Difference between revisions of "Zimbra Releases/8.6 Patch 8"
(Created page with "<ol class="breadcrumb"> <li>Zimbra Wiki</li> <li>Zimbra Releases</li> <li class="active">Zimbra Collaboration 8.6 Patch 8</li> </ol> __FORCETOC__ <div...")
Revision as of 19:41, 31 January 2017
Zimbra Collaboration 8.6 Patch 8 GA Release
Check out "What’s New" and "Known Issues" for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in Bugzilla.
If interested, please see the complete list of changes in this release in the next Table or click here to see the Bugzilla Report. »
|Admin - Console|
|100899||CSRF - Admin Console [CWE-352]|
|104294||CSRF - Client uploader extension [CWE-352]|
|104456||extension REST handlers are not protected by CSRF [CWE-352]|
|68445||After session timeout, username field appears disabled so user cannot sign back in Admin Console|
|103497||[RSYNC Failure] Implement mailbox unlocking for Flush Cache|
|EWS - Server|
|101746||Outlook 2016: Auto Sync not working for Outook 2016|
|Other - Server|
|104236||All file uploads are broken in Admin UI (zimlet, certificate, migration wizard, license) because FileUploadServlet no longer supports csrfToken specified in multipart body|
|105029||Soap servlet should log CSRF related error at INFO level|
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Vulnerability Rating Classification information below for details.
|Fix Release or
|CSRF CWE-352||CVE-2016-3406||2.6||Minor||8.6 P8, 8.7.0||Zimbra|
|5.8||Major||8.6 P8, 8.7.0||Sysdream|
Before Installing the Patch
Before installing the patch, consider the following:
- Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbracollaboration
- Patches are cumulative, and delivered as a TGZ file.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to user zimbra before using ZCS CLI commands.
- Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
Install the Patch
Note: This patch should be installed on all nodes running in your environment. 1. Before you begin, confirm you have the following:
- Zimbra Collaboration 8.6.0 GA installed
- Zimbra Collaboration 8.6.0 Patch8 TGZ file
2. Copy the patch.tgz file(s) to your server. 3. Install Zimbra Collaboration 8.6.0 Patch8
- a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.6.0_GA_XXX.tgz cd zcs-patch-8.6.0_GA_XX
- b. As root, install the patch. Type
- c. Switch to user zimbra
su – zimbra
- d. ZCS must be restarted to changes to take effect. Type
Note: For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.
Information about ZCS Patch 7 and below
Please refer to the Release Notes from ZCS 8.6 Patch 7 to know more about Known Issues and Security fixes in Patch 7 and below
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »