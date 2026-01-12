IBM i PTF Guide, Volume 27, Numbers 49 Through 52

Doug Bidwell

Welcome to 2026! And to start the year off for the IBM i PTF Guide, we will wrap up four weeks of patches for and notes about the IBM i platform from 2025.

So, let’s start with Volume 27, Number 49 and then roll forward. Here, we have one security vulnerability and one notice. First, we have Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962), which you can read more about here. There is a vulnerability in the Jakarta Mail library which affects IBM WebSphere Application Server traditional. JavaMail and affects WebSphere Application Server Liberty with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Affected products are:

IBM WebSphere Application Server 9.0

IBM WebSphere Application Server 8.5

IBM WebSphere Application Server Liberty 17.0.0.3 – 25.0.0.11

Then, there is a note about the status of IBM WebSphere Application Server Liberty Repository, which you can read about at this link. This flash note documents the status of the IBM WebSphere Application Server Liberty Repository that is accessed by WebSphere Liberty’s install utility during installation and upgrade of Liberty features.

Here is the rundown of PTF Groups by IBM i release level since we last published on December 9, 2025:

PTF Groups 7.6:

HIPERs – High Impact Pervasive

PTF Groups 7.5:

HIPERs – High Impact Pervasive

PTF Groups 7.4:

HIPERs – High Impact Pervasive

PTF Groups 7.3:

HIPERs – High Impact Pervasive

PTF Groups 7.2:

None

Tip ‘O The Week: Get a checkup before the year gets crazy and you can’t find the time.

New (or Updated) links added to the ‘Links’ tab in The Guide this week:

System/Auditjrn: Setting Up Security Auditing, 637177

PowerVS: Adding, removing and resizing disks in PowerVS, 7171877

NetServer: NetServer Best Practices, 685099

The Guide at a glance: There were new defectives for the week of 12/06/25. Defective PTF rundown – the latest defective for each release. Click on the Defective PTF link for your release in the Guide:

Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.6 10/17/25 SJ06793 DT453552 SJ07607 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.5 10/22/25 SJ06924 DT453939 SJ07685 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 09/11/25 MJ06247 DT450137 MJ07181 Same as above, Please read the Cover letter - (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 01/27/25 SJ03169 DT422375 SJ03786 (When available)(read the recommendations)

Be sure to access the link in The Guide for further details.

And now, we go to Volume 27, Number 50. There were three security vulnerabilities that week.

First, we have Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635), with more information about it at this link. Affected products are:

IBM WebSphere Application Server 9.0

IBM WebSphere Application Server 8.5

IBM WebSphere Application Server – Liberty 17.0.0.3 – 25.0.0.12

Second, we have Security Bulletin: IBM OmniFind Text Search Server for DB2 for i is affected by multiple vulnerabilities. [CVE-2017-15691, CVE-2024-47072, CVE-2024-45492, CVE-2024-25269, CVE-2024-36052], with more information here. Affected releases:

IBM OmniFind Text Search Server for DB2 for i Release 5733-OMF

IBM i Release OmniFind Release PTF 7.6 1.7 SJ08264 7.5 1.6 SJ08272 7.4 1.5 J0827

Third, we have Security Bulletin: IBM i is affected by an out-of-bounds read and write in OpenSSL [CVE-2025-9230], with more about it here. Affected products and versions and their patches are:

IBM i Release 5733-SC1 PTF Number(s) 7.6 SJ08215 7.5 SJ08214 7.4 SJ08213 7.3 SJ08213 7.2 SJ08213

Here is the rundown of PTF Groups by IBM i release level since Volume 27, Number 49:

PTF Groups 7.6:

HIPERs – High Impact Pervasive

Group Security

Defective PTFs

QMGTOOLS

Visual Studio Code for IBM i

PTF Groups 7.5:

HIPERs – High Impact Pervasive

Group Security

Defective PTFs

QMGTOOLS

Visual Studio Code for IBM i

PTF Groups 7.4:

HIPERs – High Impact Pervasive

Group Security

QMGTOOLS

Visual Studio Code for IBM i

PTF Groups 7.3:

HIPERs – High Impact Pervasive

Group Security

QMGTOOLS

Visual Studio Code for IBM i

PTF Groups 7.2:

None

The Guide at a glance: There were new defectives for the week of 12/13/25. Defective PTF rundown – the latest defective for each release. Click on the Defective PTF link for your release in the Guide:

Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.6 12/09/25 MJ07438 DT457460 MJ08280 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.5 12/09/25 MJ07437 DT457460 MJ08279 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 09/11/25 MJ06247 DT450137 MJ07181 Same as above, Please read the Cover letter - (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 01/27/25 SJ03169 DT422375 SJ03786 (When available)(read the recommendations)

That brings us to Volume 27, Number 51, which had two security issues and a slew of patches to the IBM i operating system releases.

