Zimbra Releases/8.8.15: Difference between revisions
mNo edit summary |
No edit summary |
||
Line 21: | Line 21: | ||
<td class='col-md-1' style='width:10%;'>[https://bugzilla.zimbra.com/show_bug.cgi?id=53383 53383] </td><td class='col-md-1' style='width:67%;'>Upgraded [https://hc.apache.org/httpcomponents-client-4.5.x/index.html 3rd Party HttpClient] to version 4.5.5.</td><td class='col-md-1' style='text-align:left; width:10%'>n/a</td><td class='col-md-1' style='text-align:center; width:4%'>-</td><td class='col-md-1' style='text-align:center; width:4%'>-</td><td class='col-md-1' style='text-align:center; width:5%'>8.8.15</td></tr> | <td class='col-md-1' style='width:10%;'>[https://bugzilla.zimbra.com/show_bug.cgi?id=53383 53383] </td><td class='col-md-1' style='width:67%;'>Upgraded [https://hc.apache.org/httpcomponents-client-4.5.x/index.html 3rd Party HttpClient] to version 4.5.5.</td><td class='col-md-1' style='text-align:left; width:10%'>n/a</td><td class='col-md-1' style='text-align:center; width:4%'>-</td><td class='col-md-1' style='text-align:center; width:4%'>-</td><td class='col-md-1' style='text-align:center; width:5%'>8.8.15</td></tr> | ||
</table> | </table> | ||
<h1><span id='What.27s_New' class='mw-headline'>What's New:</span></h1> | <h1><span id='What.27s_New' class='mw-headline'>What's New:</span></h1> | ||
{{BetaWarning}} | |||
<br><table class='table table-striped table-condensed'> | |||
<tr><td class='col-md-1'><b>Zimbra Collaboration Suite:</b><ul> | <tr><td class='col-md-1'><b>Zimbra Collaboration Suite:</b><ul> | ||
<li>[https://www.owasp.org OWASP]-based HTML sanitization for protecting the web application against XSS, which replaces the previous Nekohtml-based HTML sanitizer. The new OWASP fixes the performance issues observed when rendering certain mimes on the web client.</li> | <li>[https://www.owasp.org OWASP]-based HTML sanitization for protecting the web application against XSS, which replaces the previous Nekohtml-based HTML sanitizer. The new OWASP fixes the performance issues observed when rendering certain mimes on the web client.</li> |
Latest revision as of 14:25, 13 September 2019
Zimbra Collaboration 8.8.15 GA Release
Check out the Security Fixes, What's New, Fixed Issues and Known Issues for this version of Zimbra Collaboration. As always, you're encouraged to tell us what you think in the Forums, or open a support ticket to report issues.
NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details. You can also refer to the Security Vulnerability Advisories register.
Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Release Version |
---|---|---|---|---|---|
83999 | CSRF through local post embedded in Mail Message | n/a | - | - | 8.8.15 |
53383 | Upgraded 3rd Party HttpClient to version 4.5.5. | n/a | - | - | 8.8.15 |
What's New:
NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.
Zimbra Collaboration Suite:
|
Zimbra Connector for Outlook:
|
Zimbra Connect:
|
NG Backup:
|
| |
---|---|
Area | Description |
Platform | When using the Zimbra Web Client to view the free/busy information of an Exchange user who has disabled sharing of that information, their status is now properly shown as Unknown instead of Free. |
Platform | Improved reliability of dependency checking, related to bug 108968. A number of utilities, in particular /opt/zimbra/libexec/zmmtastatus used a mechanism for checking whether a dependency was running by checking whether _any process_ with the same PID as had been previously recorded was running. This could lead to problems if a process died or a system was restarted and some unrelated process got that PID.Acknowledgement: For zmmtastatus we incorporated Robert Scheck's fix to use postfix status. |
Platform | Utility zmdiaglog was not capturing the heap dump properly; this has been fixed. |
Platform | Addressed two issues which occurred with some IMAP clients:
|
Platform | Prevented secondary task windows from spawning new SOAP which could lead to the UI becoming unresponsive, e.g., when using compose in new window and print actions. |
ZWC | When viewing the Hierarchical Address Book (HAB) in the Contacts tab, selecting a single sub-organization would display all contacts, not only the members of the sub-org. |
ZWC | The Hierarchical Address Book (HAB) tree is now available to the detached composer. |
ZCO | When installed with Outlook 2013 Click-to-run, ZCO would repeatedly prompt the user regarding missing Windows Search settings, because the Windows Registry location for them is different in this Outlook version that for all others. ZCO is now adapted to access these specific settings. |
ZCO | Contact auto-complete and Search People functions only operate on MS Outlook 2010. To avoid an application crash, they have been temporarily disabled on other versions. Auto-complete may be engaged by typing Ctrl-K in an address field. |
ZCO | Initial synchronization would appear stuck for some accounts due to a redundant HTML sanitization operation that could enter an infinite loop. This operation has been removed, as the Outlook bug it defended against no longer appears (Bug 86062). This is expected to result in a modest performance improvement for all syncs. |
Zimbra Connect | Fixed a bug that could cause a license to appear as invalid when the number of licensed Connect (Talk) users is lower than the total number of licensed mailboxes. |
Zimbra Connect | After upgrading to 8.8.11 (patch 5+) or 8.8.12 (patch 2+), the Talk module appears unlicensed. This has been fixed in 8.8.15. |
Zimbra Connect | Fixed an issue that could cause a ParserException: Invalid 'query_archive' error when different database version are in use (e.g. during rolling upgrades). |
NG Backup | Added safe-handling logic when parsing backup items to avoid a situation where a file not created by the backup itself (e.g. rsync temporary files) could cause the operation to stop. |
NG Backup | Fixed a bug that could cause a Null Pointer Exception when running an External Restore on a server with a broken or empty database. |
NG Backup | Backup operation scheduler's performance has been optimized and it now supports concurrency over the same item. |
NG Backup | Backup NG is now completely independent from the Redo Log, as it features a new custom-made event listener. This ensures that blobs that were added through restoration from a classic backup do not get purged by Backup NG. |
Zimbra Drive | Zimbra Drive would display a Wrong Server warning for users in a multi-node environment, unless they were hosted on the proxy node. This has been fixed by ensuring that proxy configuration files are properly generated on all nodes at startup. |
NG Mobile | Fixed a bug that caused MIME response data to be improperly truncated if the sync request set the MIMETruncation value to 1 (Truncate text over 4096 characters). |
NG Mobile | Fixed a bug that caused some exceptions of a recurring event to be lost on mobile devices when other exception(s) were accepted. Each exception is now shown, regardless of the state of other exceptions in the series. |
| |
---|---|
Area | Description |
Platform | With the default cipher configuration, *Weak cipher suite* warnings appear in the logs. No security concern is associated with the presence of these suites, as they are not used. The warnings may be suppressed by following the instructions in KB23863. |
ZWC | WebMail Login Failure - when zimbraCsrfTokenCheckEnabled is set to FALSE Apache HttpClient Connection pool shuts down and login to webmail fails.
|
ZWC | Hierarchical Address Book (HAB) is supported in English only. Support for additional languages will be provided in an upcoming patch release. |
ZCO | Automatic Upgrades from previous ZCO Versions to 8.8.15 do not complete. Users of those previous versions should manually download the software and perform a local upgrade to this or future versions. Upgrades from here on forward are not affected. |
Zimbra Connect | Beginning in 8.8.15, Chat History is ID-based instead of email-based: if a mailbox is deleted and then a new mailbox with the same email address is created, the history of the old mailbox will not be available to the new mailbox. |
Zimbra Connect | Zimbra Connect currently supports only English, French, and Russian for its User Interface. Additional languages will be provided in future patches. |
Zimbra Drive | The Zimbra Drive option available in the compose view when attaching a file is related to Open Drive only. It will fail with the error message An error has occurred on getting drive folders. To send a Zimbra Drive file as an attachment, locate the file in Drive, then use Right Click - Send as Attachment. |
Zimbra Network Modules NG | When Zimbra Network Modules NG is enabled, Unable to obtain modification informations (sic) is added to the mailbox.log with each email sent. There is no operational impact. |
Ubuntu 18 (Beta) | The following issues are expected to be fixed before announcing GA:
|
Quick note: Open Source repo
Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »