apache and IHS can connect in order to dynamically route to all servers in the liberty collective.
healthAnalyzer-1.0 NEW: This newly supported feature provides health data collection for the health manager.
healthManager-1.0 NEW: This newly supported feature provides health monitoring and automatic actions based on health policies.
  CHANGED:
  DEPRECATED:

Changes to JVM server profile options

Application programmers

Table 11. Changes to JVM server profile options in this release
Option This release
  NEW compatible with: All JVM Environments

DESCRIPTION
  OBSOLETE: DESCRIPTION
JAF_REGISTRATION OBSOLETE: CICS automatically adds the Jakarta Activation Framework (JAF) capability into the JVM server run-time, as necessary. Prior to Java™ 11, this technology was included as part of the JRE.
JAXB_REGISTRATION OBSOLETE: CICS automatically adds the Jakarta XML Binding API (JAXB) capability into the JVM server run-time, as necessary. Prior to Java 11, this technology was included as part of the JRE.

Changes to JVM system properties

Application programmers

Table 12. Changes to JVM system properties in this release
Property This release
com.ibm.cics.jvmserver.wlp.server.keystore.location NEW: Only for Liberty JVM servers. Overrides the default Liberty keystore configuration.
com.ibm.cics.jvmserver.wlp.server.keystore.type NEW: Only for Liberty JVM servers. Overrides the type in the Liberty keystore configuration.
com.ibm.cics.jvmserver.cmci.user.agent.white.list OBSOLETE:

Replaced by com.ibm.cics.jvmserver.cmci.user.agent.allow.list
com.ibm.cics.jvmserver.cmci.user.agent.white.list.monitor.interval OBSOLETE:

Replaced by com.ibm.cics.jvmserver.cmci.user.agent.allow.list.monitor.interval
com.ibm.cics.jvmserver.cmci.user.agent.white.list.reject.text OBSOLETE:

Replaced by com.ibm.cics.jvmserver.cmci.user.agent.allow.list.reject.text
  NEW:
  CHANGED:
  DEPRECATED:

Changes to context containers

Application programmers

Table 13. Changes to the context containers used in a PIPELINE
Container This release
  NEW:
  CHANGED:

Changes to the CICS assistants

Application programmers

Table 14. Changes to the CICS web services assistants, XML assistants, and JSON assistants in this release
Assistant This release
DFHJS2LS CHANGED:
DFHLS2JS CHANGED:
DFHLS2SC CHANGED:
DFHLS2WS CHANGED:
DFHSC2LS CHANGED:
DFHWS2LS CHANGED:

Changes to compiler and translator support

Application programmers

Table 15. Changes to compiler and translator support in this release
Compiler This release
  WITHDRAWN:

Configuring and administering CICS

Changes to CICS storage

System programmers

Table 16. Changes to CICS storage in this release
Storage area This release
  REMOVED:
  NEW:
  CHANGED:

Changes to toggle-enabled features

System programmers

Table 17. Changes to toggle-enabled features in this release
Feature toggle This release
com.ibm.cics.cmci.jvmserver={true|false} REMOVED: Replaced by the CMCIPROVIDER WUI server initialization parameter.
com.ibm.cics.cpsm.bas.largecicsplex={true|false} CHANGED: The default is changed from false to true.
com.ibm.cics.db2.origindata={true|false} NEW: Gives you the option to disable the passing of adapter origin data to Db2® for adapter tracking.
com.ibm.cics.mvssm.mon.interval={0|60,1-60} REMOVED: Replaced by the ZOSMONINTERVAL system initialization parameter.
com.ibm.cics.mvssm.sos24.minavailable.contiguous={32,1-1024} REMOVED: Replaced by the ZOSSOS24UNALLOC system initialization parameter.
com.ibm.cics.mvssm.sos24.minavailable.total={64,1-1024} REMOVED: Replaced by the ZOSSOS24UNALLOC system initialization parameter.
com.ibm.cics.mvssm.sos31.minavailable.contiguous={64,1-16384} REMOVED: Replaced by the ZOSSOS31UNALLOC system initialization parameter.
com.ibm.cics.mvssm.sos31.minavailable.total={128,1-16384} REMOVED: Replaced by the ZOSSOS31UNALLOC system initialization parameter.
com.ibm.cics.mvssm.sos.wait={true|false} REMOVED: Replaced by the ZOSSOSNEWTCB system initialization parameter.
com.ibm.cics.sdt.support.precicsts62={true|false} NEW: To support upgrading to CICS TS 6.2 Shared Data Tables by allowing a rolling upgrade.
com.ibm.cics.spool.surrogate.check={true|false} REMOVED: When XUSER=YES is in effect, surrogate user checking is always performed.
com.ibm.cics.tls.minimumkeystrength={1024|2048}

CHANGED: The default value has been changed from 1024 to 2048.

