Component Maintenance Levels - Agent 8.0.x
This page summarizes the changes introduced in each component maintenance release for Universal Agent 8.0.x.
For a list of all component changes included in the maintenance release for each platform, see:
- z/OS Package Maintenance Levels
- Windows Package Maintenance Levels
- UNIX Package Maintenance Levels
- IBMi Package Maintenance Levels
All Components
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
B-20755 | Unix (AIX) | All | Migrate the AIX build platform to AIX 7.2. This effectively updates the mininum supported version for the Universal Agent 8.0.0.0 release to AIX 7.2 TL5 and higher. AIX 7.3 TL0 and higher is also supported. info Note This change required a change to the AIX distribution file name to include the 7.2 build platform. For example, the UA 7.9.0.0 distribution for AIX was |
B-23143 | All | All | Upgrade the OpenSSL 3pp vendor library used by Universal Agent to OpenSSL 3.5.5 to ensure continued maintainability of OpenSSL updates and fixes. Virtually all Universal Agent components use OpenSSL for cryptographic functions. Not all components have user-facing visibility, but for practical purposes, a change to OpenSSL is a change to all Universal Agent components. |
B-23362 | z/OS | All | Certify Universal Agent 8.0.0.0 for z/OS 3.2. |
D-14348 | All | All | Update the zlib 3pp vendor library to remediate Critical- and High-severity CVEs. The zlib library is used by all Universal Agent components, excluding the z/OS SMF exit modules. |
Universal Agent Server
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
B-14810 | z/OS | UAGSRV | Add TLS 1.3 connection support when Universal Agent components on z/OS are configured to use SystemSSL. |
B-18370 | IBM i | UAGSRV | Add support for executing scripted IBM i Virtual Terminal sessions from a Universal Agent batch environment. This is required to support the scenario of automating work that must be run from an interactive session, which may involve interaction with menu panels for a command or application. Support for this feature will include the following enhancements:
|
B-22268 | z/OS | UAGSRV | Add the ability to apply a jobname filter to Universal Agent File Monitor tasks that execute on z/OS. If dataset activity is performed via TSO, this same jobname filter will accept a TSO user ID. |
B-23006 | IBM i | UAGSRV | Store the joblog for all IBM i tasks that execute from the Controller in the UAG Server cache. This makes it possible to retrieve the joblog from the Controller upon request. |
D-11005 | z/OS | UAGSRV | Fix truncation of a message responsible for reporting secondary Universal Agent status to the Controller. The truncation could cause the Agent to show Active even if it were actually offline. |
D-13552 | All | UAGSRV | Ensures that an Agent's configured BUSINESS_SERVICES are part of any HELLO message the Agent sends to the Controller. This change was specifically intended to fix an issue where a transient Linux Agent would lose business service information after temporarily going offline. A persistent Agent on any platform would also benefit from this change if, for example, it were inadvertently deleted from the Controller. |
D-13864 | IBM i | UAGSRV | Ensures that an IBM i task will always execute with the credentials specified in the task's definition. If no credentials are specified, the behavior is unchanged and the task will continue to run as the Universal Broker user. |
D-13947 | z/OS | UAGSRV | Ensure that a z/OS task does not fail with a JCL error when the task's job issues an IEFC677I message. Prior to this change, it may be possible for the Agent to fail with a S0C4 ABEND or return accurate error information to the Universal Controller. |
D-13958 | z/OS | UAGSRV | Prior to the Universal Agent's attempt to calculate a system workload value, ensure that the sample size value in an SMF record type 70-1 (SMF70SAM) is non-zero. This check will prevent a divide-by-zero exception (S0C9). |
D-13913 | z/OS | UAGSRV | Restores the list of secondary Agent name(s) to the following Universal Controller locations:
|
D-14036 | All (depending on component availability) | UAGSRV | Ensure that an attempt to establish an improper SSL/TLS session over the affected Server application's component interface is handled gracefully. |
D-14051 | All | UAGSRV | Fixes an issue where the UAG Server's configured SERVICE_TIMEOUT value is ignored when receiving messages from OMS. This fix will decrease the time it takes for UAG Server to detect a dropped connection with OMS, which will in turn decrease connection recovery times. |
D-14191 | Unix | UAGSRV | Fix a possible memory corruption when an application monitored by an Application Control Task is stopped immediately after the application is started. |
D-14409 | z/OS | UAGSRV (UAGRERUN) | Fixes a problem where the JCL for a z/OS task containing a backward reference to a DD statement in the same step prevented that step from being marked "Restartable" in the z/OS task instance. Steps that contain local backward references should be restartable. Steps that contain backward references to other steps in the job will continue to be non-restartable. |
D-14448 | z/OS | UAGSRV | Fixes two memory leaks for UAGSRV on z/OS:
|
D-15569 | z/OS | UAGSRV | Fixes an issue where Universal Agents configured to use IBM's System SSL are unable to establish connections with z/OS 3.2 system. info ** Note** This fix enables support for the following ciphers when using System SSL on any supported version of z/OS:
Use of either of the ECDHE-ECDSA-* ciphers requires that data sessions established between UCMD and UCMD Server and between UDM and UDM Server enable encryption. For information about enabling encryption for UCMD standard i/o redirection sesions, refer to one or more of the following:
For information about enabling encryption for a UDM data session, refer to one or more of the following: |
Universal Broker
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
B-14810 | z/OS | UAGSRV | Add TLS 1.3 connection support when Universal Agent components on z/OS are configured to use SystemSSL. |
B-23685 | All | UBROKER | Enhance security for the Universal Broker's external service interface by adding peer authentication support. When the new AUTHENTICATE_PEER configuration option is set to yes, the Universal Broker will require that any client that tries to connect to its external service interface provide a valid client certificate. This will ensure that only trusted clients can connect to the Universal Broker. |
D-09802 | Unix | UBROKER | When the path to a Universal Broker's info Note There were code changes made for this defect that are shared between Unix and Windows implementations. However, the Universal Agent for Windows uses TCP/IP for the Universal Broker's component interface. This means that the values saved in the |
D-13908 | Unix | OMSSRV | Fixes an issue introduced by changes delivered in UA 7.8.0.0 with B-20246 that could cause session negotiation to fail when 1) one of the affected Server components receives an unusually large number of session negotiation requests, and/or 2) multiple clients of one of the affected Server components tries to connect and negotiate a session over a very slow network. |
D-15569 | z/OS | UAGSRV | Fixes an issue where Universal Agents configured to use IBM's System SSL are unable to establish connections with z/OS 3.2 system. info ** Note** This fix enables support for the following ciphers when using System SSL on any supported version of z/OS:
Use of either of the ECDHE-ECDSA-* ciphers requires that data sessions established between UCMD and UCMD Server and between UDM and UDM Server enable encryption. For information about enabling encryption for UCMD standard i/o redirection sesions, refer to one or more of the following:
For information about enabling encryption for a UDM data session, refer to one or more of the following: |
Universal Command
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
B-14810 | z/OS | UAGSRV | Add TLS 1.3 connection support when Universal Agent components on z/OS are configured to use SystemSSL. |
D-13908 | Unix | OMSSRV | Fixes an issue introduced by changes delivered in UA 7.8.0.0 with B-20246 that could cause session negotiation to fail when 1) one of the affected Server components receives an unusually large number of session negotiation requests, and/or 2) multiple clients of one of the affected Server components tries to connect and negotiate a session over a very slow network. |
D-14036 | All (depending on component availability) | UAGSRV | Ensure that an attempt to establish an improper SSL/TLS session over the affected Server application's component interface is handled gracefully. |
D-15569 | z/OS | UAGSRV | Fixes an issue where Universal Agents configured to use IBM's System SSL are unable to establish connections with z/OS 3.2 system. info ** Note** This fix enables support for the following ciphers when using System SSL on any supported version of z/OS:
Use of either of the ECDHE-ECDSA-* ciphers requires that data sessions established between UCMD and UCMD Server and between UDM and UDM Server enable encryption. For information about enabling encryption for UCMD standard i/o redirection sesions, refer to one or more of the following:
For information about enabling encryption for a UDM data session, refer to one or more of the following: |
Universal Connector for PeopleSoft Process Scheduler
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
D-14360 | Unix (Linux Intel only) | UPPS | Fixes a problem in which a UPPS task may exit with a start failure if the task definitions provides a large number of RunTime parameters. |
Universal Connector for SAP
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
B-22672 | z/OS | USAP | Add the ability to create SNC connections to an SAP server using USAP for z/OS. To implement this feature, support for the SAP Netweaver RFC libaries was also added to USAP for z/OS. See the SNC_MODE and SNC_QOP configuration options for information about how to configure this new feature. Note This change provides a significant update to USAP for z/OS. Prior versions still rely on the legacy SAP RFC libraries. The versioning for USAP on z/OS was back-leveled to reflect this lack of contemporary RFC library support. This USAP that is now provided for z/OS has partity with the USAP provided for Unix and Windows. To implement this change required porting USAP for z/OS to a 64-bit module. This means the 64-bit C runtimes will be needed on your z/OS system. This should not be a problem, but it is an updated platform requirement. With this change, the LIBRFC shared object module previously installed with the Agent on z/OS is no longer provided. The SAP Netweaver RFC libraries must be available on your z/OS system in order for USAP to run. The libraries' location can be set using the LIBPATH configuration option. Finally, a copy of the sample RFC INI member (USPRFC00) installed to &HLQ..UNV.SUNVSAMP is no longer placed in &HLQ..UNV.UNVCONF during the install. You may use the sample USPRFC00 provided as a reference, but the file itself must reside on the USS file system. This location is set with the USAP_RFC_INI_DIR configuration option. This feature also changes the USPPRC JCL procedure installed to &HLQ..UNV.SUNVSAMP. The DD statement that pointed to the USPRFC00 member is no longer needed. While no REGION statement is provided by the sample JCL procedure, this updated version of USAP has different runtime requirements than the back-leveled version. It may be necessary to add a REGION statement to USPPRC or to your job cards to accomodate these newer requirements. ::: |
Universal Control
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
D-13908 | Unix | OMSSRV | Fixes an issue introduced by changes delivered in UA 7.8.0.0 with B-20246 that could cause session negotiation to fail when 1) one of the affected Server components receives an unusually large number of session negotiation requests, and/or 2) multiple clients of one of the affected Server components tries to connect and negotiate a session over a very slow network. |
D-14036 | All (depending on component availability) | UAGSRV | Ensure that an attempt to establish an improper SSL/TLS session over the affected Server application's component interface is handled gracefully. |
D-15569 | z/OS | UAGSRV | Fixes an issue where Universal Agents configured to use IBM's System SSL are unable to establish connections with z/OS 3.2 system. info ** Note** This fix enables support for the following ciphers when using System SSL on any supported version of z/OS:
Use of either of the ECDHE-ECDSA-* ciphers requires that data sessions established between UCMD and UCMD Server and between UDM and UDM Server enable encryption. For information about enabling encryption for UCMD standard i/o redirection sesions, refer to one or more of the following:
For information about enabling encryption for a UDM data session, refer to one or more of the following: |
Universal Data Mover
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
B-14810 | z/OS | UAGSRV | Add TLS 1.3 connection support when Universal Agent components on z/OS are configured to use SystemSSL. |
D-13908 | Unix | OMSSRV | Fixes an issue introduced by changes delivered in UA 7.8.0.0 with B-20246 that could cause session negotiation to fail when 1) one of the affected Server components receives an unusually large number of session negotiation requests, and/or 2) multiple clients of one of the affected Server components tries to connect and negotiate a session over a very slow network. |
D-14036 | All (depending on component availability) | UAGSRV | Ensure that an attempt to establish an improper SSL/TLS session over the affected Server application's component interface is handled gracefully. |
D-15569 | z/OS | UAGSRV | Fixes an issue where Universal Agents configured to use IBM's System SSL are unable to establish connections with z/OS 3.2 system. info ** Note** This fix enables support for the following ciphers when using System SSL on any supported version of z/OS:
Use of either of the ECDHE-ECDSA-* ciphers requires that data sessions established between UCMD and UCMD Server and between UDM and UDM Server enable encryption. For information about enabling encryption for UCMD standard i/o redirection sesions, refer to one or more of the following:
For information about enabling encryption for a UDM data session, refer to one or more of the following: |
