• April Showers Bring May IBM i Security Vulnerabilities

  May 8, 2024 Alex Woodie

  IBM has patched more than a dozen security flaws in IBM i and related products this spring, including serious flaws in the operating system proper and the compilers, and a critical vulnerability in Administrative Runtime Expert that landed a nearly perfect CVSS Base score.

  In the interest of time, let’s cover the security vulnerabilities in descending order of severity. That means we’re starting with the worst and then moving on to the slightly less worse.

  ARE Flaw

  The flaw reported in the Administration Runtime Expert for i (ARE), which IBM launched in 2010 to make it easier to manage IBM …

  Read more

• IBM i PTF Guide, Volume 26, Number 13

  April 8, 2024 Doug Bidwell

  Three is the magic number, as we all know. This week, there is another trio of vulnerabilities in parts of the IBM i software stack. And all three currently supported IBM i releases all have a slew of group patches as well. Let’s start with the vulnerabilities because these are always important to know about and deal with.

  First, we have Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270), which you can find out more about at this link. The affected products include IBM WebSphere Application Server Liberty, versions 23.0.0.3 through 24.0.0.3 – who …

  Read more

• What’s Up with Open Source on IBM i?

  March 27, 2024 Alex Woodie

  Open source software has become a steadfast component of the IBM i stack. But what open source software are IBM i shops using today? Results from Fortra’s recent IBM i Marketplace Survey provide answers.

  It may seem odd now, but open source hasn’t always been a staple of the IBM i server’s software diet. Until PHP arrived on the platform two decades ago, proprietary software was the only option for IBM i shops.

  But today, IBM i shops have hundreds of open source products to choose from. Thanks to the IBM i server’s openness, just about any product that can …

  Read more

• What the 2024 Marketplace Report Says About IBM i App Dev, Language Use

  March 13, 2024 Alex Woodie

  What languages, development environments, and tools are IBM i developers currently using to create new applications? How many users are still on SEU? And how are VS Code and Merlin faring among Web-based development tools? Fortra sought to answer those questions with its IBM i Marketplace Survey for 2024, and the results may surprise you.

  In late 2023, Fortra surveyed 270 IBM i professionals from around the world for the 2024 IBM i Marketplace Survey, which it published in January. You can download the report here.

  For the most part, Fortra asks the same questions every year, which is …

  Read more

• Guru: Procedure Driven RPG And Adopting The Pillars Of Object-Oriented Programming

  February 19, 2024 Gregory Simmons

  The four pillars of object-oriented programming (OOP): abstraction, encapsulation, inheritance, and polymorphism, were not created at a single point in time. They evolved gradually over several years, with contributions from various researchers and programmers. Here’s a brief overview of their evolution:

  1. Abstraction:

  • Alan Kay is credited with introducing the concept of abstraction in the 1960s with his work on Simula.
  • Abstraction gained further traction with the development of Smalltalk in the 1970s.

  2. Encapsulation:

  • David Parnas, in his 1972 paper “On the Criteria To Be Used in Decomposing Systems into Modules,” laid the groundwork for encapsulation by emphasizing the importance of

  …

  Read more

• Thoroughly Modern: From Tradition To Transformation For IBM i In The Era Of Cloud And AI

  February 12, 2024 Monica Sanchez

  The value of IBM i is undeniable, especially if you are running an IBM i shop. But that does not mean IT leaders can ignore pivotal market changes in cloud, cybersecurity, and AI. These disruptive forces all have something in common – they are driving change. They are shaping operations and future strategies, pushing IT leaders to innovate.

  As we dig deeper into these transformative forces, it becomes clearer that the path forward for IBM i shops is all about continuous evolution and strategic foresight.

  Cybersecurity: Trends and Tactics

  Cybersecurity has been a major concern in the past few years. …

  Read more

• IBM Patches New Security Vulns In IBM i Components, Power Firmware

  February 12, 2024 Alex Woodie

  IBM has patched a series of moderate security vulnerabilities in IBM i products and Power firmware over the past two weeks. The IBM i flaws span Rational Developer for i (RDi), Access Client Solutions (ACS), and the Java development kit and runtime, while the Power flaw involves PowerVM and its communications with the Hardware Management Console (HMC).

  Concerns over security hit an all-time high in the IBM i community according to the IBM i Marketplace 2024 study conducted by Fortra. The survey found that 79 percent of IBM i professionals considered security a top concern, a 10 percent increase …

  Read more

• IBM i PTF Guide, Volume 26, Number 2

  January 17, 2024 Doug Bidwell

  As odd as it may seem, this week there are HIPER and security patches available for IBM i 7.2, which has long since been off standard and now extended maintenance.

  First, there is a defective PTF for IBM i 7.2, which was noted on January 10.

  • LICENSED PROGRAM = 5798FAX
  • APAR NUMBER: SE81023
  • RECOMMENDATION: Apply fixing PTF xxxxxxx when it becomes available, or remove PTF SI85576, or use the SNDFAX command instead of the SBMFAX command.

  There is also an IBM i 7.2 Group HIPER, level 240, which is SF99719 and which you can find out more about here, …

  Read more

• ACS, Merlin Hit With Serious Security Vulnerabilities

  December 11, 2023 Alex Woodie

  Three serious security vulnerabilities in IBM i Access Client Solutions and six in Merlin were disclosed and patched by IBM last week. The flaws could allow attackers to commit a range of crimes, from executing arbitrary code and denial of service attacks, to obtaining sensitive data on IBM i conducting phishing attacks. All of the flaws – including another three reported by IBM in November – should be patched immediately.

  IBM published a security bulletin December 8 covering all three of the ACS flaws, which impact ACS versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3. The fix is to download …

  Read more

• IBM i PTF Guide, Volume 25, Number 47

  November 27, 2023 Doug Bidwell

  Happy Belated Thanksgiving, welcome back to work, and pass the turkey and cranberry sauce leftovers if you don’t mind.

  Speaking of leftovers, there are some new patches for IBM i 7.2, which were updated on November 14. You can check out SF99719 720 Group HIPER – level 237 at this link and SF99718 720 Group Security – level 126 at that link.

  There is also a security vulnerability you need to be aware of, specifically Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2023 …

  Read more

Previous Articles Next Articles