Doug Bidwell
-
IBM i PTF Guide, Volume 28, Number 22
July 13, 2026 Doug Bidwell
We have been catching up and are almost caught up after the big move to Pennsylvania. This week, we have a slew of software vulnerabilities to tell you about, and also a bunch of HIPER fixes for NVM-Express flash drives on Power Systems running IBM i. Let’s start with the flash issue, since this is the one that is going to affect a lot of people.
IBM says that during unit testing an issue was found “where a NAND management that could result in command timeouts as well as several power cycling related hangs.” This issue affects the following devices: …
Read more -
IBM i PTF Guide, Volume 28, Number 21
June 15, 2026 Doug Bidwell
The flow of security vulnerabilities and PTF patches has been kind of spotty for the past several weeks. Which is good, because we were in transit across the United States. We have successfully relocated from California to Pennsylvania, and are settling in. We are almost unpacked, and my Network Operations Center, or NOC, is coming together. Thanks for your patience!
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.6:
- HIPERs (High Impact/Pervasive)
- Security
- WebSphere Application Server V8.5
- QMGTOOLS
- Visual Studio Code for IBM i
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
-
IBM i PTF Guide, Volume 28, Number 20
June 8, 2026 Doug Bidwell
Welcome to this week, where we are getting closer and closer to both the beginning of summer and the AS/400’s 38th birthday. There are a bunch of changes that Big Blue is making to various technical support services that customers and partners need to be aware of. And a bug in Java you need to contemplate.
First, let’s start with the Java bug, which is Java 21 (64-bit) Applications Fail After Updating IBM i 7.5 Java Group PTF SF99955 to Levels 19 or 20, which you can read about here. The affected IBM i Java Group PTF Levels …
Read more -
IBM i PTF Guide, Volume 28, Numbers 18 And 19
June 1, 2026 Doug Bidwell
Welcome back to the IBM i PTF Guide! After traversing across the country to our new abode, we are ready to get back in the saddle and rustle up all of the patches and security vulnerabilities for you.
Let’s start, as we often do, with the security stuff. First, we have Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620), which you can read about at this link. The affected products for this are Web Server Plug-ins for WebSphere Application Server and …
Read more -
IBM i PTF Guide, Volume 28, Number 17
May 4, 2026 Doug Bidwell
We are in the middle of a house move right now, so the IBM i PTF Guide is running a little bit behind as we box and tape and lift and stack. In this week’s issue, we have two security vulnerabilities right off the bat.
First, we have Security Bulletin: IBM WebSphere Application Server Liberty is affected by identity spoofing (CVE-2026-3621), which you can find out more about at this link. The issue affects WebSphere Application Server – Liberty versions 17.0.0.3 through 26.0.
Second, we have Security Bulletin: IBM i is Affected by Improper Handling of Special Elements and …
Read more -
IBM i PTF Guide, Volume 28, Number 16
April 20, 2026 Doug Bidwell
April showers are supposed to bring May flowers, but this is definitely not true in a lot of the United States right now. Mayflowers can, and possibly might, still bring Pilgrims.
Meanwhile, back in IBM i Land, there are a thousand lakes and rolling farmland with the occasional city far off in the distance, plus a remediation of a bug in the Java PTF Group and a security vulnerability that you have to take a gander at.
Let’s start with the security vulnerability, which is outlined in Security Bulletin: IBM i is affected by a privilege escalation vulnerability in Web …
Read more -
IBM i PTF Guide, Volume 28, Number 15
April 13, 2026 Doug Bidwell
Well, this week’s security vulnerability looks pretty serious, so you best not skip this one. And as usual, it is happing with open source software embedded in the IBM i platform. The vulnerability is outlined in Security Bulletin: IBM i is Affected by Security Control Bypass and Uncontrolled Resource Consumption Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-21925, CVE-2026-21933, CVE-2026-21932, CVE-2026-21945].
You can read more about it at this link. Here is the list of remediations and fixes for the Java hole, which are available for IBM i 7.4, IBM i 7.5, and IBM i 7.6:
Remediation/Fixes,
… Read more -
IBM i PTF Guide, Volume 28, Number 14
April 6, 2026 Doug Bidwell
Happy Easter, everyone, and may the spring renew everyone. There’s only one security vulnerability this week, so let’s get to it.
That would be Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063], which you can find out more about here. The affected releases and their PTFs are as follows:
IBM i Release 5770-SS1 Option 3 PTF Number(s) 7.6 SJ09013 7.5 SJ09014 7.4 SJ09015 7.3 SJ09016 7.2 SJ09017
Here is the rundown of PTF Groups by IBM i release level since …
Read more -
IBM i PTF Guide, Volume 28, Number 13
March 30, 2026 Doug Bidwell
Welcome to Monday and a whole new batch of security vulnerabilities with the IBM i platform, all thanks to the open source variant of the venerable Apache Web server embedded in the WebSphere Application Server Liberty edition.
That’s the good thing about open source software: When there are problems, people find them and they fix them. The bad thing is that a lot of really smart people are constantly looking at the code for issues, and they are always find them. Think of it as Continuous Vulnerability/Continuous Patching, I guess.
Let’s go through them, and all of the vulnerabilities affect …
Read more -
IBM i PTF Guide, Volume 28, Number 12
March 23, 2026 Doug Bidwell
Happy Spring everyone! We are well into Daylight Savings Time and have longer – meaning brighter – evenings, so it is hard not to be optimistic about the spring, summer, and fall ahead. This week, we have one notice and two security vulnerabilities to start with. Let’s get to it.
Let’s start with the OSP-Distribution requisite for Technology Refresh PTF, which you can find out more about at this link. The PTFs are as follows:
- For IBM i 7.4: FI0138771, which is PTF SJ09037
- For IBM i 7.5: FI0138772, which is PTF SJ09038
Now, for the security vulnerabilities. First, …
Read more
