Difference between revisions of "Zimbra Releases/8.7.11/P9"

(Created page with "{{WIP}} <ol class="breadcrumb"> <li>Zimbra Wiki</li> <li>Zimbra Releases</li> <li class="active">Zimbra Collaboration 8.7.11 Patch 9</li> </ol> __FORCE...")
 
m (Zimbra Collaboration 8.7.11 Patch 9 GA Release)
Line 11: Line 11:
 
=Zimbra Collaboration 8.7.11 Patch 9 GA Release=
 
=Zimbra Collaboration 8.7.11 Patch 9 GA Release=
  
Check out the '''"[[#fixed|Fixed Issues]]"''' for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the '''[https://forums.zimbra.org/ Forum]''', or open a support ticket.
+
Check out the '''"[[#fixed|Fixed Issues]]"''' and '''"[[#security|Security Fixes]]"''' for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the '''[https://forums.zimbra.org/ Forum]''', or open a support ticket.
  
 
<div class="col-md-9">
 
<div class="col-md-9">
Line 20: Line 20:
 
         </tr>
 
         </tr>
 
         <tr><td class="col-md-10">Fixed an issue with viewing HTML emails in chrome 73</td></tr>
 
         <tr><td class="col-md-10">Fixed an issue with viewing HTML emails in chrome 73</td></tr>
        <tr><td class="col-md-10">Fixed insecure object de-serialization in zm-mailbox</td></tr>
 
 
         <tr><td class="col-md-10">Fixed login issue in ajax client on Edge 44 browser</td></tr>
 
         <tr><td class="col-md-10">Fixed login issue in ajax client on Edge 44 browser</td></tr>
 +
</table>
 +
 +
==Security Fixes==
 +
<div id="security"></div>
 +
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the [https://wiki.zimbra.com/wiki/Zimbra_Security_Response_Policy Zimbra Security Response Policy] and the [https://wiki.zimbra.com/wiki/Zimbra_Vulnerability_Rating_Classification Zimbra Vulnerability Rating] Classification information below for details.
 +
<table class="table table-striped table-condensed">
 +
<tr>
 +
  <th style="background-color: #f15922; width: 80px;"><span style="color: #ffffff;">Bug#</span></th>
 +
  <th style="background-color: #f15922;"><span style="color: #ffffff;">Summary</span></th>
 +
  <th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVE-ID</strong></span></th>
 +
  <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>CVSS<br>Score</strong></span></th>
 +
  <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>Zimbra<br>Rating</strong></span></th>
 +
  <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix&nbsp;Release&nbsp;or <br>Patch&nbsp;Version</span></th>
 +
</tr>
 +
<tr>
 +
  <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=109017 109017]</td>
 +
  <td> Backport - Bug 109017 - Non-persistent XSS - Web Client (HTML Search) [CWE-79] </td>
 +
  <td>CVE-2018-14013</td>
 +
  <td style="text-align: center; ">4.3</td>
 +
  <td style="text-align: center; ">Minor</td>
 +
  <td style="text-align: center; ">8.7.11 Patch8</td>
 +
</tr>
 +
<tr>
 +
  <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=109097 109097]</td>
 +
  <td> Bug 109097 - Insecure object deserialization - IMAP [CWE-502] </td>
 +
  <td>CVE-2019-6980</td>
 +
  <td style="text-align: center; ">3.5</td>
 +
  <td style="text-align: center; "> Minor</td>
 +
  <td style="text-align: center; ">8.7.11 Patch9</td>
 +
</tr>
 
</table>
 
</table>
  

Revision as of 12:45, 1 March 2019

Zimbra Collaboration 8.7.11 Patch 9 GA Release

Check out the "Fixed Issues" and "Security Fixes" for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forum, or open a support ticket.

Fixed Issues

Fixed an issue with viewing HTML emails in chrome 73
Fixed login issue in ajax client on Edge 44 browser

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Score
Zimbra
Rating
Fix Release or
Patch Version
109017 Backport - Bug 109017 - Non-persistent XSS - Web Client (HTML Search) [CWE-79] CVE-2018-14013 4.3 Minor 8.7.11 Patch8
109097 Bug 109097 - Insecure object deserialization - IMAP [CWE-502] CVE-2019-6980 3.5 Minor 8.7.11 Patch9

Before Installing the Patch

Before installing the patch, consider the following:

  • Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration/
  • Patches are cumulative, and delivered as a TGZ file.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.

Install the Patch

Note: This patch should be installed only on all mailbox nodes running in your environment.

1. Before you begin, confirm you have the following:

  • Zimbra Collaboration 8.7.11 GA installed
  • Zimbra Collaboration 8.7.11 Patch 9 TGZ file

2. Copy the patch.tgz file(s) to your server.

3. Install Zimbra Collaboration 8.7.11 Patch 9

  • a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.7.11_GA_XXX.tgz
cd zcs-patch-8.7.11_GA_XXX
  • b. As root, install the patch. Type
./installPatch.sh
  • c. Switch to user zimbra
su – zimbra
  • d. ZCS must be restarted to changes to take effect. Type
zmcontrol restart

Please refer below steps for zimbra-chat package installation on Redhat and Ubuntu platforms:

Redhat

Install/Upgrade zimbra-chat on mailstore node for FOSS and NETWORK

  • As root, Type below command.
yum clean metadata 
yum check-update 
yum install zimbra-chat 
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart

Ubuntu

Install/Upgrade zimbra-chat on mailstore node for FOSS and NETWORK

  • As root, Type below command.
apt-get update
apt-get install zimbra-chat 
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type
zmmailboxdctl restart

Note: For users who have the web-client open and are running the FOSS edition, the refresh notice might state that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.



Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »

Jump to: navigation, search