Description

Items included in current release 10.0.11

No items included  

Items included in release 10.0.10

Support AT-TLS for RACF adapter. Remove OpenSSL from ADK.  

Items included in release 10.0.9

No items included

Items included in release 10.0.8

No items included

Items included in release 10.0.7

No items included

Items included in release 10.0.6

No items included

Items included in release 10.0.5

 IBM Security Manager RACF adapter support for IBM Multi-Factor Authentication for z/OS

Items included in release 10.0.4

Verify adapters on z/OS 2.5

Verify zSecure RACF adapter on zSecure 2.5

Items included in release 10.0.3

No items included

Items included in release 10.0.2

 Deliver RACF and zSecure RACF adapter as one installation. Combine sources and installation package and allow either adapter to be installed using the same part.

Document new features in zSecure RACF adapter that are inherited from the RACF adapter as part of the merged sources.

Description

Items closed in current release 10.0.11

The RACF database indicates protected attribute as false, but the adapter reports it as true.

zSecure RACF adapter unable to restore IDs.

RACF adapter abends with S0C1 if IRXLOAD EXCEED MAXIMUM LOAD COUNT

Items closed in release 10.0.10

Adapter:: RACF adapter runs out of memory after receiving invalid requests

 ADK bind brute force attack

 Conflict between eruid and erUid variables in ISV due to latest racf profile jar

FSUM7332 syntax error: got (, expecting Newline in IBM Security

RACF Adapter requests failure.

RACF Adapter couldn't establish a connection using a safe cipher suite

zSecure RACF segmentation error while processing pdu results after updating a connect group

grep related errors in SDSF log for RACF adapter if the SURROGAT ID contains special characters

CTGIMU552E An error occurred while communicating with the server if Policy Enforcement set to Alert for RACF connect group entitlements. This issue is partially resolved in the Complex Attribute Handler and partially resolved in ISVG/ISVGIM 10.0.2 FP1 and later versions.

The newly upgraded RACF Adapter is not using the specified RACF SURROGAT ID which is specified on the Identity Manager service form attribute erracfrequester for creating a user, causing the create operation to fail.

Installation job 4 (AGRJ4) isn't updated with the RUNREP (TRUE/FALSE) registry setting which determines if the adapter should run the IRRDBU00 unload (TRUE) or the customer schedules the IRRDBU00 unload and RECOJOB to run outside the adapter.

erracuisprotect is set to TRUE even if the account is not defined as PROTECTED

racfAgent: pthread_attr_setdetachstate failed. : CEE5602S The detachstate parameter did not contain a valid value. (errno2=0xC11800B5)

RACF Adapter issues a second ALU CICS TIMEOUT command containing the username during account ADD

1. The adapter should return SUCCESS for CONNECT REMOVE operations if it receives "RACF returned ICH03002I U002221 WAS NOT CONNECTED TO GROUP"

2. The adapter should log a warning if it receives a value that isn't the name of a data set profile as a result of the tsocmd "SEARCH GENERIC CLASS(DATASET) MASK(<USERID>) " command and not continue to try to delete.

Items closed in release 10.0.9

Single account lookup fails

CEEDUMP in UserModify() for delete connect after add connect

SMF will show 2 PHRASE commands where the adapter should perform a PHRASE and a PASSWORD command.

Items closed in release 10.0.8

Customer facing issue while creating new ID with RACF Adapter

Items closed in release 10.0.7

INVALID GROUP NAME

Items closed in release 10.0.6

Thread:000004 Unable to load private key

BN_BLINDING_convert_ex

RACF zSecure adapter permision name problem

grpnamelist as permission

IGIZSECURE adapter wrong actions

Items closed in release 10.0.5

Racf certificate update shows incorrect valid date

Items closed in release 10.0.4

zSecure RACF - Hebrew characters are returned reversed

zSecure RACF - no error returned for failing add or modify request

zSecure RACF - abend after receiving erzsrorgunit modify request

zSecure RACF - error when trying to delete non-existing account

RACF - no error is returned if a required attribute is missing from an ADD request

zSecure RACF - add _CEE_RUNOPTS to start script

Items closed in release 10.0.3

Place and document limitations on Hebrew language support implementation.

CSDATA field delete is not correctly impletented in the RACF adapter

RACF adapter error when creating userid

DEFECT: standard RACF adapter recon does not work in IGI

Items closed in release 10.0.2

Fully qualified generic data set profiles not deleted.

