Difference between revisions of "Zimbra Releases/8.6.0/P9"

(Bugzilla retirement)
 
(20 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
<ol class="breadcrumb">
 +
  <li>[[Main Page|Zimbra Wiki]]</li>
 +
  <li>[[Zimbra Releases]]</li>
 +
  <li class="active">Zimbra Collaboration 8.6.0 Patch 9</li>
 +
</ol>
 +
__FORCETOC__
 +
<div class="col-md-12">
 +
<div class="col-md-9">
 +
 
=Zimbra Collaboration 8.6.0 Patch 9 GA Release=
 
=Zimbra Collaboration 8.6.0 Patch 9 GA Release=
Check out the '''"[[#fixed|Fixed Issues]]"''', '''"[[#known|Known Issues]]"''' and '''"[[#security|Security Fixes]]"''' for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in '''[https://bugzilla.zimbra.com/enter_bug.cgi Bugzilla]'''.  
+
Check out the '''"[[#fixed|Fixed Issues]]"''' and '''"[[#security|Security Fixes]]"''' for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket.  
  
<div class="alert alert-dark fade in"> <p>'''NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read [https://wiki.zimbra.com/wiki/Zimbra_Next_Generation_Modules/Things_To_Know_Before_Upgrading "Things to Know Before Upgrading"] and [https://wiki.zimbra.com/wiki/Zimbra_Next_Generation_Modules/First_Steps_with_the_Zimbra_NG_Modules "First Steps with the Zimbra NG Modules"] for critical information before you upgrade.'''</p></div>
 
 
<div class="col-md-9">
 
<div class="col-md-9">
 
 
<br />
 
<br />
  
 
<table class="table table-striped table-condensed">
 
<table class="table table-striped table-condensed">
 
         <tr>
 
         <tr>
             <th colspan="2" class="info"><h4><div id="fixed">Fixed Issues [https://bugzilla.zimbra.com/buglist.cgi?chfield=bug_status&chfieldto=2017-12-27&chfieldvalue=RESOLVED&f1=keywords&known_name=8_8_6%20Fixed%20Issues&o1=equals&query_based_on=8_8_6%20Fixed%20Issues&query_format=advanced&v1=8_8_6 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th>
+
             <th colspan="2" class="info"><h4><div id="fixed">Fixed Issues [https://bugzilla.zimbra.com/buglist.cgi?chfield=bug_status&chfieldto=2018-2-10&chfieldvalue=RESOLVED&columnlist=product%2Ccomponent%2Cassigned_to%2Cbug_status%2Cresolution%2Cshort_desc%2Cchangeddate&f1=keywords&known_name=8_6_0_Patch9%20Fixed%20Issues&list_id=361578&o1=equals&query_format=advanced&v1=8_6_0_Patch9 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th>
 
         </tr>
 
         </tr>
 
         <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=101227 101227] </td><td class="col-md-10">  CPU load & latency when open mail with data:image/png:base64 inline image</td></tr>
 
         <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=101227 101227] </td><td class="col-md-10">  CPU load & latency when open mail with data:image/png:base64 inline image</td></tr>
Line 25: Line 32:
 
         <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=101023 101023] </td><td class="col-md-10">  zimbraHelpAdvancedURL, zimbraHelpStandardURL and zimbraHelpAdminURL does not work</td></tr>
 
         <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=101023 101023] </td><td class="col-md-10">  zimbraHelpAdvancedURL, zimbraHelpStandardURL and zimbraHelpAdminURL does not work</td></tr>
 
         <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=107646 107646] </td><td class="col-md-10">  There is an unexpected logout for a session in the HTML client. </td></tr>
 
         <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=107646 107646] </td><td class="col-md-10">  There is an unexpected logout for a session in the HTML client. </td></tr>
 +
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=107925 107925] </td><td class="col-md-10">  Persistent XSS - snippet [CWE-79] </td></tr>
 +
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108265 108265] </td><td class="col-md-10">  Persistent XSS - message view as text [CWE-79] </td></tr>
 
