Zimbra Releases/10.1.2

Revision as of 15:05, 8 October 2024 by Yogesh.dasi (talk | contribs) (→‎Security Fixes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Zimbra Daffodil (v10.1.2) Patch Release

Release Date: October 08, 2024

Check out the What's New, Things to Know Before Upgrading sections for this version of Zimbra Collaboration.

Things to know before you upgrade

Changes to Licensing System

Zimbra Daffodil (v10.1) introduced a new license service with significant changes in licensing management. A new service named License Daemon Service (LDS) has been added and is a required service to support the management of the license. Please refer to Licensing Enhancement section for more details.

NOTE: Please reach out to Support to get your 10.1.0 license before you plan your installation or upgrade. You will not be able to proceed with the upgrade without the new license key.

Security Fixes

Summary CVE-ID CVSS Score
Addressed a Cross-Site Request Forgery (CSRF) vulnerability by disabling GraphQL GET methods via localconfig. A new local config attribute, zimbra_gql_enable_dangerous_deprecated_get_method_will_be_removed, has been introduced to control these methods. The default value is not TRUE, and customers are recommended not to set it to TRUE.

What's New

RHEL 9, Rocky 9, Oracle 9 GA

With this release RHEL 9, Rocky 9, Oracle 9 GA is available.


Zimbra Collaboration

  • zmlicensectl command has been enhanced to return the set log level and and status of Offline mode. `zmlicensectl --service getLogLevel` will return the set log level. `zmlicensectl --service getOfflineMode` will return the status of Offline mode.


Modern Web App

General

  • A new feature, Preventative Out-of-Office Alert, has been implemented. This feature notifies users if their email recipients have set an out-of-office notification before they send the email or calendar invite. The alert is triggered when recipients in the To, CC, or BCC fields have an active out-of-office status, with valid date range. By default this option works only for users in the same domain, however the administrator can set it to work across multiple domains of the same organisation. This feature has been implemented as an Admin extension and a zimlet. Admin extension name - zimbra-extension-preventive-ooo and Zimlet name - zimbra-zimlet-preventive-ooo. Please refer to the user guide for more details.
  • A new feature has been implemented that allows users to add a Traffic Light Protocol (TLP) confidential header to their emails. This feature enables users to indicate the sensitivity level of the email content by selecting from TLP classifications (TLP:RED, TLP:AMBER+STRICT,TLP:AMBER TLP:GREEN, TLP:WHITE). The selected TLP header will be added to both the subject and body of the email, ensuring recipients are aware of how the content should be handled. This functionality is available across Zimbra Desktop, Mobile, Tablet, and Web UI. Zimlet name - zimbra-zimlet-tlp. Please refer to the user guide for more details.
  • A new feature has been added to allow Zimbra Desktop to handle RFC2368 mailto: URLs. When a mailto link is clicked, it will now open a pre-populated compose view in Zimbra Desktop with fields such as "to", "cc", "bcc", and "subject" populated from the URL parameters. Zimbra Desktop can now be set as the default mailto handler, and users can manually configure this if needed. This feature works across major browsers and supports UTF-8 characters in the email fields.
  • A new feature has been added allowing users to set reminders for important emails. When the reminder time is reached, users will receive a notification through an event created in their default calendar. This feature helps users manage follow-ups and ensures they don't miss important actions and deadlines related to their emails. Users can manage these reminders through the calendar interface, and the reminder event can be edited or canceled, similar to other calendar events. This feature has been implemented as a zimlet. Zimlet name - zimbra-zimlet-email-reminder. Please refer to the user guide for more details.
  • A new feature has been introduced that alerts users when they mention an attachment in the email body but forget to attach a file. Users can configure the keywords that trigger this alert, allowing for customization based on their language and writing style. Default keywords such as "attach," "attachment," "file," and "document" are pre-configured, but users can add, edit, or remove keywords via the settings. This feature has been implemented as a zimlet. Zimlet name - zimbra-zimlet-attachment-missing-alert. Please refer to the user guide for more details.

Please refer user guide here for the new zimlets introduced in 10.1.2

Fixed Issues

Modern Web App

Mail

  • When viewing a message if there are any distribution lists to which the mail is sent to then the distribution list were being displayed twice.


Briefcase

  • If is a new sub-folder is created by the user that sub-folder was displayed twice instead of once. The issue has been resolved.


Packages

Jira ticket:

The package lineup for this release is:

zimbra-patch                                      ->  10.1.2.1728020128-2
zimbra-lds-patch                                  ->  10.1.2.1726040823-1
zimbra-mta-patch                                  ->  10.1.2.1726040823-1
zimbra-onlyoffice-patch                           ->  10.1.2.1726040823-1
zimbra-proxy-patch                                ->  10.1.2.1726040823-1
zimbra-ldap-patch                                 ->  10.1.2.1726040823-1
zimbra-mbox-admin-console-war                     ->  10.1.2.1725893697-1
zimbra-license-tools                              ->  10.1.2.1725980587-1
zimbra-common-core-jar                            ->  10.1.2.1725992150-1
zimbra-license-daemon                             ->  1.0.0.1726038335-1
zimbra-modern-ui                                  ->  4.40.0.1725975868-1
zimbra-modern-zimlets                             ->  4.40.0.1725975868-1
zimbra-zimlet-attachment-missing-alert            ->  1.0.0.1725976355-1
zimbra-zimlet-custom-fonts                        ->  1.0.1.1725976355-1
zimbra-zimlet-email-reminder                      ->  1.0.0.1725976355-1
zimbra-zimlet-preventive-ooo                      ->  1.0.0.1725976355-1
zimbra-extension-preventive-ooo                   ->  1.0.0.1725616485-1
zimbra-zimlet-tlp                                 ->  1.0.0.1725976355-1

Patch Installation

Please refer to below link to install 10.1.2:

Patch Installation


Quick note: Open Source repo

The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build

Jump to: navigation, search