Changes to resource definitions

Application programmers System programmers

Table 18. Changes to resource definitions in this release
Resource This release
TRANCLASS CHANGED: New attribute PURGEACTION is provided to specify the action CICS is to take on a request to start a transaction when its associated TRANCLASS has reached the purge threshold. In such situations, CICS default action has previously been starting and then abending the requested transaction, but now you can allow CICS to discard the request without starting the transaction.
TRANSACTION CHANGED: The default values of CMDSEC and RESSEC are changed to YES.
Table 19. Changes to resource definition groups in this release
Group This release
DFH$XSD NEW: This new sample group contains resources required by Security Definition Validation (SDV), which need configuration.
DFHCMAC CHANGED: Transaction CMAC is removed from this group because it's changed to a category 3 transaction.
DFHCLNT CHANGED: TRANCLASS definition DFHCOMCL now specifies PURGEACTION(ABEND).
DFHEDF CHANGED: TRANCLASS definitions DFHEDFTC and DFHEDFTO now specify PURGEACTION(ABEND).
DFHINDT CHANGED: TRANCLASS definition DFHTCIND now specifies PURGEACTION(ABEND).
DFHISCQ CHANGED: TRANCLASS definition DFHTCQPX now specifies PURGEACTION(ABEND).
DFHISCT CHANGED: TRANCLASS definitions DFHTCLQ2 and DFHTCLSX now specify PURGEACTION(ABEND).
DFHTCL CHANGED: The following TRANCLASS definitions now specify PURGEACTION(ABEND):
  • DFHTCL01 through DFHTCL010
  • DFHTSDEL
DFHXSD NEW: This new group contains resources required by Security Definition Validation (SDV).

Changes to SIT parameters

System programmers

Table 20. Changes to system initialization parameters in this release
SIT This release
CERTEXPIRYWARN NEW: Specifies whether CICS warns about expiring certificates received from the other TLS party, and if so, how many days ahead of the expiry.
INTRDRJOBUSER NEW: Instructs whether to use the task user ID or the CICS region user ID as the default job user ID for a JOB card that is submitted, without a USER parameter, by using SPOOL commands to the internal reader. The default is INTRDRJOBUSER=TASK, which means that the task user ID is assumed.
KEYRING CHANGED: The parameter accepts more formats of key ring names, which allows you to specify key rings that are not owned by the region user ID.
RACFSYNC CHANGED: New option CPSM, which specifies that a MAS does not register as a type 71 ENF event listener but obtains type 71 ENF event data directly from its owning CMAS.
TRTABSZ CHANGED: The minimum value that can be specified for TRTABSZ has been increased from 1024 KB to 12288 KB (12 MB).
XPPT CHANGED: New options ALL and DPLONLY. DPLONLY specifies that CICS performs the security check only on the first program that is linked by the mirror program (DFHMIRS) during distributed program link (DPL). ALL specifies that all invoked programs are checked, which is the same behavior as in CICS TS 6.1 and earlier.
ZOSMONINTERVAL NEW: Specifies the sampling interval, in seconds, for the CICS z/OS storage monitor task.
ZOSSOSNEWTCB NEW: Specifies the action that CICS takes in response to a new open TCB that is being attached directly by CICS when the z/OS user region storage or extended user region storage is in a short-on-storage (SOS) condition.
ZOSSOS24UNALLOC NEW: Specifies SOS thresholds in KB for the total amount of unallocated z/OS user region storage and for the largest contiguous storage area available in it.
ZOSSOS31UNALLOC NEW: Specifies SOS thresholds in KB for the total amount of unallocated z/OS extended user region storage and for the largest contiguous storage area available in it.
ZOSSOS64UNALLOC NEW: Specifies an SOS threshold in MB for the amount of unallocated z/OS MEMLIMIT storage in the 64-bit addressing range.
   
   

Changes to CICS transactions

System programmers

Table 21. Changes to CICStransactions in this release
Transaction This release
CADP, CDBC, CDBI, CDBM, CDBT, CDFS, CECS, CEDA, CEDB, CEDC, CEOT, CETR, CIDP, CKAM, CKBC, CKBM, CKBP, CKBR, CKCN, CKDL, CKDP, CKQC, CKRS, CKRT, CKSD, CKSQ, CKTI, CLDM, CMSG, CPIA, CPIH, CPIL, CPIQ, CPIW, CPMI, CRPA, CRPC, CRPM, CRTX, CSFE, CSHR, CSMI, CSM1, CSM2, CSM3, CSM5, CVMI, CWBA, CWTO CHANGED: RESSEC and CMDSEC attribute defaults are changed to RESSEC(YES) and CMDSEC(YES).
CEBR CHANGED: The CMDSEC attribute default is changed to CMDSEC(YES).
CEDA CHANGED: CEDA enforces uppercase translation on the NETNAMEQ attribute.
CETR CHANGED: The minimum value that can be specified for the internal trace table size has been increased from 1024 KB to 12288 KB (12 MB).
CHLP, CMAC CHANGED: Changed to a Category 3 transaction from a Category 2 transaction.
CXSD NEW: Allows security request recording (SRR) to be enabled during the lifecycle of the testing of an application. This enables the user to drive manual testing whilst gathering the security requests subsequently exercised by the testing.

Changes to CEMT

System programmers

Table 22. Changes to CEMT in this release
Command This release
CEMT INQUIRE SYSTEM CHANGED: New option GRPLIST, showing the names of the lists containing resource definition groups that are loaded during system initialization for a CICS cold start.
CEMT INQUIRE TCLASS CHANGED: New option PURGEACTION, to determine the purge action that CICS is to take on a request to start a transaction when its associated TRANCLASS has reached the purge threshold. In such situations, CICS default action has previously been starting and then abending the requested transaction, but now you can allow CICS to discard the request without starting the transaction.
CEMT PERFORM SHUTDOWN

CEMT PERFORM SHUTDOWN IMMEDIATE

 CHANGED: When the command is issued against a CMAS, CICS shuts down the CMAS as part of the shutdown process of the region. When it is issued against a MAS, CICS stops the MAS agent code as part of the shutdown process.
CEMT SET TCLASS CHANGED: New option PURGEACTION, to set the purge action that CICS is to take on a request to start a transaction when its associated TRANCLASS has reached the purge threshold. In such situations, CICS default action has previously been starting and then abending the requested transaction, but now you can allow CICS to discard the request without starting the transaction.

Changes to CICS SPI

System programmers

Table 23. Changes to the system programming interface commands in this release
Command This release
COLLECT STATISTICS
EXTRACT STATISTICS		 CHANGED: New NOTFND with RESP2 value of 3, which indicates that the performance class data for a task is not available.
INQUIRE SYSTEM CHANGED: New option GRPLIST, showing the names of the lists containing resource definition groups that are loaded during system initialization for a CICS cold start.
INQUIRE SECDISCOVERY NEW: Retrieves information about the current state of CICS security discovery.
INQUIRE TERMINAL CHANGED: New option TNHOST, showing the host name returned by the connected TN3270 client.
INQUIRE TRANCLASS CHANGED: New option PURGEACTION, to determine the purge action that CICS is to take on a request to start a transaction when its associated TRANCLASS has reached the purge threshold. In such situations, CICS default action has previously been starting and then abending the requested transaction, but now you can allow CICS to discard the request without starting the transaction.
SET SECDISCOVERY NEW: Activates or deactivates CICS security discovery, or sets the resource classes whose access requests are to be discovered.
PERFORM SECDISCOVERY WRITE NEW: Immediately writes out the current set of security discovery data.
PERFORM SHUTDOWN

PERFORM SHUTDOWN IMMEDIATE

 CHANGED: When the command is issued against a CMAS, CICS shuts down the CMAS as part of the shutdown process of the region. When it is issued against a MAS, CICS stops the MAS agent code as part of the shutdown process.
SET TRANCLASS CHANGED: New option PURGEACTION, to set the purge action that CICS is to take on a request to start a transaction when its associated TRANCLASS has reached the purge threshold. In such situations, CICS default action has previously been starting and then abending the requested transaction, but now you can allow CICS to discard the request without starting the transaction.