Duplicate values returned for CSDATA attributes

Hebrew returned reversed during reconciliation

PMR # / Description

The lookup operation will not return UAUDIT settings for an account when the ADAPTER ID does not have the AUDIT attribute.

This version of the zSecure RACF adapter does not support:

• Attribute modifications for resource profile access permissions: all RACF resource profile access related data is presented readonly. 

• Reconciliation of management access related attributes and values such as access through system privileges (special, group-special, operations, etc..), universal access or other permissions representing any userid. 

• Reconciliation of access to Unix files. 

• Data from the following classes: GLOBAL,GROUP,CDT,CFIELD,NODES, RACFVARS,RDATALIB,REALM,SECLABEL,STARTED,CSDATA      

• Any account attributes or operations not specifically mentioned as included in the adapter guide. 

In ISVG, when specifying RACF GROUPS as EXTERNAL ROLES, all CONNECT commands will be limited to include the value “USE”, no rights outside “USE” are included in the command the adapter issues as ISVG does not support RIGHTS for EXTERNAL ROLES.

It is possible to import the profile from the Profile_as_permission folder in the installation package. This profile defines RACF GROUPS as IGI PERMISSONS and will allow rights to be defined. If RACF GROUPS are defined as permissions, RESOURCE PROFILE permissions will no longer be associated to the GROUPS (zSecure RACF only).

In the current Security Verify Governance  release it is NOT possible to assign RESOURCE PROFILE permissions to an account or external role. It is also not possible to remove resource profile permissions from an external role. It is possible to remove resource profile permissions from an account.

Resource classes, profiles and permissions are not available in the standard RACF adapter.  The adapter does however accept server requests that adhere to the following standards:

<?xml version="1.0" encoding="UTF-8"?>

 <LDAPMessage ID="7056732228">

        <BindRequest Name="*****" Version="2.0">

                <SimpleAuthentication Password="*****">

                </SimpleAuthentication>

        </BindRequest>

         <ModifyRequest DN="eruid=IBMUSER">

<Modification Operation="add">

<attr name="erracprofaccesslist">

                               <value>FACILITY/IRR.RADMIN.LISTUSER/READ</value>

                               <value>FACILITY/IRR.RADMIN.ADDUSER/READ</value>

 <value>DATASET/IBMUSER.**/READ</value>

  </attr>

              </Modification>

                <Modification Operation="delete">

<attr name="erracprofaccesslist">

                             <value>FACILITY/IRR.RADMIN.LISTUSER/READ</value>

                               <value>FACILITY/IRR.RADMIN.ADDUSER/READ</value>

 <value>DATASET/IBMUSER.**/READ</value>

                                        </attr>

                                                        </Modification>

</ModifyRequest>

</LDAPMessage>

Support for the configuration of the server request and/or reconciliation of the involved permissions is currently not supported.

The zSecure RACF adapter now also supports single account lookups from IBM Security Verifty Governance Identity Manager. For a single account lookup for which it does NOT use zSecure functionality, instead it uses IRRXUTIL.

The current IBM Security Verifty Governance and Governance  Identity Manager releases do not support connect groups as complex attributes for the zSecure RACF adapter.

This release of the RACF adapter does not support MFA

This release of the adapter only offers limited language support.  If the IBM-424 code page is set, all space separated character based string values will be considered to be Hebrew values. These values will be reversed before applying a modification in RACF or in the Verify Governance server to restore the writing direction and word order. The only exception to this rule is the implementation of numeric values, provided they are space-separated from character-based string values.

Limited compatibility with erracexecvar and erracexecname is available on demand. Contact IBM Support for more details. Please include your current ISIMEXIT and ISIMEXEC code in your request for support.

Description

Items included in release 10.0.1

Rebranding IBM Security Identity to IBM Security Verify

Items included in release 7.1.40

No items included

Items included in release 7.1.39

No items included

Items included in release 7.1.38

No items included

Items included in release 7.1.37

RACF CSDATA segment support for single account lookup

Items included in release 7.1.36

No items included

Items included in release 7.1.36

ISIM  RACF Adapter enhancement.

Disallow external calls to agentCfg port.

Items included in release 7.1.35

 IGI 5.2.5 support -

As an adapter developer for z/OS I need to add support for supporting data and canonical values to the IGI profiles

Items included in release 7.1.34

No items included

Items included in release 7.1.33

No items included

Items included in release 7.1.32

Add an option to include “REMOVE <connect_group>”  or “CONNECT <connect group>”  for PRE MODIFY and POST MODIFY operations to be passed on to ISIMEXIT.

As an adapter for RACF user I want to have an option to run RECOJOB outside of the adapter so that the adapter can instantly start processing the RECOSAVE contents.

Add a registry setting to specify if the adapter should attempt to delete existing data set profiles before deleting an account.

As an ADK for z/OS developer I need to upgrade to OpenSSL 1.0.2o to address PSIRT CVE-2018-0739

Items included in release 7.1.31

As an AD for z/OS developer I need to offer the ability to explicitly disable TLS1.0 in all ADK based adapters.

As an ADK for z/OS developer I need to add diagnostic messages to the ADK that allow troubleshooting 2-way ssl connections

As an ADK for z/OS developer I need to upgrade to OpenSSL 1.0.2n

Items included in release 7.1.30

Add support for WAEMAIL in WORK segment

Items included in previous releases

Enable SSL by default in the ISPF installation panels

Add tooltips to customlabels.properties

Registry setting to keep the RECOSAVE export data set

Status tab in IGI target.json, erLastAccessDate in target.json

TSO/E 8 Character Userid support

Upgrade expat libraries to 2.2.0

Update OpenSSL to release 1.0.2j

Disable SSLV3 and RC4 ciphers and certify TLS 1.1 / 1.2 is supported by the ADK

Adapter appears to be running while it was unable to connect to the socket.

RACF adapter enhancement. How to know what attributes are being modified in a ISIMEXIT.

Support ROAUDIT attribute in the RACF adapter

Include IGI specific profile with JSON in the adapter package

Update the adapter panels

Include adapter mapping file in the adapter package

Include a license folder in the adapter package

Add two initial lines to CustomLabels.properties which are required for translation

Complex Attribute Handler for RACF Connect Groups

ISIM Lookup transaction performance enhancements

Remove APPC protocol dependency

Added support for password phrases

Added support for custom fields (CSDATA)

Changed KERB form: Added AES and changed DESD description

Changed agent behavior:
Setting a boolean flag to blanks is now the same as setting it to FALSE

Description

Items closed in release 10.0.1

Abend 0C4 after  getpwuid() error

Upgrade to Expat 2.2.10

Adapter fails to delete profiles if the accounts connection to the group has been revoked.

Items closed in release 7.1.40

AGJB04 writes empty JOBCHAR to registry

ISIM_ADAPTER_CIPHER_LIST variable is not having any effect with RACF adapter 6.0.39

Error when processing unmodified values in reply message

Abend when processing reconciliation request xmls

Items closed in release 7.1.39

RACF "EDC5112I Resource temporarily unavailable”

Increasing memory allocations for erracconxml values during reconcilitations.

Adapter STC does not abort when running out of memory required for new connection pthreads.

vulnerability CVE-2016-2183(SWEET32) reported on ISIM V6.0.

Memory leak in ConnectionTest operations.

Items closed in release 7.1.38

No items included

Items closed in release 7.1.37

Adapter abend 40D, RC10 with the below messages in the CEEDUMP

 5     _ermAlloc   +00000076              libErmApi.dll                                                Call

   6     ErmSBCSStrtoUCS2Str

                     +000000C0              libErmApi.dll                                              

Excessive non-ISIM server connections causing abend

Starting SSL handshake (OpenSSL)...

Handshake failed.  Error code: 1

SD_SEND to socket

Start SSL cleanup

Shutting down SSL server...

Received a segmentation violation...

Debug output in agentCfg tool causes DAML protocol configuration issues

Account DELETE continues with ISIMEXIT POST DELETE even if the account can’t be deleted.

<adapter_rw_home>/data/proc.xxx.out files not removed after attempt to delete data set profiles

Items closed in release 7.1.36

Disallow external calls to agentCfg port

Reconciliation doesn't return all accounts.

Upgrade to  OpenSSL 1.0.2.q

Items closed in release 7.1.35

RACF adapter returns rc ‘20030’ on account ADD

IKJ567161I when provisioning/modifying a custom attribute

Adapter abends during the reconciliation of CSDATA segment attributes

Upgrade to ADK 6.0.6

IKJ56702I INVALID USERID returns error for account DELETE where this should return a success as the account no longer exists in RACF

Items closed in release 7.1.34

IKJ56716I when provision/modify a comma-separated CSDATA value

Upgrade to OpenSSL 1.0.2p

Items closed in release 7.1.33

Add an option to continue to use tsocmd to allow authorized TSO/E commands to be executed from ISIMEXIT.