</table>
 
</table>
  
<table class="table table-striped table-condensed">
 
        <tr>
 
            <th colspan="2" class="info"><h4><div id="known">Known Issues [https://bugzilla.zimbra.com/buglist.cgi?f1=keywords&f2=OP&f3=bug_status&f4=OP&f5=bug_status&f6=bug_status&f7=CP&j2=OR&known_name=8_8_6%20Known%20Issues&o1=equals&o3=anywords&o5=changedto&o6=changedafter&query_based_on=8_8_6%20Known%20Issues&query_format=advanced&v1=8_8_6&v3=UNCONFIRMED%2C%20NEW%2C%20ASSIGNED%2C%20IN_PROGRESS%2C%20REOPENED&v5=RESOLVED&v6=2017-12-28 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th>
 
        </tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108435 108435] </td><td class="col-md-10">  service.UNKNOWN_DOCUMENT exceptions observed in mailbox log after upgrade from 8710 to 880</td></tr>
 
</table>
 
  
=<div id="security">Security Fixes</div>=
+
=Security Fixes=
 +
<div id="security"></div>
 
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the [https://wiki.zimbra.com/wiki/Zimbra_Security_Response_Policy Zimbra Security Response Policy] and the [https://wiki.zimbra.com/wiki/Zimbra_Vulnerability_Rating_Classification Zimbra Vulnerability Rating] Classification information below for details.
 
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the [https://wiki.zimbra.com/wiki/Zimbra_Security_Response_Policy Zimbra Security Response Policy] and the [https://wiki.zimbra.com/wiki/Zimbra_Vulnerability_Rating_Classification Zimbra Vulnerability Rating] Classification information below for details.
<div class="col-md-12">
+
<table class="table table-striped table-condensed">
    <table class="table table-striped table-condensed">
 
 
<tr>
 
<tr>
 
   <th style="background-color: #f15922; width: 80px;"><span style="color: #ffffff;">Bug#</span></th>
 
   <th style="background-color: #f15922; width: 80px;"><span style="color: #ffffff;">Bug#</span></th>
 
   <th style="background-color: #f15922;"><span style="color: #ffffff;">Summary</span></th>
 
   <th style="background-color: #f15922;"><span style="color: #ffffff;">Summary</span></th>
 
   <th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVE-ID</strong></span></th>
 
   <th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVE-ID</strong></span></th>
   <th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVSS<br>Score</strong></span></th>
+
   <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>CVSS<br>Score</strong></span></th>
 
   <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>Zimbra<br>Rating</strong></span></th>
 
   <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>Zimbra<br>Rating</strong></span></th>
 
   <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix&nbsp;Release&nbsp;or <br>Patch&nbsp;Version</span></th>
 
   <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix&nbsp;Release&nbsp;or <br>Patch&nbsp;Version</span></th>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
   <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br>[https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td>
+
   <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=107925 107925]</td>
   <td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td>
+
   <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td>
   <td>CVE-2016-3406</td>
+
   <td>CVE-2017-8802</td>
   <td>[https://nvd.nist.gov/cvss.cfm?calculator&amp;version=2&amp;vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td>
+
   <td style="text-align: center; ">[https://nvd.nist.gov/cvss.cfm?calculator&amp;version=2&amp;vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 3.5]</td>
   <td style="text-align: center;">Minor</td>
+
   <td style="text-align: center; ">Minor</td>
   <td style="text-align: center;">8.6 P8, 8.7.0</td>
+
   <td style="text-align: center; ">8.6 P9, 8.8.3</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
   <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100885 100885] <br> [https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td>
+
   <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108265 108265]</td>
  <td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td>
+
   <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td>
  <td>CVE-2016-3403</td>
+
   <td>CVE-2017-17703</td>
  <td>[https://nvd.nist.gov/cvss.cfm?calculator&amp;version=2&amp;vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td>
+
   <td style="text-align: center; ">[https://nvd.nist.gov/cvss.cfm?calculator&amp;version=2&amp;vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 3.5]</td>
  <td style="text-align: center;">Major</td>
+
   <td style="text-align: center; ">Minor</td>
  <td style="text-align: center;">8.6 P8, 8.7.0</td>
+
   <td style="text-align: center; ">8.6 P9, 8.8.3</td>
</tr>
 
<tr>
 
  <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td>
 
   <td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td>
 
   <td>CVE-2016-3404</td>
 
  <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td>
 
  <td style="text-align: center;">Minor</td>
 
   <td style="text-align: center;">8.6 P8, 8.7.0</td>
 
</tr>
 
<tr>
 
  <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961]<br/>[https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td>
 
