Zimbra Releases/8.8.11/P4

Revision as of 13:12, 12 April 2019 by Pallavi.khairnar (talk | contribs)

Zimbra Collaboration 8.8.11 Patch 4 GA Release

Check out the "Security Fixes" and "Software Changes", "Zimbra NG Changelog" for this version of Zimbra Collaboration below. Please refer "Patch Installation" section for Patch Installation instructions. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket to report issues.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Score
Zimbra
Rating
Fix Release or
Patch Version
109096 Blind SSRF vulnerability - Feed [CWE-918] CVE-2019-6981 4.0 Minor 8.8.11 Patch4
109127 SSRF vulnerability - ProxyServlet [CWE-918 / CWE-807] CVE-2019-9621 4.0 Minor 8.8.11 Patch4

Software changes

Fixed Issues

  • Fixed the CPU usage spike observed when viewing mails.

Zimbra NG Changelog

Docs:
  • Document can not be edited if shared in RO mode
Mobile:
  • Fixed zip file creation when downloading a drive folder
Backup:
  • Fixed missing blob errors during Smart Scan causes mailbox.log to grow abnormally in size
  • Warning will not be displayed on drive items deletions
  • Fixed backup customization operation
Drive Zimlet:
  • Drive will go in ReadOnly mode if unlicensed.
  • When using the "preferred" link on left pane, the view not switches to search
  • Drive Share link now use the variable zimbraPublicHostname.
  • Fixed Drive Reconnection after suspend
  • Provided ability to download entire folder
  • Added a new functionalities to automatically send an email with link share details
  • Added a text to explain that the link is accessible only by collaborators.
Drive Server:
  • Fixed Drive which was failing on userDetailRequest in some distribution list
  • When logged user opens a public link to a drive item that he can't access, he is treated as an anonymous user and can view the item.
  • Fixed password protection of public links
  • Drive indexer is now working when an item is moved into a folder
  • Drive Import - Remove share email notification when import
  • Drive: show error in case of wrong nginx configuration
HSM:
  • Added Possibility to delete mysql item if there are missing blobs
  • Support AWS new storage class (Intelligent Tiering)
  • Fixed exception TooManyIOError
  • Fixed multipart upload failure not handled correctly causing deadlock
  • If drive module is disable you cannot resume mailboxmove

Patch Installation

Note on fixes in this Patch: Please read this section before proceeding with Patch4 installation.

  • This patch includes fixes on MTA and Proxy.
  • Latest core packages can be installed by installing zimbra-patch package.
  • As proxy package is add on package, it should be installed only on Proxy node. Zimbra version checked on Proxy node with "zmcontrol -v" command will show version as 'Patch 8.8.11_P4 Proxy'. Similarly, MTA patch is add on package, it should be installed only on MTA node and version can be checked with "zmcontrol -v". Command will show version as 'Patch 8.8.11_P4 mta'.
  • If Proxy/MTA services are on mailbox node, admin can install mta and proxy patches first and then zimbra-patch. In this case, "zmcontrol -v" would show version as 'Patch 8.8.11_P4'.

Before Installing the Patch

Before installing the patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important Note for ZCS Setup with Local ZCS repository: Customers who have setup local ZCS repository should first update the local repository by following instructions in wiki

Install the Patch

  • Please make note that, installing zimbra-patch package only updates the Zimbra core packages.

8.8.11 Patch 4 Packages

Below are the latest available packages:

Package Name                  Version
FOSS:
zimbra-patch              ->  8.8.11.1554699443.p4-1
zimbra-chat               ->  2.0.2.1546498111-1
zimbra-common-core-jar    ->  8.8.11.1554633662-1
zimbra-proxy-components   ->  1.0.3-1zimbra8.7b1
zimbra-nginx              ->  1.7.1-1zimbra8.7b12
zimbra-mta-patch          ->  8.8.11.1551122329.p3
zimbra-proxy-patch        ->  8.8.11.1550839189.p3
zimbra-mbox-webclient-war ->  8.8.11.1550576235-1
Zimbra-drive              ->  1.0.12.1553795496-1

