https://wiki.zimbra.com/api.php?action=feedcontributions&user=Dawood+Shaikh&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-29T13:21:44ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=Advanced_Paste_in_Zimbra9&diff=70305Advanced Paste in Zimbra92024-02-22T06:57:10Z<p>Dawood Shaikh: </p>
<hr />
<div><br />
<br/><br />
<div style="padding:1%; color:#ff0000;font-size:19px;" ><br />
'''Deprecation Statement'''<br />
<br />
This feature has been deprecated since ZCS Daffodil release 10.0.2. For details please refer to the [https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.2 release notes].<br />
</div><br />
<br/><br />
<br />
=Advanced Paste=<br />
<br />
Advanced Paste for composer handles copy/paste from Word, Excel, PowerPoint, PDF, Websites, Paint, etc. When installed, it will be available for Mail and Signature Composers. The Advanced Paste service automatically cleans up content from Microsoft Word, Microsoft Excel, and HTML sources to ensure clean and compliant content.<br />
When pasting the data in the composer, users get an option to "Keep formatting", which automatically activates the service when clicked. <br />
For basic usage, users don't need to take any action. Simply copy and paste content normally using keyboard shortcuts, or the browser's "Paste" menu item.<br />
<br />
=Installation of Advanced Paste=<br />
<br />
Zimbra Advanced Paste depends on Micosoft packages '''dotnet-sdk''' and '''aspnetcore-runtime'''. Since Microsoft does not provide these dependent packages for [https://docs.microsoft.com/en-us/dotnet/core/install/linux-ubuntu Ubuntu 14.04], [https://docs.microsoft.com/en-us/dotnet/core/install/linux-rhel RHEL 6] and [https://docs.microsoft.com/en-us/dotnet/core/install/linux-centos CentOS 6], the Advanced Paste service cannot be used on these Operating Systems.<br />
<br />
==Installing Prerequisites==<br />
Configure Microsoft's package repository and key to install dependent packages '''dotnet-sdk''' and '''aspnetcore-runtime'''.<br />
<br />
===For Ubuntu 16.04 and 18.04===<br />
* As <code>root</code>, execute the command to download the key and add into the apt trust store:<br />
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /tmp/microsoft.asc.gpg<br />
mv /tmp/microsoft.asc.gpg /etc/apt/trusted.gpg.d/<br />
<br />
* Replace <version> with 16.04 for Ubuntu 16.04 and 18.04 for Ubuntu 18.04 in the below url:<br />
wget -q https://packages.microsoft.com/config/ubuntu/<version>/prod.list -O /tmp/prod.list<br />
mv /tmp/prod.list /etc/apt/sources.list.d/microsoft-prod.list<br />
chown root:root /etc/apt/sources.list.d/microsoft-prod.list<br />
apt update<br />
<br />
* If you see any error while apt update, run command:<br />
apt -o APT::Sandbox::User=root update<br />
<br />
===For RHEL 7 and RHEL 8===<br />
* Replace the <version> with exact 7 or 8 in the below url:<br />
wget -q https://packages.microsoft.com/config/rhel/<version>/prod.repo -O /tmp/prod.repo<br />
mv /tmp/prod.repo /etc/yum.repos.d/microsoft-prod.repo<br />
chown root:root /etc/yum.repos.d/microsoft-prod.repo<br />
yum update<br />
<br />
===For CentOS 7 and CentOS 8===<br />
* Replace the <version> with 7 or 8 in the below url:<br />
wget -q https://packages.microsoft.com/config/centos/<version>/prod.repo -O /tmp/prod.repo<br />
mv /tmp/prod.repo /etc/yum.repos.d/microsoft-prod.repo<br />
chown root:root /etc/yum.repos.d/microsoft-prod.repo<br />
yum update<br />
<br />
==Installation of Advanced Paste package==<br />
===Ubuntu 16.04 and 18.04===<br />
* As <code>root</code>, install the package:<br />
apt install zimbra-pasteitcleaned<br />
<br />
* Restart mailbox service as <code>zimbra</code> user:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
===RHEL/CentOS 7 and 8===<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-pasteitcleaned<br />
<br />
* Restart mailbox service as <code>zimbra</code> user:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
=Verifying Advanced Paste in Modern UI=<br />
==Server side verification==<br />
After successful installation, you could find:<br />
* Advanced Paste installation directory at: '''/opt/zimbra/common/lib/pasteitcleaned'''<br />
* Extension will be deployed at: '''/opt/zimbra/lib/ext/pasteitcleaned/'''<br />
* Advanced Paste log file updated at: '''/opt/zimbra/log/pasteitcleaned.log'''<br />
You should see a similar success message in the log file:<br />
<pre><br />
Hosting environment: Production<br />
Content root path: /opt/zimbra<br />
Now listening on: http://0.0.0.0:5000<br />
</Pre><br />
* A dotnet service running. As <code>root</code>, execute the command<br />
ps -ef | grep dotnet<br />
You should see a pasteitcleaned process running:<br />
<pre><br />
root@apps-development:~# ps -ef | grep dotnet<br />
root 1493 7971 0 09:00 pts/2 00:00:00 grep --color=auto dotnet<br />
zimbra 11408 1 0 Jan07 ? 00:11:26 /usr/bin/dotnet /opt/zimbra/common/lib/pasteitcleaned/PasteItCleaned.Plugin.Standalone.dll --server.urls http://0.0.0.0:5000<br />
</pre><br />
<br />
==Modern UI Verification==<br />
Login to Modern UI and copy/paste a well formatted table from any excel document in the Composer. When pasting, Composer will give you an option to "Keep formatting" or "Discard". Click on "Keep formatting" and the formatting of the copied table is retained. <br />
<br />
Example:<br />
<br />
[[File:PowerPaste_Enabled.png|x350px|AdvancedPaste Enabled]]<br />
<br />
=Troubleshooting=<br />
==Logs==<br />
<br />
The errors/logs for Advanced Paste can be found at <code>/opt/zimbra/log/pasteitcleaned.log</code>.<br />
<br />
==Formatting not maintained in the Composer==<br />
<br />
* If the formatting is not maintained in the Composer for the copied data (as displayed in below image), then perform following steps:<br />
<br />
[[File:PowerPaste_Disabled.png|x350px|AdvancedPaste Disabled]]<br />
<br />
* Check the browser console for any errors. Open the Composer and navigate to '''Developer Console''' -> '''Network'''. Copy the well formatted table and paste in the composer. You might see a similar response (as displayed in below image):<br />
<br />
[[File:PowerPaste_Error.png|x350px|AdvancedPaste Error]]<br />
<br />
* Check if the pasteitcleaned process is running:<br />
* As <code>root</code>, execute the command<br />
ps -ef | grep dotnet<br />
<br />
In case the pasteitcleaned process is not running, it will not return any process id for it:<br />
<pre><br />
root@apps-development:~# ps -ef | grep dotnet<br />
root 1493 7971 0 09:00 pts/2 00:00:00 grep --color=auto dotnet<br />
</pre><br />
<br />
* Start the process manually. As <code>zimbra</code> user, execute the command:<br />
su - zimbra<br />
/usr/bin/dotnet /opt/zimbra/common/lib/pasteitcleaned/PasteItCleaned.Plugin.Standalone.dll --server.urls http://0.0.0.0:5000 > /opt/zimbra/log/pasteitcleaned.log 2>&1 &<br />
<br />
* Verify the process is started successfully. As <code>root</code>, execute the command:<br />
ps -ef | grep dotnet<br />
<br />
You should see a pasteitcleaned process running:<br />
<pre><br />
root@apps-development:~# ps -ef | grep dotnet<br />
root 1493 7971 0 09:00 pts/2 00:00:00 grep --color=auto dotnet<br />
zimbra 11408 1 0 Jan07 ? 00:11:26 /usr/bin/dotnet /opt/zimbra/common/lib/pasteitcleaned/PasteItCleaned.Plugin.Standalone.dll --server.urls http://0.0.0.0:5000<br />
</pre></div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P38&diff=70207Zimbra Releases/9.0.0/P382023-12-19T12:13:03Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 38 GA Release =<br />
<div style="font-size:14px;" ><br />
Release Date: '''December 18, 2023'''<br />
</div><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''' and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
== Blank email issue on ZCO ==<br />
<br />
<div style="padding:1%; color:#008000;font-size:16px;" ><br />
<br />
After recent Microsoft updates (Version 2310, 2311), customers reported an intermittent issue that when sending a message from ZCO, it is delivered as a blank message to the recipient. The issue is not consistently reproducible and there are no definite steps to reproduce it. There have been no changes in the ZCO product that caused the issue, as we found this issue is not seen on Outlook versions not having the latest Microsoft patch. Our engineering team has also submitted a [https://answers.microsoft.com/en-us/outlook_com/forum/outlk_win-outtop_new-outsub_ofb/email-body-blankempty-when-mail-is-sent-from-draft/b1daff6e-a6f3-42ca-86ca-b8211d9b43bd post] on Microsoft forums asking for their immediate attention. We are also analyzing the issue and trying to find a root cause and feasible solution for the ZCO product. We will update as soon as we have an ETA on the fix.<br />
<br />
For the customers facing the issue, the workaround is to downgrade their Outlook to the previous version.<br />
<br />
</div><br />
<br />
== Zimbra Desktop installation issue on Intel-based Mac OS ==<br />
<br />
<div style="padding:1%; color:#008000;font-size:16px;" ><br />
<br />
The latest version of Zimbra Desktop application is currently not supported on Intel-based Mac OS and users may encounter an error upon attempting to launch it. The application functions as expected on Mac OS with the Apple M1 chip. Our team has identified the root cause and is actively working on a solution to extend support to Intel-based Mac OS systems. Updates will be provided once a solution is available. In the interim, the official recommendation for users having Intel-based Mac OS is to continue using the older version of Zimbra Desktop, or use the web client which remains accessible for all users.<br />
<br />
</div><br />
<br />
<div style="padding:1%; color:#f68b1f;font-size:19px;" ><br />
'''NOTICE: OpenJDK cacert Package Upgrade'''<br />
<br />
Please follow the instructions:<br />
<br />
Install zimbra-core-components before the patch upgrade on the mailstore node.<br />
apt-get install zimbra-core-components (For Ubuntu)<br />
yum install zimbra-core-components (For RHEL/Centos/Rocky Linux)<br />
<br />
While deploying zimlets, if the following error is encountered<br />
Enabling Zimlet zimbra-zimlet-secure-mail<br />
ERROR: zclient.IO_ERROR (invoke PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, server: localhost) (cause: javax.net.ssl.SSLHandshakeException PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)<br />
*** zimbra-zimlet-secure-mail Installation Completed. ***<br />
*** Restart the mailbox service as zimbra user. Run ***<br />
<br />
then, redeploy zimlets that are throwing error in the patch upgrade<br />
zmzimletctl -l deploy <zimlet.zip file name><br />
<br />
</div><br />
<br />
== Deprecation of Zimbra Server on Ubuntu 16.04 ==<br />
<br />
Ubuntu 16.04 End of life occurred on April 29, 2021. Zimbra will deprecate Kepler 9.0.0 support for Ubuntu 16.04 as of '''December 31, 2023'''. At this date, there will no longer be any patch release for Zimbra Kepler 9.0.0 on Ubuntu 16.04 operating system. We encourage all our new customer's to use '''Ubuntu 20.04''' for all their new installations.<br />
<br />
For questions or guidance with upgrading your operating system please open a support case and our Support team is here to assist you.<br />
<br />
== Change in upgrade process for 9.0.0 Patch 38 == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[[#Patch Installation|Patch Installation]]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"| OpenJDK has been upgraded to version 17.0.8 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-21930 CVE-2023-21930] [https://nvd.nist.gov/vuln/detail/CVE-2022-21476 CVE-2022-21476] [https://nvd.nist.gov/vuln/detail/CVE-2022-21449 CVE-2022-21449]<br />
|style="border: solid #ffffff; text-align: center;"| High<br />
|-<br />
|style="border: solid #ffffff;"| Fixed a vulnerability where an auth token was possible to be obtained .<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-48432 CVE-2023-48432]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"| Certbot now adopts ECDSA secp256r1 (P-256) certificate private keys as the default for all newly generated certificates. Zimbra has also introduced support for ECDSA secp256r1 (P-256) certificate private keys in new certificates.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"| Modern UI was vulnerable to DOM-based Javascript injection. Security related issues have been fixed to prevent it.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-50808 CVE-2023-50808]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration. '''<br />
<br />
<br />
= Migration to Daffodil v10 =<br />
<br />
Support for migrating customers running the 9.0.0 version with NG modules has now been added to the Daffodil 10.0.6 Patch Release. Please refer to [https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.6#Migration_Support_for_Daffodil_v10 Daffodil 10.0.6 Release Notes] for more details. Please make sure the server's are upgraded to latest 9.0.0 patch release before the migration.<br />
<br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* The OpenJDK package has been upgraded from 17.0.2 to 17.0.8<br />
</div><br />
<br />
== Modern Web App ==<br />
<br />
<br />
'''General'''<br />
* Distribution Lists are now available when choosing contacts in email via "Choose contacts" popup.<br />
* Users can select a mail and then select the newly added "Edit as new" option in Modern UI to create a new mail while retaining the recipients, subject and body of the mail. <br />
* A new Out Of Office configuration has been added in Modern UI. The users can use this option - "Send custom message to those not in my organization and address book", to send custom message to contacts who are not in user's organization and address book.<br />
* A separate "Trash" folder and context menu has been implemented for Calendar vertical in Modern UI.<br />
<br />
<br />
'''Mail'''<br />
* Users who have the required permissions will be able expand a distribution list in Modern UI mail compose window.<br />
<br />
<br />
'''Calendar'''<br />
* Users can now select the members of a distribution list as receivers when composing an email.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
<br />
== Zimbra Collaboration ==<br />
* On a setup with a large number of accounts (in millions), an LDAP query executed for retrieving all accounts resulted in a timeout exception. A fix has been made to skip the LDAP query if the license issued is of unlimited accounts. ZBUG-3655<br />
* To improve logging, a new local config attribute '''zimbra_additional_logging''' has been introduced. The default value is set to FALSE. When TRUE, it will log the following events: ZBUG-3565<br />
** Login attempts of non-existing users in the case of Web Client, POP3, IMAP, SMTP, and ActiveSync are now logged in audit.log with client/source IP.<br />
** Login attempts of non-existing users in the case of POP3, IMAP, and ActiveSync are now in mailbox.log with client/source IP.<br />
** Login attempts of existing users in the case of ActiveSync are now logged in mailbox.log with client/source IP. <br />
* In some scenarios, the external message warning was not being appended in the email when received from Gmail. The issue has been fixed. ZBUG-3132<br />
<br />
== Classic Web App ==<br />
* Files with .p7s extension were restricted as attachments due to security concerns. However the security concern is only applicable when SMIME is enabled. Hence, .p7s files can now be added as attachments when SMIME is disabled. ZBUG-2370<br />
<br />
<br />
== Admin Web Console ==<br />
* "Reject common passwords" feature requires LDAP attributes which were not present in Zimbra 9, hence the feature checkbox has removed from the Admin Console, from the paths -> Home > Configure > Class of Service > cosName > Advanced > Password section and Home > Manage > Accounts > userAccount > Advanced > Password section. However the full feature continues to be available on Zimbra 10. ZBUG-2871<br />
<br />
<br />
= Known Issues =<br />
* Clicking on Settings Icon after exporting contacts causes the user interface to freeze. To fix it, reload the page.<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 9.0.0.1701443092.p38-2 <br />
zimbra-mta-patch -> 9.0.0.1701433211.p38-1 <br />
zimbra-proxy-patch -> 9.0.0.1701433211.p38-1 <br />
zimbra-ldap-patch -> 9.0.0.1701433211.p38-1 <br />
zimbra-openjdk-cacerts -> 1.0.10-1zimbra8.7b1 <br />
zimbra-openjdk -> 17.0.8-1zimbra8.8b1 <br />
zimbra-core-components -> 3.0.22-1zimbra9.0b1 <br />
zimbra-ldap-components -> 2.0.16-1zimbra9.0b1 <br />
zimbra-zco -> 9.0.0.1938.1701268058-1 <br />
zimbra-mbox-webclient-war -> 9.0.0.1701417438-1 <br />
zimbra-mbox-admin-console-war -> 9.0.0.1695719560-1 <br />
zimbra-license-tools -> 9.0.0.1701325158-1 <br />
zimbra-common-core-jar -> 9.0.0.1701335628-1 <br />
zimbra-modern-ui -> 4.35.0.1701332224-1 <br />
zimbra-modern-zimlets -> 4.35.0.1701332224-1 <br />
zimbra-zimlet-additional-signature-setting -> 9.1.0.1701364050-1 <br />
zimbra-zimlet-ads -> 9.2.0.1701364050-1 <br />
zimbra-zimlet-calendar-subscription -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-date -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-duplicate-contacts -> 6.3.0.1701364050-1 <br />
zimbra-zimlet-emptysubject -> 3.2.0.1701364050-1 <br />
zimbra-zimlet-install-pwa -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-org-chart -> 3.2.0.1701364050-1 <br />
zimbra-zimlet-privacy-protector -> 5.3.0.1701364050-1 <br />
zimbra-zimlet-restore-contacts -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-secure-mail -> 2.4.0.1701364050-1 <br />
zimbra-zimlet-set-default-client -> 10.3.0.1701364050-1 <br />
zimbra-zimlet-sideloader -> 8.2.0.1701364050-1 <br />
zimbra-zimlet-user-feedback -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-user-sessions-management -> 10.2.0.1701364050-1 <br />
zimbra-zimlet-web-search -> 5.2.0.1701364050-1 <br />
zimbra-zimlet-briefcase-edit-lool -> 4.3.0.1701364050-1 <br />
zimbra-network-modules-ng -> 7.0.32.1701756214-1<br />
<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 38:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.6&diff=70206Zimbra Releases/10.0.62023-12-19T12:12:49Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Daffodil 10.0.6 Patch Release =<br />
<br />
<div class="col-md-9"><br />
<div style="font-size:14px;" ><br />
Release Date: '''December 18, 2023'''<br />
</div><br />
<br />
Check out the [[#Security Fixes|Security Fixes]], [[#What's_New|What's New]], [[#Fixed Issues|Fixed Issues]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.0/patch_installation Patch Installation]''' steps for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
<br />
== Blank email issue on ZCO ==<br />
<br />
<div style="padding:1%; color:#008000;font-size:16px;" ><br />
<br />
After recent Microsoft updates (Version 2310, 2311), customers reported an intermittent issue that when sending a message from ZCO, it is delivered as a blank message to the recipient. The issue is not consistently reproducible and there are no definite steps to reproduce it. There have been no changes in the ZCO product that caused the issue, as we found this issue is not seen on Outlook versions not having the latest Microsoft patch. Our engineering team has also submitted a [https://answers.microsoft.com/en-us/outlook_com/forum/outlk_win-outtop_new-outsub_ofb/email-body-blankempty-when-mail-is-sent-from-draft/b1daff6e-a6f3-42ca-86ca-b8211d9b43bd post] on Microsoft forums asking for their immediate attention. We are also analyzing the issue and trying to find a root cause and feasible solution for the ZCO product. We will update as soon as we have an ETA on the fix.<br />
<br />
For the customers facing the issue, the workaround is to downgrade their Outlook to the previous version.<br />
<br />
</div><br />
<br />
== Zimbra Desktop installation issue on Intel-based Mac OS ==<br />
<br />
<div style="padding:1%; color:#008000;font-size:16px;" ><br />
<br />
The latest version of Zimbra Desktop application is currently not supported on Intel-based Mac OS and users may encounter an error upon attempting to launch it. The application functions as expected on Mac OS with the Apple M1 chip. Our team has identified the root cause and is actively working on a solution to extend support to Intel-based Mac OS systems. Updates will be provided once a solution is available. In the interim, the official recommendation for users having Intel-based Mac OS is to continue using the older version of Zimbra Desktop, or use the web client which remains accessible for all users.<br />
<br />
</div><br />
<br />
<div style="padding:1%; color:#f68b1f;font-size:19px;" ><br />
'''NOTICE: OpenJDK cacert Package Upgrade'''<br />
<br />
Please follow the instructions:<br />
<br />
Install zimbra-core-components before the patch upgrade on the mailstore node.<br />
apt-get install zimbra-core-components (For Ubuntu)<br />
yum install zimbra-core-components (For RHEL/Centos/Rocky Linux)<br />
<br />
While deploying zimlets, if the following error is encountered<br />
Enabling Zimlet zimbra-zimlet-secure-mail<br />
ERROR: zclient.IO_ERROR (invoke PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, server: localhost) (cause: javax.net.ssl.SSLHandshakeException PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)<br />
*** zimbra-zimlet-secure-mail Installation Completed. ***<br />
*** Restart the mailbox service as zimbra user. Run ***<br />
<br />
then, redeploy zimlets that are throwing error in the patch upgrade<br />
zmzimletctl -l deploy <zimlet.zip file name><br />
<br />
</div><br />
<br />
<div style="padding:1%;" ><br />
<div style="color:#f68b1f;"><br />
<div style="font-size:19px;"><br />
'''IMPORTANT: Instructions to update Zimbra's onlyoffice repository for installing zimbra-onlyoffice package.'''<br />
<br />
Please note that there is no change in the onlyoffice package. Add Zimbra's onlyoffice repository to the server before Zimbra Daffodil v10 installation/upgrade. These repos will be included bydefault in upcoming Zimbra Daffodil version.<br />
</div><br />
<nowiki>https://repo.zimbra.com/apt/onlyoffice</nowiki><br />
<br />
<nowiki>https://repo.zimbra.com/rpm/onlyoffice</nowiki><br />
<br />
You must add your local repository to your RHEL/CentOS Configuration :<br />
<br />
</div><br />
'''Redhat'''<br />
<br />
RHEL7<br />
$ cat > /etc/yum.repos.d/zimbra-onlyoffice.repo <<EOF<br />
[zimbra-onlyoffice]<br />
name=Zimbra Onlyoffice RPM Repository<br />
baseurl=<nowiki>https://repo.zimbra.com/rpm/onlyoffice/rhel7</nowiki><br />
gpgcheck=1<br />
enabled=1<br />
EOF<br />
<br />
RHEL8<br />
<br />
$ cat > /etc/yum.repos.d/zimbra-onlyoffice.repo <<EOF<br />
[zimbra-onlyoffice]<br />
name=Zimbra Onlyoffice RPM Repository<br />
baseurl=<nowiki>https://repo.zimbra.com/rpm/onlyoffice/rhel8</nowiki><br />
gpgcheck=1<br />
enabled=1<br />
EOF<br />
<br />
rpm --import https://files.zimbra.com/downloads/security/public.key<br />
yum --disablerepo=* --enablerepo=zimbra-onlyoffice clean metadata<br />
yum check-update --disablerepo=* --enablerepo=zimbra-onlyoffice --noplugins<br />
<br />
<br />
'''Ubuntu'''<br />
<br />
UBUNTU18<br />
<br />
$ cat > /etc/apt/sources.list.d/zimbra-onlyoffice.list << EOF<br />
deb [arch=amd64] <nowiki>https://repo.zimbra.com/apt/onlyoffice bionic zimbra</nowiki><br />
deb-src [arch=amd64] <nowiki>https://repo.zimbra.com/apt/onlyoffice bionic zimbra</nowiki><br />
EOF<br />
<br />
UBUNTU20<br />
<br />
$ cat > /etc/apt/sources.list.d/zimbra-onlyoffice.list << EOF<br />
deb [arch=amd64] <nowiki>https://repo.zimbra.com/apt/onlyoffice focal zimbra</nowiki><br />
deb-src [arch=amd64] <nowiki>https://repo.zimbra.com/apt/onlyoffice focal zimbra</nowiki><br />
EOF<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79<br />
apt-get update<br />
<br />
<div style="padding:1%; color:#f68b1f; font-size:19px;" ><br />
'''IMPORTANT: Zimbra OpenSSL with default FIPS Configuration '''<br />
<br />
* Please be advised that, TLS 1.2 is the minimum supported version if FIPS is being used with OpenSSL 3.0. We recommend using Zimbra with strong TLS configuration for increased security. Please follow instructions in '''[https://wiki.zimbra.com/wiki/Cipher_suites Cipher-suites-wiki]''' to set correct ciphers as per current versions of openssl, nginx and postfix.<br />
<br />
<br />
* From this patch going forward Zimbra OpenSSL will be configured to work with FIPS compliance enabled by default. You do not need to take any action, unless you run into issues, you can switch to the non-FIPS provider as follows:<br />
<br />
* Run below commands to Enable/Disable FIPS providers on all servers. <br />
<br />
Disable FIPS provider: <br />
As root user run below commands<br/><br />
Take backup of openssl.cnf<br />
cd /opt/zimbra/common/etc/ssl<br />
cp openssl.cnf <backup-path>/openssl.cnf<br /><br />
Copy openssl-source.cnf file<br />
cd /opt/zimbra/common/etc/ssl<br />
cp openssl-source.cnf openssl.cnf<br/><br />
Verify that, FIPS provider is disabled:<br />
Run below command and verify fips provider is not listed<br />
/opt/zimbra/common/bin/openssl list --providers<br/><br />
As zimbra user run below commands<br />
su - zimbra<br />
zmcontrol restart <br />
<br />
Enable FIPS provider: <br />
As root user run below commands<br/><br />
Take backup of openssl.cnf<br />
cd /opt/zimbra/common/etc/ssl<br />
cp openssl.cnf <backup-path>/openssl.cnf<br/><br />
Copy openssl-fips.cnf file<br />
cd /opt/zimbra/common/etc/ssl<br />
cp openssl-fips.cnf openssl.cnf<br/><br />
Verify that, FIPS provider is enabled:<br />
Run below command and verify fips provider is listed<br />
/opt/zimbra/common/bin/openssl list --providers<br/><br />
As zimbra user run below commands<br />
su - zimbra<br />
zmcontrol restart <br />
<br />
</div><br />
<br />
=Security Fixes=<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"| OpenJDK has been upgraded to version 17.0.8 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"|[[https://nvd.nist.gov/vuln/detail/CVE-2023-21930 CVE-2023-21930] [https://nvd.nist.gov/vuln/detail/CVE-2022-21476 CVE-2022-21476] [https://nvd.nist.gov/vuln/detail/CVE-2022-21449 CVE-2022-21449]<br />
|style="border: solid #ffffff; text-align: center;"| High<br />
|-<br />
|style="border: solid #ffffff;"| Fixed a vulnerability where an auth token was possible to be obtained.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-48432 CVE-2023-48432]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"| Certbot now adopts ECDSA secp256r1 (P-256) certificate private keys as the default for all newly generated certificates. Zimbra has also introduced support for ECDSA secp256r1 (P-256) certificate private keys in new certificates.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"| Modern UI was vulnerable to DOM-based Javascript injection. Security related issues have been fixed to prevent it.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-50808 CVE-2023-50808]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|}<br />
<br />
<br />
=Migration Support for Daffodil v10=<br />
<br />
This patch release provides migration support to enable the customers running 8.8.15 or 9.0.0 version with NG modules, to migrate to Daffodil v10:<br />
<br />
'''Key Highlights''':<br />
* Single Node or Multi Node: Whether your setup is a Single Node or Multi Node configuration, the Migration Support covers both types of setups.<br />
* NG HSM Migration:<br />
** Provides support to migrate the setups using NG HSM - Internal and External volumes.<br />
** Supports migrating the following External S3 providers - Amazon S3, Ceph, EMC, NetApp StorageGrid, Scality.<br />
** For setups using S3 providers, with or without Centralized Storage, the migration supports a blobless migration process.<br />
'''Documentation''':<br />
* The documentation covers both Single-Node and Multi-Node migration scenarios. Please refer to the Migration Resources section at https://www.zimbra.com/product/documentation/.<br />
* We recommend that you carefully review the migration documentation, plan your migration schedule, and engage with our support team if you encounter any challenges during the process.<br />
'''Zimbra Connect/Chat''':<br />
* Please note that the migration support for NG Connect / Chat modules is not included in this release. Please contact our Sales or Support team for more guidance on this.<br />
For any further queries, please reach out to our support team. <br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* The OpenJDK package has been upgraded from 17.0.2 to 17.0.8<br />
</div><br />
<br />
== Zimbra Collaboration ==<br />
* On an NG-based rolling-upgrade setup, when either sharer or sharee is not moved to the Zimbra-10 server and the drive data is imported through the NG Migration utility, the drive files sharing information was not available. The issue has been fixed and the shared files will now be available after the import.<br />
<br />
<br />
== Classic Web App ==<br />
* French translations have been updated in the Classic UI.<br />
<br />
'''General'''<br />
* Distribution Lists are now available when choosing contacts in email via "Choose contacts" popup.<br />
* Users can select a mail and then select the newly added "Edit as new" option in Modern UI to create a new mail while retaining the recipients, subject and body of the mail.<br />
* A new Out Of Office configuration has been added in Modern UI. The users can use this option - "Send custom message to those not in my organization and address book", to send custom message to contacts who are not in user's organization and address book.<br />
* A separate "Trash" folder and context menu has been implemented for Calendar vertical in Modern UI.<br />
<br />
<br />
'''Mail'''<br />
* Users who have the required permissions will be able expand a distribution list in Modern UI mail compose window.<br />
<br />
<br />
'''Calendar'''<br />
* Users can now select the members of a distribution list as receivers when composing an email.<br />
<br />
<br />
== Zimbra Connector for Outlook ==<br />
* HTML signature with image created from ZCO is now synced to the Zimbra Web App.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
<br />
== Zimbra Collaboration ==<br />
* On a setup with a large number of accounts (in millions), an LDAP query executed for retrieving all accounts resulted in a timeout exception. A fix has been made to skip the LDAP query if the license issued is of unlimited accounts. ZBUG-3655<br />
* When composing a message, users can now attach a .p7m extension file. ZBUG-3621<br />
* To improve logging, a new local config attribute '''zimbra_additional_logging''' has been introduced. The default value is set to FALSE. When TRUE, it will log the following events: ZBUG-3565<br />
** Login attempts of non-existing users in the case of Web Client, POP3, IMAP, SMTP, and ActiveSync are now logged in audit.log with client/source IP.<br />
** Login attempts of non-existing users in the case of POP3, IMAP, and ActiveSync are now in mailbox.log with client/source IP.<br />
** Login attempts of existing users in the case of ActiveSync are now logged in mailbox.log with client/source IP.<br />
* In some scenarios, the external message warning was not being appended in the email when received from Gmail. The issue has been fixed. ZBUG-3132<br />
<br />
== Classic Web App ==<br />
* Files with .p7s extension were restricted as attachments due to security concerns. However the security concern is only applicable when SMIME is enabled. Hence, .p7s files can now be added as attachments when SMIME is disabled. ZBUG-2370<br />
<br />
== Zimbra Mobile ==<br />
* When deleting an appointment from mobile by the invitee, it resulted in deleting appointments for other invitees too. The issue has been fixed. ZBUG-3667<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
<br />
'''Important Upgrade Instructions for Daffodil v10 version older than build 10.0.0_GA_4452'''<br />
<br />
If you are currently using the Beta version build of Daffodil v10 (10.0.0_GA_4452), please follow these upgrade instructions:<br />
<br />
* Upgrade to the latest GA Version build 10.0.0_GA_4518: It is crucial to first upgrade to the latest GA version before proceeding with any further updates. This latest GA release includes essential updates, including modifications to the database schema and various other feature improvements.<br />
* Upgrade to 10.0.5 Patch: Once you have successfully upgraded to the latest GA version build 10.0.0_GA_4518, you can proceed with the upgrade to the 10.0.5 patch. This patch release addresses specific issues and introduces further enhancements.<br />
<br />
By following this upgrade path, you ensure that your system is properly updated, incorporating the necessary database schema changes and other critical updates introduced in the latest GA build.<br />
<br/><br />
<br/><br />
<br />
'''Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.'''<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
<br />
= Known Issues =<br />
<br />
== Zimbra Collaboration ==<br />
* On a NG based rolling-upgrade setup, when either sharer or sharee is not moved to zimbra-10 server and the drive data is imported through the NG Migration utility, the drive files sharing information is not available. Hence, the shared files are not available after the import.<br />
Workaround - Before importing the Drive data for the users, move the sharee and sharer from NG server to zimbra-10 server. <br />
* When upgrading to Zimbra 10 using the rolling upgrade mechanism, if a user on Zimbra 10 shares a Briefcase file with a user on Zimbra 9, then while UI will display a 'Permission denied' error to the user on Zimbra 10, the user on Zimbra 9 still ends up receiving an email that the file has been shared. Even though the mail is received by the Zimbra 9 user, they will not be able to access the file, as the file sharing feature is not available in Zimbra 9.<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users. <br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE. <br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors.<br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase. <br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Admin Web Console ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue. <br />
<br />
== Mobile Sync ==<br />
* On iOS Native App, if the Mail, Calendar, and Contacts folders are shared with the user, the shares are not displayed on the App.Similarly, for Windows Outlook and Windows Native Contacts App, if the Contacts folder is shared with the user, the shares are not displayed on the App. <br />
Workaround - The user will have to reconfigure his account on the device to get the shares mounted on the device. <br />
* Exchange ActiveSync protocol currently does not support Read-Only permission sharing. It is recommended not to enable Sharing for the users having shares with Read-Only permission.<br />
* In a Rolling-upgrade environment, if a zimbra-9 user shares a calendar with zimbra-10 user, the events are not synced. <br />
Workaround - For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server. <br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App. <br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
<br />
== Backup Restore ==<br />
* When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are 'External', and zimbraBackupSkipBlobs is set to True, then emails moved secondary volume throw 'Missing Blob for item' error.<br />
* When an account is restored using backup data from NG external secondary volume, the account is displaying garbled data for emails on the destination server.<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== HSM ==<br />
* On the NG server, if you are using OpenIO as an external volume to store your Primary/Secondary data and do an in-place upgrade to Patch 10.0.5, then the emails present on the OpenIO store appear garbled. Currently, no workaround is available for this issue and our engineering team is working on it.<br />
<br />
= Packages = <br />
The package lineup for this release is:<br />
<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 10.0.6.1702555719-2 <br />
zimbra-mta-patch -> 10.0.6.1697713310-1 <br />
zimbra-proxy-patch -> 10.0.6.1697713310-1 <br />
zimbra-ldap-patch -> 10.0.6.1697713310-1 <br />
zimbra-openjdk-cacerts -> 1.0.10-1zimbra8.7b1 <br />
zimbra-openjdk -> 17.0.8-1zimbra8.8b1 <br />
zimbra-core-components -> 4.0.2-1zimbra10.0b1 <br />
zimbra-ldap-components -> 3.0.2-1zimbra10.0b1 <br />
zimbra-zco -> 9.0.0.1938.1701268058-1 <br />
zimbra-mbox-webclient-war -> 10.0.6.1701417562-1 <br />
zimbra-license-tools -> 10.0.6.1701325518-1 <br />
zimbra-common-core-jar -> 10.0.6.1701334761-1 <br />
zimbra-modules-porter -> 1.0.0.1701436866-1 <br />
zimbra-modern-ui -> 4.35.0.1701332224-1 <br />
zimbra-modern-zimlets -> 4.35.0.1701332224-1 <br />
zimbra-zimlet-additional-signature-setting -> 9.1.0.1701364050-1 <br />
zimbra-zimlet-ads -> 9.2.0.1701364050-1 <br />
zimbra-zimlet-calendar-subscription -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-date -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-duplicate-contacts -> 6.3.0.1701364050-1 <br />
zimbra-zimlet-emptysubject -> 3.2.0.1701364050-1 <br />
zimbra-zimlet-install-pwa -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-org-chart -> 3.2.0.1701364050-1 <br />
zimbra-zimlet-privacy-protector -> 5.3.0.1701364050-1 <br />
zimbra-zimlet-restore-contacts -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-secure-mail -> 2.4.0.1701364050-1 <br />
zimbra-zimlet-set-default-client -> 10.3.0.1701364050-1 <br />
zimbra-zimlet-sideloader -> 8.2.0.1701364050-1 <br />
zimbra-zimlet-user-feedback -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-user-sessions-management -> 10.2.0.1701364050-1 <br />
zimbra-zimlet-web-search -> 5.2.0.1701364050-1 <br />
zimbra-zimlet-document-editor -> 11.2.0.1701364050-1<br />
<br />
{{PatchInstallationLink_10.0.0|Version=10.0.6| <br />
}}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P45&diff=70205Zimbra Releases/8.8.15/P452023-12-19T11:49:21Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 45 GA Release =<br />
<br />
<div class="col-md-9"><br />
<div style="font-size:14px;" ><br />
Release Date: '''December 18, 2023'''<br />
</div><br />
<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' steps for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Blank email issue on ZCO ==<br />
<br />
<div style="padding:1%; color:#008000;font-size:16px;" ><br />
<br />
After recent Microsoft updates (Version 2310, 2311), customers reported an intermittent issue that when sending a message from ZCO, it is delivered as a blank message to the recipient. The issue is not consistently reproducible and there are no definite steps to reproduce it. There have been no changes in the ZCO product that caused the issue, as we found this issue is not seen on Outlook versions not having the latest Microsoft patch. Our engineering team has also submitted a [https://answers.microsoft.com/en-us/outlook_com/forum/outlk_win-outtop_new-outsub_ofb/email-body-blankempty-when-mail-is-sent-from-draft/b1daff6e-a6f3-42ca-86ca-b8211d9b43bd post] on Microsoft forums asking for their immediate attention. We are also analyzing the issue and trying to find a root cause and feasible solution for the ZCO product. We will update as soon as we have an ETA on the fix.<br />
<br />
For the customers facing the issue, the workaround is to downgrade their Outlook to the previous version.<br />
<br />
</div><br />
<br />
<div style="padding:1%; color:#f68b1f;font-size:19px;" ><br />
'''Joule-8.8.15 End of Life (EOL) Notice'''<br />
<br />
Joule-8.8.15 is set to reach its End of Life on '''December 31, 2023'''. This marks the final patch release for the version, and no further updates will be provided after this date. Customers using Joule-8.8.15 are advised to plan their migration to a supported version to ensure continued security and access to the latest features. For assistance during this transition, our support team is available to address any inquiries.<br />
</div><br />
<br />
<div style="padding:1%; color:#f68b1f;font-size:19px;" ><br />
'''NOTICE: OpenJDK cacert Package Upgrade'''<br />
<br />
Please follow the instructions:<br />
<br />
Install zimbra-core-components before the patch upgrade on the mailstore node.<br />
apt-get install zimbra-core-components (For Ubuntu)<br />
yum install zimbra-core-components (For RHEL/Centos/Rocky Linux)<br />
<br />
While deploying zimlets, if the following error is encountered<br />
Enabling Zimlet zimbra-zimlet-secure-mail<br />
ERROR: zclient.IO_ERROR (invoke PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, server: localhost) (cause: javax.net.ssl.SSLHandshakeException PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)<br />
*** zimbra-zimlet-secure-mail Installation Completed. ***<br />
*** Restart the mailbox service as zimbra user. Run ***<br />
<br />
then, redeploy zimlets that are throwing error in the patch upgrade<br />
zmzimletctl -l deploy <zimlet.zip file name><br />
<br />
</div><br />
<br />
== Change in upgrade process for 8.8.15 Patch 45== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[[#Patch Installation|Patch Installation]]''' steps to install the packages in its order. <br />
</div><br />
<br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"|OpenJDK has been upgraded to version 17.0.8 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-21930 CVE-2023-21930] [https://nvd.nist.gov/vuln/detail/CVE-2022-21476 CVE-2022-21476] [https://nvd.nist.gov/vuln/detail/CVE-2022-21449 CVE-2022-21449]<br />
|style="border: solid #ffffff; text-align: center;"| High<br />
|-<br />
|style="border: solid #ffffff;"|Fixed a vulnerability where an auth token was possible to be obtained.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-48432 CVE-2023-48432]<br />
|style="border: solid #ffffff; text-align: center;"| High<br />
|-<br />
|style="border: solid #ffffff;"| Certbot now adopts ECDSA secp256r1 (P-256) certificate private keys as the default for all newly generated certificates. Zimbra has also introduced support for ECDSA secp256r1 (P-256) certificate private keys in new certificates.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
<br />
= Migration to Daffodil v10 =<br />
<br />
Support for migrating customers running the 8.8.15 version with NG modules has now been added to the Daffodil 10.0.6 Patch Release. Please refer to [https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.6#Migration_Support_for_Daffodil_v10 Daffodil 10.0.6 Release Notes] for more details. Please make sure the server's are upgraded to latest 8.8.15 patch release before the migration. <br />
<br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* The OpenJDK package has been upgraded from 17.0.2 to 17.0.8<br />
</div><br />
<br />
<br />
= Fixed Issues =<br />
<br />
<br />
== Zimbra Collaboration ==<br />
* On a setup with a large number of accounts (in millions), an LDAP query executed for retrieving all accounts resulted in a timeout exception. A fix has been made to skip the LDAP query if the license issued is of unlimited accounts. ZBUG-3655<br />
* In some scenarios, the external message warning was not being appended in the email when received from Gmail. The issue has been fixed. ZBUG-3132<br />
<br />
<br />
= Known Issues =<br />
<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Installation]]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
= Packages = <br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1701429424.p45-1 <br />
zimbra-mta-patch -> 8.8.15.1701429424.p45-1 <br />
zimbra-proxy-patch -> 8.8.15.1701429424.p45-1 <br />
zimbra-ldap-patch -> 8.8.15.1701429424.p45-1 <br />
zimbra-openjdk-cacerts -> 1.0.10-1zimbra8.7b1 <br />
zimbra-openjdk -> 17.0.8-1zimbra8.8b1 <br />
zimbra-core-components -> 2.0.26-1zimbra8.8b1 <br />
zimbra-ldap-components -> 1.0.26-1zimbra8.8b1 <br />
zimbra-common-core-jar -> 8.8.15.1701335039-1 <br />
zimbra-mbox-webclient-war -> 8.8.15.1701417049-1 <br />
<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1701429424.p45-2 <br />
zimbra-zco -> 8.8.15.1938.1701268058-1 <br />
zimbra-network-modules-ng -> 6.0.41.1701755985-1<br />
<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 45:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]<br />
<br />
= Quick note: Open Source repo =<br />
The steps to download, build, and see our code via Github can be found here:<br />
[https://github.com/Zimbra/zm-build https://github.com/Zimbra/zm-build]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P38&diff=70204Zimbra Releases/9.0.0/P382023-12-19T11:49:14Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 38 GA Release =<br />
<div style="font-size:14px;" ><br />
Release Date: '''December 18, 2023'''<br />
</div><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''' and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
== Blank email issue on ZCO ==<br />
<br />
<div style="padding:1%; color:#008000;font-size:16px;" ><br />
<br />
After recent Microsoft updates (Version 2310, 2311), customers reported an intermittent issue that when sending a message from ZCO, it is delivered as a blank message to the recipient. The issue is not consistently reproducible and there are no definite steps to reproduce it. There have been no changes in the ZCO product that caused the issue, as we found this issue is not seen on Outlook versions not having the latest Microsoft patch. Our engineering team has also submitted a [https://answers.microsoft.com/en-us/outlook_com/forum/outlk_win-outtop_new-outsub_ofb/email-body-blankempty-when-mail-is-sent-from-draft/b1daff6e-a6f3-42ca-86ca-b8211d9b43bd post] on Microsoft forums asking for their immediate attention. We are also analyzing the issue and trying to find a root cause and feasible solution for the ZCO product. We will update as soon as we have an ETA on the fix.<br />
<br />
For the customers facing the issue, the workaround is to downgrade their Outlook to the previous version.<br />
<br />
</div><br />
<br />
<div style="padding:1%; color:#f68b1f;font-size:19px;" ><br />
'''NOTICE: OpenJDK cacert Package Upgrade'''<br />
<br />
Please follow the instructions:<br />
<br />
Install zimbra-core-components before the patch upgrade on the mailstore node.<br />
apt-get install zimbra-core-components (For Ubuntu)<br />
yum install zimbra-core-components (For RHEL/Centos/Rocky Linux)<br />
<br />
While deploying zimlets, if the following error is encountered<br />
Enabling Zimlet zimbra-zimlet-secure-mail<br />
ERROR: zclient.IO_ERROR (invoke PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, server: localhost) (cause: javax.net.ssl.SSLHandshakeException PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)<br />
*** zimbra-zimlet-secure-mail Installation Completed. ***<br />
*** Restart the mailbox service as zimbra user. Run ***<br />
<br />
then, redeploy zimlets that are throwing error in the patch upgrade<br />
zmzimletctl -l deploy <zimlet.zip file name><br />
<br />
</div><br />
<br />
== Deprecation of Zimbra Server on Ubuntu 16.04 ==<br />
<br />
Ubuntu 16.04 End of life occurred on April 29, 2021. Zimbra will deprecate Kepler 9.0.0 support for Ubuntu 16.04 as of '''December 31, 2023'''. At this date, there will no longer be any patch release for Zimbra Kepler 9.0.0 on Ubuntu 16.04 operating system. We encourage all our new customer's to use '''Ubuntu 20.04''' for all their new installations.<br />
<br />
For questions or guidance with upgrading your operating system please open a support case and our Support team is here to assist you.<br />
<br />
== Change in upgrade process for 9.0.0 Patch 38 == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[[#Patch Installation|Patch Installation]]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"| OpenJDK has been upgraded to version 17.0.8 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-21930 CVE-2023-21930] [https://nvd.nist.gov/vuln/detail/CVE-2022-21476 CVE-2022-21476] [https://nvd.nist.gov/vuln/detail/CVE-2022-21449 CVE-2022-21449]<br />
|style="border: solid #ffffff; text-align: center;"| High<br />
|-<br />
|style="border: solid #ffffff;"| Fixed a vulnerability where an auth token was possible to be obtained .<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-48432 CVE-2023-48432]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"| Certbot now adopts ECDSA secp256r1 (P-256) certificate private keys as the default for all newly generated certificates. Zimbra has also introduced support for ECDSA secp256r1 (P-256) certificate private keys in new certificates.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"| Modern UI was vulnerable to DOM-based Javascript injection. Security related issues have been fixed to prevent it.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-50808 CVE-2023-50808]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration. '''<br />
<br />
<br />
= Migration to Daffodil v10 =<br />
<br />
Support for migrating customers running the 9.0.0 version with NG modules has now been added to the Daffodil 10.0.6 Patch Release. Please refer to [https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.6#Migration_Support_for_Daffodil_v10 Daffodil 10.0.6 Release Notes] for more details. Please make sure the server's are upgraded to latest 9.0.0 patch release before the migration.<br />
<br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* The OpenJDK package has been upgraded from 17.0.2 to 17.0.8<br />
</div><br />
<br />
== Modern Web App ==<br />
<br />
<br />
'''General'''<br />
* Distribution Lists are now available when choosing contacts in email via "Choose contacts" popup.<br />
* Users can select a mail and then select the newly added "Edit as new" option in Modern UI to create a new mail while retaining the recipients, subject and body of the mail. <br />
* A new Out Of Office configuration has been added in Modern UI. The users can use this option - "Send custom message to those not in my organization and address book", to send custom message to contacts who are not in user's organization and address book.<br />
* A separate "Trash" folder and context menu has been implemented for Calendar vertical in Modern UI.<br />
<br />
<br />
'''Mail'''<br />
* Users who have the required permissions will be able expand a distribution list in Modern UI mail compose window.<br />
<br />
<br />
'''Calendar'''<br />
* Users can now select the members of a distribution list as receivers when composing an email.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
<br />
== Zimbra Collaboration ==<br />
* On a setup with a large number of accounts (in millions), an LDAP query executed for retrieving all accounts resulted in a timeout exception. A fix has been made to skip the LDAP query if the license issued is of unlimited accounts. ZBUG-3655<br />
* To improve logging, a new local config attribute '''zimbra_additional_logging''' has been introduced. The default value is set to FALSE. When TRUE, it will log the following events: ZBUG-3565<br />
** Login attempts of non-existing users in the case of Web Client, POP3, IMAP, SMTP, and ActiveSync are now logged in audit.log with client/source IP.<br />
** Login attempts of non-existing users in the case of POP3, IMAP, and ActiveSync are now in mailbox.log with client/source IP.<br />
** Login attempts of existing users in the case of ActiveSync are now logged in mailbox.log with client/source IP. <br />
* In some scenarios, the external message warning was not being appended in the email when received from Gmail. The issue has been fixed. ZBUG-3132<br />
<br />
== Classic Web App ==<br />
* Files with .p7s extension were restricted as attachments due to security concerns. However the security concern is only applicable when SMIME is enabled. Hence, .p7s files can now be added as attachments when SMIME is disabled. ZBUG-2370<br />
<br />
<br />
== Admin Web Console ==<br />
* "Reject common passwords" feature requires LDAP attributes which were not present in Zimbra 9, hence the feature checkbox has removed from the Admin Console, from the paths -> Home > Configure > Class of Service > cosName > Advanced > Password section and Home > Manage > Accounts > userAccount > Advanced > Password section. However the full feature continues to be available on Zimbra 10. ZBUG-2871<br />
<br />
<br />
= Known Issues =<br />
* Clicking on Settings Icon after exporting contacts causes the user interface to freeze. To fix it, reload the page.<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 9.0.0.1701443092.p38-2 <br />
zimbra-mta-patch -> 9.0.0.1701433211.p38-1 <br />
zimbra-proxy-patch -> 9.0.0.1701433211.p38-1 <br />
zimbra-ldap-patch -> 9.0.0.1701433211.p38-1 <br />
zimbra-openjdk-cacerts -> 1.0.10-1zimbra8.7b1 <br />
zimbra-openjdk -> 17.0.8-1zimbra8.8b1 <br />
zimbra-core-components -> 3.0.22-1zimbra9.0b1 <br />
zimbra-ldap-components -> 2.0.16-1zimbra9.0b1 <br />
zimbra-zco -> 9.0.0.1938.1701268058-1 <br />
zimbra-mbox-webclient-war -> 9.0.0.1701417438-1 <br />
zimbra-mbox-admin-console-war -> 9.0.0.1695719560-1 <br />
zimbra-license-tools -> 9.0.0.1701325158-1 <br />
zimbra-common-core-jar -> 9.0.0.1701335628-1 <br />
zimbra-modern-ui -> 4.35.0.1701332224-1 <br />
zimbra-modern-zimlets -> 4.35.0.1701332224-1 <br />
zimbra-zimlet-additional-signature-setting -> 9.1.0.1701364050-1 <br />
zimbra-zimlet-ads -> 9.2.0.1701364050-1 <br />
zimbra-zimlet-calendar-subscription -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-date -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-duplicate-contacts -> 6.3.0.1701364050-1 <br />
zimbra-zimlet-emptysubject -> 3.2.0.1701364050-1 <br />
zimbra-zimlet-install-pwa -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-org-chart -> 3.2.0.1701364050-1 <br />
zimbra-zimlet-privacy-protector -> 5.3.0.1701364050-1 <br />
zimbra-zimlet-restore-contacts -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-secure-mail -> 2.4.0.1701364050-1 <br />
zimbra-zimlet-set-default-client -> 10.3.0.1701364050-1 <br />
zimbra-zimlet-sideloader -> 8.2.0.1701364050-1 <br />
zimbra-zimlet-user-feedback -> 7.2.0.1701364050-1 <br />
zimbra-zimlet-user-sessions-management -> 10.2.0.1701364050-1 <br />
zimbra-zimlet-web-search -> 5.2.0.1701364050-1 <br />
zimbra-zimlet-briefcase-edit-lool -> 4.3.0.1701364050-1 <br />
zimbra-network-modules-ng -> 7.0.32.1701756214-1<br />
<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 38:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P44&diff=70147Zimbra Releases/8.8.15/P442023-10-19T09:36:56Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 44 GA Release =<br />
<br />
<div class="col-md-9"><br />
<div style="font-size:14px;" ><br />
Release Date: '''October 19, 2023'''<br />
</div><br />
<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' steps for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Change in upgrade process for 8.8.15 Patch 44== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[http://wiki.eng.zimbra.com/index.php/Zimbra_Releases/8.8.15/Patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"|A security related issue has been fixed to prevent javascript injection through help files.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2007-1280 CVE-2007-1280]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"|A security related issue has been fixed which impacted one of the third party libraries being used in Admin User Inferface.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2020-7746 CVE-2020-7746]<br />
|style="border: solid #ffffff; text-align: center;"| High<br />
|-<br />
|style="border: solid #ffffff;"| An XSS vulnerability was observed when a PDF containing malicious Javascript code was uploaded in Briefcase.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-45207 CVE-2023-45207]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"| Multiple possible cross-site scripting (XSS) vulnerabilities were observed in the robohelp package. The package has now been made optional. This means that users will now be access help documentation at the URL - https://www.zimbra.com/documentation/.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-45206 CVE-2023-45206]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
<br />
= Migration to Daffodil v10 =<br />
<br />
Support for migrating customers running the 8.8.15 version with NG modules has now been added to the Daffodil 10.0.5 Patch Release. Please refer to [https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.5#Migration_Support_for_Daffodil_v10 Daffodil 10.0.5 Release Notes] for more details. Please make sure the server's are upgraded to latest 8.8.15 patch release before the migration. <br />
<br />
<br />
= What's New =<br />
<br />
== Zimbra Web Client (ZWC) ==<br />
* A security related issue has been fixed to prevent account takeover by stealing user cookies.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
<br />
== Zimbra Collaboration ==<br />
* When installing Zimrba, the following OS packages will get installed as Zimbra dependencies - rsyslog, net-tools, libcap2-bin. ZBUG-2931<br />
<br />
== Zimbra Web Client (ZWC) ==<br />
* Appointments were displayed an hour earlier in the calendar when the timezone was set to some of the CST timezone like Guadalajara. ZBUG-3414<br />
* America/Mexico_City events were scheduled one hour before the time those events are supposed to happen, when the events were sent from non-zimbra external calendar services. ZBUG-3395<br />
* Hyperlink on images in emails did not work when using "Conversation View" ZBUG-3322<br />
* In the Classic UI webmail when used with the Chrome browser, the print preview and actual print would appear on the next page following the email details. ZBUG-3198<br />
<br />
== Admin Web Console ==<br />
* On every refresh, the queue length value in the admin console was added, which resulted in impacting the performance. ZBUG-1571<br />
<br />
== Zimbra Connector for Outlook ==<br />
* When setting up ZCO for the first time, if no password is specified, an empty Outlook profile is created. When Outlook is opened again, the user just needs to provide his password to proceed. Earlier, the user had to specify the server and username again. ZBUG-3472<br />
* For a shared contact folder, modification done to the "Display As" field through Web Client will be reflected in ZCO. ZBUG-1421<br />
<br />
<br />
= Known Issues =<br />
<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Installation]]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
= Packages = <br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1695280930.p44-1 <br />
zimbra-mta-patch -> 8.8.15.1695280930.p44-1 <br />
zimbra-proxy-patch -> 8.8.15.1695280930.p44-1 <br />
zimbra-ldap-patch -> 8.8.15.1695280930.p44-1 <br />
zimbra-timezone-data -> 2.0.1.1695220016-1 <br />
zimbra-mbox-admin-console-war -> 8.8.15.1695221315-1 <br />
zimbra-mbox-webclient-war -> 8.8.15.1695228148-1 <br />
zimbra-os-requirement -> 1.0.3-1zimbra8.7b1 <br />
zimbra-core-components -> 2.0.25-1zimbra8.8b1 <br />
zimbra-ldap-components -> 1.0.25-1zimbra8.8b1 <br />
zimbra-help -> 1.0.0.1695382552-1 <br />
zimbra-modules-porter -> 1.0.0.1697562643-1 <br />
<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1695375646.p44-2 <br />
zimbra-zco -> 8.8.15.1937.1695364924-1<br />
<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 44:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]<br />
<br />
= Quick note: Open Source repo =<br />
The steps to download, build, and see our code via Github can be found here:<br />
[https://github.com/Zimbra/zm-build https://github.com/Zimbra/zm-build]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P37&diff=70146Zimbra Releases/9.0.0/P372023-10-19T09:36:08Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 37 GA Release =<br />
<div style="font-size:14px;" ><br />
Release Date: '''October 19, 2023'''<br />
</div><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''' and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
== Change in upgrade process for 9.0.0 Patch 37 == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[http://wiki.eng.zimbra.com/index.php/Zimbra_Releases/9.0.0/Patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"|A security related issue has been fixed to prevent javascript injection through help files.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2007-1280 CVE-2007-1280]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"|A security related issue has been fixed which impacted one of the third party libraries being used in Admin User Inferface.<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2020-7746 CVE-2020-7746]<br />
|style="border: solid #ffffff; text-align: center;"| High<br />
|-<br />
|style="border: solid #ffffff;"| An XSS vulnerability was observed when a PDF containing malicious Javascript code was uploaded in Briefcase.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-45207 CVE-2023-45207]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|-<br />
|style="border: solid #ffffff;"| Multiple possible cross-site scripting (XSS) vulnerabilities were observed in the robohelp package. The package has now been made optional. This means that users will now be access help documentation at the URL - https://www.zimbra.com/documentation/.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-45206 CVE-2023-45206]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration. '''<br />
<br />
<br />
= Migration to Daffodil v10 =<br />
<br />
Support for migrating customers running the 9.0.0 version with NG modules has now been added to the Daffodil 10.0.5 Patch Release. Please refer to [https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.5#Migration_Support_for_Daffodil_v10 Daffodil 10.0.5 Release Notes] for more details. Please make sure the server's are upgraded to latest 9.0.0 patch release before the migration.<br />
<br />
<br />
= What's New =<br />
<br />
== Zimbra Web Client (ZWC) ==<br />
* A security related issue has been fixed to prevent account takeover by stealing user cookies.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
<br />
== Zimbra Collaboration ==<br />
* When installing Zimrba, the following OS packages will get installed as Zimbra dependencies - rsyslog, net-tools, libcap2-bin. ZBUG-2931<br />
<br />
== Classic Web App ==<br />
* Appointments were displayed an hour earlier in the calendar when the timezone was set to some of the CST timezone like Guadalajara. ZBUG-3414<br />
* America/Mexico_City events were scheduled one hour before the time those events are supposed to happen, when the events were sent from non-zimbra external calendar services. ZBUG-3395<br />
* Hyperlink on images in emails did not work when using "Conversation View" ZBUG-3322<br />
* In the Classic UI webmail when used with the Chrome browser, the print preview and actual print would appear on the next page following the email details. ZBUG-3198<br />
<br />
== Admin Web Console ==<br />
* On every refresh, the queue length value in the admin console was added, which resulted in impacting the performance. ZBUG-1571<br />
<br />
== Modern Web App ==<br />
<br />
<br />
'''General'''<br />
* Modern Web App did not display the "Show Original" option in right-click context menu. ZBUG-3442<br />
* The read/unread flag was incorrectly displayed in the right click context menu. ZBUG-3436<br />
* Full day events were displayed as spanning multiple days when the event involved change of Day Light Savings e.g. last Sunday of March/October in Germany. ZBUG-3422<br />
* Sharing calendar using 'Modern UI' with the permission 'view free/busy times only' ended up sharing calendar with 'view' permission. ZBUG-3345<br />
<br />
== Zimbra Connector for Outlook ==<br />
* When setting up ZCO for the first time, if no password is specified, an empty Outlook profile is created. When Outlook is opened again, the user just needs to provide his password to proceed. Earlier, the user had to specify the server and username again. ZBUG-3472<br />
* For a shared contact folder, modification done to the "Display As" field through Web Client will be reflected in ZCO. ZBUG-1421<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
zimbra-patch -> 9.0.0.1695375811.p37-2 <br />
zimbra-mta-patch -> 9.0.0.1695283864.p37-1 <br />
zimbra-proxy-patch -> 9.0.0.1695283864.p37-1 <br />
zimbra-ldap-patch -> 9.0.0.1695283864.p37-1 <br />
zimbra-os-requirements -> 1.0.3-1zimbra8.7b1 <br />
zimbra-core-components -> 3.0.21-1zimbra9.0b1 <br />
zimbra-ldap-components -> 2.0.15-1zimbra9.0b1 <br />
zimbra-timezone-data -> 3.0.0.1695219872-1 <br />
zimbra-mbox-admin-console-war -> 9.0.0.1695221143-1 <br />
zimbra-mbox-webclient-war -> 9.0.0.1695227186-1 <br />
zimbra-help -> 1.0.0.1695382552-1 <br />
zimbra-zco -> 9.0.0.1937.1695364924-1 <br />
zimbra-modern-ui -> 4.34.0.1695297927-1 <br />
zimbra-modern-zimlets -> 4.34.0.1695297927-1 <br />
zimbra-modules-porter -> 1.0.0.1697562643-1<br />
<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 37:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P42&diff=70052Zimbra Releases/8.8.15/P422023-08-23T17:45:32Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 42 GA Release =<br />
<br />
<div class="col-md-9"><br />
<div style="font-size:14px;" ><br />
Release Date: '''August 23, 2023'''<br />
</div><br />
<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' steps for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
<br />
<div style="padding:1%; color:#008000;font-size:19px;" ><br />
'''NOTICE: One-Click vulnerability'''<br />
<br />
A one-click security vulnerability in all versions of Zimbra Collaboration Suite has been discovered that could allow an unauthenticated attacker to gain access to a Zimbra account.<br />
<br />
The patch will remove 3 files after which a mailbox restart is required, in case you cannot install the latest patch, manual mitigation steps (really simple ones) will be available via [https://support.zimbra.com Zimbra Support Portal].<br />
<br />
For customer's installing the patch on multi-server environment, the changes are applicable only to the Mailstore node. No packages will be installed on other nodes - MTA, Proxy, LDAP. So after applying this patch, the updated patch version will only be displayed for Mailstore node. The other nodes will continue to display previous installed patch version as '''Patch 8.8.15_P41'''.<br />
<br />
If your server currently has patch 40 or an older version installed, it's important to update your servers to Patch 41 before applying this patch release. Please ensure you review [https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P41 Patch 41] release notes to obtain all updates on all components. <br />
<br />
</div><br />
<br />
== Security Fixes ==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary <br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID <br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"| Bug that could allow an unauthenticated attacker to gain access to a Zimbra account.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-41106 CVE-2023-41106]<br />
|style="border: solid #ffffff; text-align: center;"| 8.8 <br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
<br />
= Known Issues =<br />
<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Installation]]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
= Packages = <br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1692274621.p42-1<br />
<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1692274621.p42-2<br />
<br />
<br />
=Patch Installation=<br />
<br />
Please refer to the steps below to install Joule 8.8.15 Patch 42 on [[#Redhat|Redhat]] and [[#Ubuntu|Ubuntu]] platforms:<br />
<br />
<span class="h2">Before Installing the Patch, consider the following:</span><br />
* Patches are cumulative.<br />
* A full backup should be performed before any patch is applied. There is no automated roll-back.<br />
* Switch to <code>zimbra</code> user before using ZCS CLI commands.<br />
* '''Important!''' You cannot revert to the previous ZCS release after you upgrade to the patch.<br />
* '''Important Note for ZCS Setup with Local ZCS repository:''' Customers who have set up local ZCS repository should first update the local repository by following instructions in [https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Keep_the_local_Repository_up_to_date wiki]<br />
<br />
<br />
==Redhat==<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-patch</code> on Mailbox node'''<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-patch<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
<br />
== Ubuntu ==<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-patch</code> on Mailbox node'''<br />
* As <code>root</code>, install package<br />
apt-get install zimbra-patch<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
<br />
= Quick note: Open Source repo =<br />
The steps to download, build, and see our code via Github can be found here:<br />
[https://github.com/Zimbra/zm-build https://github.com/Zimbra/zm-build]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P35&diff=70051Zimbra Releases/9.0.0/P352023-08-23T17:45:29Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 35 GA Release =<br />
<div style="font-size:14px;" ><br />
Release Date: '''August 23, 2023'''<br />
</div><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<div style="padding:1%; color:#008000;font-size:19px;" ><br />
'''NOTICE: One-Click vulnerability'''<br />
<br />
A one-click security vulnerability in all versions of Zimbra Collaboration Suite has been discovered that could allow an unauthenticated attacker to gain access to a Zimbra account.<br />
<br />
The patch will remove 3 files after which a mailbox restart is required, in case you cannot install the latest patch, manual mitigation steps (really simple ones) will be available via [https://support.zimbra.com Zimbra Support Portal].<br />
<br />
For customer's installing the patch on multi-server environment, the changes are applicable only to the Mailstore node. No packages will be installed on other nodes - MTA, Proxy, LDAP. So after applying this patch, the updated patch version will only be displayed for Mailstore node. The other nodes will continue to display previous installed patch version as '''Patch 9.0.0_P34'''.<br />
<br />
If your server currently has patch 33 or an older version installed, it's important to update your servers to Patch 34 before applying this patch release. Please ensure you review [https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P34 Patch 34] release notes to obtain all updates on all components. <br />
</div><br />
<br />
<br />
== Security Fixes ==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary <br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID <br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"| Bug that could allow an unauthenticated attacker to gain access to a Zimbra account.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-41106 CVE-2023-41106]<br />
|style="border: solid #ffffff; text-align: center;"| 8.8 <br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration. '''<br />
<br />
<br />
= Known Issues =<br />
<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 9.0.0.1692275170.p35-2<br />
<br />
=Patch Installation=<br />
<br />
Please refer to the steps below to install Kepler 9.0.0 Patch 35 on [[#Redhat|Redhat]] and [[#Ubuntu|Ubuntu]] platforms:<br />
<br />
<span class="h2">Before Installing the Patch, consider the following:</span><br />
* Patches are cumulative.<br />
* A full backup should be performed before any patch is applied. There is no automated roll-back.<br />
* Switch to <code>zimbra</code> user before using ZCS CLI commands.<br />
* '''Important!''' You cannot revert to the previous ZCS release after you upgrade to the patch.<br />
* '''Important Note for ZCS Setup with Local ZCS repository:''' Customers who have set up local ZCS repository should first update the local repository by following instructions in [https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Keep_the_local_Repository_up_to_date wiki]<br />
<br />
<br />
==Redhat==<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-patch</code> on Mailbox node'''<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-patch<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
<br />
== Ubuntu ==<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-patch</code> on Mailbox node'''<br />
* As <code>root</code>, install package<br />
apt-get install zimbra-patch<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.3&diff=70050Zimbra Releases/10.0.32023-08-23T17:45:26Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Daffodil 10.0.3 Patch Release =<br />
<br />
<div class="col-md-9"><br />
<div style="font-size:14px;" ><br />
Release Date: '''August 23, 2023'''<br />
</div><br />
<br />
Check out the [[#Security Fixes|Security Fixes]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' steps for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
<br />
<br />
<div style="padding:1%; color:#008000;font-size:19px;" ><br />
'''NOTICE: One-Click vulnerability'''<br />
<br />
A one-click security vulnerability in all versions of Zimbra Collaboration Suite has been discovered that could allow an unauthenticated attacker to gain access to a Zimbra account.<br />
<br />
The patch will remove 3 files after which a mailbox restart is required, in case you cannot install the latest patch, manual mitigation steps (really simple ones) will be available via [https://support.zimbra.com Zimbra Support Portal].<br />
<br />
For customer's installing the patch on multi-server environment, the changes are applicable only to the Mailstore node. No packages will be installed on other nodes - MTA, Proxy, LDAP. So after applying this patch, the updated patch version will only be displayed for Mailstore node. The other nodes will continue to display previous installed patch version as '''Release 10.0.2'''.<br />
<br />
If your server currently has patch 10.0.1 or an older version installed, it's important to update your servers to Patch 10.0.2 before applying this patch release. Please ensure you review [https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.2 10.0.2] release notes to obtain all updates on all components. <br />
</div><br />
<br />
== Security Fixes ==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary <br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID <br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
|-<br />
|style="border: solid #ffffff;"| Bug that could allow an unauthenticated attacker to gain access to a Zimbra account.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-41106 CVE-2023-41106]<br />
|style="border: solid #ffffff; text-align: center;"| 8.8 <br />
|}<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
<br />
'''Important Upgrade Instructions for Daffodil v10 version older than build 10.0.0_GA_4452'''<br />
<br />
If you are currently using the Beta version build of Daffodil v10 (10.0.0_GA_4452), please follow these upgrade instructions:<br />
<br />
* Upgrade to the latest GA Version build 10.0.0_GA_4518: It is crucial to first upgrade to the latest GA version before proceeding with any further updates. This latest GA release includes essential updates, including modifications to the database schema and various other feature improvements.<br />
<br />
By following this upgrade path, you ensure that your system is properly updated, incorporating the necessary database schema changes and other critical updates introduced in the latest GA build.<br />
<br/><br />
<br/><br />
<br />
'''Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.'''<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
<br />
= Known Issues =<br />
<br />
== Zimbra Collaboration ==<br />
* On a NG based rolling-upgrade setup, when either sharer or sharee is not moved to zimbra-10 server and the drive data is imported through the NG Migration utility, the drive files sharing information is not available. Hence, the shared files are not available after the import.<br />
Workaround - Before importing the Drive data for the users, move the sharee and sharer from NG server to zimbra-10 server. <br />
* When upgrading to Zimbra 10 using the rolling upgrade mechanism, if a user on Zimbra 10 shares a Briefcase file with a user on Zimbra 9, then while UI will display a 'Permission denied' error to the user on Zimbra 10, the user on Zimbra 9 still ends up receiving an email that the file has been shared. Even though the mail is received by the Zimbra 9 user, they will not be able to access the file, as the file sharing feature is not available in Zimbra 9.<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users. <br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE. <br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors <br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase. <br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue. <br />
<br />
== Mobile Sync ==<br />
* On iOS Native App, if the Mail, Calendar, and Contacts folders are shared with the user, the shares are not displayed on the App.Similarly, for Windows Outlook and Windows Native Contacts App, if the Contacts folder is shared with the user, the shares are not displayed on the App. <br />
Workaround - The user will have to reconfigure his account on the device to get the shares mounted on the device. <br />
* Exchange ActiveSync protocol currently does not support Read-Only permission sharing. It is recommended not to enable Sharing for the users having shares with Read-Only permission.<br />
* In a Rolling-upgrade environment, if a zimbra-9 user shares a calendar with zimbra-10 user, the events are not synced. <br />
Workaround - For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server. <br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App. <br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
<br />
== Backup Restore ==<br />
* When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are 'External', and zimbraBackupSkipBlobs is set to True, then emails moved secondary volume throw 'Missing Blob for item' error.<br />
* When an account is restored using backup data from NG external secondary volume, the account is displaying garbled data for emails on the destination server.<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
= Packages = <br />
The package lineup for this release is:<br />
<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 10.0.3.1692275488-2<br />
<br />
=Patch Installation=<br />
<br />
Please refer to the steps below to install Kepler 9.0.0 Patch 35 on [[#Redhat|Redhat]] and [[#Ubuntu|Ubuntu]] platforms:<br />
<br />
<span class="h2">Before Installing the Patch, consider the following:</span><br />
* Patches are cumulative.<br />
* A full backup should be performed before any patch is applied. There is no automated roll-back.<br />
* Switch to <code>zimbra</code> user before using ZCS CLI commands.<br />
* '''Important!''' You cannot revert to the previous ZCS release after you upgrade to the patch.<br />
* '''Important Note for ZCS Setup with Local ZCS repository:''' Customers who have set up local ZCS repository should first update the local repository by following instructions in [https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Keep_the_local_Repository_up_to_date wiki]<br />
<br />
<br />
==Redhat==<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-patch</code> on Mailbox node'''<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-patch<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
<br />
== Ubuntu ==<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-patch</code> on Mailbox node'''<br />
* As <code>root</code>, install package<br />
apt-get install zimbra-patch<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
<pre>su - zimbra<br />
zmcontrol restart</pre></div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P14&diff=69877Zimbra Releases/9.0.0/P142023-06-22T06:06:46Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 14 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Fix Patch Version<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded ClamAV to 102.4 to avoid multiple vulnerabilities. <br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2020-3327 CVE-2020-3327] [https://nvd.nist.gov/vuln/detail/CVE-2020-3341 CVE-2020-3341]<br />
|style="border: solid #ffffff;text-align:center;"| 7.5 <br />
|style="border: solid #ffffff;text-align:center;"| High<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P14<br />
|-<br />
|style="border: solid #ffffff;"|An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.<br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2021-3449 CVE-2021-3449]<br />
|style="border: solid #ffffff;text-align:center;"| 5.9<br />
|style="border: solid #ffffff;text-align:center;"| Medium<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P14<br />
|}<br />
<br />
= What's New =<br />
<br />
{{BetaWarning}}<br />
<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
<br />
Zimbra Video Server (BETA)<br />
* The Video Server (BETA) is a WebRTC stream aggregator that improves Zimbra Connect's performance by merging and decoding/re-encoding all streams in a meeting. Refer to the [https://zimbra.github.io/zimbra-9/adminguide.html#_zimbra_connect_video_server admin guide] for instructions on installing the Video Server on the systems.<br />
<br />
We are nearing the end of our extensive QA cycle for these package upgrades. Watch for the GA announcement in an upcoming patch release.<br />
<br />
</div><br />
<br/><br />
<br />
== Announcing GA ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
The following packages were announced GA in Kepler 9.0.0 Patch 13:<br />
<br />
* OpenSSL 1.1.1h support for TLS 1.3.<br />
* OpenSSL 1.1.1h with FIPS module support.<br />
* Postfix 3.5.6 support for TLSv1.3<br />
* Nginx 1.19.0 support for TLSv1.3<br />
</div><br />
<br/><br />
<br />
== Enabling TLS 1.3 ==<br />
<br />
The administrator will have to execute separate steps for enabling [https://wiki.zimbra.com/wiki/Enable_TLS1.3 TLS 1.3] on Zimbra Proxy (Nginx) and Zimbra Mailstore. <br />
<br />
=== Execute the following steps on Zimbra Proxy (Nginx) ===<br />
<br />
Execute these commands as <code>zimbra</code> user<br />
<br />
* View the existing '''zimbraReverseProxySSLProtocols''':<br />
<br />
$ zmprov gcf zimbraReverseProxySSLProtocols<br />
zimbraReverseProxySSLProtocols: TLSv1<br />
zimbraReverseProxySSLProtocols: TLSv1.1<br />
zimbraReverseProxySSLProtocols: TLSv1.2<br />
<br />
* Add TLSv1.3 to existing '''zimbraReverseProxySSLProtocols'''. <br />
$ zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.3<br />
<br />
* Verify TLSv1.3 is added to '''zimbraReverseProxySSLProtocols'''. <br />
$ zmprov gcf zimbraReverseProxySSLProtocols<br />
zimbraReverseProxySSLProtocols: TLSv1<br />
zimbraReverseProxySSLProtocols: TLSv1.1<br />
zimbraReverseProxySSLProtocols: TLSv1.2<br />
zimbraReverseProxySSLProtocols: TLSv1.3<br />
<br />
* View existing cipher's in '''zimbraReverseProxySSLCiphers'''.<br />
$ zmprov gcf zimbraReverseProxySSLCiphers<br />
zimbraReverseProxySSLCiphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4<br />
<br />
* Add TLSv1.3 cipher <code>TLS_AES_256_GCM_SHA384</code> to existing '''zimbraReverseProxySSLCiphers'''.<br />
$ zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:TLS_AES_256_GCM_SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'<br />
<br />
* Restart Zimbra Proxy service:<br />
$ zmproxyctl restart <br />
<br />
=== Execute the following steps on Zimbra Mailstore ===<br />
<br />
Execute these commands as <code>zimbra</code> user<br />
<br />
* Get your current <code>mailboxd_java_options</code>:<br />
$ zmlocalconfig mailboxd_java_options<br />
mailboxd_java_options = -server -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true<br />
<br />
Add the TLSv1.3 to <code>https.protocols</code> and <code>tls.client.protocols</code>:<br />
$ zmlocalconfig -e mailboxd_java_options='-server -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true'<br />
<br />
* Restart Zimbra Mailbox service:<br />
$ zmmailboxdctl restart<br />
<br />
== FIPS Support == <br />
<br />
FIPS support is now available with OpenSSL 1.1.1h version. After upgrading the OpenSSL package on the Zimbra server, please refer to the below guide for enabling FIPS as per your Operating System:<br />
<br />
* RHEL-7: https://github.com/Zimbra/packages/wiki/OpenSSL,-Postfix-and-Nginx-TLS-1.3-GA-release#enable-fips-mode-in-rhel7<br />
* RHEL-8: https://github.com/Zimbra/packages/wiki/OpenSSL,-Postfix-and-Nginx-TLS-1.3-GA-release#enable-fips-mode-in-rhel8<br />
* Ubuntu 16 and 18: https://security-certs.docs.ubuntu.com/en/fips<br />
<br />
<br />
Set below configurations on your Zimbra Server after FIPS is enabled on your Operating System:<br />
<br />
Execute these commands as <code>zimbra</code> user<br />
<br />
$ postconf -e "lmtp_tls_fingerprint_digest = sha256"<br />
* Restart Zimbra services:<br />
$ zmcontrol restart<br />
<br />
== Deprecation of Zimbra Server on Ubuntu 14.04, Oracle Linux 6 and CentOS/RHEL 6 ==<br />
With a number of supported operating systems entering the end of life, Zimbra will deprecate all Zimbra versions for Ubuntu 14.04, CentOS 6, Redhat 6 and Oracle 6 as of '''July 31, 2021'''. At this date, there will no longer be any patch release for 8.8.15 and 9.0.0 on these operating systems.<br />
<br />
* Ubuntu 14.04 end of life occurred on '''April 30, 2019'''<br />
<br />
* CentOS and RHEL 6 end of life occurred on '''November 30, 2020'''<br />
<br />
* Oracle 6 End of life occurred on '''October 2020''' <br />
<br />
After '''July 31, 2021''', Zimbra Support will provide best-effort support for the last patch release on the listed operating systems. However, any known or existing bugs will not be addressed and Zimbra Support encourages all customers to follow our recommended upgrade path to a supported OS version at your earliest convenience to ensure no interruption in your support services. <br />
<br />
For more information about the direction Zimbra is taking with supporting future operating systems please check our [https://blog.zimbra.com/2021/01/zimbra-support-for-linux-os-environments/ blog].<br />
<br />
For questions or guidance with upgrading your operating system please open a support case and our Support team is here to assist you.<br />
<br />
<br />
== Web UX - Modern ==<br />
* We have updated the translations for around thirteen languages for the Modern Web App. This addresses many of the complaints we got from our users around the globe.<br />
* Modern Web App used gzip compression when loading the UI. Support for Brotli compression has been added which is a better compression algorithm compared to gzip. This will result in reduced data download and performance improvement when loading the Modern Web App UI.<br />
<br />
== Web UX - Classic ==<br />
* The Modern Web App is not supported for older browsers (like IE-11). Hence we have updated the login page to go to Classic Web App irrespective of the user preferences when such a browser is detected.<br />
<br />
== ZCO ==<br />
* ZCO now supports separate controls to configure purging of Mail Items and Tasks. Please refer to the [https://zimbra.github.io/zm-windows-comp/latest/ZCS_Connector_For_Outlook_User_Guide.html#_setting_the_number_of_days_for_purging user guide] for more details<br />
* Through the Hierarchical Address Book dialog, the user can now pick recipients from the lists and proceed to email/meeting compose windows.<br />
<br />
== Contacts ==<br />
* In Contacts, when assigning a contact to a list, the user can click on the newly added "Add" button next to the New List name text box to create a new list.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
== Web UX - Modern ==<br />
* When using the Mobile device, the user will not be able to access the Classic Web App. When the user enters the credentials and logs in, he will always be logged into the Modern Web App.<br />
* The Modern UI is now displaying plain text emails in a fixed width font as expected by users.<br />
* In Modern Web App, the user was not able to Reply/Reply-All/Forward a signed message. This issue has been fixed.<br />
* Inline images were displayed as mail attachments. This issue has been fixed and the inline images are displayed inline.<br />
* When using Modern Web App in Firefox browser and the user selects a message and clicks on Reply/Reply-All/Forward, a message edit window is opened. The 3-dot menu button in the composer of this edit window did not work. This issue has been fixed.<br />
<br />
== Mail ==<br />
* When the user's alias email address receives an email and the user clicks on Reply-All, then the alias email address was added to the recipient's list in the TO field. The issue has been fixed and the alias email address is no longer added to the recipient's list in the TO field.<br />
* When composing the first message after login in Modern Web App, the Reply/forward or Additional Signatures appeared disabled in the 3-dot menu at the right-hand top corner of the composer. This issue has been fixed.<br />
* In Modern Web App, if the user downloads an attachment whose preview is not supported, then the Forward/Reply/Reply-All actions did not work. This issue has been fixed.<br />
* When composing a message and hovering over the recipient address, the "Edit Contact" option in the Contact hovercard did not work. This issue has been fixed.<br />
<br />
== Platform ==<br />
* Remote SSH was not working with an older version of OpenSSH. Which caused some backup failure or mail queue updates not happening on Admin Console etc. This issue has been fixed.<br />
* We have updated the Timezone definitions in the product to the latest as defined by IANA. This takes care of some of the missing time zones.<br />
* Zimbra Server was using *ganymed-ssh2-build210* ssh client which supports few Kex algorithms (diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1). Due to this, customers who configured Kex algorithm apart from the supported ones by *ganymed-ssh2-build210* ssh client faced an issue with few Zimbra services (Backup, Mailqueue, etc). The ssh client has been upgraded to *Apache MINA SSHD* which supports all Kex algorithms.<br />
<br />
== Settings ==<br />
* In Message View, Standard/Reply or forward/Additional Signatures set by the user were not populated when performing Reply/ReplyAll/Forward actions. This issue has been fixed.<br />
<br />
== NG Backup ==<br />
* The display of the config status has been improved<br />
* Fixed the check if backup is migrated on a new bucket with the same credentials by fixing the creation of backup volume directly from migrate/set command<br />
* Fixed issue that prevented restoring older deleted account when backup contains multiple accounts with the same name.<br />
* Fixed a bug that prevented to complete the purge operation if third party backup on S3 is enabled<br />
* Now, using NG backup with the undelete command is possible to restore deleted items in their original folder<br />
* Now, by default, the chat backup has been disabled.<br />
* Now the CLI accepts the account’s name or the account’s id as parameter.<br />
* Fixed and added more info to restore blobs command for notifications.<br />
<br />
== NG Mobile ==<br />
* When composing a new mail via EAS device, autocomplete on recipient address will search in local contact, GAL, or shared contacts, honoring Zimbra contacts settings (zimbraPrefSharedAddrBookAutoCompleteEnabled, A_zimbraPrefGalAutoCompleteEnabled)<br />
* Fixed a bug in mobile that prevented attachments to be downloaded from emails in shared folders.<br />
<br />
== Zimbra Connect ==<br />
* Fixed a bug that prevented the calls in rooms to be started if these rooms are on a different server than the user’s.<br />
* Fixed error with multi version cluster. Exception is thrown when a user on a server using APIv9 create a conversation with a user on a server using APIv10<br />
* Added papyrous as conversation background image<br />
* When mailbox move is performed, even mute conversation info will be moved<br />
* Added copy functionality on bubble contextual menu<br />
* Added a new button on mini-chat header that allows you to direct to the related conversation on the Connect tab<br />
* Added a new button on conversation header that allows you to direct to the related mini-chat.<br />
* Added a new button on mini-chat header that allows you to call the other member/members who are part of the conversation.<br />
* Removed notifications for messages from badge for channels and spaces in case someone joins, left or has been kicked out from a channel or space, only if these messages were received during the session.<br />
* Now, when the user clicks on the "chats" tab after filtering the chat list, the filter is reset<br />
* If the connection with the server is lost while writing, the "is writing" notification will remain until logout. Now this has been fixed.<br />
* Stream components are more visible thanks to its margin.<br />
* It is now possible to mute the conversations, groups and spaces to avoid notifications.<br />
* Added mute notifications button in one to one conversations, groups, spaces.<br />
* Improved Instant Meeting UI.<br />
* The video server installer has been updated in order to avoid some corner cases that could cause the installation to fail.<br />
* Multiple VideoServers can now be used in Connect<br />
* An error was encountered with Video Server when IPv6 was not enabled on the system. The issue has been fixed.<br />
<br />
== Zimbra Docs ==<br />
* Will show Popup error if a user clicks on preferences before complete Docs zimlet load<br />
<br />
== Zimbra Drive ==<br />
* Now it is possible to save into Drive attachments that have a single quote in the name<br />
<br />
== Zimbra Network Modules NG ==<br />
* Fixed a bug in Zextras that prevented the correct output from being displayed if no operations were running<br />
<br />
== HSM ==<br />
* Fixed a bug that doesn’t retry failed deletions on the local file system.<br />
* Fixed a bug that wrongly displayed the logs for mailbox purge command<br />
* The doMailboxMove is now capable to move accounts that lack a mailbox.<br />
<br />
<br />
= Known Issues =<br />
* None<br />
<br />
<br />
{{PatchInstallation-900|Version=9.0.0 Patch 14|Packages=<br />
'''PackageName''' '''Version'''<br />
zimbra-patch -> 9.0.0.1618926120.p14-2<br />
zimbra-proxy-patch -> 9.0.0.1618814597.p14-1<br />
zimbra-mta-patch -> 9.0.0.1618847563.p14-1<br />
zimbra-mta-components -> 1.0.13-1zimbra8.8b1<br />
zimbra-common-core-jar -> 9.0.0.1618826418-1<br />
zimbra-openldap-server -> 2.4.49-1zimbra8.8b4<br />
zimbra-ldap-components -> 1.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.103.2-1zimbra8.8b3<br />
zimbra-clamav-libs -> 0.103.2-1zimbra8.8b3<br />
zimbra-openssl -> 1.1.1k-1zimbra8.7b4<br />
zimbra-openssl-libs -> 1.1.1k-1zimbra8.7b4<br />
zimbra-postfix-logwatch -> 1.40.03-1zimbra8.7b1<br />
zimbra-timezone-data -> 3.0.0.1618571554-1<br />
zimbra-mbox-store-libs -> 9.0.0.1618826418-1<br />
zimbra-mbox-war -> 9.0.0.1618222842-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1618825746-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1615896919-1<br />
zimbra-common-mbox-conf-attrs -> 9.0.0.1602835824-1<br />
zimbra-common-core-libs -> 9.0.0.1618826418-1<br />
zimbra-zco -> 9.0.0.1894.1618827126-1<br />
zimbra-modern-ui -> 4.9.0.1618842414-1<br />
zimbra-zimlet-install-pwa -> 4.0.0.1606479635-1<br />
zimbra-zimlet-set-default-client -> 4.1.0.1610520500-1<br />
zimbra-zimlet-date -> 4.0.0.1606496021-1<br />
zimbra-zimlet-additional-signature-setting -> 4.1.0.1610521399-1<br />
zimbra-zimlet-calendar-subscription -> 4.0.0.1606479804-1<br />
zimbra-zimlet-sideloader -> 5.0.0.1606717050-1<br />
zimbra-modern-zimlets -> 4.9.0.1618842414-1<br />
zimbra-zimlet-restore-contacts -> 4.1.0.1610520308-1<br />
zimbra-network-modules-ng -> 7.0.13.1616091665-1<br />
zimbra-drive-ng -> 4.0.11.1616091300-1<br />
zimbra-drive-modern -> 1.0.11.1616091300-1<br />
zimbra-connect -> 2.0.13.1616091044-1<br />
zimbra-connect-modern -> 1.0.13.1616091044-<br />
zimbra-docs -> 4.0.5.1616090633-1<br />
zimbra-docs-modern -> 1.0.4.1606409421-1<br />
zimbra-zimlet-auth -> 1.0.1.1615572388-1<br />
zimbra-zimlet-zoom -> 6.2.1.1614964917-1<br />
zimbra-zimlet-slack -> 5.4.0.1614964917-1<br />
zimbra-zimlet-dropbox -> 5.1.4.1614964917-1<br />
zimbra-zimlet-onedrive -> 5.3.0.1615588056-1<br />
zimbra-zimlet-google-drive -> 5.2.2.1614964917-1<br />
zimbra-zimlet-jitsi -> 3.2.2.1614964917-1<br />
zimbra-zimlet-video-call-preferences -> 2.0.1.1614964917-1<br />
zimbra-zimlet-nextcloud -> 1.0.6.1619072255-1<br />
zimbra-zimlet-voice-message -> 1.0.3.1611114827-1<br />
zimbra-zimlet-classic-unsupportedbrowser -> 1.0.0.1591045240-1<br />
zimbra-zimlet-email-templates -> 2.0.0.1606716802-1<br />
zimbra-zimlet-signature-template -> 1.0.0.1609841753-1<br />
zimbra-chat -> 4.0.1.1594306412-1<br />
}}<br />
<br />
===Upgraded 3rd Party Packages===<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1h-1zimbra8.7b3<br />
zimbra-postfix : 3.5.6-1zimbra8.7b3<br />
zimbra-nginx : 1.19.0-1zimbra8.8b3<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b2<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.49-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.102.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b3<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b3<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.4-1zimbra8.8b3<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b3<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3<br />
zimbra-httpd : 2.4.46-1zimbra8.7b3<br />
zimbra-php : 7.3.25-1zimbra8.7b3<br />
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1<br />
zimbra-perl : 1.0.5-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.4-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.4-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.11-1zimbra8.8b1<br />
zimbra-core-components : 3.0.3-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.8-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 1.0.6-1zimbra8.8b1<br />
zimbra-mbox-store-libs : 9.0.0.1615887345-1<br />
<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The GA packages for RHEL8 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1h-1zimbra8.7b3<br />
zimbra-postfix : 3.5.6-1zimbra8.7b3<br />
zimbra-nginx : 1.19.0-1zimbra8.8b3<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.49-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.102.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b4<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b4<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.4-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b4<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4<br />
zimbra-httpd : 2.4.46-1zimbra8.7b3<br />
zimbra-php : 7.3.25-1zimbra8.7b3<br />
zimbra-perl : 1.0.6-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.4-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.4-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.11-1zimbra8.8b1<br />
zimbra-core-components : 3.0.3-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.8-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 1.0.6-1zimbra8.8b1<br />
zimbra-mbox-store-libs : 9.0.0.1615887345-1<br />
<br />
The updated GA packages are:<br />
<br />
'''Package''' '''Old-Version''' '''New-Version'''<br />
postfix 3.1.1 3.5.6<br />
openssl 1.0.2t 1.1.1h<br />
nginx 1.7.1 1.19.0<br />
postfix-logwatch 1.40.01 1.40.03<br />
io-socket-ssl 2.020 2.068<br />
xml-simple 2.20 2.25<br />
crypt-openssl-rsa 0.28 0.31<br />
net-snmp 5.7.3 5.8<br />
dbd-mysql 4.033 4.050<br />
apr-util 1.5.4 1.6.1<br />
unbound 1.5.9 1.11.0<br />
net-ssleay 1.72 1.88<br />
<br />
* Nginx TLS 1.3 Packages<br />
The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 are:<br />
'''PackageName''' '''Version'''<br />
zimbra-nginx -> 1.19.0-1zimbra8.8b3<br />
zimbra-proxy-components -> 1.0.8-1zimbra8.8b1<br />
zimbra-proxy-patch -> 9.0.0.1616043862.p13-1<br />
<br />
=Jira Summary=<br />
== Jira Tickets fixed in 9.0.0 Patch 14 ==<br />
<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10499<br />
|style="border: solid #ffffff;vertical-align:middle;"|When IE-11 browser is detected, user should be logged into Classic UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10492<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fixed janus calls bug on rooms<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10491<br />
|style="border: solid #ffffff;vertical-align:middle;"|Error with multi version cluster<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10490<br />
|style="border: solid #ffffff;vertical-align:middle;"|Add papyrous as conversation background image<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10488<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mailbox move must handle mute [marco]<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10487<br />
|style="border: solid #ffffff;vertical-align:middle;"|Added copy in message menu<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10485<br />
|style="border: solid #ffffff;vertical-align:middle;"|A new button has been added to switch from the mini-chat to the Connect tab<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10484<br />
|style="border: solid #ffffff;vertical-align:middle;"|A new button has been added to switch from the Connect tab to the related mini-chat<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10483<br />
|style="border: solid #ffffff;vertical-align:middle;"|A new button has been added to mini-chat for calls<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10482<br />
|style="border: solid #ffffff;vertical-align:middle;"|Removed notifications for messages of join, left and kicked type on channels and spaces<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10481<br />
|style="border: solid #ffffff;vertical-align:middle;"|Chat list filter has been improved<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10480<br />
|style="border: solid #ffffff;vertical-align:middle;"|Writing notification fixed in conversations<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10479<br />
|style="border: solid #ffffff;vertical-align:middle;"|Little tiles separation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10477<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mute feature for conversations added<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10476<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mute notifications button added<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10475<br />
|style="border: solid #ffffff;vertical-align:middle;"|Improved Instant Meeting UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10474<br />
|style="border: solid #ffffff;vertical-align:middle;"|BulkDelete service fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10472<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fixed logs for mailbox purge command<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10471<br />
|style="border: solid #ffffff;vertical-align:middle;"|EAS autocomplete honor zimbra contacts autocomplete settings<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10470<br />
|style="border: solid #ffffff;vertical-align:middle;"|Shared folders file download fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10469<br />
|style="border: solid #ffffff;vertical-align:middle;"|Special characters in Drive file name fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10468<br />
|style="border: solid #ffffff;vertical-align:middle;"|Popup error if user clicks on preferences before complete zimlet load<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10467<br />
|style="border: solid #ffffff;vertical-align:middle;"|The display of the config status has been improved<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10466<br />
|style="border: solid #ffffff;vertical-align:middle;"|GetAllOperations command has been fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10465<br />
|style="border: solid #ffffff;vertical-align:middle;"|Backup on external volume has been fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10464<br />
|style="border: solid #ffffff;vertical-align:middle;"|doRestoreOnNewAccount command has been fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10463<br />
|style="border: solid #ffffff;vertical-align:middle;"|NullPointerException during purge with third party backup fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10462<br />
|style="border: solid #ffffff;vertical-align:middle;"|Added a new parameter to undelete command<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10461<br />
|style="border: solid #ffffff;vertical-align:middle;"|Changed backupChatEnabled attribute default value to false<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10460<br />
|style="border: solid #ffffff;vertical-align:middle;"|Backup’s CLI doItemRestore accepts parameter in different forms<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10459<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fixed and added more info to restore blobs command for notifications<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10374<br />
|style="border: solid #ffffff;vertical-align:middle;"|VideoServer installer improvements<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10369<br />
|style="border: solid #ffffff;vertical-align:middle;"|Multiple VideoServers can now be used<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10366<br />
|style="border: solid #ffffff;vertical-align:middle;"|'doMailboxMove` can now move mailboxless accounts<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCOMT-2275<br />
|style="border: solid #ffffff;vertical-align:middle;"|Implementation of Purging of Task Items (currently they are part of Mail Items)<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCOMT-2267<br />
|style="border: solid #ffffff;vertical-align:middle;"|Add functionality to open new email/appointment form from HAB Browser<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2198<br />
|style="border: solid #ffffff;vertical-align:middle;"|CVE-2021-3449 OpenSSL TLS<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2193<br />
|style="border: solid #ffffff;vertical-align:middle;"|ClamAV needs to be upgraded to 102.4<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2191<br />
|style="border: solid #ffffff;vertical-align:middle;"|Patch 20 Causes issue with older versions of ssh<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2129<br />
|style="border: solid #ffffff;vertical-align:middle;"|Video server errors out if IPV6 is not enabed <br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2076<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mobile device logins to Classic UI when zimbraPrefClientType is advanced<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1987<br />
|style="border: solid #ffffff;vertical-align:middle;"|Monospaced font in plain-text email doesn't render as monospaced in modern UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1870<br />
|style="border: solid #ffffff;vertical-align:middle;"|In Chile America/Santiago timezone appointments are showing 1 hour extra time after creation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-722<br />
|style="border: solid #ffffff;vertical-align:middle;"|External SSH hardening not compitable with zimbra<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5983<br />
|style="border: solid #ffffff;vertical-align:middle;"|Users default or alias email address is not excluded from recipient list when doing "Reply All" - 01167969<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5982<br />
|style="border: solid #ffffff;vertical-align:middle;"|Reply/forward buttons do not function - 01169807<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5980<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mails having inline images are shown as attachments<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5973<br />
|style="border: solid #ffffff;vertical-align:middle;"|Remove the New list text box when assigning contact to the list<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5972<br />
|style="border: solid #ffffff;vertical-align:middle;"|Webmail signature bug when creating first message after login - 01167376<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5970<br />
|style="border: solid #ffffff;vertical-align:middle;"|Cannot reply or forward email after attachment download - 01167689<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5954<br />
|style="border: solid #ffffff;vertical-align:middle;"|Add approved translations (Modern UI) provided by vendor<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5939<br />
|style="border: solid #ffffff;vertical-align:middle;"|Brotli compression in Zimbra 9 for modern UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5922<br />
|style="border: solid #ffffff;vertical-align:middle;"|Three Dot Button in Composer is not Functional on Firefox<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-4289<br />
|style="border: solid #ffffff;vertical-align:middle;"|Regression: In Message view, Standard/New Signatures do not appear in the body area while reply, reply all and forward a message<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-1408<br />
|style="border: solid #ffffff;vertical-align:middle;"|'Edit Contact' option for hover contact card does not open Edit window when in Compose<br />
|-<br />
|}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P13&diff=69876Zimbra Releases/9.0.0/P132023-06-22T05:45:38Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 13 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Fix Patch Version<br />
|-<br />
|style="border: solid #ffffff;"|Heap-based buffer overflow vulnerabilities in PHP < 7.3.10 <br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2019-9641 CVE-2019-9641] [https://nvd.nist.gov/vuln/detail/CVE-2019-9640 CVE-2019-9640]<br />
|style="border: solid #ffffff;text-align:center;"| 9.8 <br />
|style="border: solid #ffffff;text-align:center;"| Critical<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P13<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded Apache to 2.4.46 to avoid multiple vulnerabilities. <br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2019-0211 CVE-2019-0211] [https://nvd.nist.gov/vuln/detail/CVE-2019-0217 CVE-2019-0217]<br />
|style="border: solid #ffffff;text-align:center;"| 7.8 <br />
|style="border: solid #ffffff;text-align:center;"| High<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P13<br />
|-<br />
|style="border: solid #ffffff;"|Spamassasin vulnerability in versions < 3.4.5. <br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2020-1946 CVE-2020-1946]<br />
|style="border: solid #ffffff;text-align:center;"| 9.8 <br />
|style="border: solid #ffffff;text-align:center;"| Critical<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P13<br />
|}<br />
<br />
= What's New =<br />
<br />
== Critical SpamAssassin Security Fix ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
In Apache SpamAssassin version < 3.4.5, critical security vulnerability related to malicious rule configuration (.cf) files was detected. This issue has been fixed.<br />
<br />
'''Note:''' Fixed above issue in updated Patch version today dated Apr 08, 2021 which was reported on the first version of 9.0.0 Patch 13.<br />
<br />
Customers who have already deployed 9.0.0 Patch 13 can fix the issue on MTA node by following the below patch installation steps:<br />
<br />
=== Redhat ===<br />
* As <code>root</code>, install the packages:<br />
yum check-update<br />
yum install zimbra-mta-patch<br />
* As <code>zimbra</code> user, restart <code>zimbra</code> services:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
=== Ubuntu ===<br />
* As <code>root</code>, install the packages:<br />
apt-get update<br />
apt-get install zimbra-mta-patch<br />
* As <code>zimbra</code> user, restart <code>zimbra</code> services:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
</div><br />
<br/><br />
<br />
{{BetaWarning}}<br />
<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
<br />
Zimbra Video Server (BETA)<br />
* The Video Server (BETA) is a WebRTC stream aggregator that improves Zimbra Connect's performance by merging and decoding/re-encoding all streams in a meeting. Refer to the [https://zimbra.github.io/zimbra-9/adminguide.html#_zimbra_connect_video_server admin guide] for instructions on installing the Video Server on the systems.<br />
<br />
We are nearing the end of our extensive QA cycle for these package upgrades. Watch for the GA announcement in an upcoming patch release.<br />
<br />
</div><br />
<br/><br />
<br />
== Announcing GA ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
The following packages are now GA:<br />
<br />
* OpenSSL 1.1.1h support for TLS 1.3.<br />
* OpenSSL 1.1.1h with FIPS module support.<br />
* Postfix 3.5.6 support for TLSv1.3<br />
* Nginx 1.19.0 support for TLSv1.3<br />
</div><br />
<br/><br />
<br />
== Enabling TLS 1.3 ==<br />
<br />
The administrator will have to execute separate steps for enabling [https://wiki.zimbra.com/wiki/Enable_TLS1.3 TLS 1.3] on Zimbra Proxy (Nginx) and Zimbra Mailstore. <br />
<br />
=== Execute the following steps on Zimbra Proxy (Nginx) ===<br />
<br />
Execute these commands as <code>zimbra</code> user<br />
<br />
* View the existing '''zimbraReverseProxySSLProtocols''':<br />
<br />
$ zmprov gcf zimbraReverseProxySSLProtocols<br />
zimbraReverseProxySSLProtocols: TLSv1<br />
zimbraReverseProxySSLProtocols: TLSv1.1<br />
zimbraReverseProxySSLProtocols: TLSv1.2<br />
<br />
* Add TLSv1.3 to existing '''zimbraReverseProxySSLProtocols'''. <br />
$ zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.3<br />
<br />
* Verify TLSv1.3 is added to '''zimbraReverseProxySSLProtocols'''. <br />
$ zmprov gcf zimbraReverseProxySSLProtocols<br />
zimbraReverseProxySSLProtocols: TLSv1<br />
zimbraReverseProxySSLProtocols: TLSv1.1<br />
zimbraReverseProxySSLProtocols: TLSv1.2<br />
zimbraReverseProxySSLProtocols: TLSv1.3<br />
<br />
* View existing cipher's in '''zimbraReverseProxySSLCiphers'''.<br />
$ zmprov gcf zimbraReverseProxySSLCiphers<br />
zimbraReverseProxySSLCiphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4<br />
<br />
* Add TLSv1.3 cipher <code>TLS_AES_256_GCM_SHA384</code> to existing '''zimbraReverseProxySSLCiphers'''.<br />
$ zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:TLS_AES_256_GCM_SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'<br />
<br />
* Restart Zimbra Proxy service:<br />
$ zmproxyctl restart <br />
<br />
=== Execute the following steps on Zimbra Mailstore ===<br />
<br />
Execute these commands as <code>zimbra</code> user<br />
<br />
* Get your current <code>mailboxd_java_options</code>:<br />
$ zmlocalconfig mailboxd_java_options<br />
mailboxd_java_options = -server -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true<br />
<br />
Add the TLSv1.3 to <code>https.protocols</code> and <code>tls.client.protocols</code>:<br />
$ zmlocalconfig -e mailboxd_java_options='-server -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true'<br />
<br />
* Restart Zimbra Mailbox service:<br />
$ zmmailboxdctl restart<br />
<br />
== FIPS Support == <br />
<br />
FIPS support is now available with OpenSSL 1.1.1h version. After upgrading the OpenSSL package on the Zimbra server, please refer to the below guide for enabling FIPS as per your Operating System:<br />
<br />
* RHEL-7: https://github.com/Zimbra/packages/wiki/OpenSSL,-Postfix-and-Nginx-TLS-1.3-GA-release#enable-fips-mode-in-rhel7<br />
* RHEL-8: https://github.com/Zimbra/packages/wiki/OpenSSL,-Postfix-and-Nginx-TLS-1.3-GA-release#enable-fips-mode-in-rhel8<br />
* Ubuntu 16 and 18: https://security-certs.docs.ubuntu.com/en/fips<br />
<br />
<br />
Set below configurations on your Zimbra Server after FIPS is enabled on your Operating System:<br />
<br />
Execute these commands as <code>zimbra</code> user<br />
<br />
$ postconf -e "lmtp_tls_fingerprint_digest = sha256"<br />
* Restart Zimbra services:<br />
$ zmcontrol restart<br />
<br />
== Deprecation of Zimbra Server on Ubuntu 14.04, Oracle Linux 6 and CentOS/RHEL 6 ==<br />
With a number of supported operating systems entering the end of life, Zimbra will deprecate all Zimbra versions for Ubuntu 14.04, CentOS 6, Redhat 6 and Oracle 6 as of '''July 31, 2021'''. At this date, there will no longer be any patch release for 8.8.15 and 9.0.0 on these operating systems.<br />
<br />
* Ubuntu 14.04 end of life occurred on '''April 30, 2019'''<br />
<br />
* CentOS and RHEL 6 end of life occurred on '''November 30, 2020'''<br />
<br />
* Oracle 6 End of life occurred on '''October 2020''' <br />
<br />
After '''July 31, 2021''', Zimbra Support will provide best-effort support for the last patch release on the listed operating systems. However, any known or existing bugs will not be addressed and Zimbra Support encourages all customers to follow our recommended upgrade path to a supported OS version at your earliest convenience to ensure no interruption in your support services. <br />
<br />
For more information about the direction Zimbra is taking with supporting future operating systems please check our [https://blog.zimbra.com/2021/01/zimbra-support-for-linux-os-environments/ blog].<br />
<br />
For questions or guidance with upgrading your operating system please open a support case and our Support team is here to assist you.<br />
<br />
== Zimbra OpenSSL 1.1.1h compatibility issues with some kernel versions (4.8 and 4.9) ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
On Ubuntu-14 and CentOS/RHEL-6 with few kernel versions like (4.8, 4.9), the Zimbra Proxy and LDAP services failed to start due to compatibility issues with OpenSSL 1.1.1h. The issue has been fixed.<br /> '''Note:''' Fixed above issue in updated Patch version today dated Apr 02, 2021 which was reported on the first version of 9.0.0 Patch 13.<br />
<br />
Impacted deployments can fix the issue by following the [[#Patch_Installation|patch installation]] steps again.<br />
</div><br />
<br/><br />
<br />
== Web UX - Modern ==<br />
* Two factor authentication is now supported with reset-password flow. Reset-Password Success-screen proposed to "Sign In" and, if 2FA is enabled, the user will be prompted to enter code.<br />
* When the user hovers over the account name at the right-hand top corner, information such as *Account name*, *Send as name* and *Email address* gets displayed. Hovering over the Settings also displays a tooltip *Settings and more*.<br />
* Earlier, the folder hierarchy did not give the user a visual notification for unread messages in a sub-folder, when the sub-folder is not currently visible in the hierarchy (i. e. the sub-folder’s parent folder is collapsed). This issue has been fixed now. The parent folder or folders in the hierarchy are bolded in such a scenario. Highlighting on current folder and hover has also been improved.<br />
* Earlier, when logging into Modern UI, the environment variable *Zimbra_Domain* was used to load the user's attributes. This will now be done using *virtualHostName* attribute. *Zimbra_Domain* will be present for backward compatibility which will be deprecated in future releases.<br />
<br />
== Platform ==<br />
* Upgraded OpenSSL from 1.0.2t to 1.1.1h and added FIPS support.<br />
<br />
== Zimbra Docs ==<br />
* New version of Docs Server is available and can be found on the Network Edition Downloads page.<br />
<br />
= Fixed Issues =<br />
<br />
== Web UX - Modern ==<br />
* In the Modern UI the user is now able to select a Timezone when creating events in the calendar.<br />
* In some cases, when a user receives a message with an attachment, the attachment was not getting displayed due to a missing content-deposition header. The issue has been fixed and the attachment gets correctly displayed.<br />
<br />
== Platform ==<br />
* When using DKIM Signing with TLS1.3 beta packages, opendkim service was crashing. The issue has been resolved.<br />
* The SSL freelist can be exploited in the current version of zimbra-openssl which has been fixed with the upgraded Openssl version 1.1.1g<br />
* Zimbra Proxy now supports and is enabled with http2 protocol capabilities.<br />
* Intermittently, there were memory corruption issues encountered during IMAP/POP3 connections. The issue has been fixed now.<br />
* When synchronizing shared calendar via CalDAV, if the '+' character is present in the event then the sync failed. The issue has been fixed.<br />
* postfix-logwatch was not able to generate the report. Upgrading postfix-logwatch from 1.40.01 to 1.40.03 fixed the issue.<br />
* When zimbraReverseProxyStrictServerNameEnabled is set to TRUE, the Zimbra Proxy service failed to start. The issue has been fixed.<br /> '''Note:''': Fixed above issue in updated Patch version today dated Mar 31, 2021 which was reported on the first version of 9.0.0 Patch 13.<br />
<br />
== ZCO ==<br />
* When a user has a signature and sends a message using Apple Mail with attachments, the signature is also sent as an attachment and is not a part of the message body. This issue is due to a bug in the Apple Mail client.<br />
<br />
== NG Auth ==<br />
* Added more information to the log when an invalid credential is used.<br />
<br />
== NG Backup ==<br />
* Fixed an issue with the command zxsuite core getnotification when a host was specified with --host<br />
* Fixed a bug of pending RealTime Scanner operations were not properly cleared out from the operation queue by the doStopAllOperations command.<br />
* Anomaly and error management logic in the Coherency Check has been improved.<br />
* Missing Blob log lines have been made more specific<br />
<br />
== NG Mobile ==<br />
* After a mailboxd failure or restard under heavy load, several partial blobs were leftover in the cache.<br />
* Fixed an issue that would cause all-day calendar events created or accepted on mobile to be moved to the day before if the device is Samsung or using an older eas version<br />
* It is now possible to filter devices via RegEx through a dedicated ABQ command set.<br />
<br />
== Zimbra Connect ==<br />
* Fonts now honor the small-normal-large-very large value of the display font size option for the instant messaging features<br />
* Edited messages, either in 1:1 conversations, groups, spaces, or channels, are not resend if the content has not been changed<br />
* Channel names now have the character # in front of their name<br />
* Instant messages longer than 4096 characters are now truncated and no longer stay in the queue<br />
<br />
== Zimbra Docs ==<br />
* Fixed a bug that caused a 50 concurrent documents limit on the server's side<br />
* Docs no longer sets itself in idle/standby remaining ready to accept user interaction<br />
* Due to some missing icons, the sidebar in Docs appeared broken.<br />
<br />
== Zimbra Network Modules NG ==<br />
* Fixed an issue with the command zxsuite core getnotification when a host was specified with --host<br />
<br />
== HSM ==<br />
* Fixed a bug that caused mailbox moves to hang due to drive indexing being running on the same mailbox.<br />
<br />
<br />
= Known Issues =<br />
* Please note that the '''Reject common passwords''' option in the Admin Console at ''Home -> Manage -> Accounts -> account_name -> Advanced -> Password'' section, is currently not supported. In case it is selected, the administrator will encounter an error and will not be able to save the changes. Hence the administrator is advised to not select this option. It will be supported in a future version.<br />
<br />
<br />
{{PatchInstallation-900|Version=9.0.0 Patch 13|Packages=<br />
'''PackageName''' '''Version'''<br />
'''PackageName''' '''Version'''<br />
zimbra-patch -> 9.0.0.1617362714.p13-2<br />
zimbra-proxy-patch -> 9.0.0.1617362714.p13-1<br />
zimbra-mta-patch -> 9.0.0.1617770243.p13-1<br />
zimbra-common-core-jar -> 9.0.0.1616698890-1<br />
zimbra-openldap-server -> 2.4.49-1zimbra8.8b4<br />
zimbra-ldap-components -> 1.0.8-1zimbra8.8b1<br />
zimbra-mbox-webclient-war -> 9.0.0.1615897257-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1615896919-1<br />
zimbra-common-mbox-conf-attrs -> 9.0.0.1602835824-1<br />
zimbra-common-core-libs -> 9.0.0.1591936175-1<br />
zimbra-zco -> 9.0.0.1893.1615886147-1<br />
zimbra-modern-ui -> 4.6.0.1616136586-1<br />
zimbra-zimlet-install-pwa -> 4.0.0.1606479635-1<br />
zimbra-zimlet-set-default-client -> 4.1.0.1610520500-1<br />
zimbra-zimlet-date -> 4.0.0.1606496021-1<br />
zimbra-zimlet-additional-signature-setting -> 4.1.0.1610521399-1<br />
zimbra-zimlet-calendar-subscription -> 4.0.0.1606479804-1<br />
zimbra-zimlet-sideloader -> 5.0.0.1606717050-1<br />
zimbra-modern-zimlets -> 4.6.0.1616136586-1<br />
zimbra-zimlet-restore-contacts -> 4.1.0.1610520308-1<br />
zimbra-network-modules-ng -> 7.0.12.1613663193-1<br />
zimbra-drive-ng -> 4.0.10.1611239513-1<br />
zimbra-drive-modern -> 1.0.10.1611239513-1<br />
zimbra-connect -> 2.0.12.1613662694-1<br />
zimbra-connect-modern -> 1.0.11.1611239355-1<br />
zimbra-docs -> 4.0.4.1611239023-1<br />
zimbra-docs-modern -> 1.0.4.1606409421-1<br />
zimbra-zimlet-auth -> 1.0.1.1615572388-1<br />
zimbra-zimlet-zoom -> 6.2.1.1614964917-1<br />
zimbra-zimlet-slack -> 5.4.0.1614964917-1<br />
zimbra-zimlet-dropbox -> 5.1.4.1614964917-1<br />
zimbra-zimlet-onedrive -> 5.2.3.1614964917-1<br />
zimbra-zimlet-google-drive -> 5.2.2.1614964917-1<br />
zimbra-zimlet-jitsi -> 3.2.2.1614964917-1<br />
zimbra-zimlet-video-call-preferences -> 2.0.1.1614964917-1<br />
zimbra-zimlet-nextcloud -> 1.0.5.1616645738-1<br />
zimbra-zimlet-voice-message -> 1.0.3.1611114827-1<br />
zimbra-zimlet-classic-unsupportedbrowser -> 1.0.0.1591045240-1<br />
zimbra-zimlet-email-templates -> 2.0.0.1606716802-1<br />
zimbra-zimlet-signature-template -> 1.0.0.1609841753-1<br />
zimbra-chat -> 4.0.1.1594306412-1<br />
}}<br />
<br />
===Upgraded 3rd Party Packages===<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1h-1zimbra8.7b4<br />
zimbra-postfix : 3.5.6-1zimbra8.7b3<br />
zimbra-nginx : 1.19.0-1zimbra8.8b3<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b2<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.49-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.102.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b3<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b3<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b3<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b4<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3<br />
zimbra-httpd : 2.4.46-1zimbra8.7b3<br />
zimbra-php : 7.3.25-1zimbra8.7b3<br />
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1<br />
zimbra-perl : 1.0.5-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.4-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.4-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.12-1zimbra8.8b1<br />
zimbra-core-components : 3.0.4-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.8-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 1.0.8-1zimbra8.8b1<br />
zimbra-mbox-store-libs : 9.0.0.1615887345-1<br />
<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The GA packages for RHEL8 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1h-1zimbra8.7b4<br />
zimbra-postfix : 3.5.6-1zimbra8.7b3<br />
zimbra-nginx : 1.19.0-1zimbra8.8b3<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.49-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.102.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b4<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b4<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4<br />
zimbra-httpd : 2.4.46-1zimbra8.7b3<br />
zimbra-php : 7.3.25-1zimbra8.7b3<br />
zimbra-perl : 1.0.6-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.4-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.4-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.12-1zimbra8.8b1<br />
zimbra-core-components : 3.0.4-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.8-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 1.0.8-1zimbra8.8b1<br />
zimbra-mbox-store-libs : 9.0.0.1615887345-1<br />
<br />
The updated GA packages are:<br />
<br />
'''Package''' '''Old-Version''' '''New-Version'''<br />
postfix 3.1.1 3.5.6<br />
openssl 1.0.2t 1.1.1h<br />
nginx 1.7.1 1.19.0<br />
postfix-logwatch 1.40.01 1.40.03<br />
io-socket-ssl 2.020 2.068<br />
xml-simple 2.20 2.25<br />
crypt-openssl-rsa 0.28 0.31<br />
net-snmp 5.7.3 5.8<br />
dbd-mysql 4.033 4.050<br />
apr-util 1.5.4 1.6.1<br />
unbound 1.5.9 1.11.0<br />
net-ssleay 1.72 1.88<br />
<br />
* Nginx TLS 1.3 Packages<br />
The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 are:<br />
'''PackageName''' '''Version'''<br />
zimbra-nginx -> 1.19.0-1zimbra8.8b3<br />
zimbra-proxy-components -> 1.0.8-1zimbra8.8b1<br />
zimbra-proxy-patch -> 9.0.0.1616043862.p13-1<br />
<br />
=Jira Summary=<br />
== Jira Tickets fixed in 9.0.0 Patch 13 ==<br />
<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10378<br />
|style="border: solid #ffffff;vertical-align:middle;"|Remote getnotification fix<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10377<br />
|style="border: solid #ffffff;vertical-align:middle;"|Docs document limit bugfix<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10376<br />
|style="border: solid #ffffff;vertical-align:middle;"|Docs idle/standby removal<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10375<br />
|style="border: solid #ffffff;vertical-align:middle;"|Docs Sidebar View bugfix<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10373<br />
|style="border: solid #ffffff;vertical-align:middle;"|Instant messaging interface font<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10372<br />
|style="border: solid #ffffff;vertical-align:middle;"|Edit message behavior improvement<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10371<br />
|style="border: solid #ffffff;vertical-align:middle;"|Added # character to channels<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10370<br />
|style="border: solid #ffffff;vertical-align:middle;"|Messages longer than 4096 handling<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10367<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mailbox Move concurrency issue fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10365<br />
|style="border: solid #ffffff;vertical-align:middle;"|HSM cache improvements<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10364<br />
|style="border: solid #ffffff;vertical-align:middle;"|Eas 2.5 and Samsung allday calendar item fix<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10363<br />
|style="border: solid #ffffff;vertical-align:middle;"|Added regex filtering to ABQ<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10362<br />
|style="border: solid #ffffff;vertical-align:middle;"|Coherency Check logic improvement<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10361<br />
|style="border: solid #ffffff;vertical-align:middle;"|doStopAllOperation realtime scanner queue bugfix<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10360<br />
|style="border: solid #ffffff;vertical-align:middle;"|Coherency Check logic improvement<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10359<br />
|style="border: solid #ffffff;vertical-align:middle;"|Missing Blob logging improvement<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10358<br />
|style="border: solid #ffffff;vertical-align:middle;"|Improved logging<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10312<br />
|style="border: solid #ffffff;vertical-align:middle;"|Remove unnecessary end points in HTML client<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10199<br />
|style="border: solid #ffffff;vertical-align:middle;"|Verify zimbra docs server installation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10126<br />
|style="border: solid #ffffff;vertical-align:middle;"|Support 2FA and forgot password at the same time. | Classic<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10060<br />
|style="border: solid #ffffff;vertical-align:middle;"|Add FIPS support in OpenSSL 1.1.1h <br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2175<br />
|style="border: solid #ffffff;vertical-align:middle;"|[Crash] When zimbraReverseProxyStrictServerNameEnabled is set to TRUE (default), the proxy will fail to start.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2173<br />
|style="border: solid #ffffff;vertical-align:middle;"|CVE-2020-1946 - SpamAssassin vulnerability<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2148<br />
|style="border: solid #ffffff;vertical-align:middle;"|[Crash] Patch 20 breaks (nginx, LDAP, and Jetty SSL) on kernels 4.8+<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2140<br />
|style="border: solid #ffffff;vertical-align:middle;"|opendkim is crashing with TLS1.3 beta packages<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2121<br />
|style="border: solid #ffffff;vertical-align:middle;"|[Security] DoS Attack on nginx exploiting flaw in SSL Freelist<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2099<br />
|style="border: solid #ffffff;vertical-align:middle;"|Nginx: Enable http_v2 in conf file.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2098<br />
|style="border: solid #ffffff;vertical-align:middle;"|Nginx: memory leak (legacy issue)<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1969<br />
|style="border: solid #ffffff;vertical-align:middle;"|Update PHP version to 7.3.23 or later.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1967<br />
|style="border: solid #ffffff;vertical-align:middle;"|Problem synchronizing shared calendar via caldav when a '+' character is present on the EVENT<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1940<br />
|style="border: solid #ffffff;vertical-align:middle;"|Modern UI: Unable to change timezone while creating a calendar invite.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1798<br />
|style="border: solid #ffffff;vertical-align:middle;"|postfix-logwatch not generating report<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1361<br />
|style="border: solid #ffffff;vertical-align:middle;"|HTML signature configured in Apple Mail shows as attachment in Outlook with ZCO<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1312<br />
|style="border: solid #ffffff;vertical-align:middle;"|Upgrade to Apache version 2.4.41 or later<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5932<br />
|style="border: solid #ffffff;vertical-align:middle;"|Parsing issue with base64 email in modern UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5885<br />
|style="border: solid #ffffff;vertical-align:middle;"|Removing the Zimbra_Domain related conditions and depencies from modern UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5827<br />
|style="border: solid #ffffff;vertical-align:middle;"|Fit & Finish: Add tooltips to account and Settings icon in header and update Settings hover<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5503<br />
|style="border: solid #ffffff;vertical-align:middle;"|Folder should be turned bold to indicate unread messages<br />
|-<br />
|}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.1&diff=69827Zimbra Releases/10.0.12023-06-02T17:15:45Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Daffodil 10.0.1 Patch Release =<br />
<br />
<div class="col-md-9"><br />
<div style="font-size:14px;" ><br />
Release Date: '''May 30, 2023'''<br />
</div><br />
<br />
Check out the [[#Security Fixes|Security Fixes]], [[#What's_New|What's New]], [[#Fixed Issues|Fixed Issues]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.0/patch_installation Patch Installation]''' steps for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
<br />
<div style="padding:1%;" ><br />
<div style="color:#f68b1f;font-size:19px;"><br />
'''Important Upgrade Instructions for Daffodil v10 version older than build 10.0.0_GA_4452'''<br />
<br />
If you are currently using the Beta version build of Daffodil v10 (10.0.0_GA_4452), please follow these upgrade instructions:<br />
<br />
* Upgrade to the latest GA Version build 10.0.0_GA_4518: It is crucial to first upgrade to the latest GA version before proceeding with any further updates. This latest GA release includes essential updates, including modifications to the database schema and various other feature improvements.<br />
* Upgrade to 10.0.1 Patch: Once you have successfully upgraded to the latest GA version build 10.0.0_GA_4518, you can proceed with the upgrade to the 10.0.1 patch. This patch release addresses specific issues and introduces further enhancements.<br />
<br />
By following this upgrade path, you ensure that your system is properly updated, incorporating the necessary database schema changes and other critical updates introduced in the latest GA build.<br />
<br />
<br />
<br />
'''IMPORTANT: Reactivation of license required'''<br />
<br />
After applying this patch, the customers will have to re-activate the license. Execute this command as a <code>zimbra</code> user:<br />
<br />
zmlicense -a<br />
<br />
</div><br />
<br />
<div style="padding:1%;" ><br />
<div style="color:#008000;font-size:19px;"><br />
'''IMPORTANT: Remove Client Uploader'''<br />
<br />
A majority of customers now use other options to distribute packages to the end users. If you want to continue use ClientUploader then follow these manual steps for installation.<br />
<br />
</div><br />
'''Redhat'''<br />
<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-extension-clientuploader<br />
yum install zimbra-zimlet-admin-clientuploader<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
'''Ubuntu'''<br />
* As <code>root</code>, install the package:<br />
apt-get install zimbra-extension-clientuploader<br />
apt-get install zimbra-zimlet-admin-clientuploader<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
</div><br />
<br />
=Security Fixes=<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating <br />
|-<br />
|style="border: solid #ffffff;"| As part of continuous improvement, ClientUploader packages has been removed from core product and moved to an optional package<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-34193 CVE-2023-34193]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"| Added additional validations for 2FA login<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-29381 CVE-2023-29381]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"| The Apache package has been upgraded to version 2.4.57 to fix multiple vulnerabilities<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-25690 CVE-2023-25690]<br />
|style="border: solid #ffffff; text-align: center;"| 9.8 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Remove unused JSP file which may bypass the Preauth verification<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-29382 CVE-2023-29382]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The Apache CXF package has been upgraded to version 3.5.5 to fix SSRF vulnerability<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2022-46364 CVE-2022-46364]<br />
|style="border: solid #ffffff; text-align: center;"| 9.8 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The Spring Core package has been upgraded to version 6.0.8 to fix multiple vulnerabilities<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2022-22970 CVE-2022-22970]<br />
|style="border: solid #ffffff; text-align: center;"| 5.3 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
<br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* The Apache package has been upgraded from 2.4.54 to 2.4.57<br />
* The Apache CXF package has been upgraded from 3.5.1 to 3.5.5<br />
* The Spring Core package has been upgraded from 5.3.18 to 6.0.8<br />
</div><br />
<br/><br />
== Modern Web App ==<br />
<br />
<br />
'''General'''<br />
* When opening Classic UI from Modern UI menu, Classic UI is opened in the current browser instead of opening it in a new browser tab.<br />
* Users can now configure message retention and message disposal policies.<br />
<br />
== Zimbra Connector for Outlook ==<br />
To better manage storage on Outlook, the Auto Archive feature is now available for users. The settings can be accessed at '''File -> Options -> Advanced -> AutoArchive'''. By default the feature is disabled. This feature does not support auto archiving Calendar and Shared Inbox folders but we continue to support them through Manual Archive feature.<br />
<br />
== Chat and Video ==<br />
* Free hosted one to one chat is now available as part of the Chat and Video module. A free tier for the chat has been introduced, allowing unlimited users to benefit from this feature. The Enterprise offering is *only* available for BSP's at this point in time.<br />
<br />
{| class="wikitable"<br />
|+ Caption: Free Vs. Enterprise version<br />
|-<br />
! <br />
! Free<br />
! Enterprise<br />
|-<br />
| Number of users<br />
| Unlimited<br />
| Unlimited<br />
|-<br />
| File storage<br />
Chats and recording files<br />
| 1GB<br />
per domain<br />
| 35GB<br />
per user<br />
|-<br />
| Max file size on chat<br />
| 5MB<br />
| 50MB<br />
|-<br />
| Private chats<br />
| Yes<br />
| Yes<br />
|-<br />
| Group chats<br />
| No<br />
| Yes<br />
|-<br />
| Message history<br />
| Unlimited<br />
| Unlimited<br />
|-<br />
| Search in one chat<br />
| Yes<br />
| Yes<br />
|-<br />
| Search in all chats<br />
| No<br />
| Yes<br />
|-<br />
| Broadcast<br />
| No<br />
| Yes<br />
|-<br />
| Videoconference Time<br />
| -<br />
| Unlimited<br />
|-<br />
| Videoconference Participants<br />
| -<br />
| Up to 100<br />
|-<br />
| Action logs<br />
| No<br />
| Yes<br />
|-<br />
| Message auditing<br />
| No<br />
| Yes<br />
|-<br />
| Youtube Livestream<br />
| No<br />
| Yes<br />
|}<br />
<br />
= Fixed Issues =<br />
<br />
<br />
== Zimbra Collaboration ==<br />
* Users can now add their Google calendar as an External calendar. [https://jira.corp.synacor.com/browse/ZBUG-2802 ZBUG-2802]<br />
* On the Ubuntu systems, executing <code>zmfixperms</code> script updated incorrect permissions for the '''/var/log/zimbra.log''' file. [https://jira.corp.synacor.com/browse/ZBUG-2783 ZBUG-2783]<br />
* When using Load Balancer with a Zimbra Proxy server, if it receives multiple IP addresses in the X-Forwarded-For header, it treated it as one single IP to perform the Whitelist check which resulted in suspending it. The issue has been fixed and now a whitelist check is done on a single IP address even if multiple IP addresses are received. [https://jira.corp.synacor.com/browse/ZBUG-2250 ZBUG-2250]<br />
<br />
== Classic Web App ==<br />
* External users with authorized access were unable to view externally shared briefcase folder.<br />
* Translations have been updated for Arabic, Deutsch (German), French Canadian, Danish, Hindi, Japanese and Español (Spanish).<br />
* Permission denied error was being displayed when trying to send as distribution list or persona. [https://jira.corp.synacor.com/browse/ZBUG-3364 ZBUG-3364]<br />
<br />
== Modern Web App ==<br />
<br />
<br />
'''General'''<br />
* Addresses in To and Cc fields of an email were not being displayed intermittently when viewed in the preview pane. [https://jira.corp.synacor.com/browse/ZBUG-3398 ZBUG-3398]<br />
* When writing new e-mail the 'From' drop-down menu used to show '[object Object]' on hover of an email address. [https://jira.corp.synacor.com/browse/ZBUG-2945 ZBUG-2945]<br />
* Previously, all permissions were not displayed while adding new users in the calendar share list. Now, all permissions are displayed in this scenario. [https://jira.corp.synacor.com/browse/ZBUG-2940 ZBUG-2940]<br />
<br />
== Mobile Sync ==<br />
* On an iOS device, when manually moving an email from Inbox to the Trash folder triggered continuous move requests. The issue has been fixed.<br />
* On the Gmail App, the sharing feature is now available for Mail folders.<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
<br />
= Known Issues =<br />
<br />
== Zimbra Collaboration ==<br />
* On NG based rolling-upgrade setup and before migrating the Internal Storage data to zimbra-10 server using the NG Migration utility, disable the '''Compression''' for volumes on zimbra-10 server.<br />
* When using an external storage provider for Secondary storage, please exclude the Documents from the policy as it appears garbled after it is moved to external storage.<br />
* On a NG based rolling-upgrade setup, when either sharer or sharee is not moved to zimbra-10 server and the drive data is imported through the NG Migration utility, the drive files sharing information is not available. Hence, the shared files are not available after the import.<br />
Workaround - Before importing the Drive data for the users, move the sharee and sharer from NG server to zimbra-10 server. <br />
* When upgrading to Zimbra 10 using the rolling upgrade mechanism, if a user on Zimbra 10 shares a Briefcase file with a user on Zimbra 9, then while UI will display a 'Permission denied' error to the user on Zimbra 10, the user on Zimbra 9 still ends up receiving an email that the file has been shared. Even though the mail is received by the Zimbra 9 user, they will not be able to access the file, as the file sharing feature is not available in Zimbra 9.<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users. <br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE. <br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors <br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase. <br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue. <br />
<br />
== Mobile Sync ==<br />
* On iOS Native App, if the Mail, Calendar, and Contacts folders are shared with the user, the shares are not displayed on the App.Similarly, for Windows Outlook and Windows Native Contacts App, if the Contacts folder is shared with the user, the shares are not displayed on the App. <br />
Workaround - The user will have to reconfigure his account on the device to get the shares mounted on the device. <br />
* Exchange ActiveSync protocol currently does not support Read-Only permission sharing. It is recommended not to enable Sharing for the users having shares with Read-Only permission.<br />
* In a Rolling-upgrade environment, if a zimbra-9 user shares a calendar with zimbra-10 user, the events are not synced. <br />
Workaround - For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server. <br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App. <br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
<br />
<br />
== Backup Restore ==<br />
* When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are 'External', and zimbraBackupSkipBlobs is set to True, then emails moved secondary volume throw 'Missing Blob for item' error.<br />
* When an account is restored using backup data from NG external secondary volume, the account is displaying garbled data for emails on the destination server.<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== Briefcase == <br />
* The <code>zimbraFileUploadMaxSize</code> cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.<br />
<br />
= Packages = <br />
The package lineup for this release is:<br />
<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 10.0.1.1684843569-2<br />
zimbra-mta-patch -> 10.0.1.1684337416-1<br />
zimbra-proxy-patch -> 10.0.1.1684242137-1<br />
zimbra-ldap-patch -> 10.0.1.1684242137-1<br />
zimbra-common-core-jar -> 10.0.1.1684124726-1<br />
zimbra-mbox-war -> 10.0.1.1684124726-1<br />
zimbra-mbox-ews-service -> 10.0.1.1683869041-1<br />
zimbra-common-core-libs -> 10.0.1.1678343103-1<br />
zimbra-mbox-webclient-war -> 10.0.1.1684143400-1<br />
zimbra-mbox-admin-console-war -> 10.0.1.1684142169-1<br />
zimbra-modules-porter -> 1.0.0.1683867991-1<br />
zimbra-httpd -> 2.4.57-1zimbra8.7b4<br />
zimbra-apache-components -> 2.0.10-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.11-1zimbra8.8b1 ( RHEL8, UBUNTU20: 2.0.12-1zimbra8.8b1 )<br />
zimbra-zco -> 9.0.0.1930.1684419492-1<br />
zimbra-extension-clientuploader -> 1.0.0.1683611258-1<br />
zimbra-zimlet-admin-clientuploader -> 8.0.0<br />
zimbra-modern-ui -> 4.32.0.1684838829-1<br />
zimbra-modern-zimlets -> 4.32.0.1684838829-1<br />
zimbra-zimlet-set-default-client -> 10.1.0.1684745565-1<br />
zimbra-zimlet-secure-mail -> 2.2.0.1684238166-1<br />
zimbra-zimlet-document-editor -> 11.0.0.1684238166-1<br />
<br />
{{PatchInstallationLink_10.0.0|Version=10.0.1| <br />
}}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0/patch_installation&diff=69814Zimbra Releases/10.0.0/patch installation2023-05-31T14:24:34Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Daffodil 10.x.x Patch Installation =<br />
<br />
Please refer to the steps below to install Daffodil 10.x.x on [[#Redhat|Redhat]] and [[#Ubuntu|Ubuntu]] platforms:<br />
<br />
<span class="h2">Before Installing the Patch, consider the following:</span><br />
* Patches are cumulative.<br />
* A full backup should be performed before any patch is applied. There is no automated roll-back.<br />
* Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.<br />
* Only files or Zimlets associated with installed packages will be installed from the patch.<br />
* Switch to <code>zimbra</code> user before using ZCS CLI commands.<br />
* Any third-party configuration changes like SAML will get overwritten during the patch upgrade and should be backed up before starting the patch upgrade process. <br />
* '''Important!''' You cannot revert to the previous ZCS release after you upgrade to the patch.<br />
* '''Important!''' You will have to re-activate the license after you upgrade to the patch.<br />
<br />
<br />
==Redhat==<br />
<br />
<span class="h2">Installing Zimbra packages with system package upgrades</span><br />
* As <code>root</code>, first clear the yum cache and check for updates so the server sees there is a new <code>zimbra-patch</code> package in the patch repository:<br />
yum clean metadata<br />
yum check-update<br />
* Then ask yum to update available packages:<br />
yum update<br />
* Restart ZCS as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
<span class="h2">'''Installing Zimbra packages individually'''</span><br />
<br />
'''Upgrade<code>zimbra-ldap-patch</code> on LDAP node'''<br />
* As <code>root</code>, first clear the yum cache and check for updates so the server sees there is a new <code>zimbra-ldap-patch</code> package in the patch repository:<br />
yum clean metadata<br />
yum check-update<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-ldap-patch<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
'''Install/Upgrade <code>zimbra-proxy-patch</code> on Proxy node'''<br />
* As <code>root</code>, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:<br />
yum clean metadata<br />
yum check-update<br />
* Then install the package:<br />
yum install zimbra-proxy-patch<br />
* Restart proxy as <code>zimbra</code> user:<br />
su - zimbra<br />
zmproxyctl restart<br />
zmmemcachedctl restart<br />
<br />
'''Install/Upgrade <code>snmp</code> if it is installed on Proxy node'''<br />
yum install zimbra-snmp-components<br />
* Restart proxy as <code>zimbra</code> user:<br />
su - zimbra<br />
zmproxyctl restart<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-mta-patch</code> on MTA node'''<br />
* As <code>root</code>, first clear the yum cache and check for updates so the server sees there is a new <code>zimbra-mta-patch</code> package in the patch repository:<br />
yum clean metadata<br />
yum check-update<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-mta-patch<br />
* Restart <code>amavisd</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmamavisdctl restart<br />
<br />
'''Install/Upgrade <code>zimbra-dnscache-components</code> on MTA node'''<br />
* If <code>dnscache</code> is installed, upgrade the package before restarting the services:<br />
yum install zimbra-dnscache-components<br />
<br />
'''Install/Upgrade <code>zimbra-snmp-components</code> on MTA node'''<br />
* If <code>snmp</code> is installed, upgrade the package before restarting the services:<br />
yum install zimbra-snmp-components<br />
* Restart <code>amavisd</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmamavisdctl restart<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-patch</code> on mailstore node'''<br />
* As <code>root</code>, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:<br />
yum clean metadata<br />
yum check-update<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-patch<br />
* If <code>apache</code> is installed, upgrade the package before restarting the services:<br />
yum install zimbra-apache-components<br />
* If <code>spell</code> is installed, upgrade the package before restarting the services:<br />
yum install zimbra-spell-components<br />
* If <code>snmp</code> is installed, upgrade the package before restarting the services:<br />
yum install zimbra-snmp-components<br />
* Restart ZCS as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
<br />
<span class="h2">'''Zimbra Additional Zimlets'''</span><br />
<br />
Note: - You can install the packages of your choice from the below list.<br />
<br />
Install/Upgrade <code>zimbra-zimlet-slack</code>, <code>zimbra-zimlet-zoom</code>, <code>zimbra-zimlet-dropbox</code>, <code>zimbra-zimlet-google-drive</code>, <code>zimbra-zimlet-onedrive</code>, <code>zimbra-zimlet-jitsi</code>, <code>zimbra-zimlet-video-call-preferences</code>, <code>zimbra-zimlet-nextcloud</code>, <code>zimbra-zimlet-voice-message</code>, <code>zimbra-zimlet-sideloader</code>, <code>zimbra-zimlet-user-sessions-management</code>, <code>zimbra-zimlet-org-chart</code>, <code>zimbra-zimlet-privacy-protector</code> on mailstore node<br />
<br />
yum install zimbra-zimlet-slack<br />
yum install zimbra-zimlet-zoom<br />
yum install zimbra-zimlet-dropbox<br />
yum install zimbra-zimlet-google-drive<br />
yum install zimbra-zimlet-onedrive<br />
yum install zimbra-zimlet-jitsi<br />
yum install zimbra-zimlet-video-call-preferences<br />
yum install zimbra-zimlet-nextcloud<br />
yum install zimbra-zimlet-voice-message<br />
yum install zimbra-zimlet-sideloader<br />
yum install zimbra-zimlet-user-sessions-management<br />
yum install zimbra-zimlet-org-chart<br />
yum install zimbra-zimlet-privacy-protector<br />
<br />
* Restart Zimbra mailbox service as <code>zimbra</code> user:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
== Ubuntu ==<br />
<span class="h2">Installing zimbra packages with system package upgrades</span><br />
* As <code>root</code>, check for updates so the server checks there is a new <code>zimbra-patch</code> package in the patch repository:<br />