  <td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td>
 
  <td>CVE-2016-3405</td>
 
  <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td>
 
   <td style="text-align: center;">Minor</td>
 
   <td style="text-align: center;">8.6 P8, 8.7.0</td>
 
 
</tr>
 
</tr>
 +
 
</table>
 
</table>
  
==Quick note: Open Source repo==
+
=Before Installing the Patch=
Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:
+
Before installing the patch, consider the following:
*https://github.com/Zimbra/zm-build
+
* Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbracollaboration
 +
* Patches are cumulative, and delivered as a TGZ file.
 +
* A full backup should be performed before any patch is applied. There is no automated roll-back.
 +
* Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
 +
* Only files or Zimlets associated with installed packages will be installed from the patch.
 +
* Switch to user '''zimbra''' before using ZCS CLI commands.
 +
* '''Important!''' You cannot revert to the previous ZCS release after you upgrade to the patch.
 +
 
 +
=Install the Patch =
 +
Note: This patch should be installed on all nodes running in your environment.
 +
 
 +
'''1.''' Before you begin, confirm you have the following:
 +
* Zimbra Collaboration 8.6.0 GA installed
 +
* Zimbra Collaboration 8.6.0 Patch9 TGZ file
 +
 
 +
'''2.''' Copy the patch.tgz file(s) to your server.
 +
 
 +
'''3.''' Install Zimbra Collaboration 8.6.0 Patch9
 +
*a. Log in as root and cd to the directory where the tar file is saved. Type
 +
tar xzf zcs-patch-8.6.0_GA_XXX.tgz
 +
cd zcs-patch-8.6.0_GA_XX
 +
* b. As root, install the patch. Type
 +
./installPatch.sh
 +
* c. Switch to user zimbra
 +
su – zimbra
 +
* d. ZCS must be restarted to changes to take effect. Type
 +
zmcontrol restart
 +
 
 +
'''Note:''' For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.
 
   
 
   
 
</div>
 
</div>
 
</div>
 
</div>
{{GuidePosts}}
+
    <div class="col-md-3">{{GuidePosts}}</div>
 +
</div>

Latest revision as of 15:06, 24 April 2018

Zimbra Collaboration 8.6.0 Patch 9 GA Release

Check out the "Fixed Issues" and "Security Fixes" for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket.


Fixed Issues (Bugzilla query)

101227 CPU load & latency when open mail with data:image/png:base64 inline image
104365 Update timezones.ics to tzdata2017b
97710 Tasks causing slowness from ZWC and consuming CPU resources
103797 Description of a previous appointment comes up when changing mode from plain-text to html
107289 Printing work week shows wrong time
107288 EWS caches and logs cleartext password
97460 Need visual cue and hyperlink for url links when composing message
100281 Deleted/canceled appts remain on calendar
101584 QuickAdd location using GAL is not saved correctly > only name is kept
107826 Implement GetStreamingEvents EWS API(Phase 1)
107499 EWS: Resolve Name should return all the contact information
97126 Script Error (this._sharesGroup is undefined) when click to "Edit Properties" folder menu
101023 zimbraHelpAdvancedURL, zimbraHelpStandardURL and zimbraHelpAdminURL does not work
107646 There is an unexpected logout for a session in the HTML client.
107925 Persistent XSS - snippet [CWE-79]
108265 Persistent XSS - message view as text [CWE-79]


Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Score
Zimbra
Rating
Fix Release or
Patch Version
107925 Persistent XSS CWE-79 CVE-2017-8802 3.5 Minor 8.6 P9, 8.8.3
108265 Persistent XSS CWE-79 CVE-2017-17703 3.5 Minor 8.6 P9, 8.8.3

Before Installing the Patch

Before installing the patch, consider the following:

  • Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbracollaboration
  • Patches are cumulative, and delivered as a TGZ file.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.

Install the Patch

Note: This patch should be installed on all nodes running in your environment.

1. Before you begin, confirm you have the following:

  • Zimbra Collaboration 8.6.0 GA installed
  • Zimbra Collaboration 8.6.0 Patch9 TGZ file

2. Copy the patch.tgz file(s) to your server.

3. Install Zimbra Collaboration 8.6.0 Patch9

  • a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.6.0_GA_XXX.tgz
cd zcs-patch-8.6.0_GA_XX
  • b. As root, install the patch. Type
./installPatch.sh
  • c. Switch to user zimbra
su – zimbra
  • d. ZCS must be restarted to changes to take effect. Type
zmcontrol restart

Note: For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.



Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »

Jump to: navigation, search