Universal Event Monitor
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
B-14810 | z/OS | UAGSRV | Add TLS 1.3 connection support when Universal Agent components on z/OS are configured to use SystemSSL. |
B-23685 | All | UBROKER | Enhance security for the Universal Broker's external service interface by adding peer authentication support. When the new AUTHENTICATE_PEER configuration option is set to yes, the Universal Broker will require that any client that tries to connect to its external service interface provide a valid client certificate. This will ensure that only trusted clients can connect to the Universal Broker. |
D-13908 | Unix | OMSSRV | Fixes an issue introduced by changes delivered in UA 7.8.0.0 with B-20246 that could cause session negotiation to fail when 1) one of the affected Server components receives an unusually large number of session negotiation requests, and/or 2) multiple clients of one of the affected Server components tries to connect and negotiate a session over a very slow network. |
D-14036 | All (depending on component availability) | UAGSRV | Ensure that an attempt to establish an improper SSL/TLS session over the affected Server application's component interface is handled gracefully. |
Universal Extension
Release 8.0.0.0 - March 31, 2026
Platform | Component | Description | |
|---|---|---|---|
D-14286 | Unix | PYTHON | Update the Universal Agent's Python 3.11 distribution for Unix and Windows to remediate Critical- and High-severity CVEs. This delivery also includes updates to the following "external" Python modules:
These external modules -- and their dependencies -- are provided by the Agent's Python distribution. A subset of these modules are install to the |
Universal FTP Client
Release 8.0.0.0 - March 31, 2026
Change Id | Platform | Component | Description |
|---|---|---|---|
B-14810 | z/OS | UAGSRV | Add TLS 1.3 connection support when Universal Agent components on z/OS are configured to use SystemSSL. |
D-14197 | Unix | UFTP | Update the libSSH2 3pp vendor library used by UFTP to remediate Critical- and High-severity CVEs. |
D-14416 | z/OS | UFTP | Fixes a problem where the Universal FTP Client generates an excessive number of log messages that seems to indicate a failure when trying to establish a TLS 1.3 session. |
Universal Message Service (OMS)
Release 8.0.0.0 - March 31, 2026
Change Id | Platform | Component | Description |
|---|---|---|---|
B-22140 | Unix | OMSSRV | Add support for OMS Message Database replication via the Raft protocol provided by the NuRaft library. This feature removes the requirement to have the OMS Message Database reside on a NFS-mounted, shared filesystem. That architecture will continue to be supported, however, and is still the default. For information on this new feature and how to configure it, see the following:
|
D-13422 | Unix | OMSSRV | Prevent unauthorized access to OMS Server by denying connection attempts from a remote OMS Admin (OMSADMIN) utility. This will restrict OMSADMIN to execution on the OMS Server's system. |
D-13908 | Unix | OMSSRV | Fixes an issue introduced by changes delivered in UA 7.8.0.0 with B-20246 that could cause session negotiation to fail when 1) one of the affected Server components receives an unusually large number of session negotiation requests, and/or 2) multiple clients of one of the affected Server components tries to connect and negotiate a session over a very slow network. |
Universal Query
Release 8.0.0.0 - March 31, 2026
Change Id | Platform | Component | Description |
|---|---|---|---|
B-23685 | All | UBROKER | Enhance security for the Universal Broker's external service interface by adding peer authentication support. When the new AUTHENTICATE_PEER configuration option is set to yes, the Universal Broker will require that any client that tries to connect to its external service interface provide a valid client certificate. This will ensure that only trusted clients can connect to the Universal Broker. |
Python Distribution for Universal Agent
Release 8.0.0.0 - March 31, 2026
Change Id | Platform | Component | Description |
|---|---|---|---|
D-14286 | Unix | PYTHON | Update the Universal Agent's Python 3.11 distribution for Unix and Windows to remediate Critical- and High-severity CVEs. This delivery also includes updates to the following "external" Python modules:
These external modules -- and their dependencies -- are provided by the Agent's Python distribution. A subset of these modules are install to the |
D-15594 | Windows | PYTHON | Update the Universal Agent's Python 3.11 distribution for Windows with the following changes:
This change will allow the Agent's Python 3.11 distribution to provide newer and more secure versions of these libraries than the default Python 3.11 for Windows currently provides. |