Version 2.18.2 (April 2025)

Welcome to the Zowe Version 2.18.2 release!

See Bug fixes for a list of issues addressed in this release.

Download v2.18.2 build: Want to try new features as soon as possible? You can download the v2.18.2 build from Zowe.org.

New features and enhancements

Zowe Version 2.18.2 contains the enhancements that are described in the following topics.

Zowe API Mediation Layer

• The configuration property apiml.security.forwardHeader.trustedProxies has been added to specify the regular expression pattern used to identify trusted proxies from which X-Forwarded-* headers are accepted and forwarded. This mitigates CVE-2025-41235. (#4148)

• Feature: Add Java sample app to authenticate client certificate. (#4009) (0808c65), closes #4009

• A Java sample app has been added to assist users to authenticate client certificates. (#4009)
• Users can now configure the connect and read timeout for Eureka HTTP client. (#4046)
• Java 21 is now supported. (#4027)

Bug fixes

Zowe Version 2.18.2 contains the bug fixes that are described in the following topics.

Zowe API Mediation Layer

• Fixed a resource leak in the http client, whereby all objects are now closed after use. (#4153)
• Added HSTS header when AT-TLS enabled for V2. (#4071)
• Changed error code SERVICE_UNAVAILABLE to INTERNAL_SERVER_ERROR when ticket generation fails. (#4043)

Zowe CLI

DB2 Plug-in for Zowe CLI

• Updated tar-fs transitive dependency to resolve technical debt. (#177)

• Updated axios transitive dependency to resolve technical debt. (#175)