What’s new in Zowe 3.5

🧪 Highlights from Zowe 3.5

API Mediation Layer (API ML)

The API ML team has delivered improvements focused on certificate flexibility, configuration ergonomics, and operational robustness.

Important Note — Validate your zowe.yaml properties for ones in incorrect format based on this table — https://docs.zowe.org/stable/whats-new/release-notes/v3_5_0#zowe-api-mediation-layer as it will prevent zowe from starting

Server and Client Certificate Alias Separation: Google Chrome is phasing out acceptance of public CA certificates usable for both server and client authentication. To address this, Zowe 3.5 introduces a new clientCertificateAlias property that allows you to designate separate certificates for inbound HTTPS traffic versus outbound calls — both drawn from the same keyring or keystore. If you use internal CAs, there is no change required. The change was introduced to support changes to public CAs which stops issuing certificates valid for both outbound and inboudn connection.

Multiple Network Interface Binding: When running on a system with multiple network stacks, you can now specify a comma-separated list of interfaces where the API ML should listen, rather than being limited to one or all.

Zowe Version on Homepage: The API ML homepage now displays the Zowe version alongside the API ML version, so there’s no need to dig through configuration when asked what version you’re running.

Apache 2.0 Licensing for Enablers: The Python and Node.js onboarding enablers now explicitly carry the Apache 2.0 open source licence, resolving license scanning issues.

⚙️ CLI

Secure Certificate Support: Users can now import their certificate into the operating system’s certificate manager (Windows and macOS) and reference it by its common name using the new certFile profile property. No more splitting certificates into separate key and cert files on disk. The legacy approach remains supported.

Upload to USS Enhancements: A new –make-dirs flag automatically creates missing target directories recursively before upload. The upload behaviour now mirrors Unix cp — targeting a directory auto-derives the filename from the local file. A –skip-directory-check flag allows bypassing directory existence validation.

Faster SSH Command Execution: A new –exec flag on zowe zos-ssh commands bypasses shell initialisation and profile loading, significantly reducing command execution time. Traditional shell mode remains the default for full backwards compatibility.

Environment Variables in Configuration: Team Config properties can now reference environment variables (e.g., $ZOS_USER). Values can be marked as secure so they are never logged or displayed. This is particularly useful for ephemeral environments like GitHub Codespaces where persistent credential stores are unavailable.

⚙️ SDK

REST Request Queue: Extenders can now throttle requests to REST services using a new queuing mechanism — customisable request pools, timeouts, and simultaneous connection limits. Opt-in and fully backwards compatible.

Change Password via z/OSMF: A new class in the z/OSMF SDK allows changing a user’s password through the z/OSMF REST endpoints.

Abort Long-Running Downloads: A new abortDownload predicate on download options allows extenders to cancel outstanding downloads of all members, matching datasets, or USS directories mid-operation.

🖥️ Explorer for VS Code

Multi-Member Search Patterns: You can now enter comma-separated member patterns when searching datasets (e.g., SHOW*,RENDER*). Results are additive — any member matching any pattern is displayed. This replaces the previous limitation of a single pattern per search.

Download from Tree View: Right-click context menus in both the MVS and USS trees now include Download options — download a single member, an entire dataset, all members of a dataset, a USS file, or a USS directory recursively. Uses the VS Code file picker for selecting the destination.

Submit Job with Polling: When submitting JCL, a new “Poll for job completion” button appears immediately in the submission notification. The polling interval is configurable, and a notification is shown when the job completes with a button to navigate directly to the job.

Filter PDS Members: Members of a partitioned dataset can now be filtered inline — by name pattern or by creation date (showing only members created on or after a specified date). A clear button resets the filter.

VSAM Dataset Favoriting: VSAM datasets now support the same favoriting functionality as sequential and partitioned datasets — the star icon, add/remove, and quick access from the favourites list. Works across all extender profiles (z/OSMF, FTP, and custom) without any code changes.

Hidden File Toggle: A new VS Code setting allows hiding Unix files that start with a dot in the USS tree, reducing visual clutter.

Accessibility Improvements: Table views now have improved behaviour and usability for screen readers. Release notes and changelogs are now localizable, tied to the VS Code locale setting.

🧩 CICS Extension

Tree Refresh Preserves State: Refreshing the CICS tree no longer resets your view to the root — it updates in place, matching Zowe Explorer’s behaviour.

Predictable Sorting: Resources are now sorted in a stable, predictable order rather than having the last-used item jump to the top.

Hyperlinked Attributes: The Resource Inspector now makes attributes like JVM profile paths, work directories, and error log paths clickable — clicking navigates directly to the corresponding dataset or USS file in Zowe Explorer, reducing context switching.

Compare Resources: Right-click on any resource and choose “Compare To” to compare it against the same resource type in a different region or CICSplex. Only differing attributes are shown by default, with an option to reveal shared attributes. Multi-select comparison is also supported.

Improved Error Notifications: Error messages are now clear and concise, with direct links to relevant documentation for the specific API response codes encountered.

Certificate Authentication: Client certificate authentication is now supported for CICS connections.

🔧 Installation & Configuration

Config Manager Validation: The Config Manager now provides better error messages when YAML properties are nested incorrectly — for example, identifying that zowe.job.extensionDirectory should be zowe.extensionDirectory. This catches common indentation and nesting errors early.

“Bring Your Own Certificate” by Default: The embedded certificate setup scenarios have been removed from the default zowe.yaml. The documentation now guides users to bring their own certificates and keyring as the primary recommendation, avoiding the limitations of the automated certificate scripts.

Unified Logging via the Launcher: All Zowe components — ZSS, App Server, and API ML — now produce consistently named and structured log files. Log names include the high-availability instance ID (where applicable), component name, and timestamp. The launcher automatically limits each component to 5 active logs to prevent disk exhaustion.

Pre-Flight Checks: A new pre-flight check framework runs before Zowe components start, validating:

• Certificate and keyring configuration — checks for missing EKU, inaccessible keyrings, and misconfigured certificate properties
• AT-TLS setup — detects definitively incorrect AT-TLS configurations (runs as a warning by default, not blocking)
• Component existence — verifies that components referenced in zowe.yaml actually exist on the runtime system
• Java and Node version compatibility — validates that the installed runtimes are supported

Pre-flight checks currently issue warnings rather than blocking startup. When certificates are correctly configured, the checks are silent — they only surface when something is wrong.