Zimbra Releases/8.8.12
Zimbra Collaboration 8.8.12 GA Release
Check out the Security Fixes, What's New, Fixed Issues and Known Issues for this version of Zimbra Collaboration. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket to report issues.
NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details. You can also refer to the Security Vulnerability Advisories register.
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release Version |
---|---|---|---|---|---|
109096 | Blind SSRF vulnerability - Feed [CWE-918] | CVE-2019-6981 | 4.0 | Minor | 8.8.12 |
109127 | SSRF vulnerability - ProxyServlet [CWE-918 / CWE-807] | CVE-2019-9621 | 4.0 | Minor | 8.8.12 |
108181 | Upgraded 3rd party php to version 7.3.1. | n/a | - | - | 8.8.12 |
107548 | Upgraded 3rd party Apache to version 2.4.38. | n/a | - | - | 8.8.12 |
What's New
NOTE: Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.
Zimbra Collaboration Suite:
|
Zimbra Connector for Outlook:
|
Zimbra Drive:
|
Zimbra Talk:
|
Zimbra Docs:
|
NG Backup:
|
|
|
---|---|
Area | Description |
Zimbra Drive | After user's computer resumed from sleep, Zimbra Drive would often show errors The server is off-line or I'm thinking. Now when the websocket connection has been closed, the client tries to reopen it at increasing time intervals, to ensure Drive reconnects. |
NG Mobile | Hidden folders and their contents are skipped during synchronization. Previously, such folders caused synchronization to fail. |
NG Backup | Missing Blob errors will only be logged once, mitigating a problem that caused mailbox.log to grow exponentially and stop smartscan from completing. |
Zimbra Docs | Documents shared in Read-Only mode can now be edited only from the authenticated owner's account. |
Zimbra Drive | Files contained in Drive will now remain accessible in ReadOnly mode if the license expires. |
Zimbra Drive | On multiserver, downloading a drive folder as zip would sometimes result in a corrupted zip file. This has been fixed. |
Zimbra Drive | Fixed a bug that blocked the viewing or editing of share information when a file or folder was shared with a distribution list. |
Web UX | The Quick Add or New Event dialog always pre-selects the user's Default Calendar from preferences when creating a new event. This occurs even when the user is viewing only one of their available calendars; in that case the expected behavior should be to pre-select that calendar, not the user's default. |
ZCO | GAL synchronization message now properly reports progress expressed as progress / total items. |
ZCO | The Add Share button is hidden for ZCO users who do not have Sharing enabled (i.e. zimbraFeatureSharingEnabled is false). |
Zimbra Talk | After a video call ended, the webcam may have remained active. The video stream is now reliably terminated when the call ends. Workaround for earlier versions is to refresh the browser if the webcam activity LED remained on past the end of call. |
Web UX | A fix in 8.8.11 that prevented unwanted duplication of attachments came with a side-effect bug that suppressed the display of inline PDF attachments sent from Apple Mail clients. This has been fixed. |
|
|
---|---|
Area | Description |
Zimbra Drive | Documents stored in briefcase or Zimbra Drive that have very long names are opened in view-only mode. To work around this, shorten the filename on the document. |
Web UX | Hierarchical Address Book (HAB) is supported in English only. Support for additional languages will be provided in an upcoming patch release. |
Zimbra Drive | If you used Zimbra Drive v2 (Beta) prior to its Stable release, we advise you to clean up the Beta database before proceeding. Refer to How to Clean up a Zimbra Drive (Beta) Database. |
ZCO | Dumpster feature is supported in English only. Support for additional languages will be provided in an upcoming patch release. |
ZCO | Older versions of the Outlook Connector for Zimbra (prior to Version 8.8.10) do not detect versions 8.8.10 and higher, so users will receive no notification that an upgrade is available. End users are recommended to initiate a manual upgrade to this version of the connector. |
Zextras | When attempting to install Zimbra Suite Plus (ZSP) on an incompatible version of ZCS, the admin will receive an error message with the incorrect URL for the Compatibility List. The correct URL is https://wiki.zimbra.com/wiki/Zimbra_Suite_Plus/Compatibility_List. |
Platform | After an upgrade to 8.8.12, IMAP users are unable to access folders with names containing non-ASCII characters. This is fixed in 8.8.12 P1. |
Quick note: Open Source repo
Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »