Zimbra Releases/8.8.10/P7: Difference between revisions
(7 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
=Zimbra Collaboration 8.8.10 Patch 7 GA Release= | =Zimbra Collaboration 8.8.10 Patch 7 GA Release= | ||
<div class="col-md-9"> | <div class="col-md-9"> | ||
Check out the '''"[[#fixed|Fixed Issues]]"''', '''"[[#ng-changelog|Zimbra NG Changelog]]"''' for this version of Zimbra Collaboration. Please refer '''"[[#installation|Patch Installation]]"''' section for Patch Installation instructions. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket to report issues. | Check out the '''"[[#security|Security Fixes]]"''','''"[[#fixed|Fixed Issues]]"''', '''"[[#ng-changelog|Zimbra NG Changelog]]"''' for this version of Zimbra Collaboration. Please refer '''"[[#installation|Patch Installation]]"''' section for Patch Installation instructions. Also, check '''"[[#nginxfix|Nginx Bug Fix]]"''' for the recent Nginx bug fix. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket to report issues. | ||
=Security Fixes= | |||
<div id="security"></div> | |||
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the [https://wiki.zimbra.com/wiki/Zimbra_Security_Response_Policy Zimbra Security Response Policy] and the [https://wiki.zimbra.com/wiki/Zimbra_Vulnerability_Rating_Classification Zimbra Vulnerability Rating] Classification information below for details. | |||
<table class="table table-striped table-condensed"> | |||
<tr> | |||
<th style="background-color: #f15922; width: 80px;"><span style="color: #ffffff;">Bug#</span></th> | |||
<th style="background-color: #f15922;"><span style="color: #ffffff;">Summary</span></th> | |||
<th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVE-ID</strong></span></th> | |||
<th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVSS<br>Score</strong></span></th> | |||
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>Zimbra<br>Rating</strong></span></th> | |||
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix Release or <br>Patch Version</span></th> | |||
</tr> | |||
<tr> | |||
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=109097 109097]</td> | |||
<td>Insecure object deserialization - IMAP [CWE-502]</td> | |||
<td>CVE-2019-6980</td> | |||
<td style="text-align: center; ">5.4</td> | |||
<td style="text-align: center; ">Major</td> | |||
<td style="text-align: center; ">8.8.10 Patch 7</td> | |||
</tr> | |||
</table> | |||
=Software changes= | =Software changes= | ||
Line 13: | Line 35: | ||
<tr><td class="col-md-1"> | <tr><td class="col-md-1"> | ||
* Fixed an issue with viewing HTML emails in chrome 73 | * Fixed an issue with viewing HTML emails in chrome 73 | ||
* Fixed login issue in ajax client on Edge 44 browser | * Fixed login issue in ajax client on Edge 44 browser | ||
* zimbraMtaBlockedExtension is now working when sending a file with trailing spaces | * zimbraMtaBlockedExtension is now working when sending a file with trailing spaces | ||
Line 50: | Line 71: | ||
* Latest core packages can be installed by installing zimbra-patch package. | * Latest core packages can be installed by installing zimbra-patch package. | ||
* MTA patch is add on package, it should be installed only on MTA node and version can be checked with "zmcontrol -v". Command will show version as 'Patch 8.8.10_P7 mta'. | * MTA patch is add on package, it should be installed only on MTA node and version can be checked with "zmcontrol -v". Command will show version as 'Patch 8.8.10_P7 mta'. | ||
* If MTA services are on mailbox node, admin can install mta patch first and then zimbra-patch. In this case, "zmcontrol -v" would show version as 'Patch 8.8. | * If MTA services are on mailbox node, admin can install mta patch first and then zimbra-patch. In this case, "zmcontrol -v" would show version as 'Patch 8.8.10_P7'. | ||
==Before Installing the Patch== | ==Before Installing the Patch== | ||
Line 69: | Line 90: | ||
'''Package Name''' '''Version''' | '''Package Name''' '''Version''' | ||
FOSS: | FOSS: | ||
zimbra-patch -> 8.8.10. | zimbra-patch -> 8.8.10.1552045069.p7-1 | ||
zimbra-chat -> 2.0.2.1546498111-1 | zimbra-chat -> 2.0.2.1546498111-1 | ||
zimbra-common-core-jar -> 8.8.10.1550743009-1 | zimbra-common-core-jar -> 8.8.10.1550743009-1 | ||
zimbra-mbox-webclient-war -> 8.8.10. | zimbra-mbox-webclient-war -> 8.8.10.1552042405-1 | ||
zimbra-network-store -> 8.8.10.1542096286-1 | zimbra-network-store -> 8.8.10.1542096286-1 | ||
zimbra-ldap-components -> 1.0.2-1zimbra8.7b1 | zimbra-ldap-components -> 1.0.2-1zimbra8.7b1 | ||
Line 79: | Line 100: | ||
NETWORK: | NETWORK: | ||
zimbra-patch -> 8.8.10. | zimbra-patch -> 8.8.10.1552045069.p7-2 | ||
zimbra-network-modules-ng -> 3.0.7.1550249955-1 | zimbra-network-modules-ng -> 3.0.7.1550249955-1 | ||
zimbra-docs -> 2.0.2.1542045176-1 | zimbra-docs -> 2.0.2.1542045176-1 | ||
Line 259: | Line 280: | ||
zmcontrol restart | zmcontrol restart | ||
</div> | </div> | ||
<div id="nginxfix"> | |||
==Nginx Bug Fix== | |||
We have fixed critical Proxy/Nginx bug where Proxy does not failover correctly in certain conditions. This fix is in zimbra-nginx package which is not available with this Patch installation. To get latest zimbra-nginx package, please follow steps from wiki https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.11/nginx_hotfix</div> |
Latest revision as of 19:05, 8 March 2019
Zimbra Collaboration 8.8.10 Patch 7 GA Release
Check out the "Security Fixes","Fixed Issues", "Zimbra NG Changelog" for this version of Zimbra Collaboration. Please refer "Patch Installation" section for Patch Installation instructions. Also, check "Nginx Bug Fix" for the recent Nginx bug fix. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket to report issues.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
---|---|---|---|---|---|
109097 | Insecure object deserialization - IMAP [CWE-502] | CVE-2019-6980 | 5.4 | Major | 8.8.10 Patch 7 |
Software changes
|
|
---|---|
|
|
|
---|---|
Admin Zimlet:
| |
Mobile:
| |
Backup:
| |
Drive Zimlet:
| |
Drive Server:
|
Patch Installation
Note on fixes in this Patch: Please read this section before proceeding with Patch7 installation.
- This patch includes fixes on MTA.
- Latest core packages can be installed by installing zimbra-patch package.
- MTA patch is add on package, it should be installed only on MTA node and version can be checked with "zmcontrol -v". Command will show version as 'Patch 8.8.10_P7 mta'.
- If MTA services are on mailbox node, admin can install mta patch first and then zimbra-patch. In this case, "zmcontrol -v" would show version as 'Patch 8.8.10_P7'.
Before Installing the Patch
Before installing the patch, consider the following:
- Patches are cumulative.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to user zimbra before using ZCS CLI commands.
- Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
- Important Note for ZCS Setup with Local ZCS repository: Customers who have setup local ZCS repository should first update the local repository by following instructions in wiki
Install the Patch
- Please make note that, installing zimbra-patch package only updates the Zimbra core packages.
8.8.10 Patch 7 Packages
Below are the latest available packages:
Package Name Version FOSS: zimbra-patch -> 8.8.10.1552045069.p7-1 zimbra-chat -> 2.0.2.1546498111-1 zimbra-common-core-jar -> 8.8.10.1550743009-1 zimbra-mbox-webclient-war -> 8.8.10.1552042405-1 zimbra-network-store -> 8.8.10.1542096286-1 zimbra-ldap-components -> 1.0.2-1zimbra8.7b1 zimbra-drive -> 1.0.12.1542291479 zimbra-mta-patch -> 8.8.10.1551121351.p7 NETWORK: zimbra-patch -> 8.8.10.1552045069.p7-2 zimbra-network-modules-ng -> 3.0.7.1550249955-1 zimbra-docs -> 2.0.2.1542045176-1 zimbra-talk -> 3.0.3.1540571542-1 zimbra-drive-ng -> 1.0.3.1548323480-1
Please refer below steps for 8.8.10 Patch 7 installation on Redhat and Ubuntu platforms:
Redhat
1. Installing zimbra packages individually
Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK
- As root. Type below command
yum clean metadata yum check-update yum install zimbra-mta-patch
- Restart amavisd as zimbra user
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK
- As root, install the patch. Type below command:
yum clean metadata yum check-update yum install zimbra-patch
- Switch to user zimbra
su – zimbra
- ZCS must be restarted to changes to take effect. Type below command:
zmcontrol restart
Install/Upgrade zimbra-chat for FOSS
- As root, Type below command.
