Zimbra Releases/8.8.15


Zimbra Collaboration 8.8.15 GA Release

Check out the Security Fixes, What's New, Fixed Issues and Known Issues for this version of Zimbra Collaboration. As always, you're encouraged to tell us what you think in the Forums, or open a support ticket to report issues.

NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details. You can also refer to the Security Vulnerability Advisories register.

Bug#SummaryCVE-IDCVSS
Score
Zimbra
Rating
Fix Release
Version
83999 CSRF through local post embedded in Mail Messagen/a--8.8.15
53383 Upgraded 3rd Party HttpClient to version 4.5.5.n/a--8.8.15

What's New:

NOTE: Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.


Zimbra Collaboration Suite:
  • OWASP-based HTML sanitization for protecting the web application against XSS, which replaces the previous Nekohtml-based HTML sanitizer. The new OWASP fixes the performance issues observed when rendering certain mimes on the web client.
  • Documentation for the Hierarchical Address Book feature has been added to Zimbra Admin Guide v 8.8.15.
  • The Zimbra Migration Wizard for Exchange user experience for PST Import has been simplified. Refer to the Zimbra Migration Tools page for more.
  • Ubuntu 18.04 support (Beta) We are nearing the end of our extensive QA cycle for this major upgrade. Watch for the GA announcement in an upcoming patch release.
Zimbra Connector for Outlook:
  • Outlook 2013 Click-to-run version has been validated for support with the Zimbra Connector for Outlook (ZCO).
Zimbra Connect:
  • New for 8.8.15, Zimbra Connect integrates a fully fledged corporate instant messaging platform inside the Zimbra WebClient, including Group and Corporate Messaging, File Sharing, Screen Sharing and informal Video Chat capabilities, and a future Mobile App integration. Zimbra Connect replaces Zimbra Talk, but all previous Talk licensing remains unaffected.
NG Backup:
  • New module properties are available: backupCompressionLevel allows tuning of the compression level, with values ranging from 0 to 9 where 0 is no compression and levels 1 to 9 are the correspondent gzip compression levels. backupNumberThreadsForItems and backupNumberThreadsForAccounts control the number of simultaneous items and mailboxes handled by Scan operations. Previously, the two values were hardcoded to 3 account threads and 5 item threads.
  • Blobless Backup (Beta) has been refined and is suitable for evaluation.
    • Documentation is now available, see Blobless Backup Mode in Zimbra Admin Guide v 8.8.15.
    • The feature gives administrators the option to skip blobs during backup, thereby reducing the elapsed time required to perform the backup.
    • For system integrity, blob backup should be provided through some other mechanism.

Fixed Issues:

AreaDescription
Platform When using the Zimbra Web Client to view the free/busy information of an Exchange user who has disabled sharing of that information, their status is now properly shown as Unknown instead of Free.
Platform Improved reliability of dependency checking, related to bug 108968. A number of utilities, in particular /opt/zimbra/libexec/zmmtastatus used a mechanism for checking whether a dependency was running by checking whether _any process_ with the same PID as had been previously recorded was running. This could lead to problems if a process died or a system was restarted and some unrelated process got that PID.Acknowledgement: For zmmtastatus we incorporated Robert Scheck's fix to use postfix status.
Platform Utility zmdiaglog was not capturing the heap dump properly; this has been fixed.
Platform Addressed two issues which occurred with some IMAP clients:
  1. IMAP clients which require the user to subscribe to folders were not being offered folders in shared mailboxes to subscribe to.
  2. IMAP clients that should automatically show folders in shared mailboxes did not display them.
Platform Prevented secondary task windows from spawning new SOAP which could lead to the UI becoming unresponsive, e.g., when using compose in new window and print actions.
ZWC When viewing the Hierarchical Address Book (HAB) in the Contacts tab, selecting a single sub-organization would display all contacts, not only the members of the sub-org.
ZWC The Hierarchical Address Book (HAB) tree is now available to the detached composer.
ZCO When installed with Outlook 2013 Click-to-run, ZCO would repeatedly prompt the user regarding missing Windows Search settings, because the Windows Registry location for them is different in this Outlook version that for all others. ZCO is now adapted to access these specific settings.
ZCO Contact auto-complete and Search People functions only operate on MS Outlook 2010. To avoid an application crash, they have been temporarily disabled on other versions. Auto-complete may be engaged by typing Ctrl-K in an address field.
ZCO Initial synchronization would appear stuck for some accounts due to a redundant HTML sanitization operation that could enter an infinite loop. This operation has been removed, as the Outlook bug it defended against no longer appears (Bug 86062). This is expected to result in a modest performance improvement for all syncs.
Zimbra Connect Fixed a bug that could cause a license to appear as invalid when the number of licensed Connect (Talk) users is lower than the total number of licensed mailboxes.
Zimbra Connect After upgrading to 8.8.11 (patch 5+) or 8.8.12 (patch 2+), the Talk module appears unlicensed. This has been fixed in 8.8.15.
Zimbra Connect Fixed an issue that could cause a ParserException: Invalid 'query_archive' error when different database version are in use (e.g. during rolling upgrades).
NG Backup Added safe-handling logic when parsing backup items to avoid a situation where a file not created by the backup itself (e.g. rsync temporary files) could cause the operation to stop.
NG Backup Fixed a bug that could cause a Null Pointer Exception when running an External Restore on a server with a broken or empty database.
NG Backup Backup operation scheduler's performance has been optimized and it now supports concurrency over the same item.
NG Backup Backup NG is now completely independent from the Redo Log, as it features a new custom-made event listener. This ensures that blobs that were added through restoration from a classic backup do not get purged by Backup NG.
Zimbra Drive Zimbra Drive would display a Wrong Server warning for users in a multi-node environment, unless they were hosted on the proxy node. This has been fixed by ensuring that proxy configuration files are properly generated on all nodes at startup.
NG Mobile Fixed a bug that caused MIME response data to be improperly truncated if the sync request set the MIMETruncation value to 1 (Truncate text over 4096 characters).
NG Mobile Fixed a bug that caused some exceptions of a recurring event to be lost on mobile devices when other exception(s) were accepted. Each exception is now shown, regardless of the state of other exceptions in the series.

Known Issues:

AreaDescription
Platform With the default cipher configuration, *Weak cipher suite* warnings appear in the logs. No security concern is associated with the presence of these suites, as they are not used. The warnings may be suppressed by following the instructions in KB23863.
ZWC WebMail Login Failure - when zimbraCsrfTokenCheckEnabled is set to FALSE Apache HttpClient Connection pool shuts down and login to webmail fails.


Workaround: Set zimbraCsrfTokenCheckEnabled to TRUE using below command:
zmprov mcf zimbraCsrfTokenCheckEnabled TRUE

ZWC Hierarchical Address Book (HAB) is supported in English only. Support for additional languages will be provided in an upcoming patch release.
ZCO Automatic Upgrades from previous ZCO Versions to 8.8.15 do not complete. Users of those previous versions should manually download the software and perform a local upgrade to this or future versions. Upgrades from here on forward are not affected.
Zimbra Connect Beginning in 8.8.15, Chat History is ID-based instead of email-based: if a mailbox is deleted and then a new mailbox with the same email address is created, the history of the old mailbox will not be available to the new mailbox.
Zimbra Connect Zimbra Connect currently supports only English, French, and Russian for its User Interface. Additional languages will be provided in future patches.
Zimbra Drive The Zimbra Drive option available in the compose view when attaching a file is related to Open Drive only. It will fail with the error message An error has occurred on getting drive folders. To send a Zimbra Drive file as an attachment, locate the file in Drive, then use Right Click - Send as Attachment.
Zimbra Network Modules NG When Zimbra Network Modules NG is enabled, Unable to obtain modification informations (sic) is added to the mailbox.log with each email sent. There is no operational impact.
Ubuntu 18 (Beta) The following issues are expected to be fixed before announcing GA:
  1. Unable to upgrade Zimbra after running do-release-upgrade to ubuntu18
  2. GetLoggerStatsRequest failing with error - system failure: Unable to read logger stats
  3. Getting perl related message while running sa-learn command
  4. Logs are not getting captured in /var/log/zimbra-stats.log.

Quick note: Open Source repo

Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:



Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »

Jump to: navigation, search