add release notes for api ml 2.18.3 #4749
Conversation
Signed-off-by: Andrew Jandacek <[email protected]>
janan07
added
area: apiml
|
😺 Thank you for creating this PR! To publish your content to Zowe Docs, follow these required steps.
Need help? Contact the Doc Squad in the #zowe-doc Slack channel. |
Signed-off-by: Andrew Jandacek <[email protected]>
| ### Zowe API Mediation Layer | ||
|
|
||
|
|
||
| * This Zowe version supports the PATCH method in CORS. A configuration property has been addedto the list of CORS allowed HTTP methods. ([#4255](https://github.com/zowe/api-layer/issues/4255)) |
There was a problem hiding this comment.
addedto -> added to
There was a problem hiding this comment.
PATCH is method, not configuration protperty. Maybe: It (the patch method) has been added to the list of CORS allowed HTTP methods.
|
|
||
| See [New features and enhancements](#new-features-and-enhancements) for a full list of changes to the functionality. See [Bug fixes](#bug-fixes) for a list of issues addressed in this release. | ||
|
|
||
| **Download v2.18.3 build**: Want to try new features as soon as possible? You can download the v2.3.0 build from [Zowe.org](https://www.zowe.org/download.html). |
There was a problem hiding this comment.
| **Download v2.18.3 build**: Want to try new features as soon as possible? You can download the v2.3.0 build from [Zowe.org](https://www.zowe.org/download.html). | |
| **Download v2.18.3 build**: Want to try new features as soon as possible? You can download the v2.18.3 build from [Zowe.org](https://www.zowe.org/download.html). |
There was a problem hiding this comment.
Also the URL could be https://www.zowe.org/download.html#download-v2
| Zowe Version 2.18.3 contains the enhancements that are described in the following topics. | ||
|
|
||
| :::info find out more | ||
| To watch a demo of new enhancements and updated features included in a Zowe minor release, look for the release demo recording in the [Zowe V2 System Demo playlist](https://www.youtube.com/playlist?list=PL8REpLGaY9QGjSTAqZaWxLG_g-jW1qGmo) on YouTube. |
There was a problem hiding this comment.
The latest demo was for 2.11.0. Even that I guess since the v2 is in maintain mode, there will be no video...
| ### Zowe API Mediation Layer | ||
|
|
||
|
|
||
| * This Zowe version supports the PATCH method in CORS. A configuration property has been addedto the list of CORS allowed HTTP methods. ([#4255](https://github.com/zowe/api-layer/issues/4255)) |
There was a problem hiding this comment.
PATCH is method, not configuration protperty. Maybe: It (the patch method) has been added to the list of CORS allowed HTTP methods.
| * This Zowe version supports Keycloak as an OIDC provider in integration tests. ([#4323](https://github.com/zowe/api-layer/issues/4323)) | ||
|
|
There was a problem hiding this comment.
| * This Zowe version supports Keycloak as an OIDC provider in integration tests. ([#4323](https://github.com/zowe/api-layer/issues/4323)) |
We shouldn't mentioned this one. I made a mistake. There is no functional change, it is just fix for pipeline/testing. It doesn't worth to be here.
|
|
||
| #### Zowe Explorer (Core) | ||
|
|
||
| - See the [Zowe Explorer](https://github.com/zowe/zowe-explorer-vscode/blob/main/packages/zowe-explorer/CHANGELOG.md) changelog for updates included in this release. |
There was a problem hiding this comment.
I guess (in general) there should be anchor, like .../CHANGELOG.md#2183. But actually Zowe explorer doesn't have any.
| ### Zowe API Mediation Layer | ||
|
|
||
| * Fixed default eureka intervals of the Caching Service. ([#4225](https://github.com/zowe/api-layer/issues/4225)) | ||
| * Fixed the API ML services logs so that "URL/Path not transformed" entries omit API ML services. ([#4292](https://github.com/zowe/api-layer/issues/4292)) |
There was a problem hiding this comment.
It is more detail message than in the original APIML's changelog. We should change the text in there as well
| * Fixed default eureka intervals of the Caching Service. ([#4225](https://github.com/zowe/api-layer/issues/4225)) | ||
| * Fixed the API ML services logs so that "URL/Path not transformed" entries omit API ML services. ([#4292](https://github.com/zowe/api-layer/issues/4292)) | ||
| * Fixed z/OSMF static definition for AT-TLS. ([#4330](https://github.com/zowe/api-layer/issues/4330) | ||
| * Resolved AT-TLS URL and keyring configuration issues causing incorrect Swagger URLs and gateway startup failures. ([#4337](https://github.com/zowe/api-layer/issues/4337)) |
There was a problem hiding this comment.
Original text: Fix URLs for onboarding when AT-TLS is enabled and gateway read a keyring with empty values
There are two issues:
- a wrong Gateway URL in API Catalog when AT-TLS is enabled
- a startup issue is ICSF keyring is used
This text looks to me that the issue are releated, but not.
suggestion: Fix a wrong Gateway URL in API Catalog when AT-TLS is enabled and a startup issue is ICSF keyring is used
There was a problem hiding this comment.
Ok. I changed this to:
"Fixed an incorrect Gateway URL in API Catalog when AT-TLS is enabled, and a startup issue when ICSF keyring is used."
Please verify if this is correct. Thanks
|
|
||
| Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the [Security page](https://www.zowe.org/security.html) on the Zowe website. | ||
|
|
||
| The following security issues were fixed by the Zowe security group in version 2.2. |
There was a problem hiding this comment.
| The following security issues were fixed by the Zowe security group in version 2.2. | |
| The following security issues were fixed by the Zowe security group in version 2.18.3. |
We should provider the list.
There was a problem hiding this comment.
Can you please provide me with this list?
There was a problem hiding this comment.
This is the list of vulnerabilities in the upgraded dependencies:
CVE-2025-48989 (BDSA-2025-8608)
CVE-2025-8916 (BDSA-2025-8573)
CVE-2025-5115 (BDSA-2025-9581)
CVE-2024-6763 (BDSA-2024-7229)
CVE-2025-58057 (BDSA-2025-10732)
CVE-2025-58056 (BDSA-2025-10730)
CVE-2025-55163 (BDSA-2025-8614)
We usually don't provide any additional information, so I guess nothing more is not needed.
Signed-off-by: Andrew Jandacek <[email protected]>
Signed-off-by: Andrew Jandacek <[email protected]>
Signed-off-by: Andrew Jandacek <[email protected]>
Signed-off-by: Andrew Jandacek <[email protected]>
Signed-off-by: Martin Zeithaml <[email protected]>
Describe your pull request here: Add release notes for API ML for v2.18.3
List the file(s) included in this PR: v2_18_3.md
After creating the PR, follow the instructions in the comments.