apt-get update<br />
* Then update available packages:<br />
apt-get upgrade<br />
* Upgrade <code>zimbra-patch</code> on mailstore node if it is not upgraded with apt-get upgrade<br />
apt-get install zimbra-patch<br />
<br />
* Restart ZCS as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
<span class="h2">'''Installing zimbra packages individually'''</span><br />
<br />
'''Upgrade <code>zimbra-ldap-patch</code> on LDAP node'''<br />
* As <code>root</code>, install the package:<br />
apt-get install zimbra-ldap-patch<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
'''Install/Upgrade <code>zimbra-proxy-patch</code> on Proxy node'''<br />
* As <code>root</code>, install package<br />
apt-get install zimbra-proxy-patch<br />
* Restart proxy as <code>zimbra</code> user:<br />
su - zimbra<br />
zmproxyctl restart<br />
zmmemcachedctl restart<br />
<br />
'''Install/Upgrade <code>snmp</code> if it is installed on Proxy node'''<br />
apt-get install zimbra-snmp-components<br />
* Restart proxy as <code>zimbra</code> user:<br />
su - zimbra<br />
zmproxyctl restart<br />
<br />
'''Install/Upgrade <code>zimbra-mta-patch</code> on MTA node'''<br />
* As <code>root</code>, install package<br />
apt-get install zimbra-mta-patch<br />
* Restart <code>amavisd</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmamavisdctl restart<br />
<br />
'''Install/Upgrade <code>zimbra-dnscache-components</code> on MTA node'''<br />
* If <code>dnscache</code> is installed, upgrade the package before restarting the services:<br />
apt-get install zimbra-dnscache-components<br />
<br />
'''Install/Upgrade <code>zimbra-snmp-components</code> on MTA node'''<br />
* If <code>snmp</code> is installed, upgrade the package before restarting the services:<br />
apt-get install zimbra-snmp-components<br />
* Restart <code>amavisd</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmamavisdctl restart<br />
<br />
<br />
'''Install/Upgrade <code>zimbra-patch</code> on mailstore node'''<br />
* As <code>root</code>, check for updates and install package:<br />
apt-get update<br />
apt-get install zimbra-patch<br />
* If <code>apache</code> is installed, upgrade the package before restarting the services:<br />
apt-get install zimbra-apache-components<br />
* If <code>spell</code> is installed, upgrade the package before restarting the services:<br />
apt-get install zimbra-spell-components<br />
* If <code>snmp</code> is installed, upgrade the package before restarting the services:<br />
apt-get install zimbra-snmp-components<br />
* Restart ZCS as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
<br />
<span class="h2">'''Zimbra Additional Zimlets'''</span><br />
<br />
Note: - You can install the packages of your choice from the below list.<br />
<br />
Install/Upgrade <code>zimbra-zimlet-slack</code>, <code>zimbra-zimlet-zoom</code>, <code>zimbra-zimlet-dropbox</code>, <code>zimbra-zimlet-google-drive</code>, <code>zimbra-zimlet-onedrive</code>, <code>zimbra-zimlet-jitsi</code>, <code>zimbra-zimlet-video-call-preferences</code>, <code>zimbra-zimlet-nextcloud</code>, <code>zimbra-zimlet-voice-message</code>, <code>zimbra-zimlet-sideloader</code>, <code>zimbra-zimlet-user-sessions-management</code>, <code>zimbra-zimlet-org-chart</code>, <code>zimbra-zimlet-privacy-protector</code> on mailstore node<br />
<br />
apt-get install zimbra-zimlet-slack<br />
apt-get install zimbra-zimlet-zoom<br />
apt-get install zimbra-zimlet-dropbox<br />
apt-get install zimbra-zimlet-google-drive<br />
apt-get install zimbra-zimlet-onedrive<br />
apt-get install zimbra-zimlet-jitsi<br />
apt-get install zimbra-zimlet-video-call-preferences<br />
apt-get install zimbra-zimlet-nextcloud<br />
apt-get install zimbra-zimlet-voice-message<br />
apt-get install zimbra-zimlet-sideloader<br />
apt-get install zimbra-zimlet-user-sessions-management<br />
apt-get install zimbra-zimlet-org-chart<br />
apt-get install zimbra-zimlet-privacy-protector<br />
<br />
* Restart Zimbra mailbox service as <code>zimbra</code> user:<br />
su - zimbra<br />
zmmailboxdctl restart</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.1&diff=69813Zimbra Releases/10.0.12023-05-31T14:22:23Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Daffodil 10.0.1 Patch Release =<br />
<br />
<div class="col-md-9"><br />
<div style="font-size:14px;" ><br />
Release Date: '''May 30, 2023'''<br />
</div><br />
<br />
Check out the [[#Security Fixes|Security Fixes]], [[#What's_New|What's New]], [[#Fixed Issues|Fixed Issues]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.0/patch_installation Patch Installation]''' steps for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
<br />
<div style="padding:1%;" ><br />
<div style="color:#f68b1f;font-size:19px;"><br />
'''IMPORTANT: Reactivation of license required'''<br />
<br />
After applying this patch, the customers will have to re-activate the license. Execute this command as a <code>zimbra</code> user:<br />
<br />
zmlicense -a<br />
<br />
</div><br />
<br />
<div style="padding:1%;" ><br />
<div style="color:#008000;font-size:19px;"><br />
'''IMPORTANT: Remove Client Uploader'''<br />
<br />
A majority of customers now use other options to distribute packages to the end users. If you want to continue use ClientUploader then follow these manual steps for installation.<br />
<br />
</div><br />
'''Redhat'''<br />
<br />
* As <code>root</code>, install the package:<br />
yum install zimbra-extension-clientuploader<br />
yum install zimbra-zimlet-admin-clientuploader<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
<br />
'''Ubuntu'''<br />
* As <code>root</code>, install the package:<br />
apt-get install zimbra-extension-clientuploader<br />
apt-get install zimbra-zimlet-admin-clientuploader<br />
* Restart <code>ZCS</code> as <code>zimbra</code> user:<br />
su - zimbra<br />
zmcontrol restart<br />
</div><br />
<br />
=Security Fixes=<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating <br />
|-<br />
|style="border: solid #ffffff;"| As part of continuous improvement, ClientUploader packages has been removed from core product and moved to an optional package<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-34193 CVE-2023-34193]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Added additional validations for 2FA login<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-29381 CVE-2023-29381]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"| The Apache package has been upgraded to version 2.4.57 to fix multiple vulnerabilities<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-25690 CVE-2023-25690]<br />
|style="border: solid #ffffff; text-align: center;"| 9.8 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Remove unused JSP file which may bypass the Preauth verification<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-29382 CVE-2023-29382]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The Apache CXF package has been upgraded to version 3.5.5 to fix SSRF vulnerability<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2022-46364 CVE-2022-46364]<br />
|style="border: solid #ffffff; text-align: center;"| 9.8 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The Spring Core package has been upgraded to version 6.0.8 to fix multiple vulnerabilities<br />
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2022-22970 CVE-2022-22970]<br />
|style="border: solid #ffffff; text-align: center;"| 5.3 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
<br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* The Apache package has been upgraded from 2.4.54 to 2.4.57<br />
* The Apache CXF package has been upgraded from 3.5.1 to 3.5.5<br />
* The Spring Core package has been upgraded from 5.3.18 to 6.0.8<br />
</div><br />
<br/><br />
== Modern Web App ==<br />
<br />
<br />
'''General'''<br />
* When opening Classic UI from Modern UI menu, Classic UI is opened in the current browser instead of opening it in a new browser tab.<br />
* Users can now configure message retention and message disposal policies.<br />
<br />
== Zimbra Connector for Outlook ==<br />
To better manage storage on Outlook, the Auto Archive feature is now available for users. The settings can be accessed at '''File -> Options -> Advanced -> AutoArchive'''. By default the feature is disabled. This feature does not support auto archiving Calendar and Shared Inbox folders but we continue to support them through Manual Archive feature.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
<br />
== Zimbra Collaboration ==<br />
* Users can now add their Google calendar as an External calendar. [https://jira.corp.synacor.com/browse/ZBUG-2802 ZBUG-2802]<br />
* On the Ubuntu systems, executing <code>zmfixperms</code> script updated incorrect permissions for the '''/var/log/zimbra.log''' file. [https://jira.corp.synacor.com/browse/ZBUG-2783 ZBUG-2783]<br />
* When using Load Balancer with a Zimbra Proxy server, if it receives multiple IP addresses in the X-Forwarded-For header, it treated it as one single IP to perform the Whitelist check which resulted in suspending it. The issue has been fixed and now a whitelist check is done on a single IP address even if multiple IP addresses are received. [https://jira.corp.synacor.com/browse/ZBUG-2250 ZBUG-2250]<br />
<br />
== Classic Web App ==<br />
* External users with authorized access were unable to view externally shared briefcase folder.<br />
* Translations have been updated for Arabic, Deutsch (German), French Canadian, Danish, Hindi, Japanese and Español (Spanish).<br />
* Permission denied error was being displayed when trying to send as distribution list or persona. [https://jira.corp.synacor.com/browse/ZBUG-3364 ZBUG-3364]<br />
<br />
== Modern Web App ==<br />
<br />
<br />
'''General'''<br />
* Addresses in To and Cc fields of an email were not being displayed intermittently when viewed in the preview pane. [https://jira.corp.synacor.com/browse/ZBUG-3398 ZBUG-3398]<br />
* When writing new e-mail the 'From' drop-down menu used to show '[object Object]' on hover of an email address. [https://jira.corp.synacor.com/browse/ZBUG-2945 ZBUG-2945]<br />
* Previously, all permissions were not displayed while adding new users in the calendar share list. Now, all permissions are displayed in this scenario. [https://jira.corp.synacor.com/browse/ZBUG-2940 ZBUG-2940]<br />
<br />
== Mobile Sync ==<br />
* On an iOS device, when manually moving an email from Inbox to the Trash folder triggered continuous move requests. The issue has been fixed.<br />
* On the Gmail App, the sharing feature is now available for Mail folders.<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
<br />
= Known Issues =<br />
<br />
== Zimbra Collaboration ==<br />
* On NG based rolling-upgrade setup and before migrating the Internal Storage data to zimbra-10 server using the NG Migration utility, disable the '''Compression''' for volumes on zimbra-10 server.<br />
* When using an external storage provider for Secondary storage, please exclude the Documents from the policy as it appears garbled after it is moved to external storage.<br />
* On a NG based rolling-upgrade setup, when either sharer or sharee is not moved to zimbra-10 server and the drive data is imported through the NG Migration utility, the drive files sharing information is not available. Hence, the shared files are not available after the import.<br />
Workaround - Before importing the Drive data for the users, move the sharee and sharer from NG server to zimbra-10 server. <br />
* When upgrading to Zimbra 10 using the rolling upgrade mechanism, if a user on Zimbra 10 shares a Briefcase file with a user on Zimbra 9, then while UI will display a 'Permission denied' error to the user on Zimbra 10, the user on Zimbra 9 still ends up receiving an email that the file has been shared. Even though the mail is received by the Zimbra 9 user, they will not be able to access the file, as the file sharing feature is not available in Zimbra 9.<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users. <br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE. <br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors <br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase. <br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue. <br />
<br />
== Mobile Sync ==<br />
* On iOS Native App, if the Mail, Calendar, and Contacts folders are shared with the user, the shares are not displayed on the App.Similarly, for Windows Outlook and Windows Native Contacts App, if the Contacts folder is shared with the user, the shares are not displayed on the App. <br />
Workaround - The user will have to reconfigure his account on the device to get the shares mounted on the device. <br />
* Exchange ActiveSync protocol currently does not support Read-Only permission sharing. It is recommended not to enable Sharing for the users having shares with Read-Only permission.<br />
* In a Rolling-upgrade environment, if a zimbra-9 user shares a calendar with zimbra-10 user, the events are not synced. <br />
Workaround - For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server. <br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App. <br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
<br />
<br />
== Backup Restore ==<br />
* When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are 'External', and zimbraBackupSkipBlobs is set to True, then emails moved secondary volume throw 'Missing Blob for item' error.<br />
* When an account is restored using backup data from NG external secondary volume, the account is displaying garbled data for emails on the destination server.<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== Briefcase == <br />
* The <code>zimbraFileUploadMaxSize</code> cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.<br />
<br />
= Packages = <br />
The package lineup for this release is:<br />
<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 10.0.1.1684843569-2<br />
zimbra-mta-patch -> 10.0.1.1684337416-1<br />
zimbra-proxy-patch -> 10.0.1.1684242137-1<br />
zimbra-ldap-patch -> 10.0.1.1684242137-1<br />
zimbra-common-core-jar -> 10.0.1.1684124726-1<br />
zimbra-mbox-war -> 10.0.1.1684124726-1<br />
zimbra-mbox-ews-service -> 10.0.1.1683869041-1<br />
zimbra-common-core-libs -> 10.0.1.1678343103-1<br />
zimbra-mbox-webclient-war -> 10.0.1.1684143400-1<br />
zimbra-mbox-admin-console-war -> 10.0.1.1684142169-1<br />
zimbra-modules-porter -> 1.0.0.1683867991-1<br />
zimbra-httpd -> 2.4.57-1zimbra8.7b4<br />
zimbra-apache-components -> 2.0.10-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.11-1zimbra8.8b1 ( RHEL8, UBUNTU20: 2.0.12-1zimbra8.8b1 )<br />
zimbra-zco -> 9.0.0.1930.1684419492-1<br />
zimbra-extension-clientuploader -> 1.0.0.1683611258-1<br />
zimbra-zimlet-admin-clientuploader -> 8.0.0<br />
zimbra-modern-ui -> 4.32.0.1684838829-1<br />
zimbra-modern-zimlets -> 4.32.0.1684838829-1<br />
zimbra-zimlet-set-default-client -> 10.1.0.1684745565-1<br />
zimbra-zimlet-secure-mail -> 2.2.0.1684238166-1<br />
zimbra-zimlet-document-editor -> 11.0.0.1684238166-1<br />
<br />
{{PatchInstallationLink_10.0.0|Version=10.0.1| <br />
}}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=SOAP_API_Reference_Material&diff=69769SOAP API Reference Material2023-05-24T03:58:06Z<p>Dawood Shaikh: Dawood Shaikh moved page SOAP API Reference Material to SOAP API Reference Manual</p>
<hr />
<div>#REDIRECT [[SOAP API Reference Manual]]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=SOAP_API_Reference_Manual&diff=69768SOAP API Reference Manual2023-05-24T03:58:06Z<p>Dawood Shaikh: Dawood Shaikh moved page SOAP API Reference Material to SOAP API Reference Manual</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=SOAP API Reference Material beginning with Zimbra Collaboration 8.0=<br />
{{KB|{{ZC}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.0}}|}}<br />
{{WIP}}The following links are to the online Zimbra SOAP API reference materials, beginning with Zimbra Collaboration Server 8.0. Changes made for future releases will be added as change log directories to this page.<br />
<br />
== ZCS 10.0.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/10.0.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/10.0.0/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/10.0.0/api-changelog/index.html HTML]<br />
<br />
== ZCS 9.0.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/9.0.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/9.0.0/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/9.0.0/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/9.0.0/soapapi-changelog.zip ZIP]<br />
<br />
<br />
== ZCS 8.8.15 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.8.15/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.8.15/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.8.15/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.8.15/soapapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.8.8 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.8.8/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.8.8/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.8.8/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.8.8/soapapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.7.11 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.7.11/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.7.11/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.7.11/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.7.11/soapapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.7.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.7.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.7.0/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.7.0/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.7.0/soapapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.6.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.6.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.6.0/soapapi-zimbra-doc860.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.6.0/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.6.0/soapapi-changelog860.zip ZIP]<br />
<br />
== ZCS 8.5.1 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.5.1/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.5.1/soapapi-zimbra-doc851.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.5.1/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.5.1/soapapi-changelog851.zip ZIP]<br />
<br />
== ZCS 8.5.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.5.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.5.0/soapapi-zimbra-doc-850.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.5.0/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.5.0/soapapi-changelog-850.zip ZIP]<br />
<br />
== ZCS 8.0.9 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.9/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.9/soapapi-zimbra-doc809.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.9/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.9/soapapi-changelog809.zip ZIP]<br />
<br />
== ZCS 8.0.7 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.7/soap-docs-807/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.7/soapapi-zimbra-doc-807.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.7/soap-docs-807/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.7/soapapi-changelog-807.zip ZIP]<br />
<br />
== ZCS 8.0.6 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.6/soap-docs-806/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.6/soapapi-zimbra-doc-806.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.6/soap-docs-806/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.6/soapapi-changelog-806.zip ZIP]<br />
<br />
== ZCS 8.0.5 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.5/soap-docs-805/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.5/soapapi-zimbra-doc-805.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.5/soap-docs-805/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.5/soapapi-changelog-805.zip ZIP]<br />
<br />
== ZCS 8.0.4 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.4/soap-docs-804/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.4/soapapi-zimbra-doc-804.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.4/soap-docs-804/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.4/soapapi-changelog-804.zip ZIP]<br />
<br />
== ZCS 8.0.2 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.2/soapapi-zimbra-doc/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.2/soapapi-zimbra-doc-802.zip ZIP]<br />
<br />
== ZCS 8.0.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0/soapapi-zimbra-doc/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0/soapapi-zimbra-doc-80.zip ZIP]<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration Server 8.0|4/2014}}<br />
<br />
[[Category:ZCS 8.6]]<br />
[[Category:ZCS 8.5]]<br />
[[Category:ZCS 8.0]]<br />
[[Category:SOAP]]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=SOAP_API_Reference_Material_Beginning_with_ZCS_8&diff=69767SOAP API Reference Material Beginning with ZCS 82023-05-24T03:57:43Z<p>Dawood Shaikh: Dawood Shaikh moved page SOAP API Reference Material Beginning with ZCS 8 to SOAP API Reference Material: Has all version data</p>
<hr />
<div>#REDIRECT [[SOAP API Reference Material]]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=SOAP_API_Reference_Manual&diff=69766SOAP API Reference Manual2023-05-24T03:57:43Z<p>Dawood Shaikh: Dawood Shaikh moved page SOAP API Reference Material Beginning with ZCS 8 to SOAP API Reference Material: Has all version data</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=SOAP API Reference Material beginning with Zimbra Collaboration 8.0=<br />
{{KB|{{ZC}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.0}}|}}<br />
{{WIP}}The following links are to the online Zimbra SOAP API reference materials, beginning with Zimbra Collaboration Server 8.0. Changes made for future releases will be added as change log directories to this page.<br />
<br />
== ZCS 10.0.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/10.0.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/10.0.0/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/10.0.0/api-changelog/index.html HTML]<br />
<br />
== ZCS 9.0.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/9.0.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/9.0.0/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/9.0.0/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/9.0.0/soapapi-changelog.zip ZIP]<br />
<br />
<br />
== ZCS 8.8.15 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.8.15/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.8.15/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.8.15/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.8.15/soapapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.8.8 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.8.8/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.8.8/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.8.8/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.8.8/soapapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.7.11 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.7.11/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.7.11/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.7.11/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.7.11/soapapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.7.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.7.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.7.0/soapapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.7.0/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.7.0/soapapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.6.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.6.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.6.0/soapapi-zimbra-doc860.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.6.0/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.6.0/soapapi-changelog860.zip ZIP]<br />
<br />
== ZCS 8.5.1 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.5.1/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.5.1/soapapi-zimbra-doc851.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.5.1/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.5.1/soapapi-changelog851.zip ZIP]<br />
<br />
== ZCS 8.5.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.5.0/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.5.0/soapapi-zimbra-doc-850.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.5.0/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.5.0/soapapi-changelog-850.zip ZIP]<br />
<br />
== ZCS 8.0.9 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.9/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.9/soapapi-zimbra-doc809.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.9/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.9/soapapi-changelog809.zip ZIP]<br />
<br />
== ZCS 8.0.7 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.7/soap-docs-807/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.7/soapapi-zimbra-doc-807.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.7/soap-docs-807/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.7/soapapi-changelog-807.zip ZIP]<br />
<br />
== ZCS 8.0.6 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.6/soap-docs-806/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.6/soapapi-zimbra-doc-806.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.6/soap-docs-806/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.6/soapapi-changelog-806.zip ZIP]<br />
<br />
== ZCS 8.0.5 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.5/soap-docs-805/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.5/soapapi-zimbra-doc-805.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.5/soap-docs-805/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.5/soapapi-changelog-805.zip ZIP]<br />
<br />
== ZCS 8.0.4 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.4/soap-docs-804/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.4/soapapi-zimbra-doc-804.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/soap_api/8.0.4/soap-docs-804/api-changelog/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.4/soapapi-changelog-804.zip ZIP]<br />
<br />
== ZCS 8.0.2 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0.2/soapapi-zimbra-doc/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0.2/soapapi-zimbra-doc-802.zip ZIP]<br />
<br />
== ZCS 8.0.0 ==<br />
<br />
'''SOAP API''': [https://files.zimbra.com/docs/soap_api/8.0/soapapi-zimbra-doc/api-reference/index.html HTML] | [https://files.zimbra.com/docs/soap_api/8.0/soapapi-zimbra-doc-80.zip ZIP]<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration Server 8.0|4/2014}}<br />
<br />
[[Category:ZCS 8.6]]<br />
[[Category:ZCS 8.5]]<br />
[[Category:ZCS 8.0]]<br />
[[Category:SOAP]]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Template:NGMigrationBetaWarning&diff=69688Template:NGMigrationBetaWarning2023-04-20T10:41:13Z<p>Dawood Shaikh: </p>
<hr />
<div><div class="alert alert-dark fade in"> <p>'''NOTE:''' This migration utility is being released as beta and should be tested on dev/test environment(s) before using it on production data.</p></div></div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Template:NGMigrationBetaWarning&diff=69687Template:NGMigrationBetaWarning2023-04-20T10:38:49Z<p>Dawood Shaikh: </p>
<hr />
<div><div class="alert alert-dark fade in"> <p>'''NOTE:''' This guide and the migration utility are being released as beta and should be tested on dev/test environment(s) before using it on production data.</p></div></div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Template:NGMigrationBetaWarning&diff=69686Template:NGMigrationBetaWarning2023-04-20T10:36:58Z<p>Dawood Shaikh: Created page with "This guide and the migration utility are being released as beta and should be tested on dev/test environment(s) before using it on production data."</p>
<hr />
<div>This guide and the migration utility are being released as beta and should be tested on dev/test environment(s) before using it on production data.</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Template:Product-version&diff=69685Template:Product-version2023-04-20T10:28:24Z<p>Dawood Shaikh: Created page with "Daffodil (v10)"</p>
<hr />
<div>Daffodil (v10)</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Template:Product-provider&diff=69684Template:Product-provider2023-04-20T10:28:01Z<p>Dawood Shaikh: Created page with "Zimbra"</p>
<hr />
<div>Zimbra</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P32&diff=69592Zimbra Releases/8.8.15/P322023-03-24T12:28:52Z<p>Dawood Shaikh: /* Platform */</p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 32 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
<br/><br />
<div style="padding:1%; color:#008000;font-size:19px;" ><br />
'''NOTICE: Clear to proceed with patch upgrade'''<br />
<br />
As of this time, we have addressed the previously identified issues with the patch release, and recommend customers proceed with this upgrade. As always, we recommend following best practices during patch upgrades (including taking backups of key data and config). We apologize for this unfortunate event.<br />
</div><br />
<br/><br />
== Zimbra Suite Plus issue fixed for FOSS == <br />
<div style="padding:1%; color:#008000;font-size:18px;" ><br />
The issue with Zimbra Suite Plus has been fixed. Customers are requested to re-run existing <code>install.sh</code> script which will download latest packages from the repo.<br />
</div><br />
<br />
== Change in upgrade process for 8.8.15 Patch 32== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' section to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Fix Patch Version<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded OpenSSL to 1.1.1n to avoid DoS vulnerability.<br />
|style="border: solid #ffffff;"| [https://access.redhat.com/security/cve/cve-2022-0778 CVE-2022-0778]<br />
|style="border: solid #ffffff;text-align:center;"| 7.5<br />
|style="border: solid #ffffff;text-align:center;"| Low<br />
|style="border: solid #ffffff;text-align:center;"| 8.8.15 P32<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded Jetty to 9.4.46 to avoid vulnerability due to large TLS packets causing 100% CPU usage.<br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2021-28165 CVE-2021-28165]<br />
|style="border: solid #ffffff;text-align:center;"| 7.5<br />
|style="border: solid #ffffff;text-align:center;"| Low<br />
|style="border: solid #ffffff;text-align:center;"| 8.8.15 P32<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded mina-core to version 2.1.6<br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2019-0231 CVE-2019-0231]<br />
|style="border: solid #ffffff;text-align:center;"| 7.5<br />
|style="border: solid #ffffff;text-align:center;"| Low<br />
|style="border: solid #ffffff;text-align:center;"| 8.8.15 P32<br />
|-<br />
|style="border: solid #ffffff;"|Fixed an issue with Zimbra Classic WebApp where input sanitization was required in displaying attachment data.<br />
|style="border: solid #ffffff;"| TBD<br />
|style="border: solid #ffffff;text-align:center;"| TBD<br />
|style="border: solid #ffffff;text-align:center;"| Medium<br />
|style="border: solid #ffffff;text-align:center;"| 8.8.15 P32<br />
|-<br />
|}<br />
<br />
* Vulnerability in RARLAB UnRAR before 6.12 has been identified [https://nvd.nist.gov/vuln/detail/CVE-2022-30333 CVE-2022-30333] and has a score of 7.5 - HIGH. Zimbra has made configuration changes to use the 7zip package instead of unrar. Customers are requested to remove the unrar package (if installed) and use 7zip instead. <br />
<br />
= What's New =<br />
<br />
{{BetaWarning}}<br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
'''Rocky Linux 8 Support (Beta)'''<br />
<br />
We are nearing the end of our extensive QA cycle for this major upgrade. Watch for the GA announcement in an upcoming patch release.<br />
</div><br />
<br />
== Package Upgrade ==<br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
* Log4j package has been upgraded to version 2.17.1 which includes [https://nvd.nist.gov/vuln/detail/CVE-2021-44228 CVE-2021-44228], [https://nvd.nist.gov/vuln/detail/CVE-2021-45105 CVE-2021-45105], [https://nvd.nist.gov/vuln/detail/CVE-2019-17571 CVE-2019-17571] fixes. As communicated in earlier patch releases, Zimbra was not impacted by any of these security issues since Zimbra was using an older version of Log4j. Please refer to [https://wiki.zimbra.com/wiki/Log4j2 wiki] for changes in the logging options. <br />
* OpenJDK package has been upgraded to version 17.0.2<br />
* SpamAssassin package has been upgraded to version 3.4.6.<br />
* ClamAV package has been upgraded to version 0.103.3.<br />
* OpenSSL has been upgraded to version 1.1.1n.<br />
* Jetty has been upgraded to version 9.4.46.<br />
* Mina-core has been upgraded to version 2.1.6<br />
</div><br />
<br />
== Platform ==<br />
* A new attribute '''zimbra_gal_fallback_ldap_search_enabled''' has been introduced to control the AutoComplete request being sent to LDAP server. The default value of the attribute is TRUE. If we have a galsync account, the autocomplete request would be served from the galsync account. In case galsync account is not present, the autocomplete requests will be then served from the LDAP server.<br />
* Support to add a warning for messages arriving from the external domain is now available. Introduced two new localconfig attributes:<br />
** zimbra_external_email_warning_enabled - Attribute to enable/disable the feature. Default is disabled.<br />
** zimbra_external_email_warning_message - Attribute the message to be displayed for external emails.<br />
For more information on how to setup the feature, please refer to the [https://zimbra.github.io/adminguide/latest/#_message_banner_for_mails_from_external_domains Admin Guide] section.<br />
* To promote better password security, a new feature has been introduced to restrict users from using their names in the password when changing or resetting it. The feature is controlled by a local config attribute '''allow_username_within_password'''. The default value is false. When set to true, users won't be allowed to specify their username in the password when changing or resetting it.<br />
<br />
= Fixed Issues =<br />
<br />
== Platform ==<br />
* In the previous patch, SameSite cookie support was added to enhance security and protect against increasingly commonplace Cross Site Request Forgery ("CSRF") attacks. The default value of the local config variable zimbra_same_site_cookie was set to '''Strict'''. For a few of our customers, under certain conditions, it caused pre-auth and webmail login failures. From this patch onwards, the default value of the local config variable <code>zimbra_same_site_cookie</code> has been set to '''None'''. <br />
** For customers who want to use the SameSite cookie, the following is the guidance:<br />
*** If using Pre-auth for logins or Zimbra proxy in both http, https or both modes, and the <code>zimbraPublicServiceHostname</code> attribute is not set, please set it by following the instructions:<br />
**** Check the Zimbra Proxy mode. As a zimbra user, execute these commands:<br />
***** For cos - ''zmprov gc cos_name zimbraReverseProxyMailMode''<br />
***** For server - ''zmprov gs server_name zimbraReverseProxyMailMode''<br />
**** Check if the Public Service hostname is set on global and domain levels:<br />
***** ''zmprov gcf cos_name zimbraPublicServiceHostname''<br />
***** ''zmprov gd domain_name zimbraPublicServiceHostname''<br />
**** Set Public Service hostname. Zimbra recommends setting it on the global level:<br />
***** ''zmprov mcf zimbraPublicServiceHostname webmail_login_domain_name''<br />
*** After making the above changes, the local config variable <code>zimbra_same_site_cookie</code> may be reset first to Lax (for testing) and then to Strict to obtain the highest level of protection available. As a zimbra user, you can run the following command<br />
**** To set it to Lax:<br />
***** ''zmlocalconfig -e zimbra_same_site_cookie=Lax''<br />
****To set it to Strict:<br />
***** ''zmlocalconfig -e zimbra_same_site_cookie=Strict'' <br />
**** Restart services:<br />
***** ''zmcontrol restart''<br />
* Zimbra's DNS cache service now supports DNSSEC validation.<br />
* When generating CSR, the preview appeared blank. The issue has been fixed.<br />
* When the user shares the root level folder with another user and sets '''zimbraPrefSharedAddrBookAutoCompleteEnabled''' to TRUE, autocomplete request failed for sharee. The issue has been fixed.<br />
* Changes made to the '''zimbraAmavisOutboundDisclaimersOnly''' attribute did not take effect after restarting the MTA service. The issue has been fixed.<br />
* When the user enabled 2FA for his account, it was still possible to bypass it and list the Briefcase contents. The issue has been fixed.<br />
* If the user has added an external IMAP account and creates or edits a Draft, it was not getting synced to the external account. The issue has been fixed.<br />
* In a multi-node environment, a user has "sendAs" delegation rights of the user situated on another node, if he tries to send an XML file as an attachment, it gets corrupted. The issue has been fixed.<br />
* When using EWS, if the user had a Common Name (CN) and Display Name(DN) set, the CN was always used when sending a meeting request. The issue has been fixed. If DN and CN are set, then use DN will be used as the Organizer name. If DN is not set and CN is set, then CN will be used as Organizer's name.<br />
* If an account has multiple aliases, they were not getting displayed in autocomplete when composing a message. The issue has been fixed.<br />
* Corrected the description of '''zimbraFeatureMailForwardingInFiltersEnabled''' attribute from '''''enable end-user mail forwarding''''' to '''''enable end-user mail redirecting'''''.<br />
* The JDK version 13 contains a bug wherein under certain random conditions (depending on load/memory), the JVM may crash. The issue has been fixed by upgrading the JDK to version 17.<br />
<br />
== Web UX - Classic ==<br />
* Fixed a regression bug that prevented SAML SP initiated log out from working correctly.<br />
* In the previous patch, the default search folder was set to the shared contact folder instead of the Inbox. The issue has been fixed.<br />
* Fixed a regression bug that prevented SAML SP initiated log out from working correctly.<br />
* In the Tasks tab, If the user sets *Subject* as a default sort, it was not maintained after visiting other tabs or reloading the UI. The issue has been fixed.<br />
* Corrected date format for the Portuguese language.<br />
<br />
== HSM ==<br />
* Now the doMailboxMove operation skips non-local accounts to avoid issues caused by running the command on the wrong server.<br />
* To make the new volume creation experience simpler for the admins, bucket creation has been split by the volume creation commands. Admins can now create a new bucket and then pass its UUID to the volume creation command.<br />
<br />
== NG Auth ==<br />
* Fixed a bug that made the mobile apps able to bypass the Zimbra Network 2FA.<br />
<br />
== NG Backup ==<br />
* To make the external restore operation more reliable and avoid errors, now the mailboxes quota is removed during the restore operation. The quota is set back once the operation completes successfully.<br />
* Fixed a bug that prevented the doItemSearch command to work properly. Now the command returns the results according to the given filters.<br />
<br />
== NG Mobile ==<br />
* ABQ API has been reworked to fix a bug that prevented the set command from working with devices not already present in the list.<br />
* A new abq_enabled_at_startup attribute has been added to the configuration to avoid the ABQ feature being loaded at server startup if not used to save the server’s resources.<br />
<br />
== NG Modules ==<br />
* Firebase-token-renewer-service has been completely removed.<br />
* Fixed a bug that prevented the right-click from working properly on contacts and calendars folders using Internet Explorer 11 when com_zextras_client zimlet is enabled.<br />
<br />
== Zimbra Connect ==<br />
* Fixed a bug that caused a room to disappear when moved between the servers.<br />
* Now using internal mode, the resources are kept after the user close the call. The result is that the tab keep the red-dot on the browser’s tab<br />
* Fixed the issue - if user manually opens the minichat, it works, but if the setting is set to automatically open the minichat for each message, it’s not working automatically.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[[#Patch Installation|Patch Installation]]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
{{PatchInstallation-8815V2|Version=8.8.15 Patch 32|Packages=<br />
FOSS:<br />
'''PackageName''' '''Version''' <br />
zimbra-patch -> 8.8.15.1655471268.p32-2<br />
zimbra-mta-patch -> 8.8.15.1655471268.p32-1<br />
zimbra-mta-components -> 1.0.15-1zimbra8.8b1<br />
zimbra-proxy-patch -> 8.8.15.1655471268.p32-1<br />
zimbra-proxy-components -> 1.0.10-1zimbra8.8b1<br />
zimbra-php -> 7.4.27-1zimbra8.7b3<br />
zimbra-httpd -> 2.4.53-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.7-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-nginx -> 1.20.0-1zimbra8.8b3<br />
zimbra-ldap-patch -> 8.8.15.1655471268.p32-1<br />
zimbra-common-core-jar -> 8.8.15.1655458176-1<br />
zimbra-common-core-libs -> 8.8.15.1654854265-1<br />
zimbra-mbox-conf -> 8.8.15.1568012813-1<br />
zimbra-mbox-service -> 8.8.15.1568694943-1<br />
zimbra-mbox-store-libs -> 8.8.15.1654854265-1<br />
zimbra-mbox-war -> 8.8.15.1655458176-1<br />
zimbra-mbox-admin-console-war -> 8.8.15.1653031987-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1654769776-1<br />
zimbra-drive -> 1.0.13.1576152256-1<br />
zimbra-timezone-data -> 2.0.1.1646993388-1<br />
zimbra-openjdk -> 17.0.2-1zimbra8.8b1<br />
zimbra-openjdk-cacerts -> 1.0.8-1zimbra8.7b1<br />
zimbra-openssl -> 1.1.1n-1zimbra8.7b4<br />
zimbra-openldap-lib -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-client -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-server -> 2.4.59-1zimbra8.8b5<br />
zimbra-ldap-components -> 1.0.16-1zimbra8.8b1<br />
zimbra-core-components -> 2.0.16-1zimbra8.8b1<br />
zimbra-postfix -> 3.6.1-1zimbra8.7b3<br />
zimbra-postfix-logwatch -> 1.40.03-1zimbra8.7b1<br />
zimbra-clamav -> 0.103.3-1zimbra8.8b3<br />
zimbra-perl-mail-spamassassin -> 3.4.6-1zimbra8.8b3<br />
zimbra-spamassassin-rules -> 1.0.0-1zimbra8.8b5<br />
zimbra-openldap-server -> 2.4.59-1zimbra8.8b5<br />
zimbra-chat -> 3.0.2.1655178187-1<br />
<br />
<br />
NETWORK: <br />
'''Package Name''' '''Version''' <br />
zimbra-patch -> 8.8.15.1655471268.p32-2<br />
zimbra-mbox-ews-service -> 8.8.15.1654977069-1<br />
zimbra-drive-ng -> 3.0.16.1637855904-1<br />
zimbra-network-modules-ng -> 6.0.34.1652960218-1<br />
zimbra-docs -> 3.0.8.1616090809-1<br />
zimbra-connect -> 1.0.29.1635424238-1<br />
zimbra-zco -> 8.8.15.1919.1647367453-1<br />
zimbra-zimlet-auth -> 1.0.4.1652971904-1<br />
}}<br />
<br />
===Upgraded 3rd Party Packages===<br />
* OpenSSL and Postfix TLS 1.3 GA Packages<br />
The packages for RHEL7, UBUNTU16, UBUNTU18 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1n-1zimbra8.7b4<br />
zimbra-postfix : 3.6.1-1zimbra8.7b3<br />
zimbra-nginx : 1.20.0-1zimbra8.8b2<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b2<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.59-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.103.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b3<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b3<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3<br />
zimbra-httpd : 2.4.53-1zimbra8.7b3<br />
zimbra-php : 7.4.27-1zimbra8.7b3<br />
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1<br />
zimbra-perl : 1.0.5-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.7-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.8-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.14-1zimbra8.8b1<br />
zimbra-core-components : 2.0.14-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.9-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 1.0.14-1zimbra8.8b1<br />
<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The GA packages for RHEL8, UBUNTU20 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1n-1zimbra8.7b4<br />
zimbra-postfix : 3.6.1-1zimbra8.7b3<br />
zimbra-nginx : 1.20.0-1zimbra8.8b2<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.59-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.103.2-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b4<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b4<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4<br />
zimbra-httpd : 2.4.53-1zimbra8.7b3<br />
zimbra-php : 7.4.27-1zimbra8.7b3<br />
zimbra-perl : 1.0.6-1zimbra8.7b1 <br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.7-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.9-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.14-1zimbra8.8b1<br />
zimbra-core-components : 2.0.14-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.9-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 1.0.14-1zimbra8.8b1<br />
<br />
The updated GA packages are:<br />
<br />
'''Package''' '''Old-Version''' '''New-Version'''<br />
postfix 3.5.6 3.6.1<br />
openssl 1.1.1l 1.1.1n<br />
openldap 2.4.49 2.4.59<br />
nginx 1.19.0 1.20.0<br />
postfix-logwatch 1.40.01 1.40.03<br />
io-socket-ssl 2.020 2.068<br />
xml-simple 2.20 2.25<br />
crypt-openssl-rsa 0.28 0.31<br />
net-snmp 5.7.3 5.8<br />
dbd-mysql 4.033 4.050<br />
apr-util 1.5.4 1.6.1<br />
unbound 1.5.9 1.11.0<br />
net-ssleay 1.72 1.88<br />
PHP 7.3.25 7.4.27<br />
httpd 2.4.51 2.4.53<br />
<br />
* Nginx TLS 1.3 Packages<br />
The GA packages for RHEL7, RHEL8, UBUNTU16, UBUNTU18, UBUNTU20 are:<br />
'''PackageName''' '''Version'''<br />
zimbra-nginx -> 1.20.0-1zimbra8.8b2<br />
zimbra-proxy-patch -> 8.8.15.1655471268.p32-1<br />
zimbra-proxy-components -> 1.0.10-1zimbra8.8b1<br />
<br />
= Quick note: Open Source repo =<br />
The steps to download, build, and see our code via Github can be found here:<br />
[https://github.com/Zimbra/zm-build https://github.com/Zimbra/zm-build]<br />
<br />
= Jira Summary =<br />
== Jira Tickets fixed in 8.8.15 Patch 32 ==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11416<br />
|style="border: solid #ffffff;vertical-align:middle;"|Move room fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11415<br />
|style="border: solid #ffffff;vertical-align:middle;"|Red dot of camera is kept after meetings on internal mode<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11414<br />
|style="border: solid #ffffff;vertical-align:middle;"|Minichat are not opening on Suite<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11412<br />
|style="border: solid #ffffff;vertical-align:middle;"|Firebase-token-renewer-service has been completely removed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11411<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mailbox move skips non-local accounts<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11410<br />
|style="border: solid #ffffff;vertical-align:middle;"|Splitted volumes and buckets creation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11409<br />
|style="border: solid #ffffff;vertical-align:middle;"|ABQ set commands fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11408<br />
|style="border: solid #ffffff;vertical-align:middle;"|ABQ disabled at startup<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11407<br />
|style="border: solid #ffffff;vertical-align:middle;"|Right-click on contact and calendar folders fixed for IE11<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11405<br />
|style="border: solid #ffffff;vertical-align:middle;"|External restore operation quota override<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11404<br />
|style="border: solid #ffffff;vertical-align:middle;"|doItemSearch command fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11403<br />
|style="border: solid #ffffff;vertical-align:middle;"|Zimbra Network 2FA honoured by mobile apps<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11349<br />
|style="border: solid #ffffff;vertical-align:middle;"|Toggle off direct searches for autocomplete and galsync against Zimbra LDAP<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11344<br />
|style="border: solid #ffffff;vertical-align:middle;"|Set the default value zimbra_same_site_cookie to Empty<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11116<br />
|style="border: solid #ffffff;vertical-align:middle;"|Update Java JRE Version<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11096<br />
|style="border: solid #ffffff;vertical-align:middle;"|Implementation - milter to add a warning message when a email came from outside our organisation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10678<br />
|style="border: solid #ffffff;vertical-align:middle;"|Server Side work to Force users not to use username in the password<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2807<br />
|style="border: solid #ffffff;vertical-align:middle;"|Attacker got access to user's email.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2781<br />
|style="border: solid #ffffff;vertical-align:middle;"|SAML SP-initiated logout does not work - zimbraWebClientLogoutURL (8.8.15)<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2772<br />
|style="border: solid #ffffff;vertical-align:middle;"|[Security] Vulnerability in Unrar leading to Pre-Auth RCE in Zimbra<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2762<br />
|style="border: solid #ffffff;vertical-align:middle;"|In Webclient the search bar is set to search in a shared contact folder instead of a inbox folder<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2738<br />
|style="border: solid #ffffff;vertical-align:middle;"|Create a hash of the key in Nginx instead of raw value<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2734<br />
|style="border: solid #ffffff;vertical-align:middle;"|webmail login not work when proxy set to accept both http and https request.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2732<br />
|style="border: solid #ffffff;vertical-align:middle;"|View mail admin feature no longer working in latest patch ZCS 9 P24<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2723<br />
|style="border: solid #ffffff;vertical-align:middle;"|dnscache service does not support DNSSEC validation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2713<br />
|style="border: solid #ffffff;vertical-align:middle;"|Zimbra OpenSSL needs to update to 1.1.1n for CVE-2022-0778<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2666<br />
|style="border: solid #ffffff;vertical-align:middle;"|No information for CSR review operation from ZimbraWebAdmin<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2633<br />
|style="border: solid #ffffff;vertical-align:middle;"|DoS Zimbra is vulnerable to CVE-2021-28165- Jetty pins when large TLS packet is sent<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2627<br />
|style="border: solid #ffffff;vertical-align:middle;"|(JDK-8228811) JVM/mailboxd can crash endlessly with JDK 13.0.1<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2588<br />
|style="border: solid #ffffff;vertical-align:middle;"|Autocomplete bug with "/" shares<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2583<br />
|style="border: solid #ffffff;vertical-align:middle;"|mina-core-2.0.4.jar is vulnerable; CVE-2019-0231, CVE-2019-0231<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2578<br />
|style="border: solid #ffffff;vertical-align:middle;"|CVE-2021-45105<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2571<br />
|style="border: solid #ffffff;vertical-align:middle;"|"RCE 0-day exploit vulnerability found in log4j "<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2569<br />
|style="border: solid #ffffff;vertical-align:middle;"|Attribute zimbraAmavisOutboundDisclaimersOnly does not work after restarting MTA service<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2477<br />
|style="border: solid #ffffff;vertical-align:middle;"|Upgrade ClamAV to latest version 0.103.3<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2426<br />
|style="border: solid #ffffff;vertical-align:middle;"|SAML SP-initiated logout does not work - zimbraWebClientLogoutURL<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2390<br />
|style="border: solid #ffffff;vertical-align:middle;"|Briefcase content accessible without 2FA<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2361<br />
|style="border: solid #ffffff;vertical-align:middle;"|Modified Draft not synced to external imap account<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2322<br />
|style="border: solid #ffffff;vertical-align:middle;"|Task not getting sorted<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2233<br />
|style="border: solid #ffffff;vertical-align:middle;"|SA Version 3.4.5 issues<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2207<br />
|style="border: solid #ffffff;vertical-align:middle;"|Update Java JRE Version<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2119<br />
|style="border: solid #ffffff;vertical-align:middle;"|Xml attachment truncated if sent from account with "sendAs" delegation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1975<br />
|style="border: solid #ffffff;vertical-align:middle;"|Portuguese, Date format showing wrong<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1860<br />
|style="border: solid #ffffff;vertical-align:middle;"|Wrong encoding of organizer with ios mail client<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1838<br />
|style="border: solid #ffffff;vertical-align:middle;"|Auto complete displaying single email address from matching account<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1455<br />
|style="border: solid #ffffff;vertical-align:middle;"|zimbraFeatureMailForwardingInFiltersEnabled, Attribute funtionality is wrong<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1335<br />
|style="border: solid #ffffff;vertical-align:middle;"|log4j-1.2.16.jar is vulnerable reported in CVE-2019-17571<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2838<br />
|style="border: solid #ffffff;vertical-align:middle;"|Log4j packages are not being updated to V2 for ldap servers in some instances<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2837<br />
|style="border: solid #ffffff;vertical-align:middle;"|zmconfigd failing on ldap node after updating to the latest patch <br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2835<br />
|style="border: solid #ffffff;vertical-align:middle;"|/var/log/syslog filling after applying the patch 8.8.15 patch 32<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2834<br />
|style="border: solid #ffffff;vertical-align:middle;"|No INFO logs while redeploying the Zimlets after updated the ZCS v9.0.0 P25.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2831<br />
|style="border: solid #ffffff;vertical-align:middle;"|SMTP authentication failure with 2FA application passcode<br />
|-<br />
|}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P25&diff=69591Zimbra Releases/9.0.0/P252023-03-24T12:27:59Z<p>Dawood Shaikh: /* Platform */</p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 25 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
<div style="padding:1%; color:#008000;font-size:19px;" ><br />
'''NOTICE: Clear to proceed with patch upgrade'''<br />
<br />
As of this time, we have addressed the previously identified issues with the patch release, and recommend customers proceed with this upgrade. As always, we recommend following best practices during patch upgrades (including taking backups of key data and config). We apologize for this unfortunate event.<br />
</div><br />
<br/><br />
<br />
== Change in upgrade process for 9.0.0 Patch 25== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[[#Patch Installation|Patch Installation]]''' section to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
==Security Fixes==<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score<br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating <br />
!style="background-color:#f15922; color: white; border:solid #ffffff"|Fix Patch Version<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded OpenSSL to 1.1.1n to avoid DoS vulnerability.<br />
|style="border: solid #ffffff;"| [https://access.redhat.com/security/cve/cve-2022-0778 CVE-2022-0778]<br />
|style="border: solid #ffffff;text-align:center;"| 7.5<br />
|style="border: solid #ffffff;text-align:center;"| Low<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P25<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded Jetty to 9.4.46 to avoid vulnerability due to large TLS packets causing 100% CPU usage.<br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2021-28165 CVE-2021-28165]<br />
|style="border: solid #ffffff;text-align:center;"| 7.5<br />
|style="border: solid #ffffff;text-align:center;"| Low<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P25<br />
|-<br />
|style="border: solid #ffffff;"|Upgraded mina-core to version 2.1.6<br />
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2019-0231 CVE-2019-0231]<br />
|style="border: solid #ffffff;text-align:center;"| 7.5<br />
|style="border: solid #ffffff;text-align:center;"| Low<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P25<br />
|-<br />
|style="border: solid #ffffff;"|Fixed an issue with Zimbra Classic WebApp where input sanitization was required in displaying attachment data.<br />
|style="border: solid #ffffff;"| TBD<br />
|style="border: solid #ffffff;text-align:center;"| TBD<br />
|style="border: solid #ffffff;text-align:center;"| Medium<br />
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P25<br />
|-<br />
|}<br />
<br />
* Vulnerability in RARLAB UnRAR before 6.12 has been identified [https://nvd.nist.gov/vuln/detail/CVE-2022-30333 CVE-2022-30333] and has a score of 7.5 - HIGH. Zimbra has made configuration changes to use the 7zip package instead of unrar. Customers are requested to remove the unrar package (if installed) and use 7zip instead. <br />
<br />
<br />
= What's New =<br />
<br />
{{BetaWarning}}<br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
'''Rocky Linux 8 Support (Beta)'''<br />
<br />
We are nearing the end of our extensive QA cycle for this major upgrade. Watch for the GA announcement in an upcoming patch release.<br />
</div><br />
<br />
== Package Upgrade ==<br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
* Log4j package has been upgraded to version 2.17.1 which includes [https://nvd.nist.gov/vuln/detail/CVE-2021-44228 CVE-2021-44228], [https://nvd.nist.gov/vuln/detail/CVE-2021-45105 CVE-2021-45105], [https://nvd.nist.gov/vuln/detail/CVE-2019-17571 CVE-2019-17571] fixes. As communicated in earlier patch releases, Zimbra was not impacted by any of these security issues since Zimbra was using an older version of Log4j. Please refer to [https://wiki.zimbra.com/wiki/Log4j2 wiki] for changes in the logging options. <br />
* OpenJDK package has been upgraded to version 17.0.2<br />
* SpamAssassin package has been upgraded to version 3.4.6.<br />
* ClamAV package has been upgraded to version 0.103.3.<br />
* OpenSSL has been upgraded to version 1.1.1n.<br />
* Jetty has been upgraded to version 9.4.46.<br />
* Mina-core has been upgraded to version 2.1.6<br />
</div><br />
<br />
== Platform ==<br />
* A new attribute '''zimbra_gal_fallback_ldap_search_enabled''' has been introduced to control the AutoComplete request being sent to LDAP server. The default value of the attribute is TRUE. If we have a galsync account, the autocomplete request would be served from the galsync account. In case galsync account is not present, the autocomplete requests will be then served from LDAP server.<br />
* Support to add a warning for messages arriving from the external domain is now available. Introduced two new localconfig attributes.<br />
** zimbra_external_email_warning_enabled - Attribute to enable/disable the feature. Default is disabled.<br />
** zimbra_external_email_warning_message - Attribute the message to be displayed for external emails.<br />
For more information on how to setup the feature, please refer to [https://zimbra.github.io/zimbra-9/adminguide.html#_message_banner_for_mails_from_external_domains Admin Guide] section.<br />
* To promote better password security, a new feature has been introduced to restrict users from using their names in the password when changing or resetting it. The feature is controlled by a local config attribute '''allow_username_within_password'''. The default value is false. When set to true, users won't be allowed to specify their username in the password when changing or resetting it.<br />
<br />
== Web UX - Modern ==<br />
* If the Admin has disabled a new attribute for handling better password security '''allow_username_within_password''', it will restrict users from not using their names when resetting or changing the password.<br />
* Zimlets now support all the languages which are supported by Modern Web App.<br />
* When hovering over the folder, additional information will be displayed:<br />
** For Mail folders - # of messages, # of unread, size.<br />
** For Trash - # of items, size.<br />
** For Calendar - # of appointment.<br />
** For Contacts - # of contacts.<br />
<br />
== Contacts ==<br />
* For a user, If the attribute '''zimbraFeatureAntispamEnabled''' is set to FALSE, then all the spam-related options will appear disabled.<br />
* If the Tasks feature is disabled for a user, it will not get displayed in the Calendar tab.<br />
<br />
== Mail ==<br />
* User-friendly error messages have been added for the following errors received from the server:<br />
** SEND_ABORTED_ADDRESS_FAILURE - "Could not send message due to invalid or blocked address(es)“<br />
** SEND_FAILURE - “Could not send message"<br />
<br />
== Web UX - Admin ==<br />
* In Admin Console, '''Department''' and '''Office''' field has been added for user accounts at '''Account -> Contact information'''. These fields are used when viewing the organizational structure of the user.<br />
* Administrator defined Sieve scripts can now be configured in the Admin Console on a per domain or CoS basis. Previously this was CLI only functionality.<br />
<br />
<br />
<br />
= Fixed Issues =<br />
<br />
== Platform ==<br />
* In the previous patch, SameSite cookie support was added to enhance security and protect against increasingly commonplace Cross Site Request Forgery ("CSRF") attacks. The default value of the local config variable zimbra_same_site_cookie was set to '''Strict'''. For a few of our customers, under certain conditions, it caused pre-auth and webmail login failures. From this patch onwards, the default value of the local config variable <code>zimbra_same_site_cookie</code> has been set to '''None'''. <br />
** For customers who want to use the SameSite cookie, the following is the guidance:<br />
*** If using Pre-auth for logins or Zimbra proxy in both http, https or both modes, and the <code>zimbraPublicServiceHostname</code> attribute is not set, please set it by following the instructions:<br />
**** Check the Zimbra Proxy mode. As a zimbra user, execute these commands:<br />
***** For cos - ''zmprov gc cos_name zimbraReverseProxyMailMode''<br />
***** For server - ''zmprov gs server_name zimbraReverseProxyMailMode''<br />
**** Check if the Public Service hostname is set on global and domain levels:<br />
***** ''zmprov gcf cos_name zimbraPublicServiceHostname''<br />
***** ''zmprov gd domain_name zimbraPublicServiceHostname''<br />
**** Set Public Service hostname. Zimbra recommends setting it on the global level:<br />
***** ''zmprov mcf zimbraPublicServiceHostname webmail_login_domain_name''<br />
*** After making the above changes, the local config variable <code>zimbra_same_site_cookie</code> may be reset first to Lax (for testing) and then to Strict to obtain the highest level of protection available. As a zimbra user, you can run the following command<br />
**** To set it to Lax:<br />
***** ''zmlocalconfig -e zimbra_same_site_cookie=Lax''<br />
****To set it to Strict:<br />
***** ''zmlocalconfig -e zimbra_same_site_cookie=Strict'' <br />
**** Restart services:<br />
***** ''zmcontrol restart''<br />
* Zimbra's DNS cache service now supports DNSSEC validation.<br />
* When generating CSR, the preview appeared blank. The issue has been fixed.<br />
* When the user shares the root level folder with another user and sets '''zimbraPrefSharedAddrBookAutoCompleteEnabled''' to TRUE, autocomplete request failed for sharee. The issue has been fixed.<br />
* Changes made to the '''zimbraAmavisOutboundDisclaimersOnly''' attribute did not take effect after restarting the MTA service. The issue has been fixed.<br />
* When the user enabled 2FA for his account, it was still possible to bypass it and list the Briefcase contents. The issue has been fixed.<br />
* If the user has added an external IMAP account and creates or edits a Draft, it was not getting synced to the external account. The issue has been fixed.<br />
* In a multi-node environment, a user has "sendAs" delegation rights of the user situated on another node, if he tries to send an XML file as an attachment, it gets corrupted. The issue has been fixed.<br />
* When using EWS, if the user had a Common Name (CN) and Display Name(DN) set, the CN was always used when sending a meeting request. The issue has been fixed. If DN and CN are set, then use DN will be used as the Organizer name. If DN is not set and CN is set, then CN will be used as Organizer's name.<br />
* If an account has multiple aliases, they were not getting displayed in autocomplete when composing a message. The issue has been fixed.<br />
* Corrected the description of '''zimbraFeatureMailForwardingInFiltersEnabled''' attribute from '''''enable end-user mail forwarding''''' to '''''enable end-user mail redirecting'''''.<br />
* The JDK version 13 contains a bug wherein under certain random conditions (depending on load/memory), the JVM may crash. The issue has been fixed by upgrading the JDK to version 17.<br />
<br />
== Web UX - Modern ==<br />
* Corrected folder name n the tooltip message when moving the message to the Spam folder.<br />
* If a customer has a shared folder in his Mail tab, sorting the emails was not working correctly. The issue has been fixed.<br />
* When copy pasting the email address from excel into the composer, the email address was not converted to the contact or email id. The issue has been fixed.<br />
* After forwarding a message, HTML code was displayed in the headers of the forwarded message. The issue has been fixed.<br />
* When composing a message in plain text mode, users were unable to add the signatures. The issue has been fixed.<br />
* Users could set mail forwarding to themselves by going to '''Settings > Accounts -> Access your mail anywhere'''. To correct the behavior, users are no more allowed to specify the same address as their logged in email address. An appropriate error message is displayed if the user tries to do that.<br />
* If the user has any shared email folder and performs a search, matching emails from the shared folder were not returned in the search results. The issue has been fixed.<br />
* When hovering over the :mailto link in the message, the link appeared duplicated. The issue has been fixed.<br />
* When composing a message, the tab is updated with the subject of the message. After reloading the Modern Web App, the tab appeared blank. The issue has been fixed.<br />
<br />
== Web UX - Classic ==<br />
* In the previous patch, the default search folder was set to the shared contact folder instead of the Inbox. The issue has been fixed.<br />
* Fixed a regression bug that prevented SAML SP initiated log out from working correctly.<br />
* In the Tasks tab, If the user sets '''Subject''' as a default sort, it was not maintained after visiting other tabs or reloading the UI. The issue has been fixed.<br />
* Corrected date format for the Portuguese language.<br />
<br />
== HSM ==<br />
* Now the doMailboxMove operation skips non-local accounts to avoid issues caused by running the command on the wrong server.<br />
* To make the new volume creation experience simpler for the admins, bucket creation has been split by the volume creation commands. Admins can now create a new bucket and then pass its UUID to the volume creation command.<br />
<br />
== NG Auth ==<br />
* Fixed a bug that made the mobile apps able to bypass the Zimbra Network 2FA.<br />
<br />
== NG Backup ==<br />
* To make the external restore operation more reliable and avoid errors, now the mailboxes quota is removed during the restore operation. The quota is set back once the operation completes successfully.<br />
* Fixed a bug that prevented the doItemSearch command to work properly. Now the command returns the results according to the given filters.<br />
<br />
== NG Mobile ==<br />
* ABQ API has been reworked to fix a bug that prevented the set command from working with devices not already present in the list.<br />
* A new '''abq_enabled_at_startup attribute''' has been added to the configuration to avoid the ABQ feature being loaded at the server startup if not used to save the server’s resources.<br />
<br />
== NG Modules==<br />
* Firebase-token-renewer-service has been completely removed.<br />
* Fixed a bug that prevented the right-click from working properly on contacts and calendars folders using Internet Explorer 11 when com_zextras_client zimlet is enabled.<br />
<br />
== Zimbra Connect ==<br />
* Fixed a bug that caused a room to disappear when moved between the servers.<br />
* Now using the internal mode, the resources are kept after the user close the call. The result is that the tab keep the red-dot on the browser’s tab<br />
* Fixed the issue - if user manually opens the minichat, it works, but if the setting is set to automatically open the minichat for each message, it’s not working automatically.<br />
<br />
== Zimbra Docs ==<br />
* In Modern Web App, now the users will always be navigated back to the Drive tab on closing a Docs document.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[[#Patch Installation|Patch Installation]]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
{{PatchInstallation-900|Version=9.0.0 Patch 25|Packages=<br />
'''PackageName''' '''Version'''<br />
zimbra-patch -> 9.0.0.1655472168.p25-2<br />
zimbra-proxy-patch -> 9.0.0.1655472168.p25-1<br />
zimbra-proxy-components -> 1.0.10-1zimbra8.8b1<br />
zimbra-mta-patch -> 9.0.0.1655472168.p25-1<br />
zimbra-mta-components -> 1.0.15-1zimbra8.8b1<br />
zimbra-common-core-jar -> 9.0.0.1655457955-1<br />
zimbra-ldap-patch -> 9.0.0.1655472168.p25-1<br />
zimbra-nginx -> 1.20.0-1zimbra8.8b3<br />
zimbra-httpd -> 2.4.53-1zimbra8.7b3<br />
zimbra-spell-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-apache-components -> 2.0.7-1zimbra8.8b1<br />
zimbra-lmdb-lib -> 2.4.59-1zimbra8.8b5<br />
zimbra-lmdb-dbg -> 2.4.59-1zimbra8.8b5<br />
zimbra-lmdb -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-lib -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-client -> 2.4.59-1zimbra8.8b5<br />
zimbra-openldap-server -> 2.4.59-1zimbra8.8b4<br />
zimbra-openjdk-cacerts -> 1.0.8-1zimbra8.7b1<br />
zimbra-openjdk -> 17.0.2-1zimbra8.8b1<br />
zimbra-ldap-components -> 2.0.6-1zimbra8.8b1<br />
zimbra-core-components -> 3.0.12-1zimbra8.8b1<br />
zimbra-clamav -> 0.103.3-1zimbra8.8b3<br />
zimbra-clamav-libs -> 0.103.3-1zimbra8.8b3<br />
zimbra-openssl -> 1.1.1n-1zimbra8.7b4<br />
zimbra-openssl-libs -> 1.1.1n-1zimbra8.7b4<br />
zimbra-postfix-logwatch -> 1.40.03-1zimbra8.7b1<br />
zimbra-timezone-data -> 3.0.0.1646993320-1<br />
zimbra-mbox-store-libs -> 9.0.0.1654854341-1<br />
zimbra-mbox-war -> 9.0.0.1655457955-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1654769864-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1653031579-1<br />
zimbra-common-mbox-conf-attrs -> 9.0.0.1652767366-1<br />
zimbra-common-core-libs -> 9.0.0.1654854341-1<br />
zimbra-mbox-ews-service -> 9.0.0.1654977318-1<br />
zimbra-zco -> 9.0.0.1919.1647347914-1<br />
zimbra-php -> 7.4.27-1zimbra8.7b3<br />
zimbra-modern-ui -> 4.25.0.1653056413-1<br />
zimbra-modern-zimlets -> 4.25.0.1653056413-1<br />
zimbra-network-modules-ng -> 7.0.25.1652960112-1<br />
zimbra-drive-ng -> 4.0.13.1637855796-1<br />
zimbra-drive-modern -> 1.0.13.1637855796-1<br />
zimbra-connect -> 2.0.21.1635424388-1<br />
zimbra-connect-modern -> 1.0.21.1635424388-1<br />
zimbra-docs -> 4.0.6.1616090633-1<br />
zimbra-docs-modern -> 1.0.6.1632998065-1<br />
zimbra-chat -> 4.0.2.1654677981-1<br />
zimbra-zimlet-auth -> 1.0.4.1652971904-1<br />
zimbra-zimlet-install-pwa -> 6.1.1.1652766350-1<br />
zimbra-zimlet-emptysubject -> 2.1.1.1652766350-1<br />
zimbra-zimlet-set-default-client -> 8.1.1.1652766350-1<br />
zimbra-zimlet-document-editor -> 6.0.1.1631795284-1<br />
zimbra-zimlet-date -> 6.1.1.1652766350-1<br />
zimbra-zimlet-additional-signature-setting -> 6.1.1.1652766350-1<br />
zimbra-zimlet-calendar-subscription -> 6.2.0.1652766350-1<br />
zimbra-zimlet-sideloader -> 7.1.1.1652766350-1<br />
zimbra-zimlet-briefcase-edit-lool -> 2.2.1.1652766350-1<br />
zimbra-zimlet-org-chart -> 2.1.1.1652766350-1<br />
zimbra-zimlet-zulip-chat -> 7.0.2.1641892590-1<br />
zimbra-zimlet-ads -> 8.2.1.1652766350-1<br />
zimbra-zimlet-user-sessions-management -> 8.1.1.1652766350-1<br />
zimbra-zimlet-user-feedback -> 6.1.1.1652766350-1<br />
zimbra-zimlet-privacy-protector -> 4.1.1.1652766350-1<br />
zimbra-zimlet-duplicate-contacts -> 5.1.1.1652766350-1<br />
zimbra-zimlet-secure-mail -> 1.2.1.1652766350-1<br />
zimbra-zimlet-web-search -> 4.1.1.1652766350-1<br />
zimbra-zimlet-restore-contacts -> 6.1.1.1652766350-1<br />
zimbra-zimlet-zoom -> 7.0.0.1621610655-1<br />
zimbra-zimlet-slack -> 5.5.0.1621610655-1<br />
zimbra-zimlet-dropbox -> 6.0.0.1621610655-1<br />
zimbra-zimlet-onedrive -> 6.0.0.1621610655-1<br />
zimbra-zimlet-google-drive -> 6.0.0.1621610655-1<br />
zimbra-zimlet-jitsi -> 3.3.1.1621610655-1<br />
zimbra-zimlet-video-call-preferences -> 2.1.0.1621610655-1<br />
zimbra-zimlet-nextcloud -> 1.0.7.1641799022-1<br />
zimbra-zimlet-webex -> 1.0.1.1629957793-1<br />
zimbra-zimlet-voice-message -> 1.0.3.1611114827-1<br />
zimbra-zimlet-classic-unsupportedbrowser -> 3.1.1.1652766350-1<br />
zimbra-zimlet-email-templates -> 2.0.0.1630308426-1<br />
zimbra-zimlet-signature-template -> 1.0.0.1609841753-1<br />
}}<br />
<br />
===Upgraded 3rd Party Packages===<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The packages for RHEL7, UBUNTU16, UBUNTU18 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1n-1zimbra8.7b4<br />
zimbra-postfix : 3.6.1-1zimbra8.7b3<br />
zimbra-nginx : 1.20.0-1zimbra8.8b2<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b2<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.49-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.103.3-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b3<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b3<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3<br />
zimbra-httpd : 2.4.53-1zimbra8.7b3<br />
zimbra-php : 7.4.27-1zimbra8.7b3<br />
zimbra-aspell-ca : 2.1.5.1-1zimbra8.8b1<br />
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1<br />
zimbra-perl : 1.0.5-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.7-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.8-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.14-1zimbra8.8b1<br />
zimbra-core-components : 3.0.12-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.9-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 2.0.6-1zimbra8.8b1<br />
<br />
* OpenSSL and Postfix TLS 1.3 Packages<br />
The GA packages for RHEL8 and UBUNTU20 are:<br />
<br />
'''Package Name''' '''Version'''<br />
zimbra-openssl : 1.1.1n-1zimbra8.7b4<br />
zimbra-postfix : 3.6.1-1zimbra8.7b3<br />
zimbra-nginx : 1.20.0-1zimbra8.8b2<br />
zimbra-mariadb : 10.1.25-1zimbra8.7b3<br />
zimbra-heimdal : 1.5.3-1zimbra8.7b3<br />
zimbra-curl : 7.49.1-1zimbra8.7b3<br />
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2<br />
zimbra-unbound : 1.11.0-1zimbra8.7b2<br />
zimbra-apr-util : 1.6.1-1zimbra8.7b2<br />
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4<br />
zimbra-net-snmp : 5.8-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3<br />
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2<br />
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3<br />
zimbra-openldap : 2.4.49-1zimbra8.8b4<br />
zimbra-opendkim : 2.10.3-1zimbra8.7b5<br />
zimbra-clamav : 0.103.3-1zimbra8.8b3<br />
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3<br />
zimbra-perl-net-http : 6.09-1zimbra8.7b4<br />
zimbra-perl-libwww : 6.13-1zimbra8.7b4<br />
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4<br />
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4<br />
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4<br />
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4<br />
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3<br />
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3<br />
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4<br />
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5<br />
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4<br />
zimbra-httpd : 2.4.53-1zimbra8.7b3<br />
zimbra-php : 7.4.27-1zimbra8.7b3<br />
zimbra-perl : 1.0.6-1zimbra8.7b1<br />
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1<br />
zimbra-apache-components : 2.0.7-1zimbra8.8b1<br />
zimbra-spell-components : 2.0.9-1zimbra8.8b1<br />
zimbra-snmp-components : 1.0.3-1zimbra8.7b1<br />
zimbra-mta-components : 1.0.14-1zimbra8.8b1<br />
zimbra-core-components : 3.0.12-1zimbra8.8b1<br />
zimbra-proxy-components : 1.0.9-1zimbra8.8b1<br />
zimbra-store-components : 1.0.3-1zimbra8.7b1<br />
zimbra-ldap-components : 2.0.6-1zimbra8.8b1<br />
zimbra-mbox-store-libs : 9.0.0.1647230016-1<br />
<br />
The updated GA packages are:<br />
<br />
'''Package''' '''Old-Version''' '''New-Version'''<br />
postfix 3.5.6 3.6.1<br />
openssl 1.1.1l 1.1.1n<br />
openldap 2.4.49 2.4.59<br />
nginx 1.19.0 1.20.0<br />
postfix-logwatch 1.40.01 1.40.03<br />
io-socket-ssl 2.020 2.068<br />
xml-simple 2.20 2.25<br />
crypt-openssl-rsa 0.28 0.31<br />
net-snmp 5.7.3 5.8<br />
dbd-mysql 4.033 4.050<br />
apr-util 1.5.4 1.6.1<br />
unbound 1.5.9 1.11.0<br />
net-ssleay 1.72 1.88<br />
PHP 7.3.25 7.4.27<br />
httpd 2.4.51 2.4.53<br />
<br />
* Nginx TLS 1.3 Packages<br />
The GA packages for RHEL7, RHEL8, UBUNTU16, UBUNTU18, UBUNTU20 are:<br />
'''PackageName''' '''Version'''<br />
zimbra-nginx -> 1.20.0-1zimbra8.8b2<br />
zimbra-proxy-patch -> 9.0.0.1655472168.p25-1<br />
zimbra-proxy-components -> 1.0.9-1zimbra8.8b1<br />
<br />
=Jira Summary=<br />
== Jira Tickets fixed in 9.0.0 Patch 25 ==<br />
<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11416<br />
|style="border: solid #ffffff;vertical-align:middle;"|Move room fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11415<br />
|style="border: solid #ffffff;vertical-align:middle;"|Red dot of camera is kept after meetings on internal mode<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11414<br />
|style="border: solid #ffffff;vertical-align:middle;"|Minichat are not opening on Suite<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11412<br />
|style="border: solid #ffffff;vertical-align:middle;"|Firebase-token-renewer-service has been completely removed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11411<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mailbox move skips non-local accounts<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11410<br />
|style="border: solid #ffffff;vertical-align:middle;"|Splitted volumes and buckets creation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11409<br />
|style="border: solid #ffffff;vertical-align:middle;"|ABQ set commands fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11408<br />
|style="border: solid #ffffff;vertical-align:middle;"|ABQ disabled at startup<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11407<br />
|style="border: solid #ffffff;vertical-align:middle;"|Right-click on contact and calendar folders fixed for IE11<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11405<br />
|style="border: solid #ffffff;vertical-align:middle;"|External restore operation quota override<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11404<br />
|style="border: solid #ffffff;vertical-align:middle;"|doItemSearch command fixed<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11403<br />
|style="border: solid #ffffff;vertical-align:middle;"|Zimbra Network 2FA honoured by mobile apps<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11349<br />
|style="border: solid #ffffff;vertical-align:middle;"|Toggle off direct searches for autocomplete and galsync against Zimbra LDAP<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11344<br />
|style="border: solid #ffffff;vertical-align:middle;"|Set the default value zimbra_same_site_cookie to Empty<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11116<br />
|style="border: solid #ffffff;vertical-align:middle;"|Update Java JRE Version<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11096<br />
|style="border: solid #ffffff;vertical-align:middle;"|Implementation - milter to add a warning message when a email came from outside our organisation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-11040<br />
|style="border: solid #ffffff;vertical-align:middle;"|Zextras NG Docs | Back to Drive folder on closing a document<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10969<br />
|style="border: solid #ffffff;vertical-align:middle;"|Add "Department" field in org chart<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-10678<br />
|style="border: solid #ffffff;vertical-align:middle;"|Server Side work to Force users not to use username in the password<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZCS-1426<br />
|style="border: solid #ffffff;vertical-align:middle;"|Support for new sieve features on zimbra's browser clients and admin console<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2807<br />
|style="border: solid #ffffff;vertical-align:middle;"|Attacker got access to user's email.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2772<br />
|style="border: solid #ffffff;vertical-align:middle;"|[Security] Vulnerability in Unrar leading to Pre-Auth RCE in Zimbra<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2762<br />
|style="border: solid #ffffff;vertical-align:middle;"|In Webclient the search bar is set to search in a shared contact folder instead of a inbox folder<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2738<br />
|style="border: solid #ffffff;vertical-align:middle;"|Create a hash of the key in Nginx instead of raw value<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2734<br />
|style="border: solid #ffffff;vertical-align:middle;"|webmail login not work when proxy set to accept both http and https request.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2732<br />
|style="border: solid #ffffff;vertical-align:middle;"|View mail admin feature no longer working in latest patch ZCS 9 P24<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2723<br />
|style="border: solid #ffffff;vertical-align:middle;"|dnscache service does not support DNSSEC validation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2720<br />
|style="border: solid #ffffff;vertical-align:middle;"|Spam folder called "Junk" in toast message<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2718<br />
|style="border: solid #ffffff;vertical-align:middle;"|Sorting issue - 01309590<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2713<br />
|style="border: solid #ffffff;vertical-align:middle;"|Zimbra OpenSSL needs to update to 1.1.1n for CVE-2022-0778<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2701<br />
|style="border: solid #ffffff;vertical-align:middle;"|Modern UI - Paste address list from xls or txt file in the mail composer in to field not working in modern theme.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2681<br />
|style="border: solid #ffffff;vertical-align:middle;"|Html, body { overflow:visible; height:auto.... is visible when forwarding a mail and without adding text in Modern UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2679<br />
|style="border: solid #ffffff;vertical-align:middle;"|Signature is not added in plain text mode composed mail<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2666<br />
|style="border: solid #ffffff;vertical-align:middle;"|No information for CSR review operation from ZimbraWebAdmin<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2633<br />
|style="border: solid #ffffff;vertical-align:middle;"|DoS Zimbra is vulnerable to CVE-2021-28165- Jetty pins when large TLS packet is sent<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2627<br />
|style="border: solid #ffffff;vertical-align:middle;"|(JDK-8228811) JVM/mailboxd can crash endlessly with JDK 13.0.1<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2588<br />
|style="border: solid #ffffff;vertical-align:middle;"|Autocomplete bug with "/" shares<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2583<br />
|style="border: solid #ffffff;vertical-align:middle;"|mina-core-2.0.4.jar is vulnerable; CVE-2019-0231, CVE-2019-0231<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2578<br />
|style="border: solid #ffffff;vertical-align:middle;"|CVE-2021-45105<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2571<br />
|style="border: solid #ffffff;vertical-align:middle;"|"RCE 0-day exploit vulnerability found in log4j "<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2569<br />
|style="border: solid #ffffff;vertical-align:middle;"|Attribute zimbraAmavisOutboundDisclaimersOnly does not work after restarting MTA service<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2542<br />
|style="border: solid #ffffff;vertical-align:middle;"|Users can set forwarding to their own account<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2477<br />
|style="border: solid #ffffff;vertical-align:middle;"|Upgrade ClamAV to latest version 0.103.3<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2426<br />
|style="border: solid #ffffff;vertical-align:middle;"|SAML SP-initiated logout does not work - zimbraWebClientLogoutURL (9.0.0)<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2390<br />
|style="border: solid #ffffff;vertical-align:middle;"|Briefcase content accessible without 2FA<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2361<br />
|style="border: solid #ffffff;vertical-align:middle;"|Modified Draft not synced to external imap account<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2322<br />
|style="border: solid #ffffff;vertical-align:middle;"|Task not getting sorted<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2246<br />
|style="border: solid #ffffff;vertical-align:middle;"|shared folder content cannot be searched using All mail search<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2233<br />
|style="border: solid #ffffff;vertical-align:middle;"|SA Version 3.4.5 issues<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2207<br />
|style="border: solid #ffffff;vertical-align:middle;"|Update Java JRE Version<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2119<br />
|style="border: solid #ffffff;vertical-align:middle;"|Xml attachment truncated if sent from account with "sendAs" delegation<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2056<br />
|style="border: solid #ffffff;vertical-align:middle;"|Mail to link not rendering properly in modern UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1975<br />
|style="border: solid #ffffff;vertical-align:middle;"|Portuguese, Date format showing wrong<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1860<br />
|style="border: solid #ffffff;vertical-align:middle;"|Wrong encoding of organizer with ios mail client<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1838<br />
|style="border: solid #ffffff;vertical-align:middle;"|Auto complete displaying single email address from matching account<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1755<br />
|style="border: solid #ffffff;vertical-align:middle;"|Modern UI: The tab label of the message composing page is empty after reloading entire Modern UI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1455<br />
|style="border: solid #ffffff;vertical-align:middle;"|zimbraFeatureMailForwardingInFiltersEnabled, Attribute funtionality is wrong<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-1335<br />
|style="border: solid #ffffff;vertical-align:middle;"|log4j-1.2.16.jar is vulnerable reported in CVE-2019-17571<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2838<br />
|style="border: solid #ffffff;vertical-align:middle;"|Log4j packages are not being updated to V2 for ldap servers in some instances<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2837<br />
|style="border: solid #ffffff;vertical-align:middle;"|zmconfigd failing on ldap node after updating to the latest patch <br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2835<br />
|style="border: solid #ffffff;vertical-align:middle;"|/var/log/syslog filling after applying the patch 8.8.15 patch 32<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2834<br />
|style="border: solid #ffffff;vertical-align:middle;"|No INFO logs while redeploying the Zimlets after updated the ZCS v9.0.0 P25.<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|ZBUG-2831<br />
|style="border: solid #ffffff;vertical-align:middle;"|SMTP authentication failure with 2FA application passcode<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-6698<br />
|style="border: solid #ffffff;vertical-align:middle;"|Modern UI - Users should not be allowed to use username in the password<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-6651<br />
|style="border: solid #ffffff;vertical-align:middle;"|All Zimlets should support languages that are supported by ModernUI<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-6639<br />
|style="border: solid #ffffff;vertical-align:middle;"|Display folder info on hover<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-6617<br />
|style="border: solid #ffffff;vertical-align:middle;"|Hide all spam related options when the spam feature is disabled<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-6616<br />
|style="border: solid #ffffff;vertical-align:middle;"|Hide task list from calendar when the task feature is disabled<br />
|-<br />
|style="border: solid #ffffff;vertical-align:middle;"|PREAPPS-5342<br />
|style="border: solid #ffffff;vertical-align:middle;"|User friendly error messages for 503 code<br />
|-<br />
|}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P37&diff=69532Zimbra Releases/8.8.15/P372023-03-14T10:49:14Z<p>Dawood Shaikh: /* ZCO */</p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 37 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Change in upgrade process for 8.8.15 Patch 37== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"| The OpenSSL package has been upgraded to version 8.7b4 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-0286 CVE-2023-0286]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Strengthened PreAuth servlet to only redirect to admin configured url, which will prevent security issues related to open redirection vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-24030 CVE-2023-24030]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Previously, the account status was not validated when sending emails using 2FA. Added additional validations for user accounts to check the account status and allow email operations.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-26562 CVE-2023-26562] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"| Strengthened security of Zimbra product by disallowing usage of some JVM arguments in mailbox manager.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-24032 CVE-2023-24032]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The Perl compress zlib package has been upgraded to version 2.103-1 to fix out-of-bounds access vulnerability<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2018-25032 CVE-2018-25032]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration. '''<br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* Perl compress zlib package has been upgraded from 2.069 to version 2.103-1<br />
</div><br />
<br/><br />
<br />
== ZCO ==<br />
* ZCO now supports the use of a partial sync feature during initial and delta/regular sync for Shared Mailbox. An option <code>-smd <value greater than zero></code> can be used with the '''ZmCustomizeMsi.js''' script. '''SharedFolderMailCutoffDays''' <code><value greater than zero></code> attribute is also required to be set in the registry.<br />
<br />
= Fixed Issues =<br />
<br />
== Platform ==<br />
* When the timezone is set to ```Asia/Yangon```, the <code>zmswatch</code> and <code>zmlogswatchctl</code> services failed to start. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3261 ZBUG-3261]<br />
* When creating an appointment without a body and sending it to the EWS user, NPE errors were seen and the appointment was not visible to the recipient. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3124 ZBUG-3124]<br />
* Corrected hardcoded syslog configuration to system defined configuration. [https://jira.corp.synacor.com/browse/ZBUG-3053 ZBUG-3053]<br />
* When installing zimbra-patch package, it was redeploying all standard zimlets and overwrote the previously deployed zimlet configurations. The issue has been fixed and the zimlet's are not re-deployed now. [https://jira.corp.synacor.com/browse/ZBUG-2722 ZBUG-2722]<br />
<br />
== Web UX - Classic ==<br />
* Fixed the issue in Classic UI where out of office date was changed when selecting any date in month of February. [https://jira.corp.synacor.com/browse/ZBUG-3252 ZBUG-3252]<br />
* Fixed the issue where sometimes appointment dates displayed backwards when calendar appointment is re-opened. [https://jira.corp.synacor.com/browse/ZBUG-2311 ZBUG-2311]<br />
<br />
== Admin Web Console ==<br />
* User can now add notes on multiple lines in the Admin UI at the path Home > Manage > Accounts > user@domain.com > General Information > Notes. [https://jira.corp.synacor.com/browse/ZBUG-3027 ZBUG-3027]<br />
<br />
== ZCO ==<br />
* Corrected French translation on Room Finder UI. [https://jira.corp.synacor.com/browse/ZBUG-3002 ZBUG-3002]<br />
<br />
== Zimbra Drive ==<br />
* The preview is no more offered for documents larger than 10 Mb and images larger than 20 Mb to avoid server resources consumption and possible crashes.<br />
<br />
== NG Backup ==<br />
* Now the external restore operation supports the accounts UUID for both the accounts parameter and in an input file.<br />
* The getAvailableAccount command now provides a parameter to generate a file and to choose the headers.<br />
* ExternalRestore follows the order of the accounts provided in the accounts or input_file parameter.<br />
<br />
== NG HSM ==<br />
* Underscores have been removed from object storage types such as CustomS3 and ScalityS3.<br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused iOS mobile devices to synchronize replies to calendar appointments multiple times.<br />
* Fixed a bug that caused the exceptions in recurring calendars to be not synchronized properly via EAS.<br />
* When using NG Mobile, the calendar events were not fully synced to the phone in certain scenarios. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3001 ZBUG-3001]<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Joule-Patch-32 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1676037803.p37-1<br />
zimbra-mta-patch -> 8.8.15.1676037803.p37-1<br />
zimbra-proxy-patch -> 8.8.15.1676037803.p37-1<br />
zimbra-ldap-patch -> 8.8.15.1676037803.p37-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1676019993-1<br />
zimbra-common-core-jar -> 8.8.15.1676020603-1<br />
zimbra-mbox-admin-console-war -> 8.8.15.1676019834-1<br />
zimbra-chat -> 4.0.3.1654677981-1<br />
zimbra-drive -> 1.0.14.1588924560-1<br />
zimbra-perl-compress-raw-zlib -> 2.103-1zimbra8.7b1<br />
zimbra-perl-date-manip -> 6.90-1zimbra8.7b1<br />
zimbra-perl -> 1.0.7-1zimbra8.7b1 (For RHEL8, UBUNTU20 : 1.0.8-1zimbra8.7b1 )<br />
zimbra-openssl -> 1.1.1t-1zimbra8.7b4<br />
zimbra-core-components -> 2.0.22-1zimbra8.8b1<br />
zimbra-ldap-components -> 1.0.22-1zimbra8.8b1<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1676464123.p37-2<br />
zimbra-mbox-ews-service -> 8.8.15.1676296302-1<br />
zimbra-zco -> 8.8.15.1927.1676464022-1<br />
zimbra-talk -> 4.0.3.1673533079-1<br />
zimbra-connect -> 1.0.30.1635424238-1<br />
zimbra-docs -> 3.0.10.1663658159-1<br />
zimbra-drive-ng -> 3.0.17.1637855904-1<br />
zimbra-zimlet-auth -> 1.0.5.1652971904-1<br />
zimbra-network-modules-ng -> 6.0.38.1672292497-1<br />
<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 37:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]<br />
<br />
<br />
= Quick note: Open Source repo =<br />
The steps to download, build, and see our code via Github can be found here:<br />
[https://github.com/Zimbra/zm-build https://github.com/Zimbra/zm-build]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P30&diff=69531Zimbra Releases/9.0.0/P302023-03-14T10:47:55Z<p>Dawood Shaikh: /* ZCO */</p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 30 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
== Change in upgrade process for 9.0.0 Patch 30== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"| Multiple security issues related possibility of RXSS attack related to printing messages and appointments have been fixed.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-24031 CVE-2023-24031]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The OpenSSL package has been upgraded to version 8.7b4 to fix multiple vulnerabilities<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-0286 CVE-2023-0286]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Strengthened PreAuth servlet to only redirect to admin configured url, which will prevent security issues related to open redirection vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-24030 CVE-2023-24030]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Previously, the account status was not validated when sending emails using 2FA. Added additional validations for user accounts to check the account status and allow email operations.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-26562 CVE-2023-26562]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"| Strengthened security of Zimbra product by disallowing usage of some JVM arguments in mailbox manager.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-24032 CVE-2023-24032]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The Perl compress zlib package has been upgraded to version 2.103-1 to fix out-of-bounds access vulnerability<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2018-25032 CVE-2018-25032]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration. '''<br />
<br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* Perl compress zlib package has been upgraded from 2.069 to version 2.103-1<br />
</div><br />
<br/><br />
<br />
== Modern Web App ==<br />
<br />
'''Calendar'''<br />
* Users can now use tag colours for appointments. <br />
<br />
<br />
'''Contacts'''<br />
* Users can now select year for the Birthday and Anniversary fields in contacts. <br />
<br />
== ZCO ==<br />
* ZCO now supports the use of a partial sync feature during initial and delta/regular sync for Shared Mailbox. An option <code>-smd <value greater than zero></code> can be used with the '''ZmCustomizeMsi.js''' script. '''SharedFolderMailCutoffDays''' <code><value greater than zero></code> attribute is also required to be set in the registry.<br />
<br />
= Fixed Issues =<br />
<br />
== Platform ==<br />
* When the timezone is set to ```Asia/Yangon```, the <code>zmswatch</code> and <code>zmlogswatchctl</code> services failed to start. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3261 ZBUG-3261]<br />
* When creating an appointment without a body and sending it to the EWS user, NPE errors were seen and the appointment was not visible to the recipient. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3124 ZBUG-3124]<br />
* Corrected hardcoded syslog configuration to system defined configuration. [https://jira.corp.synacor.com/browse/ZBUG-3053 ZBUG-3053]<br />
* When installing zimbra-patch package, it was redeploying all standard zimlets and overwrote the previously deployed zimlet configurations. The issue has been fixed and the zimlet's are not re-deployed now. [https://jira.corp.synacor.com/browse/ZBUG-2722 ZBUG-2722]<br />
<br />
== Web UX - Classic ==<br />
* Fixed the issue where external users were not able to login to Classic UI to view shared content.<br />
* Fixed the issue in Classic UI where out of office date was changed when selecting any date in month of February. [https://jira.corp.synacor.com/browse/ZBUG-3252 ZBUG-3252]<br />
* Fixed the issue where sometimes appointment dates displayed backwards when calendar appointment is re-opened. [https://jira.corp.synacor.com/browse/ZBUG-2311 ZBUG-2311]<br />
<br />
== Admin Web Console ==<br />
* User can now add notes on multiple lines in the Admin UI at the path Home > Manage > Accounts > user@domain.com > General Information > Notes. [https://jira.corp.synacor.com/browse/ZBUG-3027 ZBUG-3027]<br />
<br />
<br />
== ZCO ==<br />
* Corrected French translation on Room Finder UI. [https://jira.corp.synacor.com/browse/ZBUG-3002 ZBUG-3002]<br />
<br />
== Zimbra Drive ==<br />
* The preview is no more offered for documents larger than 10 Mb and images larger than 20 Mb to avoid server resources consumption and possible crashes.<br />
<br />
== NG Backup ==<br />
* Now the external restore operation supports the accounts UUID for both the accounts parameter and in an input file.<br />
* The getAvailableAccount command now provides a parameter to generate a file and to choose the headers.<br />
* ExternalRestore follows the order of the accounts provided in the accounts or input_file parameter.<br />
<br />
== NG HSM ==<br />
* Underscores have been removed from object storage types such as CustomS3 and ScalityS3. [https://jira.corp.synacor.com/browse/ZCS-12728 ZCS-12728]<br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused iOS mobile devices to synchronize replies to calendar appointments multiple times.<br />
* Fixed a bug that caused the exceptions in recurring calendars to be not synchronized properly via EAS.<br />
* When using NG Mobile, the calendar events were not fully synced to the phone in certain scenarios. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3001 ZBUG-3001]<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
