PTF Archives - IT Jungle

IBM i PTF Guide, Volume 27, Number 23

June 9, 2025 Doug Bidwell

It’s pretty quiet this week, which is good. We gave you a lot of stuff to do last week anyway, so now you can really get caught up.

The important thing is a new security vulnerability, which is in Security Bulletin: IBM Rational Developer for i is affected by an unspecified Java runtime encryption vulnerability (CVE-2025-21587). You can find out more about this issue with RDi at this link. The affected releases include Rational Developer for i 9.8.0.0 through 9.8.0.4, and the recommended fix is to install the RDi 9.8.0.5 update.

Here is the rundown of PTF Groups by …
Read more
IBM i PTF Guide, Volume 27, Numbers 21 And 22

June 2, 2025 Doug Bidwell

It is once again “ketchup week” here at The Four Hundred thanks to the Memorial Day holiday last week in the United States, and that means you get two IBM i PTF Guides for the price of one this week.

So let’s start with Volume 27 Number 21 dated May 24. There is a whole bunch of stuff to deal with.

First, there is a flash alert: IBM i HTTP Server Validation List Authentication Suddenly Fails After IBM i HTTP Group PTF Apply. You can find out more about this here. IBM says: “If you have applied one of …
Read more
IBM i PTF Guide, Volume 27, Number 20

May 19, 2025 Doug Bidwell

Brace yourselves, everyone. There are seven security vulnerabilities that you have to pay attention to this week for the IBM i platform. Remember, as security guru Carol Woodbury is fond of saying: the IBM i platform is not the most secure platform in the world, but the most securable platform in the world. You must be ever-vigilant and keep it secure by patching holes and killing bugs.

So, without further fuss, let’s dive in and take them in order.

One is Security Bulletin: IBM i is vulnerable to a machine-in-the-middle attack due to mishandling error codes when verifying the host …
Read more
IBM i PTF Guide, Volume 27, Number 19

May 12, 2025 Doug Bidwell

Welcome to this week in IBM i Land. And we will start out by warning you to watch out for the defective PTFs listing this week.

And now, to a security bulletin and a patches to fix it and a warning about a vulnerability that has not been patched.

First the one that has been patched, which is in Security Bulletin: IBM i is vulnerable to an authentication and authorization attack due to incorrect validation processing in IBM i Netserver [CVE-2025-3218] and which you can see more about at this link. The IBM i PTF numbers for 5770-999 contain …
Read more
Another Non-TR “Technology Refresh” Happens With IBM i TR6

May 5, 2025 Timothy Prickett Morgan

As you know, Big Blue released IBM i 7.6 and IBM i 7.5 Technology Refresh 6 (TR6) on April 8, with the expectation that both would ship to customers on April 18. IBM i 7.6 was detailed in announcement letter AD25-0031 and IBM i 7.5 TR6 was revealed in announcement letter AD25-0077. We’re all good there. And many of the features in IBM i 7.6 were backcast as a refresh into IBM i 7.5 with TR6, if you read the announcement letters.

IBM i 7.6 was available on April 18 as expected, but we know a bunch of people …
Read more
IBM i PTF Guide, Volume 27, Number 18

May 5, 2025 Doug Bidwell

Welcome to May, and we start out with PH65941, a notice from Big Blue that IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907 CVSS 4.1). You can check out this link for more details. IBM says that the fix for this APAR is set to be included with WebSphere Application Server 8.5.5.28 and 9.0.5.24. We are not sure when that will happen.

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.6:
- HIPERs – High Impact Pervasive
- Group Security
- Performance Tools
- IBM HTTP Server for i
- Content
…
Read more
IBM i PTF Guide, Volume 27, Number 17

April 28, 2025 Doug Bidwell

Just a reminder that as part of the April 8 announcements, IBM Software Support content is changing to require entitlement check for software patches. See more at this link, but the gist of it is that IBM Software Support Troubleshooting, Question & Answer, and How To documents are changing to require entitlement. This means that you will be required to log on with an IBMid that has proper entitlement before viewing the entire document.

Also this week, there is Security Bulletin: IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907), which you can find out more about …
Read more
IBM i PTF Guide, Volume 27, Number 16

April 23, 2025 Doug Bidwell

This week, we bring you two security vulnerabilities and an import HIPER for firmware updates for Power Systems iron. Let’s start with the firmware.

There is new microcode for Firmware 950 .. 950.D1, which you can find out more about at this link here, and new microcode for Firmware 950 .. 950.E0, which you can read all about at that link there. These are HIPERs and affect the following hardware:
- Power System S914 Server (9009-41A)
- Power System S922 Server (9009-22A)
- Power System S924 Server (9009-42A)
Now for the vulnerabilities. First, we have Security Bulletin: IBM i 7.6 is …
Read more
IBM i 7.6 Brings More Security Improvements Than Just MFA

April 14, 2025 Alex Woodie

Multi-factor authentication (MFA) is the big headliner with IBM i 7.6, which IBM begins shipping at the end of the week. This is good and right, since IBM i customers have been begging IBM to add MFA to the platform for so long. But the new IBM i release brings several other major security enhancements that customers will appreciate too, including a new command to disable non-secure connections, new encryption algorithms, streamlined regulatory compliance, and an easy way to tell what security patches have been applied, among others.

IBM has made it clear that it is taking security seriously on …
Read more
IBM i PTF Guide, Volume 27, Number 15

April 14, 2025 Doug Bidwell

There are so many announcements, and one of the big ones is ACS 1.1.9.8! We downloaded the new ACS and we have used this for a day, and so far there are no known issues at this time. We suggest treading lightly with this tool until after general availability on April 18. But it is looking good so far, though!

There is also a new security vulnerability, which is Security Bulletin: IBM i is vulnerable to an out-of-bounds write in NTP services due to multiple vulnerabilities. More information available at this link. The issue can be addressed by applying …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search