What is changing?
To continue to deliver proactive product security updates across supported IBM MQ releases, from 1Q 2023 there will be 2 types of IBM MQ maintenance delivery: fix packs, and cumulative security updates (CSUs).
Fix packs continue to be produced exclusively for Long Term Support (LTS) releases during their normal support lifecycle, in keeping with previous practices.
CSUs will be produced for LTS releases (including releases in extended support), and for the latest IBM MQ continuous delivery (CD) release, as required to deliver relevant security patches.
The schedule for CSU maintenance deliveries will be governed by the availability of security updates for each release. Currently IBM does not intend to alter the current cadence for fix pack deliveries, which is typically 2 or 3 fix packs a year for each LTS release.
IBM MQ continues to use a “V.R.M.F” version identifier format. On distributed platforms, LTS releases will continue to be designated by a zero (0) in the “M” digit of the V.R.M.F version identifier – for example 9.3.0.x . CD releases have a non-zero value in the “M” digit of the V.R.M.F version identifier – for example 9.3.1.x.
On z/OS there is an IBM MQ for z/OS LTS release and an IBM MQ for z/OS CD release for each major version – such as MQ 9.3.0 – which are functionally identical. You can distinguish between an LTS and CD release with the same VRM level by looking at the CSQY000I message in the queue manager job log.
For more information on the differences between CD and LTS releases, refer to the IBM MQ FAQ for Long Term Support and Continuous Delivery releases.
What is the difference between CSUs and fix packs?
Fix packs continue to contain maintenance bundles for LTS releases, and are the vehicle for shipping most IBM “APAR” code fixes for these releases during their support lifecycle.
CSU deliveries contain typically small numbers of security updates, although IBM may on occasion ship additional APARs in these deliveries if a technical need should arise, for example if intrinsically linked to a security update.
In both cases, the updates are applied by using the same platform-native install technologies that have been used previously to deliver fix pack maintenance on the LTS releases, and so existing processes or automation can be used to deploy both types of maintenance.
How can I tell if a maintenance delivery is a CSU or a fix pack?