Changes to JVM profiles

System programmers

Table 24. Changes to JVM profiles in this release
JVM profile This release
  CHANGED:
  NEW:

Changes to CICS utilities

Application programmers System programmers

Table 25. Changes to CICS utilities in this release
Utility This release
DFH0STAT Security report

New fields:
Failed authorizations NOLOG NOTAUTH
Failed authorizations NOLOG NOTFND
DFH0STAT User region, extended user region and MEMLIMIT storage monitoring report
CHANGED:
  • Renamed from MVS user region and extended user region storage report
  • Reports on the z/OS MEMLIMIT storage in the 64-bit addressing range, under the heading MEMLIMIT
DFH0STAT Transaction Classes report

New field:
Purge A (Purge action)
DFHSTUP Security domain global statistics

New fields:
Failed authorizations NOLOG NOTAUTH
Failed authorizations NOLOG NOTFND
DFHSTUP Storage manager global statistics

CHANGED: The report name is changed to User region, extended user region and MEMLIMIT storage monitoring from MVS™ user region and extended user region storage.

New fields:
  • SOS duration
  • Times SOS
Reports on the z/OS MEMLIMIT storage in the 64-bit addressing range, under the heading MEMLIMIT:
  • State
  • Current® unallocated
  • LWM unallocated
  • Last date and time SOS
  • SOS duration
  • Times SOS
DFHSTUP Transaction class resource statistics

New field:
Purge A (Purge action)

Changes to GLUEs and TRUEs

System programmers

Table 26. Changes to global user exits and task-related user exits in this release
Exit This release
  REMOVED
  CHANGED:

Changes to XPI functions

System programmers

Table 27. Changes to XPI functions in this release
Command This release
Enqueue domain

The ENQUEUE function

 CHANGED: New EXCEPTION reason code NO_TRANSACTION_ENVIRONMENT, which is returned when an XPI ENQ request attempts to obtain an EXECSTRN or EXECADDR ENQ without a transaction environment.
Transaction management

The INQUIRE_TCLASS call

 CHANGED: New option PURGE_ACTION, which returns the PURGEACTION value of the TRANCLASS resource definition.
   
   

Changes to user-replaceable programs

System programmers

Table 28. Changes to the user-replaceable programs in this release
Program This release
   

Changes to control tables

System programmers

Table 29. Changes to control tables in this release
Control table This release
  CHANGED:
  CHANGED:
   

Changes to CICS policies

System programmers

Table 30. Changes to policy system rules in this release
System rule This release
All system rules CHANGED: New option to set the WLM health interval is provided with the Set z/OS WLM health open status system rule action.
Transaction class queued tasks NEW: This new system rule enables you to take a policy action as the number of tasks queuing for membership to a TRANCLASS goes above or below a specified threshold represented by a percentage of the maximum number of user tasks in the queue.
Table 31. Changes to policy task rules in this release
Task rule This release
   

Changes to event processing adapters and formats

System programmers

Table 32. Changes to event processing adapters and formats in this release
EP adapter or format This release
  NEW:
  CHANGED:
   
   

CICSPlex System Manager

Changes to installation and definition of CICSPlex SM

System programmers

  • The record size of EYUHIST* data sets has increased from RECORDSIZE(3748 3752) to RECORDSIZE(3756 3760). The EYUJHIST sample has been updated to reflect this change.

Changes to configuration and initialization of CICSPlex SM

System programmers

Table 33. Changes to CICSPlex SM system parameters (EYUPARM) in this release
EYUPARM parameter This release
   
   
   
Table 34. Changes to CICSPlex SM WUI server initialization parameters (WUIPARM) in this release
WUIPARM parameter This release
CMCIPROVIDER(JVMSERVER|CICS) NEW: A new WUI server initialization parameter that specifies whether to use the CMCI JVM server to facilitate CMCI in the WUI region.
TCPIPSSL CHANGED: If the WUI server has CICS security active (SEC=YES in the system initialization parameter), TCPIPSSL is mandatory.
TCPIPHOSTNAME DEPRECATED: TCPIPHOSTNAME is no longer required.
TCPIPHTTPHOST DEPRECATED
Table 35. Changes to CMCI in this release
Change This release
Enablement of the CMCI JVM server CHANGED: Enablement of the CMCI JVM server is now set by the WUI initialization parameter CMCIPROVIDER(JVMSERVER|CICS) instead of through a feature toggle. The CMCI JVM server is still enabled by default. But you can switch it off by setting CMCIPROVIDER(CICS) and opt to use the basic CMCI.

Changes to CICSPlex SM behavior and operation

System programmers

Table 36. Changes to CICSPlex SM behavior and operation in this release
CICSPlex SM feature This release
CMAS and MAS CHANGED:
  • CICSPlex SM can now process type 71 ENF events for a CICSplex. A CMAS that is started with the system initialization parameter RACFSYNC=YES listens for type 71 ENF events and make them available to its connected MAS regions that are started with the system initialization parameter RACFSYNC=CPSM. When the CMAS receives a type 71 ENF event, security information for the affected user ID is rebuilt the next time the user ID is used, irrespective of the setting of the SECTIMEOUT parameter.
  • You can now use PERFORM SHUTDOWN and PERFORM SHUTDOWN IMMEDIATE directly on CMAS and MAS regions. In processing the command, CICS shuts down the CMAS or stops the MAS agent code as part of the shutdown process.
CICSPlex SM workload management CHANGED:
CICSPlex SM BAS CHANGED:

Changes to CICSPlex SM resource tables

System programmers

Enhancements to CICSPlex SM resource tables are typically populated to related CICSPlex SM views. In Table 37, where applicable, the changed CICSPlex SM views are also listed.

Table 37. Changes to the resource tables provided by CICSPlex SM in this release
Resource table Related view This release
CICSRGN CICS region (CICSRGN) view CHANGED:
  • New field Current Time of Day with resource table attribute name CURRTIME, indicating the CICS ABSTIME time of day of the region.
  • New field Cold Start Resource Group Lists with resource table attribute name GRPLIST, showing the names of the lists containing resource definition groups that are loaded during system initialization for a CICS cold start.
HTASK Completed tasks (history) (HTASK) view CHANGED: New field TRANCLASS tasks with resource table attribute name TCLSTSKS to indicate the total number of active and queued tasks in the associated TRANCLASS when a task is attached.
TASK Active tasks (TASK) view CHANGED: New field TRANCLASS tasks with resource table attribute name TCLSTSKS to indicate the total number of active and queued tasks in the associated TRANCLASS when a task is attached.
TERMNL Terminals (TERMNL) view CHANGED: New field Host name with resource table attribute name TNHOST, showing the host name returned by the connected TN3270 client.
TRANCLAS Transaction class (TRANCLAS) view CHANGED: New field Purge action with resource table attribute name PURGEACTION, displaying the PURGEACTION value of the TRANCLASS resource definition.
TRNCLDEF Transaction class definition (TRNCLDEF) view CHANGED: New field Purge action with resource table attribute name PURGEACTION, displaying the PURGEACTION value of the TRANCLASS resource definition.

Security

Changes to security

System programmers

Table 38. Changes to security in this release
Area This release
Authentication CHANGED:
  • New options CHANGETIME, DAYSLEFT, EXPIRYTIME, INVALIDCOUNT, and LASTUSETIME added to the SIGNON command to reveal more information about the sign-on user ID and password.
  • NEW SIT parameter CERTEXPIRYWARN allows CICS to warn about expiring certificates received from the other TLS party. A new message DFHSO1100I is returned to provide diagnostic information about the expiring certificate.
Authorization CHANGED:

  • To conform with a zero trust strategy, the security definitions of all CICS transactions are set to CMDSEC(YES) and RESSEC(YES) to perform command and resource security checking.

    For a list of CICS transactions whose definitions have changed, see CICS transactions subject to security checking.

  • To conform with a zero trust strategy, the default values of CMDSEC and RESSEC attributes are changed to YES for all newly defined TRANSACTION resources.
  • CICS security discovery is provided to help you identify the security definitions required for resource security and hence eases the migration to zero trust. As part of the security discovery support:
    • A new CICS Explorer® editor (Security Discovery editor) provides support for security discovery analysis.
    • New SPI commands (INQUIRE SECDISCOVERY, PERFORM SECDISCOVERY, and SET SECDISCOVERY) can help you collect the Security Discovery data.

  • CICS provides a new transaction CXSD to help developers identify the security definitions required for resource security and command security during the development process. It can do this in a development region with minimal CICS security. If your enterprise is adopting a DevOps or DevSecOps approach, you can automate and integrate the whole process into your CI/CD (continuous integration/continuous delivery) pipeline to gain extra value. This makes the maintenance of a zero trust strategy easier.

  • CICS surrogate user checking is made if system initialization parameter XUSER=YES is in effect.

    The default job user ID for a JOB card that is submitted, without a USER parameter, by using SPOOL commands to the internal reader, is subject to the INTRDRJOBUSER system initialization parameter instead of a feature toggle that is now made obsolete. By the default of INTRDRJOBUSER, the task user ID is assumed while in 5.5 through 6.1 the CICS region user ID is assumed.

  • Command security checking removed for INQUIRE TERMINAL, INQUIRE NETNAME, and SET TERMINAL commands when programs or tasks inquire or set their own terminals, with a few exceptions.
Confidentiality
NEW:
  • New message DFHIS2041 indicates an attempt to acquire the named IPCONN failed because of unsecured TCPIP connections with a partner system that is located outside the sysplex.
Service NEW with APAR:
  • The feature toggle com.ibm.cics.tls.minimumkeystrength allows CICS to set the minimum key size during TLS handshakes for increased key strength.
CHANGED:
  • The KEYRING SIT parameter accepts more formats of key ring names, which allows you to specify key rings that are not owned by the region user ID.
  • Sysplex caching for TLS 1.3 is supported. See SSLCACHE system initialization parameter.
Auditing CHANGED:
  • For the QUERY SECURITY command, CICS statistics and monitoring data are recorded even when logging is disabled.
Performance CHANGED:
  • New DPLONLY option on XPPT allows you to secure remote program at a lower cost.
  • CICSPlex SM can now process type 71 ENF events for a CICSplex. A CMAS that is started with the system initialization parameter RACFSYNC=YES listens for type 71 ENF events and propagates them to its connected MAS regions that are started with the system initialization parameter RACFSYNC=CPSM.

Changes to RACF classes

System programmers

Table 39. Changes to RACF classes related to command security. These changes are new resource identifiers for SPI commands. See CICS resources subject to command security checking and Resource and command check cross-reference for a list of all of the SPI commands and the RACF® ACCESS required for each one.
Command This release
   
   
   
Table 40. Changes to RACF classes related to CICS user IDs
User ID This release
   
   
   
Table 41. Changes to RACF classes related to user profiles
User ID This release
   
   
   
Table 42. Changes to other RACF classes
Class Profile This release
     
     
     

Monitoring

Changes to CICS monitoring

System programmers

Table 43. Changes to monitoring data in this release
Data This release
Performance data in group DFHTASK CHANGED:

NEW FIELDS:
  • 048 XSNLNACT to track the number of QUERY SECURITY LOGMESSAGE(NOLOG) requests that succeeded but returned no authority on READ, UPDATE, CONTROL or ALTER.
  • 049 XSNLNFCT to track the number of QUERY SECURITY LOGMESSAGE(NOLOG) requests that failed with response code 13 NOTFND and reason code 5 or 8.
  • 185 TCLSTSKS to indicate the total number of active and queued tasks in the associated TRANCLASS when a task is attached.
 
   
   

Changes to CICS statistics

System programmers

In Table 44, the field name is a unique identifier for each statistic field, and where applicable, the DFHSTUP name is also given.

Table 44. Changes to CICS statistics in this release
Statistics This release
Security domain NEW FIELDS:
  • XSG_AUTHOR_FAIL_NL_NA, with DFHSTUP name Failed authorizations NOLOG NOTAUTH, to track the number of QUERY SECURITY LOGMESSAGE(NOLOG) requests that succeeded but returned no authority on READ, UPDATE, CONTROL or ALTER.
  • XSG_AUTHOR_FAIL_NL_NF, with DFHSTUP name Failed authorizations NOLOG NOTFND, to track the number of QUERY SECURITY LOGMESSAGE(NOLOG) requests that failed with response code 13 NOTFND and reason code 5 or 8.
Storage manager NEW FIELDS:
For the z/OS user region storage
  • SMSMVS24SOSTIME, with DFHSTUP name SOS duration
  • SMSMVS24SOSCOUNT, with DFHSTUP name Times SOS
For the z/OS extended user region storage
  • SMSMVS31SOSTIME, with DFHSTUP name SOS duration
  • SMSMVS31SOSCOUNT, with DFHSTUP name Times SOS
For the z/OS MEMLIMIT storage
  • SMSMVS64STATE, with DFHSTUP name State
  • SMSMVS64UNALLOC, with DFHSTUP name Current unallocated
  • SMSMVS64UNALLOCLWM, with DFHSTUP name LWM unallocated
  • SMSMVS64LASTSOSTIMELOCAL, with DFHSTUP name Last date and time SOS
  • SMSMVS64LASTSOSTIMEUTC
  • SMSMVS64SOSTIME, with DFHSTUP name SOS duration
  • SMSMVS64SOSCOUNT, with DFHSTUP name Times SOS

DFH0STAT and DFHSTUP report them under the heading MEMLIMIT.
Storage manager CHANGED FIELDS:
The following storage SOS statistics are subject to the ZOSSOSNEWTCB system initialization parameter. They are populated when ZOSSOSNEWTCB=DELAY is in effect, but are all zero under ZOSSOSNEWTCB=NODELAY.
  • SMSMVS24WAITTIME and SMSMVS31WAITTIME, with DFHSTUP name Time tasks waited because SOS
  • SMSMVS24NUMWAITS and SMSMVS31NUMWAITS, with DFHSTUP name Current tasks waiting because SOS
  • SMSMVS24NUMWAITSHWM and SMSMVS31NUMWAITSHWM, with DFHSTUP name Peak tasks waiting because SOS
  • SMSMVS24TOTALNUMWAITS and SMSMVS31TOTALNUMWAITS, with DFHSTUP name Total waits because SOS
Transaction class (TCLASS) NEW FIELD:
  • XMCPUA, with DFHSTUP name Purge A, which indicates the purge action that CICS takes for a request of starting a transaction in the named transaction class when the transaction class has reached the purge threshold.
Suppress Statistics NEW:
  • Transaction and Program statistics containing zero count fields following a reset will be suppressed. This applies to interval, requested, and requested reset type statistics.
   

Troubleshooting

Changes to messages

System programmers

Table 45. Changes to messages in this release
New messages Changed messages Removed messages
   
  • DFH5290W
  • DFH5291E
  • DFH5292W
  • DFH5293W
  • DFH5294E
  • DFH5296W
  • DFH5565E is issued if a problem is found in the input to the DFHCSDUP offline utility, and the default value is assumed.
    
  • DFHAC2059 is issued for a discarded request to start a transaction because the TRANCLASS PURGETHRESH has been reached and the PURGEACTION is discard.
    
 
  • DFHAM4838 is changed to show group information when appropriate.
  
 
  • DFHAP1301 is changed to show that another symptom can be that LE has detected a loop.
  
 
  • DFHCA4838 is changed to show group information when appropriate.
  
   
  • DFHCA5290W
  • DFHCA5291E
  • DFHCA5293W
  • DFHCA5294E
  • DFHCA5296W
  • DFHCA5565W is issued if a problem is found in the input to the EXEC CICS CREATE command, and the default value is assumed.
    
 
  • DFHCE3549 is changed to show the number of previous failed attempts to sign on, and the date and time the user ID was last accessed.
  
  • DFHFC0437 indicates that a data table request for a file resource has encountered a NOSPACE condition.
    
  • DFHH0009E is issued when one or more stabilized functions are being used in a CICS region.
  • DFHH0415 is issued when the attempt to execute the health checks for the CICS Resource Configuration has not completed successfully.
  • DFHH0506 is issued when the attempt to execute the health checks for the CICS Resource Configuration has not completed successfully.
  • DFHH0604 is issued when the attempt to execute the health checks for the CICS USS configuration has not completed successfully.
  • DFHH0709 is issued when the attempt to execute the health checks for CICS Resource Security has not completed successfully.
  • DFHH0811 is issued when the attempt to execute the health checks for CICS Category 3 Transactions has not completed successfully.
  • DFHH0951 indicates that XRF is in use.
  • DFHH0952 indicates that APPC password expiration management (PEM) is in use.
  • DFHH0953 indicates that CICS Service Flow Runtime is in use.
  • DFHH0954 indicates that the DFHWBCLI web client interface is in use.
  • DFHH0955 indicates that SAML is using the Security Token Service.
  • DFHH0956 indicates that JVMSERVER-based web services data transformation is in use.
  • DFHH0957 is issued when the health check on stabilized functions did not complete successfully.
  • DFHH0958 indicates that ONC RPC is in use.
  • DFHH0959 indicates that CICS system events are being used.
  • DFHH0960 indicates that CICS debugging tools sockets interface is in use.
  • DFHH0961 indicates that Enterprise Bundle Archive (EBA) files are in use.
  • DFHH0962 indicates that CICSPlex SM RTA MRM function is in use.
  • DFHH0963 indicates that CICSPlex SM RTA SAM function is in use.
  • DFHH0964 indicates that a pipeline that is configured to use a JVMSERVER is installed.
  • DFHH0965 indicates that the CICS Application Debugging Profile Manager is being used.
    
     
  • DFHIS2013 indicates the server APPLID that is used in a High Availability (HA) IPCONN connection.
  • DFHIS2041 indicates an attempt to acquire the named IPCONN failed because of unsecured TCPIP connections with a partner system that is located outside the sysplex.
    
  • DFHME0142 is issued to indicate a message write failure due to a D23 abend in WTO processing.
    
  • DFHMP2019 indicates that the CICS managed platform domain failed to create a policy in a BUNDLE resource due to an invalid WLM health open status value that is specified in the policy rule.
    
  • DFHMQ0797E is issued when temporary storage queue DFHCKBR is required but its TSMODEL definition has not been defined or installed in the system.
  • DFHMQ0798E is issued when the CICS-MQ 3270 bridge issued a request to start a transaction, and the request is discarded.
    
  • DFHPA2012I indicates the resource overrides file name that is set in the RESOVERRIDES SIT parameter, and is issued preceding DFHPA2011E when RESOVERRIDES specifies an invalid resource overrides file name.
    
  • DFHRL0137I is issued when all GRPLIST defined BUNDLE resources have reached their target initial status.
  • DFHRL0138W is issued when one or more GRPLIST defined BUNDLE resources have failed to reach their target initial status.
    
 
  • DFHSJ0914E is now issued to log a JVMSERVER initialization failure that results from insufficient unallocated 64-bit z/OS virtual storage available at the time of the JVMSERVER initialization.
  
  • DFHSM0154I is issued by the CICS z/OS storage monitor task to inform the size of unallocated z/OS MEMLIMIT storage when the task detects a significant change in the storage tier level.
  • DFHSM0155W is issued to report a short-on-storage (SOS) condition that is occurring in the z/OS MEMLIMIT storage.
  • DFHSM0156I is issued to indicate the end of the SOS condition in the z/OS MEMLIMIT storage, and the storage is not constrained.
    
  • DFHSO1100I provides diagnostic information about an expiring certificate that is received from the other TLS party.
  • DFHSN1100 is changed to show the security attributes for the signed-on user ID in the group ID. It also shows the number of previous failed attempts to sign on, and the date and time the user ID was last accessed.
  
  • DFHTP4175 indicates a message routing failure due to an invalid or unlocatable remote system ID.
    
 
  • DFHWB0112I is changed so that it isn't issued when the region does not support outbound HTTPS connections. This ensures the message is issued only when there is an actual problem of processing the defaultciphers.xml file.
  
  • DFHXM0206 indicates the number of purges that occurred to a specific transaction class in the last interval, regardless of its purge action.
    
  • DFHXS1600 indicates that the security discovery recording has been activated.
    
  • DFHXS1601 indicates that the security discovery recording has been deactivated.
    
  • DFHXS1602 reports the current state of security discovery.
    
  • DFHXS1603 reports a list of all the resource classes that are currently set to discover access.
    
  • DFHXS1604 indicates that the current set of security discovery data (SDD) has been written to the DFHSECD logstream.
    
  • DFHXS1605 indicates that there was a failure when writing the Security Discovery Data to the DFHSECD logstream.
    
  • DFHYM1024E indicates that an unexpected operator has been found in the resource overrides file.
    
  • EYUCI0103E is issued when the system initialization parameter RACFSYNC=CPSM is erroneously set in a CMAS. RACFSYNC=CPSM is intended for MAS regions.
    
  • EYUCP0034I identifies the maintenance point for a CICSplex.
  • EYUCP0035I identifies the CICSplex that a CMAS manages and the maintenance point for this CICSplex.
  • EYUCP0036I is issued when a CMAS is removed from a CICSplex.
    
  • EYUCR0011E is issued when a CMAS is unable to obtain ENF71 records from the underlying CICS region and is therefore unable to receive and process newer ENF71 events from RACF.
  • EYUCR0012E is issued when a CMAS detects an internal error during ENF71 record propagation to subordinate MAS regions.
    
  • EYUXD1032W is issued when the EYUDREP data set has exceeded 70% of its extent availability.
  

Changes to abend codes

System programmers

Table 46. Changes to abend codes in this release
New abend codes Changed abend codes Removed abend codes
AASB occurs when module DFHAMAO, while processing resource overrides, calls module DFHPUPD to apply any dependent defaults to a modified resource definition and receives an unexpected response.    
AITQ occurs when a transaction is purged, during the processing of a request, while waiting for a response from a connected subsystem over an IPIC connection.    
AMQT occurs when temporary storage queue DFHCKBR is required but the TSMODEL definition for it does not exist.    
ANQG occurs when an XPI ENQ request attempts to obtain an EXECSTRN or EXECADDR ENQ without a transaction environment.    
AXMT occurs when an attempt has been made to run the CICS internal system task CXMT as a user transaction, or run its associated program DFHXMCHK under a different transaction ID.    
AXMV occurs when the CICS internal task that monitors TRANCLASS purges encounters an unexpected error.