yum install zimbra-chat
- Switch to user zimbra
su – zimbra
- Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart
Install/Upgrade zimbra-talk and zimbra-network-modules-ng (NETWORK Only)
- As root, Type below command.
yum clean metadata yum check-update yum install zimbra-network-modules-ng yum install zimbra-talk
- Switch to user zimbra
su – zimbra
- Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart
Install/Upgrade zimbra-docs (NETWORK Only)
- As root, Type below command.
yum install zimbra-docs
- Switch to user zimbra
su – zimbra
- Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart
Install/Upgrade zimbra-drive-ng (Beta) (NETWORK Only)
After installing zimbra-drive-ng package on machine already having old drive, we can see two tabs with same name "Drive" corresponding to open drive and latest drive. This is known issue and we are working on it.
- As root, Type below command.
yum install zimbra-drive-ng
- Switch to user zimbra
su – zimbra
- Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart zxsuite config global set attribute isDriveEnabledOnStartup value true zxsuite drive doStartService module
Upgrade OpenLDAP on LDAP node for FOSS and NETWORK
- As root. Type below command:
yum install zimbra-ldap-components
- Restart ldap as zimbra user
su - zimbra ldap restart
2. Installing zimbra packages with system package upgrades
- As root, type below command to clear yum cache
yum clean metadata
- As root, type below command first time so the server sees there is a new zimbra-patch package in the 8810 patch repository
yum check-update
- As root, type below command to update most available packages.
yum update
- Switch to user zimbra
su – zimbra
- ZCS must be restarted to changes to take effect. Type below command:
zmcontrol restart
Ubuntu
1. Installing zimbra packages individually
Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK
- As root. Type below command
apt-get update apt-get install zimbra-mta-patch
- Restart amavisd as zimbra user
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK
- As root, install the patch. Type below command:
apt-get update apt-get install zimbra-patch
- Switch to user zimbra
su – zimbra
- ZCS must be restarted to changes to take effect. Type below command:
zmcontrol restart
Install/Upgrade zimbra-chat for FOSS
- As root, Type below command.
apt-get install zimbra-chat
- Switch to user zimbra
su – zimbra
- Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart
Install/Upgrade zimbra-talk and zimbra-network-modules-ng (NETWORK Only)
- As root. Type below command.
apt-get update apt-get install zimbra-network-modules-ng apt-get install zimbra-talk
- Switch to user zimbra
su – zimbra
- Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart
Install/Upgrade zimbra-docs (NETWORK Only)
- As root, Type below command.
apt-get install zimbra-docs
- Switch to user zimbra
su – zimbra
- Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart
Install/Upgrade zimbra-drive-ng (Beta) (NETWORK Only)
After installing zimbra-drive-ng package on machine already having open drive, we can see two tabs with same name "Drive" corresponding to open drive and latest drive. This is known issue and we are working on it.
- As root, Type below command.
apt-get install zimbra-drive-ng
- Switch to user zimbra
su – zimbra
- Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart zxsuite config global set attribute isDriveEnabledOnStartup value true zxsuite drive doStartService module
Upgrade OpenLDAP on LDAP node for FOSS and NETWORK
- As root. Type below command:
apt-get install zimbra-ldap-components
- Restart ldap as zimbra user
su - zimbra ldap restart
2. Installing zimbra packages with system package upgrades
- As root, type below command first time so the server sees there is a new zimbra-patch package in the 889 patch repository
apt-get update
- As root, type below command to update most available packages
apt-get upgrade
OR
- As root, type below command to update all available packages plus any kernel updates.
apt-get dist-upgrade
- Switch to user zimbra
su – zimbra
- ZCS must be restarted to changes to take effect. Type below command:
zmcontrol restart