First, we had Security Bulletin: IBM i is affected by a cross-site scripting vulnerability in Navigator for i [CVE-2024-47875], with more information here. Affected releases and patches are:

IBM i Release 5770-SS1 PTF Number(s) 7.6 SJ07431 7.5 SJ07434 7.4 SJ07439 7.3 SJ07451

Second, we have PH68817:IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635), with more about it at this link. PH68817 resolves the following problem. ERROR DESCRIPTION: Confidential for Security Integrity interim fix CVE-2025-12635.

Here is the rundown of PTF Groups by IBM i release level since Volume 27, Number 50:

PTF Groups 7.6:

HIPERs – High Impact Pervasive

Group Security

IBM HTTP Server for i

760 IBM MQ for IBM i – v9.3.0/v9.4.0

SAP Support Required PTF List for IBM i 7.6

Visual Studio Code for IBM i

PTF Groups 7.5:

IBM HTTP Server for i

IBM MQ for IBM i – v9.2.0/v9.3.0/v9.4.0

SAP support required PTF list for IBM i 7.5

Visual Studio Code for IBM i

PTF Groups 7.4:

IBM HTTP Server for i

MQ for IBM i – v9.0.0/v9.1.0/v9.2.0/v9.3.0

SAP support required PTF list for IBM i 7.4

Visual Studio Code for IBM i

PTF Groups 7.3:

MQ for IBM i – v7.1.0/v8.0.0/V9.0.0/V9.1/V9.265

IBM HTTP Server for i

SAP support required PTF list for IBM i 7.3

Visual Studio Code for IBM i

PTF Groups 7.2:

None

The Guide at a glance: There were new defectives for the week of 12/20/25. Defective PTF rundown – the latest defective for each release. Click on the Defective PTF link for your release in the Guide:

Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.6 12/09/25 MJ07438 DT457460 MJ08280 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.5 12/09/25 MJ07437 DT457460 MJ08279 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 09/11/25 MJ06247 DT450137 MJ07181 Same as above, Please read the Cover letter - (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 01/27/25 SJ03169 DT422375 SJ03786 (When available)(read the recommendations)

In Volume 27, Number 52, which wrapped up 2025, there were no security vulnerabilities or other things to report, but there were some patches to the operating system stack.

Here is the rundown of PTF Groups by IBM i release level at that point:

PTF Groups 7.6:

HIPERs – High Impact Pervasive

Group Security

Performance Tools

IBM HTTP Server for i

PTF Groups 7.5:

HIPERs – High Impact Pervasive

Group Security

Performance Tools

PTF Groups 7.4:

HIPERs – High Impact Pervasive

Group Security

Performance Tools

PTF Groups 7.3:

HIPERs – High Impact Pervasive

Group Security

Performance Tools

PTF Groups 7.2:

720 Group HIPER at https://www.ibm.com/mysupport/s/fix-information/aDr3p000000gHFJ/fi0064653?language=en_US&myns=swgother&mynp=OCSSC5L9&mync=E&cm_sp=swgother-_-OCSSC5L9-_-E

720 Group Security at https://www.ibm.com/mysupport/s/fix-information/aDr3p000000gHc4/fi0064883?language=en_US&myns=swgother&mynp=OCSSC5L9&mync=E&cm_sp=swgother-_-OCSSC5L9-_-E

The Guide at a glance: There were new defectives the week of 12/27/25. Defective PTF rundown – the latest defective for each release. Click on the Defective PTF link for your release in the Guide:

Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.6 12/09/25 MJ07438 DT457460 MJ08280 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.5 12/09/25 MJ07437 DT457460 MJ08279 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 09/11/25 MJ06247 DT450137 MJ07181 Same as above, Please read the Cover letter - (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 01/27/25 SJ03169 DT422375 SJ03786 (When available)(read the recommendations)

