[V9.0.0.1 May 2017]

What's changed in IBM MQ 9.0.0 Fix Pack 1

IBM® MQ 9.0.0 Fix Pack 1 includes a number of changes to functions and resources.

JMS exception listener updates

From IBM MQ 9.0.0 Fix Pack 1 IBM MQ classes for JMS are updated so that:
  • An ExceptionListener registered by an application is invoked for any connection broken exceptions, regardless of whether the application is using synchronous or asynchronous message consumers.
  • An ExceptionListener registered by an application is invoked if a TCP/IP socket used by a JMS Session is broken.
  • Non-connection broken exceptions (for example MQRC_GET_INHIBITED) that arise during message delivery are delivered to an application's ExceptionListener when the application is using asynchronous message consumers and the JMS ConnectionFactory used by the application has the ASYNC_EXCEPTIONS property set to the value ASYNC_EXCEPTIONS_ALL.
Note: An ExceptionListener is only invoked once for a connection broken exception, even if two TCP/IP connections (one used by a JMS Connection and one used by a JMS Session) are broken.

For more information, see Exceptions in IBM MQ classes for JMS.

Support for class name allowlisting in JMS ObjectMessage

With APAR IT14385, and from IBM MQ 9.0.0 Fix Pack 1, IBM MQ classes for JMS supports allowlisting of classes in the implementation of the JMS ObjectMessage interface. The allowlist defines which Java classes might be serialized with ObjectMessage.setObject() and deserialized with ObjectMessage.getObject().

For more information, see Class name allowlisting in JMS ObjectMessage and Running IBM MQ classes for JMS applications under the Java Security Manager.

IBM MQ resource adapter IVT application updated to support WildFly V10

The IBM MQ 9.0 Long Term Support release resource adapter installation verification test application has been updated so that the WMQ_IVT_MDB.jar file contains the file META-INF\jboss-ejb3.xml, which is used by WildFly V10. The file WEB-INF\jboss-web.xml within the WMQ_IVT.war file contains the correct resource references for WildFly V10.

For more information, see Installing and testing the resource adapter in Wildfly.

Proxy subscriptions are not modified to ADMIN when alterations are attempted

Subscriptions with a SUBTYPE of PROXY cannot be modified. From IBM MQ 9.0.0 Fix Pack 1, if an attempt is made to modify a proxy subscription, an error message is reported and the SUBTYPE is not modified to ADMIN. See DISPLAY SUB and ALTER SUB.

Restriction on the use of topic alias queues in distribution lists

Distribution lists do not support the use of alias queues that point to topic objects. From IBM MQ 9.0.0 Fix Pack 1, if an alias queue points to a topic object in a distribution list, IBM MQ returns MQRC_ALIAS_BASE_Q_TYPE_ERROR.

Deprecated CipherSpecs

From IBM MQ 9.0.0 Fix Pack 1, the following CipherSpecs are deprecated:
  • [Windows][UNIX][Linux]FIPS_WITH_3DES_EDE_CBC_SHA
  • NULL_MD5
  • NULL_SHA
  • TRIPLE_DES_SHA_US
  • TLS_RSA_WITH_NULL_MD5
  • TLS_RSA_WITH_NULL_SHA
  • [Windows][UNIX][Linux]ECDHE_ECDSA_NULL_SHA256
  • [Windows][UNIX][Linux]ECDHE_RSA_NULL_SHA256
  • [Windows][UNIX][Linux]TLS_RSA_WITH_NULL_NULL
  • TLS_RSA_WITH_NULL_SHA256
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • [Windows][UNIX][Linux]ECDHE_ECDSA_3DES_EDE_CBC_SHA256
  • [Windows][UNIX][Linux]ECDHE_RSA_3DES_EDE_CBC_SHA256
For more information, see Deprecated cipherspecs.

GSKit version updated

The IBM Global Security Kit (GSKit) version has been updated in IBM MQ 9.0.0 Fix Pack 1. The new version of GSKit alters the stash file format that is used when you generate an .sth file to stash the key database password. Stash files that are generated with this version of GSKit are not readable by earlier versions of GSKit.

To ensure that stash files that are generated with IBM MQ 9.0.0 Fix Pack 1, or later, are compatible with your applications and other IBM MQ installations, you must update to a version of IBM MQ that contains a compatible version of GSKit. The following fix packs contain a compatible version of GSKit:
  • 7.1.0.8
  • 7.5.0.8
  • 8.0.0.6
  • 9.0.0.1

If you cannot update your applications or other IBM MQ installations, you can request a stash file format that is compatible with an earlier version. When you use the runmqakm or runmqckm commands with the -stash or -stashpw option, include the -v1stash command line parameter. You cannot use the strmqikm (iKeyman) GUI to generate a stash file that is compatible with an earlier version.

Adopting other security contexts when you use the ADOPTCTX(YES) parameter

When you use the ADOPTCTX(YES) parameter on an authentication information object, another security context cannot be adopted unless you set the ChlauthEarlyAdopt parameter in the channels stanza of the qm.ini file.

For more information, see Attributes of the channels stanza.

[Linux]

mqconfig change for nproc

On Linux®, each thread is implemented as a light-weight process (LWP) and each LWP is counted as one process against the resource limit nproc. Therefore nproc needs to be set based on the number of threads.

From IBM MQ 9.0.0 Fix Pack 1, the mqconfig script has been modified to display the number of processes based on number of threads running instead of the number of processes.

For more information about mqconfig and nproc, see Configuring and tuning the operating system on Linux and mqconfig.

MQPROMPT environment variable for runmqsc

From IBM MQ 9.0.0 Fix Pack 1, you can make it easier to see that you are in an MQSC environment and see some details of the current environment by setting a prompt of your choice by using the MQPROMPT environment variable. For more information, see Administration using MQSC commands.

fteMigrateAgent command changes

From IBM MQ 9.0.0 Fix Pack 1 the fteMigrateAgent command has been updated to ensure that the check to see if the user is an administrator is traced.

[z/OS]The command has also been updated to check that user satisfies (at least) one of these conditions in order to run the migrate command on z/OS®:
  • Be a member of the mqm group (if the mqm group exists).
  • Be a member of the group named in the BFG_GROUP_NAME environment variable (if one is named).
  • Have no value set in the BFG_GROUP_NAME environment variable.

For more information about the fteMigrateAgent command, see fteMigrateAgent .

New MFT agent property addCommandPathToSandbox

A new agent property addCommandPathToSandbox has been added to the Managed File Transfer component. This property is used to determine whether the directories specified by the commandPath property (and all of their subdirectories) should be added to the denied paths for both user sandboxes and the agent sandbox.

For more information, see The commandPath property and The agent.properties file.

New MFT agent property additionalWildcardSandboxChecking

From IBM MQ 9.0.0 Fix Pack 1, if an agent has been configured with a user or agent sandbox in order to restrict the locations that the agent can transfer files to and from, you can specify that additional checks are to be made on wildcard transfers for that agent by setting the additionalWildcardSandboxChecking property to true. For more information, see Additional checks for wildcard transfers and The agent.properties file.

[z/OS]

New agent property adminGroup for use with MFT agents on z/OS

IBM MQ 9.0.0 Fix Pack 1 adds a new agent property adminGroup for use with Managed File Transfer agents on z/OS. This property defines the name of group of users who can:
  • Start the agent by using the fteStartAgent command.
  • Stop the agent by using the fteStopAgent command.
  • Enable or disable trace for the agent by using the fteSetAgentTraceLevel command.
  • Display agent details by using the fteShowAgentDetails command.
For more information, see The agent.properties file.