You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BugFix: Censored sensitive connection properties from the diagnostic details serialized into workflow and job submission command errors. #2784
BugFix: Prevented the daemon client from connecting to a Windows named pipe that belongs to a different user. #2790
BugFix: Hardened daemon client authentication so that another local user cannot drive a daemon they do not own. The daemon now generates a random secret token at startup, stores it in the owner-only daemon_pid.json file, and requires every client request to echo it back (compared in constant time). Because only the owner can read that file, this closes a gap on Windows, where the named pipe can be opened by local users other than the owner and the previously self-asserted user name check was insufficient. #2743
BugFix: Fixed "Access is denied" error when running CLI commands on Windows if daemon mode is active. #2808
Imperative
BugFix: The Config.set function, ConfigProfiles.set function, and the ConfigSecure property walkers now reject dotted paths whose segments are empty or use reserved property names. #2807
BugFix: Escaped regular-expression metacharacters in secure values before masking them in the Censor.censorRawData function. #2799
BugFix: Redacted sensitive environment variables and command-line arguments from the diagnostic information written to the log when a command handler fails to load or throws an error. This prevents credentials supplied via environment variables (for example, ZOWE_OPT_PASSWORD) from being persisted to disk in plain text. #2788
BugFix: Fixed an issue where passing an object with null values to the Censor.mCensorObject function caused a runtime error. Now, only non-null values are recursively handled in this function. #2784
BugFix: Added an optional token property to the IDaemonResponse interface. The daemon client sends this secret token (read from the owner-only daemon PID file) so the daemon can authenticate the client as its owner. #2743