• IBM i PTF Guide, Volume 28, Number 17

  May 4, 2026 Doug Bidwell

  We are in the middle of a house move right now, so the IBM i PTF Guide is running a little bit behind as we box and tape and lift and stack. In this week’s issue, we have two security vulnerabilities right off the bat.

  First, we have Security Bulletin: IBM WebSphere Application Server Liberty is affected by identity spoofing (CVE-2026-3621), which you can find out more about at this link. The issue affects WebSphere Application Server – Liberty versions 17.0.0.3 through 26.0.

  Second, we have Security Bulletin: IBM i is Affected by Improper Handling of Special Elements and …

  Read more

• IBM i PTF Guide, Volume 28, Number 16

  April 20, 2026 Doug Bidwell

  April showers are supposed to bring May flowers, but this is definitely not true in a lot of the United States right now. Mayflowers can, and possibly might, still bring Pilgrims.

  Meanwhile, back in IBM i Land, there are a thousand lakes and rolling farmland with the occasional city far off in the distance, plus a remediation of a bug in the Java PTF Group and a security vulnerability that you have to take a gander at.

  Let’s start with the security vulnerability, which is outlined in Security Bulletin: IBM i is affected by a privilege escalation vulnerability in Web …

  Read more

• IBM i PTF Guide, Volume 28, Number 15

  April 13, 2026 Doug Bidwell

  Well, this week’s security vulnerability looks pretty serious, so you best not skip this one. And as usual, it is happing with open source software embedded in the IBM i platform. The vulnerability is outlined in Security Bulletin: IBM i is Affected by Security Control Bypass and Uncontrolled Resource Consumption Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-21925, CVE-2026-21933, CVE-2026-21932, CVE-2026-21945].

  You can read more about it at this link. Here is the list of remediations and fixes for the Java hole, which are available for IBM i 7.4, IBM i 7.5, and IBM i 7.6:

  Remediation/Fixes, 

  …

  Read more

• IBM i PTF Guide, Volume 28, Number 14

  April 6, 2026 Doug Bidwell

  Happy Easter, everyone, and may the spring renew everyone. There’s only one security vulnerability this week, so let’s get to it.

  That would be Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063], which you can find out more about here. The affected releases and their PTFs are as follows:

  IBM i Release	5770-SS1 Option 3 	PTF Number(s)
  7.6					SJ09013	
  7.5					SJ09014
  7.4					SJ09015 
  7.3					SJ09016	
  7.2					SJ09017
  

  Here is the rundown of PTF Groups by IBM i release level since …

  Read more

• IBM i PTF Guide, Volume 28, Number 13

  March 30, 2026 Doug Bidwell

  Welcome to Monday and a whole new batch of security vulnerabilities with the IBM i platform, all thanks to the open source variant of the venerable Apache Web server embedded in the WebSphere Application Server Liberty edition.

  That’s the good thing about open source software: When there are problems, people find them and they fix them. The bad thing is that a lot of really smart people are constantly looking at the code for issues, and they are always find them. Think of it as Continuous Vulnerability/Continuous Patching, I guess.

  Let’s go through them, and all of the vulnerabilities affect …

  Read more

• IBM i PTF Guide, Volume 28, Number 12

  March 23, 2026 Doug Bidwell

  Happy Spring everyone! We are well into Daylight Savings Time and have longer – meaning brighter – evenings, so it is hard not to be optimistic about the spring, summer, and fall ahead. This week, we have one notice and two security vulnerabilities to start with. Let’s get to it.

  Let’s start with the OSP-Distribution requisite for Technology Refresh PTF, which you can find out more about at this link. The PTFs are as follows:

  • For IBM i 7.4: FI0138771, which is PTF SJ09037
  • For IBM i 7.5: FI0138772, which is PTF SJ09038

  Now, for the security vulnerabilities. First, …

  Read more

• IBM i PTF Guide, Volume 28, Number 11

  March 16, 2026 Doug Bidwell

  The Power11 processors and their systems have in the field since last summer, and for those of you fortunate enough to have a server with that “new car smell,” now is the time to learn about the new processor and systems and figure out how to optimize performance on these machines and take advantage of their special features.

  To that end, IBM has put out a new best practices guide called IBM Power11 Performance Optimization For IBM i to help you begin the processor of tuning up your new machine. You can download it here.

  In addition to this, …

  Read more

• IBM i PTF Guide, Volume 28, Number 10

  March 9, 2026 Doug Bidwell

  It was a super quiet week in IBM i Land this week. Seriously. Like, we have never seen it so quiet. No security vulnerabilities, no new PTF groups issued for any of the five supported IBM i releases. It has been very, very quiet indeed. So that probably means you need to brace yourself for a bunch of stuff in the next couple of weeks.

  We did want to point out that there are massive price changes coming for Power Systems main memory, which were announced to business partners on March 2 and which take effect on April. (This is …

  Read more

• IBM i PTF Guide, Volume 28, Number 9

  March 2, 2026 Doug Bidwell

  Welcome to March. You have five security vulnerabilities to take care of. The good news is that there is not a lot of other PTF stuff you have to worry about if you are on IBM i 7.3 through IBM i 7.6. There are Group HIPER and Group Security updates for IBM i 7.2, which is still under extended support.

  Let’s go through the security vulnerabilities to start, as we usually do.

  First, we have Security Bulletin: IBM Rational Developer for i is affected by a memory exhaustion loop (CVE-2024-4068), which you can read about here. (And for …

  Read more

• IBM i PTF Guide, Volume 28, Number 8

  February 23, 2026 Doug Bidwell

  This week, we start with three security vulnerabilities and a warning about media issues when you put your external LTO drives too close to the running Power Systems iron in your rack.

  Let’s start with the vulnerabilities, as we often do.

  First, we have Security Bulletin: IBM i is affected by denial of service vulnerabilities in Db2 JSON Store Technology Preview [CVE-2025-66453], which you can read more about here. The fixes for this vulnerability are as follows:

  IBM i Release	PTF Number(s)
  7.4	SJ08547
  7.3	SJ08546
  7.2	SJ08545
  

  Second, we have IBM i Java Development Kit 8 64 & …

  Read more

Previous Articles