=== NG Mobile === <br />
* Changes are not synced to Android devices if attendees of an instance in a recurring appointment are modified. - '''ZBUG-3133'''.<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
zimbra-patch -> 9.0.0.1676464095.p30-2<br />
zimbra-mta-patch -> 9.0.0.1676044118.p30-1<br />
zimbra-proxy-patch -> 9.0.0.1676044118.p30-1<br />
zimbra-ldap-patch -> 9.0.0.1676044118.p30-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1676019954-1<br />
zimbra-common-core-jar -> 9.0.0.1676020564-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1676019859-1<br />
zimbra-mbox-ews-service -> 9.0.0.1676296399-1<br />
zimbra-modern-ui -> 4.30.0.1676380551-1<br />
zimbra-modern-zimlets -> 4.30.0.1676380551-1<br />
zimbra-zco -> 9.0.0.1927.1676463975-1<br />
zimbra-network-modules-ng -> 7.0.29.1672292651-1<br />
zimbra-zimlet-nextcloud -> 1.0.10.1676031012-1<br />
zimbra-chat -> 4.0.3.1654677981-1<br />
zimbra-drive -> 1.0.14.1588924560-1<br />
zimbra-talk -> 4.0.3.1673533079-1<br />
zimbra-connect -> 2.0.22.1635424388-1<br />
zimbra-connect-modern -> 1.0.22.1635424388-1<br />
zimbra-docs -> 4.0.8.1663658601-1<br />
zimbra-docs-modern -> 1.0.7.1632998065-1<br />
zimbra-drive-ng -> 4.0.14.1637855796-1<br />
zimbra-drive-modern -> 1.0.14.1637855796-1<br />
zimbra-zimlet-auth -> 1.0.5.1652971904-1<br />
zimbra-zimlet-email-templates -> 2.0.1.1674020393-1<br />
zimbra-zimlet-signature-template -> 1.0.1.1674021232-1<br />
zimbra-zimlet-voice-message -> 1.0.4.1674021803-1<br />
zimbra-zimlet-webex -> 1.0.2.1674022197-1<br />
zimbra-zimlet-rocketchat -> 1.0.1.1674022495-1<br />
zimbra-zimlet-ads -> 9.0.0.1676372360-1<br />
zimbra-zimlet-user-sessions-management -> 9.0.0.1676372360-1<br />
zimbra-zimlet-org-chart -> 3.0.0.1676372360-1<br />
zimbra-zimlet-additional-signature-setting -> 8.0.0.1676372360-1<br />
zimbra-zimlet-restore-contacts -> 7.0.0.1676372360-1<br />
zimbra-zimlet-sideloader -> 8.0.0.1676372360-1<br />
zimbra-zimlet-set-default-client -> 9.0.0.1676372360-1<br />
zimbra-zimlet-date -> 7.0.0.1676372360-1<br />
zimbra-zimlet-privacy-protector -> 5.0.0.1676372360-1<br />
zimbra-zimlet-classic-unsupportedbrowser -> 4.0.0.1676372360-1<br />
zimbra-zimlet-install-pwa -> 7.0.0.1676372360-1<br />
zimbra-zimlet-emptysubject -> 3.0.0.1676372360-1<br />
zimbra-zimlet-duplicate-contacts -> 6.0.0.1676372360-1<br />
zimbra-zimlet-secure-mail -> 2.0.0.1676372360-1<br />
zimbra-zimlet-web-search -> 5.0.0.1676372360-1<br />
zimbra-zimlet-user-feedback -> 7.0.0.1676372360-1<br />
zimbra-zimlet-calendar-subscription -> 7.0.0.1676372360-1<br />
zimbra-zimlet-briefcase-edit-lool -> 4.0.0.1676372360-1<br />
zimbra-zimlet-jitsi -> 3.4.0.1674201804-1<br />
zimbra-zimlet-google-drive -> 6.1.0.1674201804-1<br />
zimbra-zimlet-onedrive -> 6.1.0.1674201804-1<br />
zimbra-zimlet-slack -> 5.6.0.1674201804-1<br />
zimbra-zimlet-collaboration-list -> 3.3.0.1674201804-1<br />
zimbra-zimlet-video-call-preferences -> 2.1.0.1674201804-1<br />
zimbra-zimlet-zoom -> 7.1.0.1674201804-1<br />
zimbra-zimlet-migration -> 3.5.0.1674201804-1<br />
zimbra-zimlet-dropbox -> 6.1.0.1674201804-1<br />
zimbra-perl-compress-raw-zlib -> 2.103-1zimbra8.7b1<br />
zimbra-perl-date-manip -> 6.90-1zimbra8.7b1<br />
zimbra-perl -> 1.0.7-1zimbra8.7b1 (For RHEL8, UBUNTU20 : 1.0.8-1zimbra8.7b1 )<br />
zimbra-openssl -> 1.1.1t-1zimbra8.7b4<br />
zimbra-core-components -> 3.0.18-1zimbra8.8b1<br />
zimbra-ldap-components -> 2.0.12-1zimbra8.8b1<br />
<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 30:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&diff=69522Zimbra Releases/10.0.02023-03-10T06:23:06Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Daffodil (v10) GA Release =<br />
<br />
Check out the [[#What's_New|What's New]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
<br />
Please refer to the [https://zimbra.github.io/documentation/zimbra-10/single-server-install.html Single-Server Install Guide], [https://zimbra.github.io/documentation/zimbra-10/multi-server-install.html Multi-Server Install Guide], and [https://zimbra.github.io/documentation/zimbra-10/upgrade.html Upgrade Guide] for install and upgrade instructions.<br />
<br />
= Description =<br />
<br />
We are very excited about the announcement of the release of Zimbra Daffodil (v10). With this release, we've consolidated our core code-base and replaced certain older '''NG''' add-on modules with new & improved core modules that will see continuous enhancements in future updates. With Zimbra Daffodil (v10), we're committed and focused on improving its stability, security, quality, features & capabilities, user experience, performance, extensibility, and scalability.<br />
<br />
Zimbra (v10) release provides the same or better features than Zimbra 8.8.15 and 9.0 and will be our main code base for continuous improvement and innovation going forward.<br />
<br />
= What does this mean? =<br />
<br />
It means that each component integrates at the application layer and is designed to work together in unison. Zimbra Daffodil(v10) also removes data restrictions and allows full access to your data. With all core components managed by us, it will enable us to innovate faster and bring new features to market quicker than before.<br />
<br />
= What's new or updated in Zimbra (v10) =<br />
<br />
== Installation, Upgrade, & Migration ==<br />
<br />
In the Zimbra Daffodil(v10) release, we focused on new installations, rolling upgrades with and without NG modules, and in-place upgrades for customers running without NG modules. Here are key topics you need to know about upgrading and migration: <br />
<br />
* Single and Multi-Server installation is supported for new installations of Zimbra (v10).<br />
<br />
* For customers using NG modules on a Multi-Server setup, we are releasing a migration tool that will help the customers to migrate their NG modules data to the new Zimbra-10 server. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/ng-migration.html migration guide] for more details. Please note that this tool is being released as a '''Beta''' utility and should be tested on dev/test environment(s) before using it on production data. For more guidance, please reach out to our support team.<br />
<br />
* For customers using NG modules on a Single-Server setup, currently we do not support an in-place upgrade or migration. We are working on steps to migrate such a setup. We will update you soon.<br />
<br />
* For customers on Multi-Server setup and '''NOT''' using NG modules, Rolling upgrade is the recommended method where you either upgrade existing or add new replacement LDAP's, Proxy's and MTA's. Once the LDAP, Proxy and MTA's are running the latest version, you then add a new mail store and use zmmboxmove to move accounts from the older store to the new zimbra-10 store. For more information please refer to [https://zimbra.github.io/documentation/zimbra-10/rolling-upgrade.html rolling-upgrade] guide.<br />
<br />
* In-place upgrade is only recommended for customers who are not running NG modules. In-place upgrades are supported from 8.8.15 and 9.0.0 versions running the latest patch releases.<br />
<br />
== Backup & Restore ==<br />
<br />
Daffodil backup and recovery is built with the understanding that backups should not affect the server or user experience while providing the best disaster recovery restore. The Daffodil backup offers the ability to backup using auto-grouping or full backup with incremental logging. Here are key topics you need to know about upgrading to 10.0 Backup and Restore: <br />
<br />
* A new backup will need to be initialised after the upgrade.<br />
* Backup consists of two backup methods. <br />
** Auto-grouping is a great backup method but is best for large installations where 5,000+ accounts reside on a single mail store. Smaller installations will benefit with creating a full backup once a week. <br />
** The default backup method is known as the 'Standard' method, and is recommended for most customers.<br />
* Backups can be created at the Global, Server, COS, Domain, and account level.<br />
* Dumpster feature has been integrated with backup and restore which is called 'Message Reclaim'. This is the first phase in many to provide a simpler way to manage and restore data that was deleted accidentally. Currently, the reclaim is a command line function but stay tuned for improvements within the coming releases. <br />
* Multiple restore methods. A disaster doesn't always destroy the full store or cluster. 10.0 backup brings back the ability to restore each component (store, meta-data, LDAP data) or a mail-store or the full cluster. <br />
* Advance restore mode, which can be used within a full mail-store disaster recovery where all of the Metadata and accounts are restored to production before the blob data. Because blob restore accounts for the majority of the restore time, the time that takes to restore and put the account back into production has significantly improved. Once the account is active, the restore process will restore the blobs. Please note, users will receive a missing blob error until the blob has been restored.<br />
<br />
== Storage Management ==<br />
<br />
The Storage Management (SM) feature is where you configure storage volumes for primary, and secondary data stores and indexing. SM using the scheduler also provides the ability to move older data from primary higher-cost to secondary lower-cost storage based on age. In most instances, end users will not experience any performance differences.<br />
<br />
Storage Management can be managed within the Administrator UI at the global and server level or from the command line.<br />
<br />
SM supports local and external storage for the following providers:<br />
* Amazon AWS S3 - Supports Intelligent Tiering.<br />
* Ceph<br />
* Netapp StorageGrid<br />
* OpenIO<br />
* EMC<br />
* Scality<br />
* Custom S3<br />
<br />
== Mobile Sync and Device Management ==<br />
<br />
The mobile sync feature supports the latest devices and has improved calendar synchronization. It contains all of the security as the past versions but is now part of the core code. <br />
<br />
Following are some more details:<br />
* Support active-sync versions 16.1, 16.0, 14.1, 14.0 & 12.1.<br />
* Support shared Folders and Calendars.<br />
* Support configuring user-level ActiveSync protocol version<br />
* Support Autodiscover.<br />
* Allow/Block/Quarantine (ABQ) support.<br />
* Support Mobile Device Security Policies:<br />
** Remote Wipe.<br />
** Account Only Remote Wipe.<br />
** Device password policies.<br />
** S/MIME encryption policies.<br />
* Support MDM Apps – IBM Maas 360 and Apple Airwatch.<br />
* Notification support for Quarantined devices at specified intervals.<br />
<br />
Note: When using a Rolling-Upgrade with NG modules, after the accounts are moved from the NG server to the Zimbra-10 servers, all ActiveSync sync-tokens will be reset. Because of this, all devices will receive a re-sync request, then each device should acknowledge the request and initiate a full re-sync. The majority of devices will do this automatically and with no action required by the device owner. The acknowledgment action is a device action, and some older Samsung devices have been known not to respond which requires the user to either recreate the profile or re-enter the password.<br />
<br />
For the Non-NG Rolling-Upgrade setup, ActiveSync users will have to reconfigure their activesync profile on the devices/app to start using the latest ActiveSync version.<br />
<br />
== Briefcase ==<br />
<br />
10.0 restores documentation management within the Briefcase. This provides a single location where a user can manage, store, share, and edit documents. Here are key topics you need to know about upgrading to 10.0 Documentation Management: <br />
<br />
* All document data within Briefcase is stored within the core of server which means the data is within the account mysql database and stored within the data store.<br />
* Each mail store can contain its own instance of Office.<br />
* File sharing internally or publicly.<br />
* Collaborative editing of files.<br />
<br />
== Office ==<br />
<br />
Daffodil provides an updated set of documentation editors that works with Word, Spreadsheet, & Presentation documents.<br />
<br />
* Can be installed on each mail store.<br />
* Supports editing and sharing of documents with multiple users.<br />
* Supports Single file or folder share.<br />
* Supports High fidelity Document preview.<br />
* Supports many document formats.<br />
* Supports Version control.<br />
<br />
For the Rolling-Upgrade setup, the Document editing/sharing feature will not work until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
Similarly, any Drive user data migrated to Zimbra (v10), will not work as expected until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
== Chat and Video ==<br />
<br />
It is an enterprise video and chat solution. This offering includes individual, group chats, contact and group support, video calling support, chat archival and many other standard chat and video features. <br />
<br />
* SAAS offering<br />
* Simplistic configuration - Once the Admin account is created and configured, end users accounts will be automatically created based on COS configuration.<br />
* Supported within the Classic Web App, Modern Web App, Desktop App, and Mobile Apps which are currently available on play store and app store.<br />
<br />
== Delegated Administrator ==<br />
Delegated Administrators can now be assigned predefined rights for common tasks. A common example is to create a Helpdesk administrator who can only reset password. Following commonly used predefined rights have been added in this release and more will be added in the upcoming releases:<br />
* Domain administrator<br />
* Reset passwords<br />
* Edit contact info<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
= Known Issues =<br />
These are '''Known Issues''' against Zimbra 10.0.0 and will be addressed in future updates and/or patches.<br />
<br />
== Mobile Sync ==<br />
* On iOS Native App, if the Mail, Calendar, and Contacts folders are shared with the user, the shares are not displayed on the App. Similarly, for Windows Outlook and Windows Native Contacts App, if the Contacts folder is shared with the user, the shares are not displayed on the App.<br />
Workaround - The user will have to reconfigure his account on the device to get the shares mounted on the device. <br />
* The sharing of mail folders on the Gmail app has been disabled. This issue will be fixed in the upcoming zimbra-10 patch release. <br />
* Exchange ActiveSync protocol currently does not support Read-Only permission sharing. It is recommended not to enable Sharing for the users having shares with Read-Only permission. <br />
* In a Rolling-upgrade environment, if a zimbra-9 user shares a calendar with zimbra-10 user, the events are not synced.<br />
Workaround - For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server. <br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app. <br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App. <br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
* Syncing of shared calendars has been disabled on Outlook App for iOS and Android due to syncing issues. This issue will be fixed in the upcoming zimbra-10 patch release.<br />
<br />
== Backup-Restore ==<br />
* When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are ‘External’, and zimbraBackupSkipBlobs is set to True, then emails restored to Primary volume throws ‘Missing Blob for item’ error.<br />
* When an account is restored using backup data from NG external secondary volume, the account is displaying garbled data for emails on the destination server. <br />
* When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are 'Internal' and secondary volumes are 'External', and zimbraBackupSkipBlobs is set to False, and zimbraBackupSkipHSMBlobs is set to True, then emails moved to primary volume are accessible but emails moved to secondary volume throw 'Missing Blob for item' error. <br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== Storage Management ==<br />
* When using an external storage provider for Secondary storage, please exclude the Documents from the policy as it appears garbled after it is moved to external storage. <br />
<br />
== Briefcase ==<br />
* The <code>zimbraFileUploadMaxSize</code> cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.<br />
<br />
== Platform ==<br />
* On NG based rolling-upgrade setup and before migrating the Internal Storage data to zimbra-10 server using the NG Migration utility, disable the '''Compression''' for volumes on zimbra-10 server.<br />
* On a NG based rolling-upgrade setup, when either sharer or sharee is not moved to zimbra-10 server and the drive data is imported through the NG Migration utility, the drive files sharing information is not available. Hence, the shared files are not available after the import.<br />
Workaround - Before importing the Drive data for the users, move the sharee and sharer from NG server to zimbra-10 server. <br />
* When upgrading to Zimbra 10 using the rolling upgrade mechanism, if a user on Zimbra 10 shares a Briefcase file with a user on Zimbra 9, then while UI will display a 'Permission denied' error to the user on Zimbra 10, the user on Zimbra 9 still ends up receiving an email that the file has been shared. Even though the mail is received by the Zimbra 9 user, they will not be able to access the file, as the file sharing feature is not available in Zimbra 9. <br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users. <br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE. <br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes. <br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user. <br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase. <br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null". <br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue.</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P30&diff=69518Zimbra Releases/9.0.0/P302023-03-09T13:11:34Z<p>Dawood Shaikh: /* ZCO */</p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 30 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
== Change in upgrade process for 9.0.0 Patch 30== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"| Multiple security issues related possibility of RXSS attack related to printing messages and appointments have been fixed.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-24031 CVE-2023-24031]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The OpenSSL package has been upgraded to version 8.7b4 to fix multiple vulnerabilities<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-0286 CVE-2023-0286]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Strengthened PreAuth servlet to only redirect to admin configured url, which will prevent security issues related to open redirection vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-24030 CVE-2023-24030]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| Previously, the account status was not validated when sending emails using 2FA. Added additional validations for user accounts to check the account status and allow email operations.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-26562 CVE-2023-26562]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"| Strengthened security of Zimbra product by disallowing usage of some JVM arguments in mailbox manager.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2023-24032 CVE-2023-24032]<br />
|style="border: solid #ffffff; text-align: center;"| TBD <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"| The Perl compress zlib package has been upgraded to version 2.103-1 to fix out-of-bounds access vulnerability<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2018-25032 CVE-2018-25032]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration. '''<br />
<br />
<br />
= What's New =<br />
<br />
== Package Upgrade ==<br />
<br/><br />
<div style="padding:1%; color:#f68b1f;font-size:20px;" ><br />
* Perl compress zlib package has been upgraded from 2.069 to version 2.103-1<br />
</div><br />
<br/><br />
<br />
== Modern Web App ==<br />
<br />
'''Calendar'''<br />
* Users can now use tag colours for appointments. <br />
<br />
<br />
'''Contacts'''<br />
* Users can now select year for the Birthday and Anniversary fields in contacts. <br />
<br />
== ZCO ==<br />
* ZCO now supports the use of a partial sync feature during initial and delta/regular sync for Shared Mailbox. An option <code>-smd <value greater than zero></code> can be used with the '''ZmCustomizeMsi.js''' script.<br />
<br />
= Fixed Issues =<br />
<br />
== Platform ==<br />
* When the timezone is set to ```Asia/Yangon```, the <code>zmswatch</code> and <code>zmlogswatchctl</code> services failed to start. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3261 ZBUG-3261]<br />
* When creating an appointment without a body and sending it to the EWS user, NPE errors were seen and the appointment was not visible to the recipient. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3124 ZBUG-3124]<br />
* Corrected hardcoded syslog configuration to system defined configuration. [https://jira.corp.synacor.com/browse/ZBUG-3053 ZBUG-3053]<br />
* When installing zimbra-patch package, it was redeploying all standard zimlets and overwrote the previously deployed zimlet configurations. The issue has been fixed and the zimlet's are not re-deployed now. [https://jira.corp.synacor.com/browse/ZBUG-2722 ZBUG-2722]<br />
<br />
== Web UX - Classic ==<br />
* Fixed the issue where external users were not able to login to Classic UI to view shared content.<br />
* Fixed the issue in Classic UI where out of office date was changed when selecting any date in month of February. [https://jira.corp.synacor.com/browse/ZBUG-3252 ZBUG-3252]<br />
* Fixed the issue where sometimes appointment dates displayed backwards when calendar appointment is re-opened. [https://jira.corp.synacor.com/browse/ZBUG-2311 ZBUG-2311]<br />
<br />
== Admin Web Console ==<br />
* User can now add notes on multiple lines in the Admin UI at the path Home > Manage > Accounts > user@domain.com > General Information > Notes. [https://jira.corp.synacor.com/browse/ZBUG-3027 ZBUG-3027]<br />
<br />
<br />
== ZCO ==<br />
* Corrected French translation on Room Finder UI. [https://jira.corp.synacor.com/browse/ZBUG-3002 ZBUG-3002]<br />
<br />
== Zimbra Drive ==<br />
* The preview is no more offered for documents larger than 10 Mb and images larger than 20 Mb to avoid server resources consumption and possible crashes.<br />
<br />
== NG Backup ==<br />
* Now the external restore operation supports the accounts UUID for both the accounts parameter and in an input file.<br />
* The getAvailableAccount command now provides a parameter to generate a file and to choose the headers.<br />
* ExternalRestore follows the order of the accounts provided in the accounts or input_file parameter.<br />
<br />
== NG HSM ==<br />
* Underscores have been removed from object storage types such as CustomS3 and ScalityS3. [https://jira.corp.synacor.com/browse/ZCS-12728 ZCS-12728]<br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused iOS mobile devices to synchronize replies to calendar appointments multiple times.<br />
* Fixed a bug that caused the exceptions in recurring calendars to be not synchronized properly via EAS.<br />
* When using NG Mobile, the calendar events were not fully synced to the phone in certain scenarios. The issue has been fixed. [https://jira.corp.synacor.com/browse/ZBUG-3001 ZBUG-3001]<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
=== NG Mobile === <br />
* Changes are not synced to Android devices if attendees of an instance in a recurring appointment are modified. - '''ZBUG-3133'''.<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
zimbra-patch -> 9.0.0.1676464095.p30-2<br />
zimbra-mta-patch -> 9.0.0.1676044118.p30-1<br />
zimbra-proxy-patch -> 9.0.0.1676044118.p30-1<br />
zimbra-ldap-patch -> 9.0.0.1676044118.p30-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1676019954-1<br />
zimbra-common-core-jar -> 9.0.0.1676020564-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1676019859-1<br />
zimbra-mbox-ews-service -> 9.0.0.1676296399-1<br />
zimbra-modern-ui -> 4.30.0.1676380551-1<br />
zimbra-modern-zimlets -> 4.30.0.1676380551-1<br />
zimbra-zco -> 9.0.0.1927.1676463975-1<br />
zimbra-network-modules-ng -> 7.0.29.1672292651-1<br />
zimbra-zimlet-nextcloud -> 1.0.10.1676031012-1<br />
zimbra-chat -> 4.0.3.1654677981-1<br />
zimbra-drive -> 1.0.14.1588924560-1<br />
zimbra-talk -> 4.0.3.1673533079-1<br />
zimbra-connect -> 2.0.22.1635424388-1<br />
zimbra-connect-modern -> 1.0.22.1635424388-1<br />
zimbra-docs -> 4.0.8.1663658601-1<br />
zimbra-docs-modern -> 1.0.7.1632998065-1<br />
zimbra-drive-ng -> 4.0.14.1637855796-1<br />
zimbra-drive-modern -> 1.0.14.1637855796-1<br />
zimbra-zimlet-auth -> 1.0.5.1652971904-1<br />
zimbra-zimlet-email-templates -> 2.0.1.1674020393-1<br />
zimbra-zimlet-signature-template -> 1.0.1.1674021232-1<br />
zimbra-zimlet-voice-message -> 1.0.4.1674021803-1<br />
zimbra-zimlet-webex -> 1.0.2.1674022197-1<br />
zimbra-zimlet-rocketchat -> 1.0.1.1674022495-1<br />
zimbra-zimlet-ads -> 9.0.0.1676372360-1<br />
zimbra-zimlet-user-sessions-management -> 9.0.0.1676372360-1<br />
zimbra-zimlet-org-chart -> 3.0.0.1676372360-1<br />
zimbra-zimlet-additional-signature-setting -> 8.0.0.1676372360-1<br />
zimbra-zimlet-restore-contacts -> 7.0.0.1676372360-1<br />
zimbra-zimlet-sideloader -> 8.0.0.1676372360-1<br />
zimbra-zimlet-set-default-client -> 9.0.0.1676372360-1<br />
zimbra-zimlet-date -> 7.0.0.1676372360-1<br />
zimbra-zimlet-privacy-protector -> 5.0.0.1676372360-1<br />
zimbra-zimlet-classic-unsupportedbrowser -> 4.0.0.1676372360-1<br />
zimbra-zimlet-install-pwa -> 7.0.0.1676372360-1<br />
zimbra-zimlet-emptysubject -> 3.0.0.1676372360-1<br />
zimbra-zimlet-duplicate-contacts -> 6.0.0.1676372360-1<br />
zimbra-zimlet-secure-mail -> 2.0.0.1676372360-1<br />
zimbra-zimlet-web-search -> 5.0.0.1676372360-1<br />
zimbra-zimlet-user-feedback -> 7.0.0.1676372360-1<br />
zimbra-zimlet-calendar-subscription -> 7.0.0.1676372360-1<br />
zimbra-zimlet-briefcase-edit-lool -> 4.0.0.1676372360-1<br />
zimbra-zimlet-jitsi -> 3.4.0.1674201804-1<br />
zimbra-zimlet-google-drive -> 6.1.0.1674201804-1<br />
zimbra-zimlet-onedrive -> 6.1.0.1674201804-1<br />
zimbra-zimlet-slack -> 5.6.0.1674201804-1<br />
zimbra-zimlet-collaboration-list -> 3.3.0.1674201804-1<br />
zimbra-zimlet-video-call-preferences -> 2.1.0.1674201804-1<br />
zimbra-zimlet-zoom -> 7.1.0.1674201804-1<br />
zimbra-zimlet-migration -> 3.5.0.1674201804-1<br />
zimbra-zimlet-dropbox -> 6.1.0.1674201804-1<br />
zimbra-perl-compress-raw-zlib -> 2.103-1zimbra8.7b1<br />
zimbra-perl-date-manip -> 6.90-1zimbra8.7b1<br />
zimbra-perl -> 1.0.7-1zimbra8.7b1 (For RHEL8, UBUNTU20 : 1.0.8-1zimbra8.7b1 )<br />
zimbra-openssl -> 1.1.1t-1zimbra8.7b4<br />
zimbra-core-components -> 3.0.18-1zimbra8.8b1<br />
zimbra-ldap-components -> 2.0.12-1zimbra8.8b1<br />
<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 30:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&diff=69516Zimbra Releases/10.0.02023-03-09T04:55:32Z<p>Dawood Shaikh: </p>
<hr />
<div>{{WIP}}<br />
<br />
= Zimbra Daffodil (v10) GA Release =<br />
<br />
Check out the [[#What's_New|What's New]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
<br />
Please refer to the [https://zimbra.github.io/documentation/zimbra-10/single-server-install.html Single-Server Install Guide], [https://zimbra.github.io/documentation/zimbra-10/multi-server-install.html Multi-Server Install Guide], and [https://zimbra.github.io/documentation/zimbra-10/upgrade.html Upgrade Guide] for install and upgrade instructions.<br />
<br />
= Description =<br />
<br />
We are very excited about the announcement of the release of Zimbra Daffodil (v10). With this release, we've consolidated our core code-base and replaced certain older '''NG''' add-on modules with new & improved core modules that will see continuous enhancements in future updates. With Zimbra Daffodil (v10), we're committed and focused on improving its stability, security, quality, features & capabilities, user experience, performance, extensibility, and scalability.<br />
<br />
Zimbra (v10) release provides the same or better features than Zimbra 8.8.15 and 9.0 and will be our main code base for continuous improvement and innovation going forward.<br />
<br />
= What does this mean? =<br />
<br />
It means that each component integrates at the application layer and is designed to work together in unison. Zimbra Daffodil(v10) also removes data restrictions and allows full access to your data. With all core components managed by us, it will enable us to innovate faster and bring new features to market quicker than before.<br />
<br />
= What's new or updated in Zimbra (v10) =<br />
<br />
== Installation, Upgrade, & Migration ==<br />
<br />
In the Zimbra Daffodil(v10) release, we focused on new installations, rolling upgrades with and without NG modules, and in-place upgrades for customers running without NG modules. Here are key topics you need to know about upgrading and migration: <br />
<br />
* Single and Multi-Server installation is supported for new installations of Zimbra (v10).<br />
<br />
* For customers using NG modules on a Multi-Server setup, we are releasing a migration tool that will help the customers to migrate their NG modules data to the new Zimbra-10 server. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/ng-migration.html migration guide] for more details. Please note that this tool is being released as a '''Beta''' utility and should be tested on dev/test environment(s) before using it on production data. For more guidance, please reach out to our support team.<br />
<br />
* For customers using NG modules on a Single-Server setup, currently we do not support an in-place upgrade or migration. We are working on steps to migrate such a setup. We will update you soon.<br />
<br />
* For customers on Multi-Server setup and '''NOT''' using NG modules, Rolling upgrade is the recommended method where you either upgrade existing or add new replacement LDAP's, Proxy's and MTA's. Once the LDAP, Proxy and MTA's are running the latest version, you then add a new mail store and use zmmboxmove to move accounts from the older store to the new zimbra-10 store. For more information please refer to [https://zimbra.github.io/documentation/zimbra-10/rolling-upgrade.html rolling-upgrade] guide.<br />
<br />
* In-place upgrade is only recommended for customers who are not running NG modules. In-place upgrades are supported from 8.8.15 and 9.0.0 versions running the latest patch releases.<br />
<br />
== Backup & Restore ==<br />
<br />
Daffodil backup and recovery is built with the understanding that backups should not affect the server or user experience while providing the best disaster recovery restore. The Daffodil backup offers the ability to backup using auto-grouping or full backup with incremental logging. Here are key topics you need to know about upgrading to 10.0 Backup and Restore: <br />
<br />
* A new backup will need to be initialised after the upgrade.<br />
* Backup consists of two backup methods. <br />
** Auto-grouping is a great backup method but is best for large installations where 5,000+ accounts reside on a single mail store. Smaller installations will benefit with creating a full backup once a week. <br />
** The default backup method is known as the 'Standard' method, and is recommended for most customers.<br />
* Backups can be created at the Global, Server, COS, Domain, and account level.<br />
* Dumpster feature has been integrated with backup and restore which is called 'Message Reclaim'. This is the first phase in many to provide a simpler way to manage and restore data that was deleted accidentally. Currently, the reclaim is a command line function but stay tuned for improvements within the coming releases. <br />
* Multiple restore methods. A disaster doesn't always destroy the full store or cluster. 10.0 backup brings back the ability to restore each component (store, meta-data, LDAP data) or a mail-store or the full cluster. <br />
* Advance restore mode, which can be used within a full mail-store disaster recovery where all of the Metadata and accounts are restored to production before the blob data. Because blob restore accounts for the majority of the restore time, the time that takes to restore and put the account back into production has significantly improved. Once the account is active, the restore process will restore the blobs. Please note, users will receive a missing blob error until the blob has been restored.<br />
<br />
== Storage Management ==<br />
<br />
The Storage Management (SM) feature is where you configure storage volumes for primary, and secondary data stores and indexing. SM using the scheduler also provides the ability to move older data from primary higher-cost to secondary lower-cost storage based on age. In most instances, end users will not experience any performance differences.<br />
<br />
Storage Management can be managed within the Administrator UI at the global and server level or from the command line.<br />
<br />
SM supports local and external storage for the following providers:<br />
* Amazon AWS S3 - Supports Intelligent Tiering.<br />
* Ceph<br />
* Netapp StorageGrid<br />
* OpenIO<br />
* EMC<br />
* Scality<br />
* Custom S3<br />
<br />
== Mobile Sync and Device Management ==<br />
<br />
The mobile sync feature supports the latest devices and has improved calendar synchronization. It contains all of the security as the past versions but is now part of the core code. <br />
<br />
Following are some more details:<br />
* Support active-sync versions 16.1, 16.0, 14.1, 14.0 & 12.1.<br />
* Support shared Folders and Calendars.<br />
* Support configuring user-level ActiveSync protocol version<br />
* Support Autodiscover.<br />
* Allow/Block/Quarantine (ABQ) support.<br />
* Support Mobile Device Security Policies:<br />
** Remote Wipe.<br />
** Account Only Remote Wipe.<br />
** Device password policies.<br />
** S/MIME encryption policies.<br />
* Support MDM Apps – IBM Maas 360 and Apple Airwatch.<br />
* Notification support for Quarantined devices at specified intervals.<br />
<br />
Note: When using a Rolling-Upgrade with NG modules, after the accounts are moved from the NG server to the Zimbra-10 servers, all ActiveSync sync-tokens will be reset. Because of this, all devices will receive a re-sync request, then each device should acknowledge the request and initiate a full re-sync. The majority of devices will do this automatically and with no action required by the device owner. The acknowledgment action is a device action, and some older Samsung devices have been known not to respond which requires the user to either recreate the profile or re-enter the password.<br />
<br />
For the Non-NG Rolling-Upgrade setup, ActiveSync users will have to reconfigure their activesync profile on the devices/app to start using the latest ActiveSync version.<br />
<br />
== Briefcase ==<br />
<br />
10.0 restores documentation management within the Briefcase. This provides a single location where a user can manage, store, share, and edit documents. Here are key topics you need to know about upgrading to 10.0 Documentation Management: <br />
<br />
* All document data within Briefcase is stored within the core of server which means the data is within the account mysql database and stored within the data store.<br />
* Each mail store can contain its own instance of Office.<br />
* File sharing internally or publicly.<br />
* Collaborative editing of files.<br />
<br />
== Office ==<br />
<br />
Daffodil provides an updated set of documentation editors that works with Word, Spreadsheet, & Presentation documents.<br />
<br />
* Can be installed on each mail store.<br />
* Supports editing and sharing of documents with multiple users.<br />
* Supports Single file or folder share.<br />
* Supports High fidelity Document preview.<br />
* Supports many document formats.<br />
* Supports Version control.<br />
<br />
For the Rolling-Upgrade setup, the Document editing/sharing feature will not work until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
Similarly, any Drive user data migrated to Zimbra (v10), will not work as expected until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
== Chat and Video ==<br />
<br />
It is an enterprise video and chat solution. This offering includes individual, group chats, contact and group support, video calling support, chat archival and many other standard chat and video features. <br />
<br />
* SAAS offering<br />
* Simplistic configuration - Once the Admin account is created and configured, end users accounts will be automatically created based on COS configuration.<br />
* Supported within the Classic Web App, Modern Web App, Desktop App, and Mobile Apps which are currently available on play store and app store.<br />
<br />
== Delegated Administrator ==<br />
Delegated Administrators can now be assigned predefined rights for common tasks. A common example is to create a Helpdesk administrator who can only reset password. Following commonly used predefined rights have been added in this release and more will be added in the upcoming releases:<br />
* Domain administrator<br />
* Reset passwords<br />
* Edit contact info<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
= Known Issues =<br />
These are '''Known Issues''' against Zimbra 10.0.0 and will be addressed in future updates and/or patches.<br />
<br />
== Mobile Sync ==<br />
* For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server.<br />
* Syncing of shared folders/calendars has been disabled on Outlook App for iOS and Android due to syncing issues.<br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App.<br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
* Mailbox sync fails for outlook after enabling the ActiveSync share feature in a rolling upgrade setup. <br />
Workaround - Enable the Activesync Share feature once all mailbox nodes are upgraded to Zimbra-10.0.0.<br />
<br />
== Backup-Restore ==<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== Storage Management ==<br />
* When using an external storage provider for Secondary storage, please exclude the '''Documents''' from the policy as it appears garbled after it is moved to external storage. <br />
<br />
== Briefcase ==<br />
* The <code>zimbraFileUploadMaxSize</code> cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.<br />
<br />
== Platform ==<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users.<br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE.<br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors<br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase.<br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue.</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&diff=69513Zimbra Releases/10.0.02023-03-08T16:41:03Z<p>Dawood Shaikh: /* Installation, Upgrade, & Migration */</p>
<hr />
<div>{{WIP}}<br />
<br />
= Zimbra Daffodil (v10) GA Release =<br />
<br />
Check out the [[#What's_New|What's New]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
<br />
Please refer to the [https://zimbra.github.io/documentation/zimbra-10/single-server-install.html Single-Server Install Guide], [https://zimbra.github.io/documentation/zimbra-10/multi-server-install.html Multi-Server Install Guide], and [https://zimbra.github.io/documentation/zimbra-10/upgrade.html Upgrade Guide] for install and upgrade instructions.<br />
<br />
= Description =<br />
<br />
We are very excited about the announcement of the release of Zimbra Daffodil (v10). With this release, we've consolidated our core code-base and replaced certain older '''NG''' add-on modules with new & improved core modules that will see continuous enhancements in future updates. With Zimbra Daffodil (v10), we're committed and focused on improving its stability, security, quality, features & capabilities, user experience, performance, extensibility, and scalability.<br />
<br />
Zimbra (v10) release provides the same or better features than Zimbra 8.8.15 and 9.0 and will be our main code base for continuous improvement and innovation going forward.<br />
<br />
= What does this mean? =<br />
<br />
It means that each component integrates at the application layer and is designed to work together in unison. Zimbra Daffodil(v10) also removes data restrictions and allows full access to your data. With all core components managed by us, it will enable us to innovate faster and bring new features to market quicker than before.<br />
<br />
= What's new or updated in Zimbra (v10) =<br />
<br />
== Installation, Upgrade, & Migration ==<br />
<br />
In the Zimbra Daffodil(v10) release, we focused on new installations, rolling upgrades with and without NG modules, and in-place upgrades for customers running without NG modules. Here are key topics you need to know about upgrading and migration: <br />
<br />
* Single and Multi-Server installation is supported for new installations of Zimbra (v10).<br />
<br />
* For customers using NG modules on a Multi-Server setup, we are releasing a migration tool that will help the customers to migrate their NG modules data to the new Zimbra-10 server. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/ng-migration.html migration guide] for more details. Please note that this tool is being released as a '''Beta''' utility and should be tested on dev/test environment(s) before using it on production data. For more guidance, please reach out to our support team.<br />
<br />
* For customers using NG modules on a Single-Server setup, currently we do not support an in-place upgrade or migration. We are working on steps to migrate such a setup. We will update you soon.<br />
<br />
* For customers on Multi-Server setup and '''NOT''' using NG modules, Rolling upgrade is the recommended method where you either upgrade existing or add new replacement LDAP's, Proxy's and MTA's. Once the LDAP, Proxy and MTA's are running the latest version, you then add a new mail store and use zmmboxmove to move accounts from the older store to the new zimbra-10 store. For more information please refer to [https://zimbra.github.io/documentation/zimbra-10/rolling-upgrade.html rolling-upgrade] guide.<br />
<br />
* In-place upgrade is only recommended for customers who are not running NG modules. In-place upgrades are supported from 8.8.15 and 9.0.0 versions running the latest patch releases.<br />
<br />
== Backup & Restore ==<br />
<br />
Daffodil backup and recovery is built with the understanding that backups should not affect the server or user experience while providing the best disaster recovery restore. The Daffodil backup offers the ability to backup using auto-grouping or full backup with incremental logging. Here are key topics you need to know about upgrading to 10.0 Backup and Restore: <br />
<br />
* A new backup will need to be initialised after the upgrade.<br />
* Backup consists of two backup methods. <br />
** Auto-grouping is a great backup method but is best for large installations where 5,000+ accounts reside on a single mail store. Smaller installations will benefit with creating a full backup once a week. <br />
** The default backup method is known as the 'Standard' method, and is recommended for most customers.<br />
* Backups can be created at the Global, Server, COS, Domain, and account level.<br />
* Dumpster feature has been integrated with backup and restore which is called 'Message Reclaim'. This is the first phase in many to provide a simpler way to manage and restore data that was deleted accidentally. Currently, the reclaim is a command line function but stay tuned for improvements within the coming releases. <br />
* Multiple restore methods. A disaster doesn't always destroy the full store or cluster. 10.0 backup brings back the ability to restore each component (store, meta-data, LDAP data) or a mail-store or the full cluster. <br />
* Advance restore mode, which can be used within a full mail-store disaster recovery where all of the Metadata and accounts are restored to production before the blob data. Because blob restore accounts for the majority of the restore time, the time that takes to restore and put the account back into production has significantly improved. Once the account is active, the restore process will restore the blobs. Please note, users will receive a missing blob error until the blob has been restored.<br />
<br />
== Storage Management ==<br />
<br />
The Storage Management (SM) feature is where you configure storage volumes for primary, and secondary data stores and indexing. SM using the scheduler also provides the ability to move older data from primary higher-cost to secondary lower-cost storage based on age. In most instances, end users will not experience any performance differences.<br />
<br />
Storage Management can be managed within the Administrator UI at the global and server level or from the command line.<br />
<br />
SM supports local and external storage for the following providers:<br />
* Amazon AWS S3 - Supports Intelligent Tiering.<br />
* Ceph<br />
* Netapp StorageGrid<br />
* OpenIO<br />
* EMC<br />
* Scality<br />
* Custom S3<br />
<br />
== Mobile Sync and Device Management ==<br />
<br />
The mobile sync feature supports the latest devices and has improved calendar synchronization. It contains all of the security as the past versions but is now part of the core code. <br />
<br />
Following are some more details:<br />
* Support active-sync versions 16.1, 16.0, 14.1, 14.0 & 12.1.<br />
* Support shared Folders and Calendars.<br />
* Support configuring user-level ActiveSync protocol version<br />
* Support Autodiscover.<br />
* Allow/Block/Quarantine (ABQ) support.<br />
* Support Mobile Device Security Policies:<br />
** Remote Wipe.<br />
** Account Only Remote Wipe.<br />
** Device password policies.<br />
** S/MIME encryption policies.<br />
* Support MDM Apps – IBM Maas 360 and Apple Airwatch.<br />
* Notification support for Quarantined devices at specified intervals.<br />
<br />
Note: When using a Rolling-Upgrade with NG modules, after the accounts are moved from the NG server to the Zimbra-10 servers, all ActiveSync sync-tokens will be reset. Because of this, all devices will receive a re-sync request, then each device should acknowledge the request and initiate a full re-sync. The majority of devices will do this automatically and with no action required by the device owner. The acknowledgment action is a device action, and some older Samsung devices have been known not to respond which requires the user to either recreate the profile or re-enter the password.<br />
<br />
For the Non-NG Rolling-Upgrade setup, ActiveSync users will have to reconfigure their activesync profile on the devices/app to start using the latest ActiveSync version.<br />
<br />
== Briefcase ==<br />
<br />
10.0 restores documentation management within the Briefcase. This provides a single location where a user can manage, store, share, and edit documents. Here are key topics you need to know about upgrading to 10.0 Documentation Management: <br />
<br />
* All document data within Briefcase is stored within the core of server which means the data is within the account mysql database and stored within the data store.<br />
* Each mail store can contain its own instance of Office.<br />
* File sharing internally or publicly.<br />
* Collaborative editing of files.<br />
<br />
== Office ==<br />
<br />
Daffodil provides an updated set of documentation editors that works with Word, Spreadsheet, & Presentation documents.<br />
<br />
* Can be installed on each mail store.<br />
* Supports editing and sharing of documents with multiple users.<br />
* Supports Single file or folder share.<br />
* Supports High fidelity Document preview.<br />
* Supports many document formats.<br />
* Supports Version control.<br />
<br />
For the Rolling-Upgrade setup, the Document editing/sharing feature will not work until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
Similarly, any Drive user data migrated to Zimbra (v10), will not work as expected until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
== Chat and Video ==<br />
<br />
It is an enterprise video and chat solution. This offering includes individual, group chats, contact and group support, video calling support, chat archival and many other standard chat and video features. <br />
<br />
* SAAS offering<br />
* Simplistic configuration - Once the Admin account is created and configured, end users accounts will be automatically created based on COS configuration.<br />
* Supported within the Classic Web App, Modern Web App, Desktop App, and Mobile Apps which are currently available on play store and app store.<br />
<br />
== Delegated Administrator ==<br />
Delegated Administrators can now be assigned predefined rights for common tasks. A common example is to create a Helpdesk administrator who can only reset password. Following commonly used predefined rights have been added in this release and more will be added in the upcoming releases:<br />
* Domain administrator<br />
* Reset passwords<br />
* Edit contact info<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
* If you are using an RHEL-based server (RHEL, Oracle Linux, Rocky Linux, Centos) then, please install the pax/spax package on the MTA node.<br />
** CentOS 7 and derivatives<br />
<br />
yum install pax<br />
<br />
** CentOS 8 and derivatives<br />
<br />
dnf install spax<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
= Known Issues =<br />
These are '''Known Issues''' against Zimbra 10.0.0 and will be addressed in future updates and/or patches.<br />
<br />
== Mobile Sync ==<br />
* For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server.<br />
* Syncing of shared folders/calendars has been disabled on Outlook App for iOS and Android due to syncing issues.<br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App.<br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
* Mailbox sync fails for outlook after enabling the ActiveSync share feature in a rolling upgrade setup. <br />
Workaround - Enable the Activesync Share feature once all mailbox nodes are upgraded to Zimbra-10.0.0.<br />
<br />
== Backup-Restore ==<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== Storage Management ==<br />
* When using an external storage provider for Secondary storage, please exclude the '''Documents''' from the policy as it appears garbled after it is moved to external storage. <br />
<br />
== Briefcase ==<br />
* The <code>zimbraFileUploadMaxSize</code> cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.<br />
<br />
== Platform ==<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users.<br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE.<br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors<br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase.<br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue.</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&diff=69512Zimbra Releases/10.0.02023-03-08T16:39:39Z<p>Dawood Shaikh: /* Things to Know Before Upgrading */</p>
<hr />
<div>{{WIP}}<br />
<br />
= Zimbra Daffodil (v10) GA Release =<br />
<br />
Check out the [[#What's_New|What's New]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
<br />
Please refer to the [https://zimbra.github.io/documentation/zimbra-10/single-server-install.html Single-Server Install Guide], [https://zimbra.github.io/documentation/zimbra-10/multi-server-install.html Multi-Server Install Guide], and [https://zimbra.github.io/documentation/zimbra-10/upgrade.html Upgrade Guide] for install and upgrade instructions.<br />
<br />
= Description =<br />
<br />
We are very excited about the announcement of the release of Zimbra Daffodil (v10). With this release, we've consolidated our core code-base and replaced certain older '''NG''' add-on modules with new & improved core modules that will see continuous enhancements in future updates. With Zimbra Daffodil (v10), we're committed and focused on improving its stability, security, quality, features & capabilities, user experience, performance, extensibility, and scalability.<br />
<br />
Zimbra (v10) release provides the same or better features than Zimbra 8.8.15 and 9.0 and will be our main code base for continuous improvement and innovation going forward.<br />
<br />
= What does this mean? =<br />
<br />
It means that each component integrates at the application layer and is designed to work together in unison. Zimbra Daffodil(v10) also removes data restrictions and allows full access to your data. With all core components managed by us, it will enable us to innovate faster and bring new features to market quicker than before.<br />
<br />
= What's new or updated in Zimbra (v10) =<br />
<br />
== Installation, Upgrade, & Migration ==<br />
<br />
In the Zimbra Daffodil(v10) release, we focused on new installations, rolling upgrades with and without NG modules, and in-place upgrades for customers running without NG modules. Here are key topics you need to know about upgrading and migration: <br />
<br />
* Single and Multi-Server installation is supported for new installations of Zimbra (v10).<br />
<br />
* For customers using NG modules on a Multi-Server setup, we are releasing a migration tool that will help the customers to migrate their NG modules data to the new Zimbra-10 server. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/ng-migration.html migration guide] for more details. Please note that this tool is being released as a '''Beta''' utility and should be tested on dev/test environment(s) before using it on production data. For more guidance, please reach out to our support team.<br />
<br />
* For customers using NG modules on a Single-Server setup, currently we do not support an in-place upgrade or migration. We are working on steps to migrate such a setup. We will update you soon.<br />
<br />
* For customers on Multi-Server setup and '''NOT''' using NG modules, Rolling upgrade is the recommended method where you either upgrade existing or add new replacement LDAP's, Proxy's and MTA's. Once the LDAP, Proxy and MTA's are running the latest version, you then add a new mail store and use zmmailboxmove to move accounts from the older store to the new zimbra-10 store. For more information please refer to [https://zimbra.github.io/documentation/zimbra-10/rolling-upgrade.html rolling-upgrade] guide.<br />
<br />
* In-place upgrade is only recommended for customers who are not running NG modules. In-place upgrades are supported from 8.8.15 and 9.0.0 versions running the latest patch releases.<br />
<br />
== Backup & Restore ==<br />
<br />
Daffodil backup and recovery is built with the understanding that backups should not affect the server or user experience while providing the best disaster recovery restore. The Daffodil backup offers the ability to backup using auto-grouping or full backup with incremental logging. Here are key topics you need to know about upgrading to 10.0 Backup and Restore: <br />
<br />
* A new backup will need to be initialised after the upgrade.<br />
* Backup consists of two backup methods. <br />
** Auto-grouping is a great backup method but is best for large installations where 5,000+ accounts reside on a single mail store. Smaller installations will benefit with creating a full backup once a week. <br />
** The default backup method is known as the 'Standard' method, and is recommended for most customers.<br />
* Backups can be created at the Global, Server, COS, Domain, and account level.<br />
* Dumpster feature has been integrated with backup and restore which is called 'Message Reclaim'. This is the first phase in many to provide a simpler way to manage and restore data that was deleted accidentally. Currently, the reclaim is a command line function but stay tuned for improvements within the coming releases. <br />
* Multiple restore methods. A disaster doesn't always destroy the full store or cluster. 10.0 backup brings back the ability to restore each component (store, meta-data, LDAP data) or a mail-store or the full cluster. <br />
* Advance restore mode, which can be used within a full mail-store disaster recovery where all of the Metadata and accounts are restored to production before the blob data. Because blob restore accounts for the majority of the restore time, the time that takes to restore and put the account back into production has significantly improved. Once the account is active, the restore process will restore the blobs. Please note, users will receive a missing blob error until the blob has been restored.<br />
<br />
== Storage Management ==<br />
<br />
The Storage Management (SM) feature is where you configure storage volumes for primary, and secondary data stores and indexing. SM using the scheduler also provides the ability to move older data from primary higher-cost to secondary lower-cost storage based on age. In most instances, end users will not experience any performance differences.<br />
<br />
Storage Management can be managed within the Administrator UI at the global and server level or from the command line.<br />
<br />
SM supports local and external storage for the following providers:<br />
* Amazon AWS S3 - Supports Intelligent Tiering.<br />
* Ceph<br />
* Netapp StorageGrid<br />
* OpenIO<br />
* EMC<br />
* Scality<br />
* Custom S3<br />
<br />
== Mobile Sync and Device Management ==<br />
<br />
The mobile sync feature supports the latest devices and has improved calendar synchronization. It contains all of the security as the past versions but is now part of the core code. <br />
<br />
Following are some more details:<br />
* Support active-sync versions 16.1, 16.0, 14.1, 14.0 & 12.1.<br />
* Support shared Folders and Calendars.<br />
* Support configuring user-level ActiveSync protocol version<br />
* Support Autodiscover.<br />
* Allow/Block/Quarantine (ABQ) support.<br />
* Support Mobile Device Security Policies:<br />
** Remote Wipe.<br />
** Account Only Remote Wipe.<br />
** Device password policies.<br />
** S/MIME encryption policies.<br />
* Support MDM Apps – IBM Maas 360 and Apple Airwatch.<br />
* Notification support for Quarantined devices at specified intervals.<br />
<br />
Note: When using a Rolling-Upgrade with NG modules, after the accounts are moved from the NG server to the Zimbra-10 servers, all ActiveSync sync-tokens will be reset. Because of this, all devices will receive a re-sync request, then each device should acknowledge the request and initiate a full re-sync. The majority of devices will do this automatically and with no action required by the device owner. The acknowledgment action is a device action, and some older Samsung devices have been known not to respond which requires the user to either recreate the profile or re-enter the password.<br />
<br />
For the Non-NG Rolling-Upgrade setup, ActiveSync users will have to reconfigure their activesync profile on the devices/app to start using the latest ActiveSync version.<br />
<br />
== Briefcase ==<br />
<br />
10.0 restores documentation management within the Briefcase. This provides a single location where a user can manage, store, share, and edit documents. Here are key topics you need to know about upgrading to 10.0 Documentation Management: <br />
<br />
* All document data within Briefcase is stored within the core of server which means the data is within the account mysql database and stored within the data store.<br />
* Each mail store can contain its own instance of Office.<br />
* File sharing internally or publicly.<br />
* Collaborative editing of files.<br />
<br />
== Office ==<br />
<br />
Daffodil provides an updated set of documentation editors that works with Word, Spreadsheet, & Presentation documents.<br />
<br />
* Can be installed on each mail store.<br />
* Supports editing and sharing of documents with multiple users.<br />
* Supports Single file or folder share.<br />
* Supports High fidelity Document preview.<br />
* Supports many document formats.<br />
* Supports Version control.<br />
<br />
For the Rolling-Upgrade setup, the Document editing/sharing feature will not work until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
Similarly, any Drive user data migrated to Zimbra (v10), will not work as expected until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
== Chat and Video ==<br />
<br />
It is an enterprise video and chat solution. This offering includes individual, group chats, contact and group support, video calling support, chat archival and many other standard chat and video features. <br />
<br />
* SAAS offering<br />
* Simplistic configuration - Once the Admin account is created and configured, end users accounts will be automatically created based on COS configuration.<br />
* Supported within the Classic Web App, Modern Web App, Desktop App, and Mobile Apps which are currently available on play store and app store.<br />
<br />
== Delegated Administrator ==<br />
Delegated Administrators can now be assigned predefined rights for common tasks. A common example is to create a Helpdesk administrator who can only reset password. Following commonly used predefined rights have been added in this release and more will be added in the upcoming releases:<br />
* Domain administrator<br />
* Reset passwords<br />
* Edit contact info<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
* If you are using an RHEL-based server (RHEL, Oracle Linux, Rocky Linux, Centos) then, please install the pax/spax package on the MTA node.<br />
** CentOS 7 and derivatives<br />
<br />
yum install pax<br />
<br />
** CentOS 8 and derivatives<br />
<br />
dnf install spax<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
= Known Issues =<br />
These are '''Known Issues''' against Zimbra 10.0.0 and will be addressed in future updates and/or patches.<br />
<br />
== Mobile Sync ==<br />
* For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server.<br />
* Syncing of shared folders/calendars has been disabled on Outlook App for iOS and Android due to syncing issues.<br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App.<br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
* Mailbox sync fails for outlook after enabling the ActiveSync share feature in a rolling upgrade setup. <br />
Workaround - Enable the Activesync Share feature once all mailbox nodes are upgraded to Zimbra-10.0.0.<br />
<br />
== Backup-Restore ==<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== Storage Management ==<br />
* When using an external storage provider for Secondary storage, please exclude the '''Documents''' from the policy as it appears garbled after it is moved to external storage. <br />
<br />
== Briefcase ==<br />
* The <code>zimbraFileUploadMaxSize</code> cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.<br />
<br />
== Platform ==<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users.<br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE.<br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors<br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase.<br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue.</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases&diff=69511Zimbra Releases2023-03-08T15:42:59Z<p>Dawood Shaikh: </p>
<hr />
<div><ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li class="active">{{PAGENAME}}</li><br />
</ol><br />
__NOTOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Product Releases=<br />
==Zimbra Collaboration==<br />
Zimbra release notes are specific to each version of the server. Select your version from the list below to see the release notes for it.<br />
<div class="class="col-md-10""><br />
<table class="table table-hover table-bordered table-striped"><br />
<tr><br />
<th>Release</th><br />
<th>Codename</th><br />
<th>Patch Level</th><br />
<th>Third-Party Patch Level</th><br />
<th>General Availability</th><br />
<th>Download the Release Notes</th><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/10.0.0|10.0.0 GA Release]]'''</td><br />
<td>Daffodil</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i>03/08/2023</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/10.0.0|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/9.0.0|9.0.0 GA Release]]'''</td><br />
<td>Kepler</td><br />
<td>[[Zimbra_Releases/9.0.0/P31|'''Patch 31''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i>04/07/2020</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/9.0.0/P31|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P31&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.15|8.8.15 GA Release (LTS Release)]]'''</td><br />
<td>Joule</td><br />
<td>[[Zimbra_Releases/8.8.15/P38|'''Patch 38''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 07/22/2019</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.15/P38|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P38&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.12|8.8.12 GA Release]]'''</td><br />
<td>Isaac-Newton</td><br />
<td>[[Zimbra_Releases/8.8.12/P6|'''Patch 6''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of General Support 12/31/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/01/2019</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.12/P6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.12/P6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.11|8.8.11 GA Release]]'''</td><br />
<td>Homi-Bhabha</td><br />
<td>[[Zimbra_Releases/8.8.11/P5|'''Patch 5''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 12/17/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/17/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.11|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.11&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.10|8.8.10 GA Release]]'''</td><br />
<td>Konrad-Zuse</td><br />
<td>[[Zimbra_Releases/8.8.10/P8|'''Patch 8''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 10/01/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 10/03/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.10|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.10&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.9|8.8.9 GA Release]]'''</td><br />
<td>Curie</td><br />
<td>[[Zimbra_Releases/8.8.9/P10|'''Patch 10''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 07/09/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 07/10/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.9|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.9&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.8|8.8.8 GA Release]]'''</td><br />
<td>Turing</td><br />
<td>[[Zimbra_Releases/8.8.8/P10|'''Patch 10''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/02/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.7|8.8.7 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/08/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.7|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.7&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.6|8.8.6 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 01/15/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8|8.8 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/12/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.11|8.7.11 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>[[Zimbra_Releases/8.7.11/P14|'''Patch 14''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of General Support 12/31/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 06/08/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.11/P14|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.11/P14&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.10|8.7.10 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 05/31/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.10|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.10&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.9|8.7.9 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 05/11/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.9|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.9&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.8|8.7.8 Early Developer Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/27/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.7|8.7.7 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/13/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.7|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.7&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.6|8.7.6 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/30/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.5|8.7.5 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/16/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.5|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.5&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.4|8.7.4 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/02/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.4|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.4&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.3|8.7.3 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 02/17/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.3|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.3&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.2|8.7.2 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 02/02/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.2|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.2&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.1|8.7.1 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 10/27/2016</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.1|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.1&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.0|8.7.0 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 07/13/2016</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.0&printable=yes '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra Releases/8.6.0|8.6.0 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>[[Zimbra_Releases/8.6.0/P14|'''Patch 14''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/15/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.6/ZCS_860_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> [http://zimbra.io/wikiold/Zimbra%20Collaboration%208.6.0%20Network%20Edition%20Release%20Notes%20-%20Zimbra,%20Inc_.epub '''ePub''']</td><br />
</tr><br />
<tr><br />
<td>8.5.1 GA Release</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 11/03/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.5/ZCS_851R2_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.5.0 GA Release</td><br />
<td>JudasPriest</td><br />
<td>Patch 2</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 08/28/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.5/ZCS_850_Rev2_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.9 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 11/03/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_809R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.8 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/25/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_808R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.7 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 2</td><br />
<td>ZCS 8.0.7 curl patch [https://bugzilla.zimbra.com/show_bug.cgi?id=88926#c11 <i class="fa fa-file-pdf-o" style="color:red"></i>] | [https://files.zimbra.com/downloads/security/zmcurl807-updater.sh <i class="fa fa-download"></i>] <br />OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [http://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 04/08/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_807_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.6 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 12/03/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_806R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.5 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 1</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/10/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.5.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.4 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 2</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 05/24/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.4.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.3 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 3</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 03/05/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.3.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.2 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 1</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 12/10/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.2.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.1 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 11/05/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.1.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.0 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/07/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.0.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>7.2.7 GA Release</td><br />
<td>Helix</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 3/31/2015</i></span><br /><span class="text-success"><i class="fa fa-check"> 03/14/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_Upgrade_7.2.7.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
</table><br />
</div><br />
{{FH}}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases&diff=69510Zimbra Releases2023-03-08T15:42:01Z<p>Dawood Shaikh: </p>
<hr />
<div><ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li class="active">{{PAGENAME}}</li><br />
</ol><br />
__NOTOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Product Releases=<br />
==Zimbra Collaboration==<br />
Zimbra release notes are specific to each version of the server. Select your version from the list below to see the release notes for it.<br />
<div class="class="col-md-10""><br />
<table class="table table-hover table-bordered table-striped"><br />
<tr><br />
<th>Release</th><br />
<th>Codename</th><br />
<th>Patch Level</th><br />
<th>Third-Party Patch Level</th><br />
<th>General Availability</th><br />
<th>Download the Release Notes</th><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/10.0.0|10.0.0 GA Release]]'''</td><br />
<td>Daffodil</td><br />
<td>[[Zimbra_Releases/10.0.0|'''No released patches'']]</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i>03/08/2023</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/10.0.0|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/9.0.0|9.0.0 GA Release]]'''</td><br />
<td>Kepler</td><br />
<td>[[Zimbra_Releases/9.0.0/P31|'''Patch 31''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i>04/07/2020</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/9.0.0/P31|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P31&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.15|8.8.15 GA Release (LTS Release)]]'''</td><br />
<td>Joule</td><br />
<td>[[Zimbra_Releases/8.8.15/P38|'''Patch 38''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 07/22/2019</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.15/P38|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P38&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.12|8.8.12 GA Release]]'''</td><br />
<td>Isaac-Newton</td><br />
<td>[[Zimbra_Releases/8.8.12/P6|'''Patch 6''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of General Support 12/31/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/01/2019</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.12/P6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.12/P6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.11|8.8.11 GA Release]]'''</td><br />
<td>Homi-Bhabha</td><br />
<td>[[Zimbra_Releases/8.8.11/P5|'''Patch 5''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 12/17/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/17/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.11|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.11&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.10|8.8.10 GA Release]]'''</td><br />
<td>Konrad-Zuse</td><br />
<td>[[Zimbra_Releases/8.8.10/P8|'''Patch 8''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 10/01/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 10/03/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.10|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.10&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.9|8.8.9 GA Release]]'''</td><br />
<td>Curie</td><br />
<td>[[Zimbra_Releases/8.8.9/P10|'''Patch 10''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 07/09/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 07/10/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.9|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.9&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.8|8.8.8 GA Release]]'''</td><br />
<td>Turing</td><br />
<td>[[Zimbra_Releases/8.8.8/P10|'''Patch 10''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/02/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.7|8.8.7 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/08/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.7|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.7&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.6|8.8.6 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 01/15/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8|8.8 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/12/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.11|8.7.11 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>[[Zimbra_Releases/8.7.11/P14|'''Patch 14''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of General Support 12/31/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 06/08/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.11/P14|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.11/P14&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.10|8.7.10 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 05/31/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.10|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.10&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.9|8.7.9 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 05/11/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.9|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.9&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.8|8.7.8 Early Developer Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/27/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.7|8.7.7 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/13/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.7|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.7&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.6|8.7.6 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/30/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.5|8.7.5 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/16/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.5|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.5&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.4|8.7.4 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/02/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.4|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.4&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.3|8.7.3 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 02/17/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.3|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.3&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.2|8.7.2 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 02/02/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.2|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.2&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.1|8.7.1 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 10/27/2016</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.1|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.1&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.0|8.7.0 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 07/13/2016</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.0&printable=yes '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra Releases/8.6.0|8.6.0 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>[[Zimbra_Releases/8.6.0/P14|'''Patch 14''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/15/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.6/ZCS_860_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> [http://zimbra.io/wikiold/Zimbra%20Collaboration%208.6.0%20Network%20Edition%20Release%20Notes%20-%20Zimbra,%20Inc_.epub '''ePub''']</td><br />
</tr><br />
<tr><br />
<td>8.5.1 GA Release</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 11/03/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.5/ZCS_851R2_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.5.0 GA Release</td><br />
<td>JudasPriest</td><br />
<td>Patch 2</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 08/28/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.5/ZCS_850_Rev2_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.9 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 11/03/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_809R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.8 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/25/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_808R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.7 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 2</td><br />
<td>ZCS 8.0.7 curl patch [https://bugzilla.zimbra.com/show_bug.cgi?id=88926#c11 <i class="fa fa-file-pdf-o" style="color:red"></i>] | [https://files.zimbra.com/downloads/security/zmcurl807-updater.sh <i class="fa fa-download"></i>] <br />OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [http://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 04/08/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_807_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.6 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 12/03/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_806R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.5 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 1</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/10/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.5.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.4 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 2</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 05/24/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.4.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.3 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 3</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 03/05/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.3.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.2 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 1</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 12/10/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.2.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.1 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 11/05/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.1.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.0 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/07/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.0.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>7.2.7 GA Release</td><br />
<td>Helix</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 3/31/2015</i></span><br /><span class="text-success"><i class="fa fa-check"> 03/14/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_Upgrade_7.2.7.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
</table><br />
</div><br />
{{FH}}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases&diff=69509Zimbra Releases2023-03-08T15:41:20Z<p>Dawood Shaikh: </p>
<hr />
<div><ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li class="active">{{PAGENAME}}</li><br />
</ol><br />
__NOTOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Product Releases=<br />
==Zimbra Collaboration==<br />
Zimbra release notes are specific to each version of the server. Select your version from the list below to see the release notes for it.<br />
<div class="class="col-md-10""><br />
<table class="table table-hover table-bordered table-striped"><br />
<tr><br />
<th>Release</th><br />
<th>Codename</th><br />
<th>Patch Level</th><br />
<th>Third-Party Patch Level</th><br />
<th>General Availability</th><br />
<th>Download the Release Notes</th><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/10.0.0|10.0.0 GA Release]]'''</td><br />
<td>Daffodil</td><br />
<td>[[Zimbra_Releases/10.0.0|'''GA Release''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i>03/08/2023</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/10.0.0|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/9.0.0|9.0.0 GA Release]]'''</td><br />
<td>Kepler</td><br />
<td>[[Zimbra_Releases/9.0.0/P31|'''Patch 31''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i>04/07/2020</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/9.0.0/P31|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P31&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.15|8.8.15 GA Release (LTS Release)]]'''</td><br />
<td>Joule</td><br />
<td>[[Zimbra_Releases/8.8.15/P38|'''Patch 38''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 07/22/2019</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.15/P38|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P38&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.12|8.8.12 GA Release]]'''</td><br />
<td>Isaac-Newton</td><br />
<td>[[Zimbra_Releases/8.8.12/P6|'''Patch 6''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of General Support 12/31/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/01/2019</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.12/P6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.12/P6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.11|8.8.11 GA Release]]'''</td><br />
<td>Homi-Bhabha</td><br />
<td>[[Zimbra_Releases/8.8.11/P5|'''Patch 5''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 12/17/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/17/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.11|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.11&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.10|8.8.10 GA Release]]'''</td><br />
<td>Konrad-Zuse</td><br />
<td>[[Zimbra_Releases/8.8.10/P8|'''Patch 8''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 10/01/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 10/03/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.10|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.10&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.9|8.8.9 GA Release]]'''</td><br />
<td>Curie</td><br />
<td>[[Zimbra_Releases/8.8.9/P10|'''Patch 10''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 07/09/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 07/10/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.9|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.9&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.8|8.8.8 GA Release]]'''</td><br />
<td>Turing</td><br />
<td>[[Zimbra_Releases/8.8.8/P10|'''Patch 10''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/02/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.7|8.8.7 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/08/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.7|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.7&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.6|8.8.6 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 01/15/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8|8.8 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 03/29/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/12/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.11|8.7.11 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>[[Zimbra_Releases/8.7.11/P14|'''Patch 14''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of General Support 12/31/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 06/08/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.11/P14|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.11/P14&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.10|8.7.10 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 05/31/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.10|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.10&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.9|8.7.9 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 05/11/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.9|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.9&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.8|8.7.8 Early Developer Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/27/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.7|8.7.7 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 04/13/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.7|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.7&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.6|8.7.6 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/30/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.5|8.7.5 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/16/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.5|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.5&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.4|8.7.4 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 03/02/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.4|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.4&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.3|8.7.3 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 02/17/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.3|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.3&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.2|8.7.2 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 02/02/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.2|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.2&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.1|8.7.1 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 10/27/2016</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.1|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.1&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.0|8.7.0 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 07/13/2016</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.0&printable=yes '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra Releases/8.6.0|8.6.0 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>[[Zimbra_Releases/8.6.0/P14|'''Patch 14''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2019</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/15/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.6/ZCS_860_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> [http://zimbra.io/wikiold/Zimbra%20Collaboration%208.6.0%20Network%20Edition%20Release%20Notes%20-%20Zimbra,%20Inc_.epub '''ePub''']</td><br />
</tr><br />
<tr><br />
<td>8.5.1 GA Release</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 11/03/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.5/ZCS_851R2_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.5.0 GA Release</td><br />
<td>JudasPriest</td><br />
<td>Patch 2</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 08/28/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.5/ZCS_850_Rev2_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.9 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 11/03/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_809R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.8 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/25/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_808R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.7 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 2</td><br />
<td>ZCS 8.0.7 curl patch [https://bugzilla.zimbra.com/show_bug.cgi?id=88926#c11 <i class="fa fa-file-pdf-o" style="color:red"></i>] | [https://files.zimbra.com/downloads/security/zmcurl807-updater.sh <i class="fa fa-download"></i>] <br />OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [http://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 04/08/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_807_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.6 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 12/03/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_806R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.5 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 1</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/10/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.5.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.4 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 2</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 05/24/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.4.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.3 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 3</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 03/05/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.3.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.2 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 1</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 12/10/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.2.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.1 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 11/05/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.1.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.0 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/07/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.0.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>7.2.7 GA Release</td><br />
<td>Helix</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 3/31/2015</i></span><br /><span class="text-success"><i class="fa fa-check"> 03/14/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_Upgrade_7.2.7.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
</table><br />
</div><br />
{{FH}}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&diff=69508Zimbra Releases/10.0.02023-03-08T15:32:00Z<p>Dawood Shaikh: </p>
<hr />
<div>{{WIP}}<br />
<br />
= Zimbra Daffodil (v10) GA Release =<br />
<br />
Check out the [[#What's_New|What's New]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
<br />
Please refer to the [https://zimbra.github.io/documentation/zimbra-10/single-server-install.html Single-Server Install Guide], [https://zimbra.github.io/documentation/zimbra-10/multi-server-install.html Multi-Server Install Guide], and [https://zimbra.github.io/documentation/zimbra-10/upgrade.html Upgrade Guide] for install and upgrade instructions.<br />
<br />
= Description =<br />
<br />
We are very excited about the announcement of the release of Zimbra Daffodil (v10). With this release, we've consolidated our core code-base and replaced certain older '''NG''' add-on modules with new & improved core modules that will see continuous enhancements in future updates. With Zimbra Daffodil (v10), we're committed and focused on improving its stability, security, quality, features & capabilities, user experience, performance, extensibility, and scalability.<br />
<br />
Zimbra (v10) release provides the same or better features than Zimbra 8.8.15 and 9.0 and will be our main code base for continuous improvement and innovation going forward.<br />
<br />
= What does this mean? =<br />
<br />
It means that each component integrates at the application layer and is designed to work together in unison. Zimbra Daffodil(v10) also removes data restrictions and allows full access to your data. With all core components managed by us, it will enable us to innovate faster and bring new features to market quicker than before.<br />
<br />
= What's new or updated in Zimbra (v10) =<br />
<br />
== Installation, Upgrade, & Migration ==<br />
<br />
In the Zimbra Daffodil(v10) release, we focused on new installations, rolling upgrades with and without NG modules, and in-place upgrades for customers running without NG modules. Here are key topics you need to know about upgrading and migration: <br />
<br />
* Single and Multi-Server installation is supported for new installations of Zimbra (v10).<br />
<br />
* For customers using NG modules on a Multi-Server setup, we are releasing a migration tool that will help the customers to migrate their NG modules data to the new Zimbra-10 server. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/ng-migration.html migration guide] for more details. Please note that this tool is being released as a '''Beta''' utility and should be tested on dev/test environment(s) before using it on production data. For more guidance, please reach out to our support team.<br />
<br />
* For customers using NG modules on a Single-Server setup, currently we do not support an in-place upgrade or migration. We are working on steps to migrate such a setup. We will update you soon.<br />
<br />
* For customers on Multi-Server setup and '''NOT''' using NG modules, Rolling upgrade is the recommended method where you either upgrade existing or add new replacement LDAP's, Proxy's and MTA's. Once the LDAP, Proxy and MTA's are running the latest version, you then add a new mail store and use zmmailboxmove to move accounts from the older store to the new zimbra-10 store. For more information please refer to [https://zimbra.github.io/documentation/zimbra-10/rolling-upgrade.html rolling-upgrade] guide.<br />
<br />
* In-place upgrade is only recommended for customers who are not running NG modules. In-place upgrades are supported from 8.8.15 and 9.0.0 versions running the latest patch releases.<br />
<br />
== Backup & Restore ==<br />
<br />
Daffodil backup and recovery is built with the understanding that backups should not affect the server or user experience while providing the best disaster recovery restore. The Daffodil backup offers the ability to backup using auto-grouping or full backup with incremental logging. Here are key topics you need to know about upgrading to 10.0 Backup and Restore: <br />
<br />
* A new backup will need to be initialised after the upgrade.<br />
* Backup consists of two backup methods. <br />
** Auto-grouping is a great backup method but is best for large installations where 5,000+ accounts reside on a single mail store. Smaller installations will benefit with creating a full backup once a week. <br />
** The default backup method is known as the 'Standard' method, and is recommended for most customers.<br />
* Backups can be created at the Global, Server, COS, Domain, and account level.<br />
* Dumpster feature has been integrated with backup and restore which is called 'Message Reclaim'. This is the first phase in many to provide a simpler way to manage and restore data that was deleted accidentally. Currently, the reclaim is a command line function but stay tuned for improvements within the coming releases. <br />
* Multiple restore methods. A disaster doesn't always destroy the full store or cluster. 10.0 backup brings back the ability to restore each component (store, meta-data, LDAP data) or a mail-store or the full cluster. <br />
* Advance restore mode, which can be used within a full mail-store disaster recovery where all of the Metadata and accounts are restored to production before the blob data. Because blob restore accounts for the majority of the restore time, the time that takes to restore and put the account back into production has significantly improved. Once the account is active, the restore process will restore the blobs. Please note, users will receive a missing blob error until the blob has been restored.<br />
<br />
== Storage Management ==<br />
<br />
The Storage Management (SM) feature is where you configure storage volumes for primary, and secondary data stores and indexing. SM using the scheduler also provides the ability to move older data from primary higher-cost to secondary lower-cost storage based on age. In most instances, end users will not experience any performance differences.<br />
<br />
Storage Management can be managed within the Administrator UI at the global and server level or from the command line.<br />
<br />
SM supports local and external storage for the following providers:<br />
* Amazon AWS S3 - Supports Intelligent Tiering.<br />
* Ceph<br />
* Netapp StorageGrid<br />
* OpenIO<br />
* EMC<br />
* Scality<br />
* Custom S3<br />
<br />
== Mobile Sync and Device Management ==<br />
<br />
The mobile sync feature supports the latest devices and has improved calendar synchronization. It contains all of the security as the past versions but is now part of the core code. <br />
<br />
Following are some more details:<br />
* Support active-sync versions 16.1, 16.0, 14.1, 14.0 & 12.1.<br />
* Support shared Folders and Calendars.<br />
* Support configuring user-level ActiveSync protocol version<br />
* Support Autodiscover.<br />
* Allow/Block/Quarantine (ABQ) support.<br />
* Support Mobile Device Security Policies:<br />
** Remote Wipe.<br />
** Account Only Remote Wipe.<br />
** Device password policies.<br />
** S/MIME encryption policies.<br />
* Support MDM Apps – IBM Maas 360 and Apple Airwatch.<br />
* Notification support for Quarantined devices at specified intervals.<br />
<br />
Note: When using a Rolling-Upgrade with NG modules, after the accounts are moved from the NG server to the Zimbra-10 servers, all ActiveSync sync-tokens will be reset. Because of this, all devices will receive a re-sync request, then each device should acknowledge the request and initiate a full re-sync. The majority of devices will do this automatically and with no action required by the device owner. The acknowledgment action is a device action, and some older Samsung devices have been known not to respond which requires the user to either recreate the profile or re-enter the password.<br />
<br />
For the Non-NG Rolling-Upgrade setup, ActiveSync users will have to reconfigure their activesync profile on the devices/app to start using the latest ActiveSync version.<br />
<br />
== Briefcase ==<br />
<br />
10.0 restores documentation management within the Briefcase. This provides a single location where a user can manage, store, share, and edit documents. Here are key topics you need to know about upgrading to 10.0 Documentation Management: <br />
<br />
* All document data within Briefcase is stored within the core of server which means the data is within the account mysql database and stored within the data store.<br />
* Each mail store can contain its own instance of Office.<br />
* File sharing internally or publicly.<br />
* Collaborative editing of files.<br />
<br />
== Office ==<br />
<br />
Daffodil provides an updated set of documentation editors that works with Word, Spreadsheet, & Presentation documents.<br />
<br />
* Can be installed on each mail store.<br />
* Supports editing and sharing of documents with multiple users.<br />
* Supports Single file or folder share.<br />
* Supports High fidelity Document preview.<br />
* Supports many document formats.<br />
* Supports Version control.<br />
<br />
For the Rolling-Upgrade setup, the Document editing/sharing feature will not work until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
Similarly, any Drive user data migrated to Zimbra (v10), will not work as expected until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
== Chat and Video ==<br />
<br />
It is an enterprise video and chat solution. This offering includes individual, group chats, contact and group support, video calling support, chat archival and many other standard chat and video features. <br />
<br />
* SAAS offering<br />
* Simplistic configuration - Once the Admin account is created and configured, end users accounts will be automatically created based on COS configuration.<br />
* Supported within the Classic Web App, Modern Web App, Desktop App, and Mobile Apps which are currently available on play store and app store.<br />
<br />
== Delegated Administrator ==<br />
Delegated Administrators can now be assigned predefined rights for common tasks. A common example is to create a Helpdesk administrator who can only reset password. Following commonly used predefined rights have been added in this release and more will be added in the upcoming releases:<br />
* Domain administrator<br />
* Reset passwords<br />
* Edit contact info<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to {product-short} and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on {product-short} mailstore nodes will not be able to see {modern-client} after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
* If you are using an RHEL-based server (RHEL, Oracle Linux, Rocky Linux, Centos) then, please install the pax/spax package on the MTA node.<br />
** CentOS 7 and derivatives<br />
<br />
yum install pax<br />
<br />
** CentOS 8 and derivatives<br />
<br />
dnf install spax<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
= Known Issues =<br />
These are '''Known Issues''' against Zimbra 10.0.0 and will be addressed in future updates and/or patches.<br />
<br />
== Mobile Sync ==<br />
* For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server.<br />
* Syncing of shared folders/calendars has been disabled on Outlook App for iOS and Android due to syncing issues.<br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App.<br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
* Mailbox sync fails for outlook after enabling the ActiveSync share feature in a rolling upgrade setup. <br />
Workaround - Enable the Activesync Share feature once all mailbox nodes are upgraded to Zimbra-10.0.0.<br />
<br />
== Backup-Restore ==<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== Storage Management ==<br />
* When using an external storage provider for Secondary storage, please exclude the '''Documents''' from the policy as it appears garbled after it is moved to external storage. <br />
<br />
== Briefcase ==<br />
* The <code>zimbraFileUploadMaxSize</code> cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.<br />
<br />
== Platform ==<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users.<br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE.<br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors<br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase.<br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue.</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.0.0&diff=69507Zimbra Releases/10.0.02023-03-08T15:30:10Z<p>Dawood Shaikh: /* Zimbra Daffodil 10.0.0 GA Release */</p>
<hr />
<div>{{WIP}}<br />
<br />
= Zimbra Daffodil (v10) GA Release =<br />
<br />
Check out the [[#What's_New|What's New]], [[#Things to Know Before Upgrading|Things to Know Before Upgrading]] and [[#Known Issues|Known Issues]] sections for this version of Zimbra Collaboration. <br />
<br />
Please refer to the [https://zimbra.github.io/documentation/zimbra-10/single-server-install.html Single-Server Install Guide], [https://zimbra.github.io/documentation/zimbra-10/multi-server-install.html Multi-Server Install Guide], and [https://zimbra.github.io/documentation/zimbra-10/upgrade.html Upgrade Guide] for install and upgrade instructions.<br />
<br />
= Description =<br />
<br />
We are very excited about the announcement of the release of Zimbra Daffodil (v10). With this release, we've consolidated our core code-base and replaced certain older '''NG''' add-on modules with new & improved core modules that will see continuous enhancements in future updates. With Zimbra Daffodil (v10), we're committed and focused on improving its stability, security, quality, features & capabilities, user experience, performance, extensibility, and scalability.<br />
<br />
Zimbra (v10) release provides the same or better features than Zimbra 8.8.15 and 9.0 and will be our main code base for continuous improvement and innovation going forward.<br />
<br />
= What does this mean? =<br />
<br />
It means that each component integrates at the application layer and is designed to work together in unison. Zimbra Daffodil(v10) also removes data restrictions and allows full access to your data. With all core components managed by us, it will enable us to innovate faster and bring new features to market quicker than before.<br />
<br />
= What's new or updated in Zimbra (v10) =<br />
<br />
== Installation, Upgrade, & Migration ==<br />
<br />
In the Zimbra Daffodil(v10) release, we focused on new installations, rolling upgrades with and without NG modules, and in-place upgrades for customers running without NG modules. Here are key topics you need to know about upgrading and migration: <br />
<br />
* Single and Multi-Server installation is supported for new installations of Zimbra (v10).<br />
<br />
* For customers using NG modules on a Multi-Server setup, we are releasing a migration tool that will help the customers to migrate their NG modules data to the new Zimbra-10 server. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/ng-migration.html migration guide] for more details. Please note that this tool is being released as a '''Beta''' utility and should be tested on dev/test environment(s) before using it on production data. For more guidance, please reach out to our support team.<br />
<br />
* For customers using NG modules on a Single-Server setup, currently we do not support an in-place upgrade or migration. We are working on steps to migrate such a setup. We will update you soon.<br />
<br />
* For customers on Multi-Server setup and '''NOT''' using NG modules, Rolling upgrade is the recommended method where you either upgrade existing or add new replacement LDAP's, Proxy's and MTA's. Once the LDAP, Proxy and MTA's are running the latest version, you then add a new mail store and use zmmailboxmove to move accounts from the older store to the new zimbra-10 store. For more information please refer to [https://zimbra.github.io/documentation/zimbra-10/rolling-upgrade.html rolling-upgrade] guide.<br />
<br />
* In-place upgrade is only recommended for customers who are not running NG modules. In-place upgrades are supported from 8.8.15 and 9.0.0 versions running the latest patch releases.<br />
<br />
== Backup & Restore ==<br />
<br />
Daffodil backup and recovery is built with the understanding that backups should not affect the server or user experience while providing the best disaster recovery restore. The Daffodil backup offers the ability to backup using auto-grouping or full backup with incremental logging. Here are key topics you need to know about upgrading to 10.0 Backup and Restore: <br />
<br />
* A new backup will need to be initialised after the upgrade.<br />
* Backup consists of two backup methods. <br />
** Auto-grouping is a great backup method but is best for large installations where 5,000+ accounts reside on a single mail store. Smaller installations will benefit with creating a full backup once a week. <br />
** The default backup method is known as the 'Standard' method, and is recommended for most customers.<br />
* Backups can be created at the Global, Server, COS, Domain, and account level.<br />
* Dumpster feature has been integrated with backup and restore which is called 'Message Reclaim'. This is the first phase in many to provide a simpler way to manage and restore data that was deleted accidentally. Currently, the reclaim is a command line function but stay tuned for improvements within the coming releases. <br />
* Multiple restore methods. A disaster doesn't always destroy the full store or cluster. 10.0 backup brings back the ability to restore each component (store, meta-data, LDAP data) or a mail-store or the full cluster. <br />
* Advance restore mode, which can be used within a full mail-store disaster recovery where all of the Metadata and accounts are restored to production before the blob data. Because blob restore accounts for the majority of the restore time, the time that takes to restore and put the account back into production has significantly improved. Once the account is active, the restore process will restore the blobs. Please note, users will receive a missing blob error until the blob has been restored.<br />
<br />
== Storage Management ==<br />
<br />
The Storage Management (SM) feature is where you configure storage volumes for primary, and secondary data stores and indexing. SM using the scheduler also provides the ability to move older data from primary higher-cost to secondary lower-cost storage based on age. In most instances, end users will not experience any performance differences.<br />
<br />
Storage Management can be managed within the Administrator UI at the global and server level or from the command line.<br />
<br />
SM supports local and external storage for the following providers:<br />
* Amazon AWS S3 - Supports Intelligent Tiering.<br />
* Ceph<br />
* Netapp StorageGrid<br />
* OpenIO<br />
* EMC<br />
* Scality<br />
* Custom S3<br />
<br />
== Mobile Sync and Device Management ==<br />
<br />
The mobile sync feature supports the latest devices and has improved calendar synchronization. It contains all of the security as the past versions but is now part of the core code. <br />
<br />
Following are some more details:<br />
* Support active-sync versions 16.1, 16.0, 14.1 & 12.1.<br />
* Support shared Folders and Calendars.<br />
* Support configuring user-level ActiveSync protocol version<br />
* Support Autodiscover.<br />
* Allow/Block/Quarantine (ABQ) support.<br />
* Support Mobile Device Security Policies:<br />
** Remote Wipe.<br />
** Account Only Remote Wipe.<br />
** Device password policies.<br />
** S/MIME encryption policies.<br />
* Support MDM Apps – IBM Maas 360 and Apple Airwatch.<br />
* Notification support for Quarantined devices at specified intervals.<br />
<br />
Note: When using a Rolling-Upgrade with NG modules, after the accounts are moved from the NG server to the Zimbra-10 servers, all ActiveSync sync-tokens will be reset. Because of this, all devices will receive a re-sync request, then each device should acknowledge the request and initiate a full re-sync. The majority of devices will do this automatically and with no action required by the device owner. The acknowledgment action is a device action, and some older Samsung devices have been known not to respond which requires the user to either recreate the profile or re-enter the password.<br />
<br />
For the Non-NG Rolling-Upgrade setup, ActiveSync users will have to reconfigure their activesync profile on the devices/app to start using the latest ActiveSync version.<br />
<br />
== Briefcase ==<br />
<br />
10.0 restores documentation management within the Briefcase. This provides a single location where a user can manage, store, share, and edit documents. Here are key topics you need to know about upgrading to 10.0 Documentation Management: <br />
<br />
* All document data within Briefcase is stored within the core of server which means the data is within the account mysql database and stored within the data store.<br />
* Each mail store can contain its own instance of Office.<br />
* File sharing internally or publicly.<br />
* Collaborative editing of files.<br />
<br />
== Office ==<br />
<br />
Daffodil provides an updated set of documentation editors that works with Word, Spreadsheet, & Presentation documents.<br />
<br />
* Can be installed on each mail store.<br />
* Supports editing and sharing of documents with multiple users.<br />
* Supports Single file or folder share.<br />
* Supports High fidelity Document preview.<br />
* Supports many document formats.<br />
* Supports Version control.<br />
<br />
For the Rolling-Upgrade setup, the Document editing/sharing feature will not work until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
Similarly, any Drive user data migrated to Zimbra (v10), will not work as expected until the Grantor and Grantee are moved to zimbra-10 mailbox servers. <br />
<br />
== Chat and Video ==<br />
<br />
It is an enterprise video and chat solution. This offering includes individual, group chats, contact and group support, video calling support, chat archival and many other standard chat and video features. <br />
<br />
* SAAS offering<br />
* Simplistic configuration - Once the Admin account is created and configured, end users accounts will be automatically created based on COS configuration.<br />
* Supported within the Classic Web App, Modern Web App, Desktop App, and Mobile Apps which are currently available on play store and app store.<br />
<br />
== Delegated Administrator ==<br />
Delegated Administrators can now be assigned predefined rights for common tasks. A common example is to create a Helpdesk administrator who can only reset password. Following commonly used predefined rights have been added in this release and more will be added in the upcoming releases:<br />
* Domain administrator<br />
* Reset passwords<br />
* Edit contact info<br />
<br />
<br />
= Things to Know Before Upgrading =<br />
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.<br />
<br />
* Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.<br />
* A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).<br />
* The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.<br />
* In case of rolling upgrades, if some mailstore nodes are upgraded to {product-short} and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, <code>zimbraReverseProxyUpstreamLoginServers</code> should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on {product-short} mailstore nodes will not be able to see {modern-client} after login.<br />
* Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.<br />
** To know more about the highlights of the Modern Web App, please refer to [https://wiki.zimbra.com/wiki/Zimbra_9/Modern_Web_App Introducing the Modern Web Application]<br />
** The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.<br />
** Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the [https://zimbra.github.io/documentation/zimbra-10/adminguide.html#_customizing_modern_web_app Customizing Modern Web App] section of Admin Guide for more information related to configuration.<br />
** Zimlets are supported on both the Web Clients.<br />
** Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.<br />
* If you are using an RHEL-based server (RHEL, Oracle Linux, Rocky Linux, Centos) then, please install the pax/spax package on the MTA node.<br />
** CentOS 7 and derivatives<br />
<br />
yum install pax<br />
<br />
** CentOS 8 and derivatives<br />
<br />
dnf install spax<br />
<br />
* For Non-NG setups, recommendations when using mailbox move (through '''zmmboxmove''' utility) on Rolling-Upgrade environment:<br />
** Always take full backup *before* doing zmmboxmove.<br />
** If using Storage Management with primary and secondary storage as Internal, then set <code>zimbraMailboxMoveSkipBlobs</code> and <code>zimbraMailboxMoveSkipHsmBlobs</code> attributes to '''FALSE''' before doing '''zmmboxmove'''.<br />
** Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing <code>zmmboxmove</code>.<br />
** <code>zmmboxmove</code> command should be run from Zimbra (v10) mailbox server.<br />
<br />
After you review the tasks in this section, please go to [https://zimbra.github.io/documentation/zimbra-10/upgrade.html#_upgrade_instructions Upgrade Instructions].<br />
<br />
= Known Issues =<br />
These are '''Known Issues''' against Zimbra 10.0.0 and will be addressed in future updates and/or patches.<br />
<br />
== Mobile Sync ==<br />
* For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server.<br />
* Syncing of shared folders/calendars has been disabled on Outlook App for iOS and Android due to syncing issues.<br />
* For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.<br />
Workaround - The user can remove and reconfigure the account on the app.<br />
* When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App.<br />
* When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.<br />
* Mailbox sync fails for outlook after enabling the ActiveSync share feature in a rolling upgrade setup. <br />
Workaround - Enable the Activesync Share feature once all mailbox nodes are upgraded to Zimbra-10.0.0.<br />
<br />
== Backup-Restore ==<br />
* When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.<br />
<br />
== Storage Management ==<br />
* When using an external storage provider for Secondary storage, please exclude the '''Documents''' from the policy as it appears garbled after it is moved to external storage. <br />
<br />
== Briefcase ==<br />
* The <code>zimbraFileUploadMaxSize</code> cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.<br />
<br />
== Platform ==<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users.<br />
* During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".<br />
* During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.<br />
* Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE.<br />
* Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors<br />
* When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.<br />
* When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.<br />
* User is not able to search files in the "Files shared with me" folder, within Briefcase.<br />
* Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".<br />
<br />
== Web UX - Admin ==<br />
* In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue.</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Enable_the_real-time_attachment_scanning_for_outgoing_mail_sent_via_the_Web_Client&diff=69397Enable the real-time attachment scanning for outgoing mail sent via the Web Client2022-12-12T10:19:45Z<p>Dawood Shaikh: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Enable the real-time attachment scanning for outgoing mail sent via the Web Client=<br />
{{KB|{{ZC}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}}<br />
{{WIP}}<br />
==Purpose==<br />
Starting with ZCS 8.5, it is possible to enable real-time scanning of attachments in outgoing emails sent via the Web Client. If enabled, when someone adds an attachment to an email, it will be scanned via ClamAV prior to being able to send the message. If ClamAV detects a virus, it will block attaching the file to the message. In Zimbra 8.5 and above, customers have the opportunity to enable an real-time antivirus in the attachments for outgoing mail using Web Client.<br />
<br />
==Resolution==<br />
By default, scanning is configured for a single node installation. To enable in a single node:<br />
<br />
'''In ZCS 8.6.x and later:'''<br />
It is possible to enable/disable attachment scanning globally or per server.<br />
<br />
To enable in a multi-node environment, using multiple MTAs for scanning is supported. zimbraClamAVBindAddress is set *per server* on the MTA nodes. It tells the clamav process what hostname to bind to.<br />
zmprov ms <mta_server> zimbraClamAVBindAddress <mta_server><br />
zmprov mcf zimbraAttachmentsScanURL clam://<mta_server>:3310/<br />
zmprov ms <mailbox_server> zimbraAttachmentsScanEnabled TRUE<br />
<br />
'''In ZCS 8.5.x:'''<br />
zmprov ms serverhostname.com zimbraAttachmentsScanURL clam://localhost:3310/<br />
zmprov ms <mailbox_server> zimbraAttachmentsScanEnabled TRUE<br />
<br />
==Additional Content==<br />
* Link to a '''[[New_Features_ZCS_8.5#Real_time_attachment_scanning_for_outgoing_mail_sent_via_the_web_client| Wiki article.]]'''<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.5, 8.6|02/20/2015}}<br />
{{NeedSME|Jeff|Quanah|Jenny}}</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P35&diff=69376Zimbra Releases/8.8.15/P352022-12-01T11:38:06Z<p>Dawood Shaikh: /* NG Mobile */</p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 35 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Pre-requisite identified for manual installation of pcre2 package == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
<code>pcre2</code> package was identified as a dependent package for apache, spell and converted components. We recommend installing the pcre2 package manually before upgrading to this patch. Following are the instructions:<br />
<br />
For Ubuntu, execute the command as a <code>root</code> user:<br />
apt-get install libpcre2-8-0<br />
<br />
For RHEL/CentOS, execute the command as a <code>root</code> user:<br />
yum install pcre2<br />
</div><br />
<br />
== Change in upgrade process for 8.8.15 Patch 35== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-45912 CVE-2022-45912]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure <br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-45913 CVE-2022-45913]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerbilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021. <br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts. <br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search. <br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar. <br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011''', '''ZBUG-3016'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag. <br />
* Tasks section did not work after installing 8.8.15 Joule-Patch-33. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Joule-Patch-32 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
=== NG Mobile ===<br />
* Changes are not synced to Android devices if attendees of an instance in a recurring appointment are modified. - '''ZBUG-3133'''.<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-1<br />
zimbra-mta-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-proxy-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-ldap-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-timezone-data -> 2.0.1.1667816429-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1668517206-1<br />
zimbra-common-core-jar -> 8.8.15.1667823299-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-2<br />
zimbra-zco -> 8.8.15.1924.1667892795-1<br />
zimbra-network-modules-ng -> 6.0.37.1667816723-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 35:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P28&diff=69374Zimbra Releases/9.0.0/P282022-12-01T10:27:11Z<p>Dawood Shaikh: /* NG Mobile */</p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 28 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
<br />
== Pre-requisite identified for manual installation of pcre2 package == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
<code>pcre2</code> package was identified as a dependent package for apache, spell and converted components. We recommend installing the pcre2 package manually before upgrading to this patch. Following are the instructions:<br />
<br />
For Ubuntu, execute the command as a <code>root</code> user:<br />
apt-get install libpcre2-8-0<br />
<br />
For RHEL/CentOS, execute the command as a <code>root</code> user:<br />
yum install pcre2<br />
</div><br />
<br />
== Change in upgrade process for 9.0.0 Patch 28== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur in Classic UI login page by injecting arbitrary javascript code <br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-45911 CVE-2022-45911]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-45912 CVE-2022-45912]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure. <br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-45913 CVE-2022-45913]<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|YUI dependency is removed from WebClient and Admin Console.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|}<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c.<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts.<br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search.<br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar.<br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011''', '''ZBUG-3016'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag.<br />
* Tasks section did not work after installing 9.0.0 Kepler-Patch-26. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== Web UX - Modern ==<br />
* When using Zimbra Docs, the documents were not getting previewed. The issue has been fixed - '''ZBUG-2909'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
=== NG Mobile === <br />
* Changes are not synced to Android devices if attendees of an instance in a recurring appointment are modified. - '''ZBUG-3133'''.<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
zimbra-patch -> 9.0.0.1667906330.p28-2<br />
zimbra-mta-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-proxy-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-ldap-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-timezone-data -> 3.0.0.1667816334-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1667819958-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1667822297-1<br />
zimbra-common-core-jar -> 9.0.0.1667823294-1<br />
zimbra-zco -> 9.0.0.1924.1667892683-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
zimbra-modern-ui -> 4.29.0.1666092865-1<br />
zimbra-modern-zimlets -> 4.29.0.1666092865-1<br />
zimbra-zimlet-ads -> 8.2.2.1667807582-1<br />
zimbra-zimlet-date -> 6.3.0.1667807582-1<br />
zimbra-zimlet-secure-mail -> 1.3.0.1667807582-1<br />
zimbra-zimlet-briefcase-edit-lool -> 3.1.0.1667807582-1<br />
zimbra-network-modules-ng -> 7.0.28.1667816892-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 28:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P35&diff=69350Zimbra Releases/8.8.15/P352022-11-24T14:51:19Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 35 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Pre-requisite identified for manual installation of pcre2 package == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
<code>pcre2</code> package was identified as a dependent package for apache, spell and converted components. We recommend installing the pcre2 package manually before upgrading to this patch. Following are the instructions:<br />
<br />
For Ubuntu, execute the command as a <code>root</code> user:<br />
apt-get install libpcre2-8-0<br />
<br />
For RHEL/CentOS, execute the command as a <code>root</code> user:<br />
yum install pcre2<br />
</div><br />
<br />
== Change in upgrade process for 8.8.15 Patch 35== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerbilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021. <br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts. <br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search. <br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar. <br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag. <br />
* Tasks section did not work after installing 8.8.15 Joule-Patch-33. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Joule-Patch-32 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
=== NG Mobile ===<br />
* Changes are not synced to Android devices if attendees of an instance in a recurring appointment are modified. - '''ZBUG-3133'''.<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-1<br />
zimbra-mta-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-proxy-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-ldap-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-timezone-data -> 2.0.1.1667816429-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1668517206-1<br />
zimbra-common-core-jar -> 8.8.15.1667823299-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-2<br />
zimbra-zco -> 8.8.15.1924.1667892795-1<br />
zimbra-network-modules-ng -> 6.0.37.1667816723-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 35:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P28&diff=69349Zimbra Releases/9.0.0/P282022-11-24T14:51:06Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 28 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
<br />
== Pre-requisite identified for manual installation of pcre2 package == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
<code>pcre2</code> package was identified as a dependent package for apache, spell and converted components. We recommend installing the pcre2 package manually before upgrading to this patch. Following are the instructions:<br />
<br />
For Ubuntu, execute the command as a <code>root</code> user:<br />
apt-get install libpcre2-8-0<br />
<br />
For RHEL/CentOS, execute the command as a <code>root</code> user:<br />
yum install pcre2<br />
</div><br />
<br />
== Change in upgrade process for 9.0.0 Patch 28== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur in Classic UI login page by injecting arbitrary javascript code <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|YUI dependency is removed from WebClient and Admin Console.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|}<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c.<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts.<br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search.<br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar.<br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag.<br />
* Tasks section did not work after installing 9.0.0 Kepler-Patch-26. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== Web UX - Modern ==<br />
* When using Zimbra Docs, the documents were not getting previewed. The issue has been fixed - '''ZBUG-2909'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
=== NG Mobile === <br />
* Changes are not synced to Android devices if attendees of an instance in a recurring appointment are modified. - '''ZBUG-3133'''.<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
zimbra-patch -> 9.0.0.1667906330.p28-2<br />
zimbra-mta-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-proxy-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-ldap-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-timezone-data -> 3.0.0.1667816334-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1667819958-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1667822297-1<br />
zimbra-common-core-jar -> 9.0.0.1667823294-1<br />
zimbra-zco -> 9.0.0.1924.1667892683-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
zimbra-modern-ui -> 4.29.0.1666092865-1<br />
zimbra-modern-zimlets -> 4.29.0.1666092865-1<br />
zimbra-zimlet-ads -> 8.2.2.1667807582-1<br />
zimbra-zimlet-date -> 6.3.0.1667807582-1<br />
zimbra-zimlet-secure-mail -> 1.3.0.1667807582-1<br />
zimbra-zimlet-briefcase-edit-lool -> 3.1.0.1667807582-1<br />
zimbra-network-modules-ng -> 7.0.28.1667816892-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 28:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P28&diff=69348Zimbra Releases/9.0.0/P282022-11-23T08:55:35Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 28 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
<br />
== Pre-requisite identified for manual installation of pcre2 package == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
<code>pcre2</code> package was identified as a dependent package for apache, spell and converted components. We recommend installing the pcre2 package manually before upgrading to this patch. Following are the instructions:<br />
<br />
For Ubuntu, execute the command as a <code>root</code> user:<br />
apt-get install libpcre2-8-0<br />
<br />
For RHEL/CentOS, execute the command as a <code>root</code> user:<br />
yum install pcre2<br />
</div><br />
<br />
== Change in upgrade process for 9.0.0 Patch 28== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur in Classic UI login page by injecting arbitrary javascript code <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|YUI dependency is removed from WebClient and Admin Console.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|}<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c.<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts.<br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search.<br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar.<br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag.<br />
* Tasks section did not work after installing 9.0.0 Kepler-Patch-26. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== Web UX - Modern ==<br />
* When using Zimbra Docs, the documents were not getting previewed. The issue has been fixed - '''ZBUG-2909'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
zimbra-patch -> 9.0.0.1667906330.p28-2<br />
zimbra-mta-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-proxy-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-ldap-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-timezone-data -> 3.0.0.1667816334-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1667819958-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1667822297-1<br />
zimbra-common-core-jar -> 9.0.0.1667823294-1<br />
zimbra-zco -> 9.0.0.1924.1667892683-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
zimbra-modern-ui -> 4.29.0.1666092865-1<br />
zimbra-modern-zimlets -> 4.29.0.1666092865-1<br />
zimbra-zimlet-ads -> 8.2.2.1667807582-1<br />
zimbra-zimlet-date -> 6.3.0.1667807582-1<br />
zimbra-zimlet-secure-mail -> 1.3.0.1667807582-1<br />
zimbra-zimlet-briefcase-edit-lool -> 3.1.0.1667807582-1<br />
zimbra-network-modules-ng -> 7.0.28.1667816892-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 28:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P35&diff=69347Zimbra Releases/8.8.15/P352022-11-23T08:55:32Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 35 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Pre-requisite identified for manual installation of pcre2 package == <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
<code>pcre2</code> package was identified as a dependent package for apache, spell and converted components. We recommend installing the pcre2 package manually before upgrading to this patch. Following are the instructions:<br />
<br />
For Ubuntu, execute the command as a <code>root</code> user:<br />
apt-get install libpcre2-8-0<br />
<br />
For RHEL/CentOS, execute the command as a <code>root</code> user:<br />
yum install pcre2<br />
</div><br />
<br />
== Change in upgrade process for 8.8.15 Patch 35== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerbilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021. <br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts. <br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search. <br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar. <br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag. <br />
* Tasks section did not work after installing 8.8.15 Joule-Patch-33. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Joule-Patch-32 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-1<br />
zimbra-mta-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-proxy-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-ldap-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-timezone-data -> 2.0.1.1667816429-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1668517206-1<br />
zimbra-common-core-jar -> 8.8.15.1667823299-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-2<br />
zimbra-zco -> 8.8.15.1924.1667892795-1<br />
zimbra-network-modules-ng -> 6.0.37.1667816723-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 35:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P35&diff=69346Zimbra Releases/8.8.15/P352022-11-23T05:29:25Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 35 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Change in upgrade process for 8.8.15 Patch 35== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerbilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021. <br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts. <br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search. <br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar. <br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag. <br />
* Tasks section did not work after installing 8.8.15 Joule-Patch-33. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Joule-Patch-32 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-1<br />
zimbra-mta-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-proxy-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-ldap-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-timezone-data -> 2.0.1.1667816429-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1668517206-1<br />
zimbra-common-core-jar -> 8.8.15.1667823299-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-2<br />
zimbra-zco -> 8.8.15.1924.1667892795-1<br />
zimbra-network-modules-ng -> 6.0.37.1667816723-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 35:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P28&diff=69345Zimbra Releases/9.0.0/P282022-11-23T05:29:02Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 28 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
<br />
== Change in upgrade process for 9.0.0 Patch 28== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur in Classic UI login page by injecting arbitrary javascript code <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|YUI dependency is removed from WebClient and Admin Console.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|}<br />
''' Note: Additional configuration for further hardening your Zimbra setup can be found on the [https://support.zimbra.com Zimbra Support Portal]. It is recommended that all customers consider these additional steps. '''<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c.<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts.<br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search.<br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar.<br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag.<br />
* Tasks section did not work after installing 9.0.0 Kepler-Patch-26. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== Web UX - Modern ==<br />
* When using Zimbra Docs, the documents were not getting previewed. The issue has been fixed - '''ZBUG-2909'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
zimbra-patch -> 9.0.0.1667906330.p28-2<br />
zimbra-mta-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-proxy-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-ldap-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-timezone-data -> 3.0.0.1667816334-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1667819958-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1667822297-1<br />
zimbra-common-core-jar -> 9.0.0.1667823294-1<br />
zimbra-zco -> 9.0.0.1924.1667892683-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
zimbra-modern-ui -> 4.29.0.1666092865-1<br />
zimbra-modern-zimlets -> 4.29.0.1666092865-1<br />
zimbra-zimlet-ads -> 8.2.2.1667807582-1<br />
zimbra-zimlet-date -> 6.3.0.1667807582-1<br />
zimbra-zimlet-secure-mail -> 1.3.0.1667807582-1<br />
zimbra-zimlet-briefcase-edit-lool -> 3.1.0.1667807582-1<br />
zimbra-network-modules-ng -> 7.0.28.1667816892-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 28:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P35&diff=69339Zimbra Releases/8.8.15/P352022-11-21T11:37:06Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 35 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Change in upgrade process for 8.8.15 Patch 35== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerbilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021. <br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts. <br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search. <br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar. <br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag. <br />
* Tasks section did not work after installing 8.8.15 Joule-Patch-33. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Joule-Patch-32 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-1<br />
zimbra-mta-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-proxy-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-ldap-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-timezone-data -> 2.0.1.1667816429-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1668517206-1<br />
zimbra-common-core-jar -> 8.8.15.1667823299-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-2<br />
zimbra-zco -> 8.8.15.1924.1667892795-1<br />
zimbra-network-modules-ng -> 6.0.37.1667816723-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 35:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/9.0.0/P28&diff=69338Zimbra Releases/9.0.0/P282022-11-21T11:36:51Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Kepler 9.0.0 Patch 28 GA Release =<br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues<br />
<br />
<br/><br />
<br />
== Change in upgrade process for 9.0.0 Patch 28== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. <br />
<br />
We have also introduced a new package '''zimbra-ldap-patch''' to be installed only on the LDAP node. <br />
<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' steps to install the packages in its order. <br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, if the '''zimbraVirtualHostName''' parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur in Classic UI login page by injecting arbitrary javascript code <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|-<br />
|style="border: solid #ffffff;"|YUI dependency is removed from WebClient and Admin Console.<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|}<br />
<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c.<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021.<br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts.<br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search.<br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar.<br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
* Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config <code>zimbra_strict_unclosed_comment_tag</code> was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - '''ZBUG-2639''', '''ZBUG-2878'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag.<br />
* Tasks section did not work after installing 9.0.0 Kepler-Patch-26. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== Web UX - Modern ==<br />
* When using Zimbra Docs, the documents were not getting previewed. The issue has been fixed - '''ZBUG-2909'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]''' page to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Kepler-Patch-25 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
zimbra-patch -> 9.0.0.1667906330.p28-2<br />
zimbra-mta-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-proxy-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-ldap-patch -> 9.0.0.1667906330.p28-1<br />
zimbra-timezone-data -> 3.0.0.1667816334-1<br />
zimbra-mbox-admin-console-war -> 9.0.0.1667819958-1<br />
zimbra-mbox-webclient-war -> 9.0.0.1667822297-1<br />
zimbra-common-core-jar -> 9.0.0.1667823294-1<br />
zimbra-zco -> 9.0.0.1924.1667892683-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
zimbra-modern-ui -> 4.29.0.1666092865-1<br />
zimbra-modern-zimlets -> 4.29.0.1666092865-1<br />
zimbra-zimlet-ads -> 8.2.2.1667807582-1<br />
zimbra-zimlet-date -> 6.3.0.1667807582-1<br />
zimbra-zimlet-secure-mail -> 1.3.0.1667807582-1<br />
zimbra-zimlet-briefcase-edit-lool -> 3.1.0.1667807582-1<br />
zimbra-network-modules-ng -> 7.0.28.1667816892-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Kepler 9.0.0 Patch 28:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/patch_installation Patch Installation]</div>Dawood Shaikhhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.15/P35&diff=69337Zimbra Releases/8.8.15/P352022-11-21T10:53:33Z<p>Dawood Shaikh: </p>
<hr />
<div>= Zimbra Collaboration Joule 8.8.15 Patch 35 GA Release =<br />
<br />
<div class="col-md-9"><br />
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]''', '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration.<br />
Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section for Patch Installation instructions.<br />
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.<br />
{{ReleaseNote-note}}<br />
<br />
== Change in upgrade process for 8.8.15 Patch 35== <br />
<div style="padding:1%; color:#f68b1f;font-size:18px;" ><br />
Please note that the install process has changed. Additional steps to install '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages have been included for this patch release. Please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the packages in its order. <br />
</div><br />
<br />
</div><br />
<br />
== Changes required for SSO setup before patch upgrade==<br />
Before upgrade, we need to set the '''zimbraVirtualHostName''' parameter for the domains that are using SAML and SSO based login. Please follow the instructions:<br />
<br />
su - zimbra<br />
zmprov md ''domain_name'' zimbraVirtualHostName ''virtual_hostname''<br />
<br />
= Security Fixes =<br />
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Summary<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVE-ID<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|CVSS Score<br />
!style="background-color:#f15922; color: white; border: solid #ffffff;"|Zimbra Rating<br />
|-<br />
|style="border: solid #ffffff;"|RCE through ClientUploader from authenticated admin user. <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|XSS can occur via one of attribute in webmail urls, leading to information disclosure <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerbilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-26377 CVE-2022-26377]<br />
|style="border: solid #ffffff; text-align: center;"| 7.5 <br />
|style="border: solid #ffffff; text-align: center;"| Medium<br />
|-<br />
|style="border: solid #ffffff;"|The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.<br />
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20770] <br />
[https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771] <br />
|style="border: solid #ffffff; text-align: center;"| TBD<br />
|style="border: solid #ffffff; text-align: center;"| Low<br />
|}<br />
<br />
= What's New =<br />
<br />
== Platform ==<br />
* The date header has been added to the mail notification emails.<br />
* Timezone data has been updated with the latest changes of tzdata2022c<br />
<br />
== ZCO ==<br />
* ZCO is now supported on Microsoft Outlook 2021. <br />
<br />
<br />
= Fixed Issues =<br />
<br />
== NG Admin ==<br />
* NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - '''ZBUG-2991'''.<br />
<br />
== NG HSM ==<br />
* The doMoveBlobs operation now ignores accounts deleted after the operation starts. <br />
* Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data. <br />
<br />
== NG Mobile ==<br />
* Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation. <br />
* Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search. <br />
* Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar. <br />
* Fixed a bug that made the exceptions to recurring events not being synchronized - '''ZBUG-3011'''.<br />
<br />
== Platform ==<br />
* JSESSIONID is now marked with HttpOnly and secure flags as true - '''ZBUG-2341'''.<br />
<br />
== Web UX - Classic ==<br />
* Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag. <br />
* Tasks section did not work after installing 8.8.15 Joule-Patch-33. This issue has been fixed - '''ZBUG-2958'''.<br />
<br />
== ZCO ==<br />
* When configuring ZCO through the Zimbra profile, the '''From Address''' was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed. <br />
* Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - '''ZBUG-2984'''.<br />
<br />
<br />
= Known Issues =<br />
* While deploying zimlets, if the following error is encountered, please refer to the '''[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]''' section to install the '''zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs''' packages in a particular order and re-deploy the zimlets. <br />
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory<br />
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target<br />
at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)<br />
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target<br />
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)<br />
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)<br />
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)<br />
... 1 more<br />
<br />
* From Joule-Patch-32 onwards, customers using SSO will need to update <code>zimbraVirtualHostName</code> attribute for the domains. Please refer to the '''[[#Changes required for SSO setup before patch upgrade| instructions]]''' to update the attribute.<br />
<br />
* With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.<br />
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the '''allow_weak_crypto''' property to true in the krb5.conf configuration file. Please follow below instructions:<br />
<br />
1. In '''/opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults]''' section, set '''allow_weak_crypto = true'''<br />
<br />
2. Restart mailboxd service:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
<br />
= Packages =<br />
The package lineup for this release is:<br />
<br />
FOSS:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-1<br />
zimbra-mta-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-proxy-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-ldap-patch -> 8.8.15.1667900843.p35-1<br />
zimbra-timezone-data -> 2.0.1.1667816429-1<br />
zimbra-mbox-webclient-war -> 8.8.15.1668517206-1<br />
zimbra-common-core-jar -> 8.8.15.1667823299-1<br />
zimbra-unbound -> 1.11.0-1zimbra8.7b4<br />
zimbra-dnscache-components -> 1.0.4-1zimbra8.7b1<br />
zimbra-httpd -> 2.4.54-1zimbra8.7b3<br />
zimbra-apache-components -> 2.0.8-1zimbra8.8b1<br />
zimbra-spell-components -> 2.0.9-1zimbra8.8b1<br />
zimbra-clamav -> 0.105.1.2-1zimbra8.8b3<br />
zimbra-mta-components -> 1.0.18-1zimbra8.8b1<br />
NETWORK:<br />
'''PackageName''' -> '''Version'''<br />
zimbra-patch -> 8.8.15.1668607279.p35-2<br />
zimbra-zco -> 8.8.15.1924.1667892795-1<br />
zimbra-network-modules-ng -> 6.0.37.1667816723-1<br />
<br />
For RHEL8,UBUNTU20: <br />
zimbra-spell-components->2.0.10-1zimbra8.8b1<br />
<br />
=Patch Installation=<br />
Please refer to below link to install Joule 8.8.15 Patch 35:<br />
<br />
[https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/patch_installation Patch Installation]</div>Dawood Shaikh