Recently, in another forum, someone received a notification about a security flaw with DB2 Web Query. It only mentioned 2.4.0 and he opened a case to see if it was applicable to 2.3.0 also (he was planning on staying on that). This was IBM's reply:
<IBM>
Development's response is as follows:
IBM does not assess out-of-support releases for vulnerabilities. General experience across many products has been that most vulnerabilities found in the oldest supported release are also applicable to the prior out-of-support release. You should proceed with the expectation that statement is applicable for Web Query.
</IBM>
He is now planning on upgrading to 2.4.0.
This was my earlier conjecture prior to him getting a definitive answer.
<MyConjecture>
The group PTF for 2.4 is dated 2023-11-17. It says:
...
Planned Update Schedule: Unknown
...
A cursory glance at a PTF or two on that list found no mention of any CVE's.
The group ptf for 2.3 is dated 2023-07-19. It says:
The link above says: Technical support continues to be available until the end of support date. It also says the end of support for 2.3.0 was October 31, 2023
One could interpret this as, even if there is a security leak, you are SOL when it comes to getting any fixes for 2.3.
If you go to
ibm.com and on their search bar look for: ibm i ptf cover letters wqx "Web Query 2.3.0"
and sort by newest to oldest, you will not find anything newer than July 19 of 2023, which was before end of support. Change that 3 to a 4 and you will find newer ones.
Just my daily dose of FUD. Did it work?
</MyConjecture>
------------------------------
Robert Berendt IBMChampion
------------------------------