TSO/E STATUS command fails if the JOBNAME contains a $ character.

SURROGATE ID ignored on account MODIFY

Items closed in release 7.1.32

RACF Adapter for ISIM 6.0 - tsoCmd: return code 255

when using ISIMEXEC.

Inconsistent erraculogtime between full and filtered reco

Items closed in release 7.1.31

As an ADK for z/OS developer I need to ensure that manually dropping the DAML_PORT socket doesn't result in a loop

Since installing 6.0.29 customer cannot longer change the DAML password

change the group profile name from RacfGroupProfile to RACFgroupProfile

Attempt to destroy context for invalid socket results in dump in _ermListFree

Items closed in release 7.1.30

PSIRT Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Report Data Sync  does not synchronize RACF Group memberships

Items closed in previous releases

RSA key length used by certTool increased from 1024 to 4096, which

allows it to be NIST compliant beyond 2021.

Lock file that is created during reconciliations is not removed when switching between the SURROGATID and the ADAPTERID

RACF Adapter Complex Attribute Handler NullPointerException while trying to remove or add a connect group.

The adapter allowed multiple parallel reconciliation requests without closing pipes and failing the duplicate requests.

Memory allocation related abends during reconciliation when processing large amounts of connect groups for individual user accounts.

erraculogtime value is incorrect if the account has not been used after creation.

Attribute values following the string PASSWORD are masked in the adapter log

Heap storage problem in RACF agent

CEE3204S The system detected a protection exception (System Completion Code=0C4).

          From entry point _ermFree at compile unit offset +0000008A at entry offset +0000008A at address 2500BF4A.

RACF adapter abend

CEE0802C Heap storage control information was damaged.                                                                     From entry point _ermAlloc at compile unit offset +00000076 at entry offset +00000076 at address 2932CDAE.  
        From entry point tsocmd_exec at compile unit offset +00002660 at entry offset +00002660 at address 29113BE0.
CEE0802C Heap storage control information was damaged.                                                                        From entry point _ermFree at compile unit offset +00000084 at entry offset +00000084 at address 2932CF44.  
CEE0802C Heap storage control information was damaged.                                                                        From entry point tsocmd_exec at compile unit offset +00002660 at entry offset +00002660 at address 29113BE0.

RACF 6.0.23 Abend 0c4

RACF agent started task on Z/OS 2.1 abends 0c4

RACF adapter crashes when handling ISIM requests

Adapter abends when not receiving a connect owner value

Abend U4038

ErRacConXml changed from string to binary in the IGI specific profile, this change had to be undone in the standard profile to prevent abends. KerbIsAES was changed back from KerbisAES128 to KerbIsAES to prevent errors in existing installations.

Deleting an account may fail if data set profiles for the account are still defined in RACF.

The adapter should first set a password before setting the password interval when adding a new account.

Reconciliation runs longer starting release 7.0.23 due to Fix0205 message improvements

subattribute values from ComplexAttributeValue Object reset to default

Lookup fails due to duplicate erracuname when NAME is specified in the instdata field

Stickybit set on adapter_readonly_home subfolders

ISIMRECO 0C4 on fclose in Fix0205 message

Lookup: Connect attributes not updated.

Error while modifying BINDDN in PROXY segment

Erraculogtime is not returned with the lookup operation

Accounts with only BASE segment fail lookup

Inconsistent results when supplying AES as encryption parameter in KERB segment

Reconciliation and lookup not supported for erracuopmonitor

Issue changing from SURROGAT ID to Agent ID.

"Unload 0102 record is missing" message during reconciliation.

PMR 91113,003,756

RACF Adapter 0C4 (protection exception) socket.

Adapter uptime on connectiontest is not updated.

When you send a request to modify multiple connect groups and all of these connect commands fail, the adapter should return a failure.

Change erracunoexpire from semi-supported to supported

by re-adding it to the account form.

ISIM 6 RACF adapter acct creation error after delete / Thread security environment not reset after using SURROGAT ID.

PMR 91113,003,756

erracupwinterval error message bogus.

PMR 91113,003,756

ADK bogus characters in Bind message.

Missing profile description: update racf2profile and racf2profiledesc

Adapter ignores erracupwnoexpire on password change

R_Admin is called during reconciliation when RECOSAVE data set name contains “CO” characters.

OpenSSL upgrade to 1.0.1m

Update ISIMEXIT to support current TSO/E implementation.

Agent abends after single account lookup from PIM server while processing entries for all accounts defined to RACF

RACF recon fails because JOBCHAR(R) does not meet the standard for jobnames

RACF DELUSER returns ISIM console success but it fails

RACF Adapter failed to open output file when processing >1000 simultaneous requests

Clear text password visible while changing password using ISIM

 Recon failed, adapter didn't wait 99 seconds

RACF adapter crashes when using PASSEXPIRE is true in combination with a pass phrase ending with a '$' character.

Reconciliation fails due to prefixing.

Errors in CSDATA processing for  one-character fields and integer fields.

Help panel message AMGRA034 should be AGRMA034.

Pre-Delete exit does not work

 Add account fails if  'KJ56644I NO VALID TSO USERID, DEFAULT USER ATTRIBUTES USED'  is returned from RACF.

RACF adapter password command formatting errors when creating a new account.

AGRCCFG utility not working as expected

ISIM RACF 6.0.7 SHORTCONNECT REGISTRY DEFAULT

 ISIM RACF 6.0.7 ADAPTER MISSING PERMISSION INFO

Password is set to EXPIRED on password change although "PASSEXPIRE" is set to "TRUEADD"

Password not propagated on password change

Erracupwinterval: Interval 0 not interpreted as NOINTERVAL

Update on previous fix: now also includes solution for agentCfg dumping when entering a 4 character key when starting agentCfg

AgentCfg -codepages does not return information

RacfAgent.dat overwritten every IPL

Openssl upgraded to 10.1.g

Changed max thread settings and additional debug messages

Running the adapter in -console mode does not open remote socket

Warning messages CONNECT group: incorrect characters returned in errorMessage when creating a new account on the ISIM server and specifying a connect group to which the user can not be added by the adapter resulting in the following message on the ISIM server:

CTGIMD812E  An error occurred while processing the adapter response                        

message. The following error occurred.                                                    

Error: An invalid XML character (Unicode: 0x7) was found in the value of                  

attribute "errorMessage" and element is "attr".  

Adapter issue with CONNECT group

Incorrect characters present in some account attributes

Error in setting the READ_TIMEOUT parameter.

When trying to change the ISIM adapter Configuration Key using agentCfg, a problem is encountered if the length of the new key is less than 5 characters. If it is 4 characters or less the registry will be corrupted.

Items included in release 10.0.1

Rebranding IBM Security Identity to IBM Security Verify

Items included release 7.1.15

Add support for the LNOTES RACF segment to the zSecure RACF adapter

Add support for the KERB RACF segment to the zSecure RACF adapter

Add support for the NETVIEW RACF segment to the zSecure RACF adapter

Add support for the NDS RACF segment to the zSecure RACF adapter

Items included release 7.1.14

No items included

Items included release 7.1.13

Ability to remove resource profile permissions that are assigned directly to an user account using CKGRACF.

Implement connect groups as complex attributes when defining groups as permissions rather than external roles.

Add ISIMEXIT functionality

Delete data set profiles before attempting to delete the matching account

Option to specify language environment dump location (CEEDUMP)

OPMODE unencrypted registry setting to allow the adapter to run in READ-ONLY or READ-ONLY with PASSWORD/PASSPHRASE support mode.

Items included release 7.1.12

No items included

Items included release 7.1.11

 IGI 5.2.5 support -

As an adapter developer for z/OS I need to add support for supporting data and canonical values to the IGI profiles

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the DCE segment.

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the DFP segment.

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the PROXY  segment.

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the WORK segment.

Items included release 7.1.10

No items included

Items included release 7.1.9

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the TSO segment.

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the OMVS segment.

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the CICS segment.

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the LANG  segment.

As an adapter for zSecure RACF user I would like to be able to view and modify user profile attributes from the BASE segment.

Add support for the new segments in targetprofile.json

As  a zSecure RACF adapter developer I need to upgrade to ADK 6.0.5 / OpenSSL 1.0.2o

Items included release 7.1.8

As an AD for z/OS developer I need to offer the ability to explicitly disable TLS1.0 in all ADK based adapters.

