Version 2.18.3 (October 2025)
Twitter
LinkedIn
Facebook
EmailVersion 2.18.3 (October 2025)
Welcome to the Zowe Version 2.18.3 release!
See New features and enhancements for a full list of changes to the functionality. See Bug fixes for a list of issues addressed in this release.
Download v2.18.3 build: Want to try new features as soon as possible? You can download the v2.18.3 build from Zowe.org.
New features and enhancements
Zowe Version 2.18.3 contains the enhancements that are described in the following topics.
To watch a demo of new enhancements and updated features included in a Zowe minor release, look for the release demo recording in the Zowe V2 System Demo playlist on YouTube.
Note: The Zowe v2.18.3 release does not include a system demo.
System demos are typically held the week after a minor release becomes available. Check the Open Mainframe Project Calendar for the latest schedule.
Zowe installation and packaging
Zowe Application Framework
Zlux Server Framework
- Old dependencies upgrade. (#613)
Zowe API Mediation Layer
- This Zowe version supports the PATCH method in CORS. This method has now been added to the list of CORS allowed HTTP methods. (#4255)
Zowe CLI
Zowe CLI (Core)
Zowe CLI Imperative Framework
CICS Plug-in for Zowe CLI
DB2 Plug-in for Zowe CLI
MQ Plug-in for Zowe CLI
IMS Plug-in for Zowe CLI
Zowe Explorer
Zowe Explorer API
- See the Zowe Explorer API changelog for updates included in this release.
Zowe Explorer FTP Extension
- See the Zowe Explorer FTP Extension changelog for updates included in this release.
Zowe Explorer ESLint Plug-in
- See the Zowe Explorer ESLint Plug-in changelog for updates included in this release.
Bug fixes
Zowe Version 2.18.3 contains the bug fixes that are described in the following topics.
Zowe installation and packaging
- Internal routine
copy_to_data_setdid not correctly check if data set exists. (#4489) --update-configmight fail if the specified config file is a symbolic link. (#4493)
Zowe Application Framework
Zowe Common C
- Fix a leak in the
safeFree64Internalroutine. (#556)
Zowe API Mediation Layer
- Fixed default eureka intervals of the Caching Service. (#4225)
- Fixed the API ML services logs so that "URL/Path not transformed" entries omit API ML services. (#4292)
- Fixed z/OSMF static definition for AT-TLS. (#4330)
- Fixed an incorrect Gateway URL in API Catalog when AT-TLS is enabled, and a startup issue when ICSF keyring is used. (#4337)
- Fixed the protocol scheme in hybrid AT-TLS (server-attls and client-https) setup. (#4338)
Zowe CLI
Zowe CLI (Core)
Zowe CLI Imperative Framework
CICS Plug-in for Zowe CLI
DB2 Plug-in for Zowe CLI
MQ Plug-in for Zowe CLI
IMS Plug-in for Zowe CLI
Zowe Explorer
Zowe Explorer (Core)
- See the Zowe Explorer changelog for updates included in this release.
Zowe Explorer API
- See the Zowe Explorer API changelog for updates included in this release.
Zowe Explorer FTP Extension
- See the Zowe Explorer FTP Extension changelog for updates included in this release.
Zowe Explorer ESLint Plug-in
- See the Zowe Explorer ESLint Plug-in changelog for updates included in this release.
Vulnerabilities fixed
Zowe discloses fixed vulnerabilities in a timely manner giving you sufficient time to plan your upgrades. Zowe does not disclose the vulnerabilities fixed in the latest release as we respect the need for at least 45 days to decide when and how you upgrade Zowe. When a new release is published, Zowe publishes the vulnerabilities fixed in the previous release. For more information about the Zowe security policy, see the Security page on the Zowe website.
The following security issues were fixed by the Zowe security group in version 2.18.3.
CVE-2025-48989 (BDSA-2025-8608) CVE-2025-8916 (BDSA-2025-8573) CVE-2025-5115 (BDSA-2025-9581) CVE-2024-6763 (BDSA-2024-7229) CVE-2025-58057 (BDSA-2025-10732) CVE-2025-58056 (BDSA-2025-10730) CVE-2025-55163 (BDSA-2025-8614)