NETWORK:
zimbra-patch              ->  8.8.11.1554699443.p4-2
zimbra-network-modules-ng ->  4.0.4.1553791753-1
zimbra-zco                ->  8.8.11.1.0.0.1546517612-1
zimbra-docs               ->  3.0.0.1544425929-1
zimbra-drive-ng           ->  1.0.12.1553795496-1
Zimbra-talk               ->  3.0.4.1554991858-1

Please refer below steps for 8.8.11 Patch 4 installation on Redhat and Ubuntu platforms:

Redhat

1. Installing zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root. Type below command
yum clean metadata 
yum check-update 
yum install zimbra-proxy-components
  • Restart proxy as zimbra user
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root. Type below command
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root. Type below command
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, install the patch. Type below command:
yum install zimbra-patch
  • Switch to user zimbra
su – zimbra
  • ZCS must be restarted to changes to take effect. Type below command:
zmcontrol restart

Install/Upgrade zimbra-chat for FOSS

  • As root, Type below command.
yum install zimbra-chat 
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart


Install/Upgrade zimbra-talk and zimbra-network-modules-ng (NETWORK Only)

  • As root, Type below command.
yum clean metadata 
yum check-update 
yum install zimbra-network-modules-ng
yum install zimbra-talk
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart


Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, Type below command.
yum install zimbra-docs
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart


Install/Upgrade zimbra-drive-ng (Beta) (NETWORK Only)

  • As root, Type below command.
yum install zimbra-drive-ng
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart
zxsuite config global set attribute isDriveEnabledOnStartup value true
zxsuite drive doStartService module

Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root. Type below command:
yum install zimbra-ldap-components
  • Restart ldap as zimbra user
su - zimbra
ldap restart

2. Installing zimbra packages with system package upgrades

  • As root, type below command to clear yum cache
yum clean metadata
  • As root, type below command first time so the server sees there is a new zimbra-patch package in the 8810 patch repository
yum check-update
  • As root, type below command to update most available packages.
yum update
  • Switch to user zimbra
su – zimbra
  • ZCS must be restarted to changes to take effect. Type below command:
zmcontrol restart

Ubuntu

1. Installing zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root. Type below command
apt-get install zimbra-proxy-components
  • Restart proxy as zimbra user
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root. Type below command
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root. Type below command
apt-get install zimbra-mta-patch
  • Restart amavisd as zimbra user
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, install the patch. Type below command:
apt-get update
apt-get install zimbra-patch
  • Switch to user zimbra
su – zimbra
  • ZCS must be restarted to changes to take effect. Type below command:
zmcontrol restart

Install/Upgrade zimbra-chat for FOSS

  • As root, Type below command.
apt-get install zimbra-chat 
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart

Install/Upgrade zimbra-talk and zimbra-network-modules-ng (NETWORK Only)

  • As root. Type below command.
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-talk
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart


Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, Type below command.
apt-get install zimbra-docs
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart


Install/Upgrade zimbra-drive-ng (Beta) (NETWORK Only)

  • As root, Type below command.
apt-get install zimbra-drive-ng
  • Switch to user zimbra
su – zimbra
  • Zimbra mailbox service must be restarted to changes to take effect. Type below command:
zmmailboxdctl restart
zxsuite config global set attribute isDriveEnabledOnStartup value true
zxsuite drive doStartService module

Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root. Type below command:
apt-get install zimbra-ldap-components
  • Restart ldap as zimbra user
su - zimbra
ldap restart

2. Installing zimbra packages with system package upgrades

  • As root, type below command first time so the server sees there is a new zimbra-patch package in the 889 patch repository
apt-get update
  • As root, type below command to update most available packages
apt-get upgrade

OR

  • As root, type below command to update all available packages plus any kernel updates.
apt-get dist-upgrade
  • Switch to user zimbra
su – zimbra
  • ZCS must be restarted to changes to take effect. Type below command:
zmcontrol restart
Jump to: navigation, search