As an ADK for z/OS developer I need to add diagnostic messages to the ADK that allow troubleshooting 2-way ssl connections

As an ADK for z/OS developer I need to upgrade to OpenSSL 1.0.2n

Items included release 7.1.7

Include specialFlags in targetprofile.json

Items included release 7.1.6

Enable SSL by default in the ISPF installation panels

Add tooltips to customlabels.properties

Registry setting to keep the RECOSAVE export data set

Implement registered prefix IRVxxxxx for shared profile variables

Items included in release 7.1.5

Status tab in IGI target.json, erLastAccessDate in target.json

TSO/E 8 Character Userid support

Upgrade expat libraries to 2.2.0

Items included in release 7.1.4

Update OpenSSL to release 1.0.2j

Disable SSLV3 and RC4 ciphers and certify TLS 1.1 / 1.2 is supported by the ADK

Adapter appears to be running while it was unable to connect to the socket.

Items included in release 7.1.3

Update JSON in the adapter profile

Include adapter mapping file in the adapter package

Include a license folder in the adapter package

Add two initial lines to CustomLabels.properties which are required for translation

Stickybit set on adapter_readonly_home subfolders

Items included in release 7.0.2

Fulfillment: added support for account Add, Delete and Modify

Items included in release 7.0.1

IGI 7.0.1 initial release

Items closed in release 10.0.1

Abend 0C4 after  getpwuid() error

Upgrade to Expat 2.2.10

Items included in release 7.1.15

ISIM_ADAPTER_CIPHER_LIST variable is not having any effect with RACF adapter 6.0.39

Error when processing unmodified values in reply message

Abend when processing reconciliation request xmls

Items included in release 7.1.14

Adapter STC does not abort when running out of memory required for

new connection pthreads.

vulnerability CVE-2016-2183(SWEET32) reported on ISIM V6.0

Memory leak in ConnectionTest operations.

Hebrew chars not passed to zSecure adapter

Items included in release 7.1.13

Adapter abend 40D, RC10 with the below messages in the CEEDUMP

 5     _ermAlloc   +00000076              libErmApi.dll                                                Call

   6     ErmSBCSStrtoUCS2Str

                     +000000C0              libErmApi.dll                                              

Excessive non-ISIM server connections causing abend

Starting SSL handshake (OpenSSL)...

Handshake failed.  Error code: 1

SD_SEND to socket

Start SSL cleanup

Shutting down SSL server...

Received a segmentation violation...

Debug output in agentCfg tool causes DAML protocol configuration issues

Items included in release 7.1.12

Disallow external calls to agentCfg port

Hebrew codepage aliases not checked and reading direction incorrect.

Reconciliation doesn't return all accounts.

Upgrade to  OpenSSL 1.0.2.q

Items included in release 7.1.11

Upgrade to ICU 3.6

Hebrew writing direction

Incorrect entry in adapter log for EXPORT data set

IKJ56702I INVALID USERID returns error for account DELETE where this should return a success as the account no longer exists in RACF

Upgrade to Expat 2.2.6

Upgrade to z/OS ADK 6.0.6

Items included in release 7.1.10

Upgrade to OpenSSL 1.0.2p

Items included in release 7.1.9

As an ADK for z/OS developer I need to upgrade to OpenSSL 1.0.2o to address PSIRT CVE-2018-0739

Items included in release 7.1.8

As an ADK for z/OS developer I need to ensure that manually dropping the DAML_PORT socket doesn't result in a loop

Customer cannot longer change the DAML password

Attempt to destroy context for invalid socket results in dump in _ermListFree

Items included in release 7.1.7

Abend 0C4 when modifying a single connect group for an account.

Error returned for SURROGAT ID during account modify

PSIRT Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Items included in release 7.1.6

RSA key length used by certTool increased from 1024 to 4096, which

allows it to be NIST compliant beyond 2021.

Items included in release 7.1.5

None

Items included in release 7.1.4

Attribute values following the string PASSWORD are masked in the adapter log

Heap storage problem in RACF agent

CEE3204S The system detected a protection exception (System Completion Code=0C4).

          From entry point _ermFree at compile unit offset +0000008A at entry offset +0000008A at address 2500BF4A.

Items included in release 7.1.3

None

Items included in release 7.0.2

Increase length for erZsrResource and erZsrAccess

PMR 54401,004,000 IBM IGI zSecure RACF Adapter creates IGI-only roles

ConnectionTest requires CKGRACF for zSecure Version in service form