Zimbra Releases/8.8.15/P1

Revision as of 12:57, 18 September 2019 by David Bingham (talk | contribs)

Zimbra Collaboration 8.8.15 Patch 1 GA Release

Check out the Security Fixes, Fixed Issues, NG Changelog, and Known Issues for this version of Zimbra Collaboration. Please refer the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
109174 Non-Persistent XSS - admin console CVE-2019-12427 4.3 Minor 8.8.15 P1
109141 Non-Persistent XSS - web client CVE-2019-15313 4.3 Minor 8.8.15 P1

Software changes

Zimbra 8.8.15 now fully supported on UBUNTU18 (GA)

Download the latest UBUNTU-18 binaries from https://www.zimbra.com/downloads

Fixed Issues

  • Make CSS display attribute configurable in OWASP leading to customers having better control over the HTML rendering elements.
  • The following issues are fixed with UBUNTU18 GA:
    • Unable to upgrade Zimbra after running do-release-upgrade to ubuntu18.
    • GetLoggerStatsRequest failing with error - system failure: Unable to read logger stats
    • Getting Perl related message while running the sa-learn command.
    • Logs are not getting captured in /var/log/zimbra-stats.log.
  • Recently added features are available in all supported languages. (CalDAV /CardDAV config, Password Recovery, Default Calendar)
  • Recently added features (Dumpster, Report-Issue) are now available in all supported languages.
  • The introduction of OWASP sanitization caused HTML action buttons shown in emails to open the links inside the email preview pane. They now open in a new tab or window.
  • When Zimbra Network Modules NG is enabled, Unable to obtain modification information (sic) is no longer added to the mailbox.log with each email sent.
  • Hierarchical Address Book (HAB) is available in English only. Support for additional languages is in an upcoming patch release.
  • When a message imported from a PST file had the From address in canonical format (referring to old LDAP information), the From field was being left empty. In this situation, some actions could be affected. For example, the user would not be able to reply to the message. Now the available data from other fields are being used with the canonical data to populate a useable email address in the From field, when possible.
  • Fixed a bug in 8.8.15 where user logins may have failed when CSRF tokens were disabled, users may have observed the following logs:
    java.lang.IllegalStateException: Connection pool shut down
To mitigate this message and allow successful logins, users had to enable CSRF tokens as a workaround.
  • zmrestore will work even when the backup file contains non printable XML characters.
  • Zimbra now prevents the creation of two data sources with the same email address
  • When an email contains an inline attachment (i.e., a MIME part with Content-Disposition: inline) that it cannot render, the Zimbra Web Client will show it as a regular attachment.
  • When users open the calendar view in a separate window, the date range shown in the header now matches the user's selection, and navigation buttons are labeled correctly.
  • In a split environment (one node for UI, others for email), opening a calendar view in a separate window would not retain the context from the user's session. After the fix, the window now appears in the user's selected language, and all navigation and action links work properly.
  • Fixed an accessibility issue in Preferences when editing or creating an email filter. Previously, the tab key would not change focus between fields.
  • Fixed a bug that caused undefined to appear in the search toolbar when Show advanced search language in search toolbar was enabled, and the user was not on the Mail tab.
  • Fixed a bug that would appear to tie up the web interface indefinitely. The process of copying all messages from one folder to another appeared to continue even after completion of the operation; when there were hundreds to thousands of messages in the source folder, it required the user to cancel the operation.
  • When using ephemeral data storage, every authentication call was updating the lastLoginTimeStamp for every user, ignoring the provisioned zimbraLastLogonTimeStampFrequency setting. In multi-node systems, each update would then sync to all nodes. To reduce the load this issue causes, updates now respect the setting.
  • When users do not have the Conversations feature (i.e., zimbraFeatureConversationsEnabled was FALSE), they would still see a Show Conversation action button in context menus. This setting now results in Zimbra suppressing the actions for such users.

NG Changelog

General
  • Fixed a bug that could cause log information to be lost.
  • Improved Distributed Configuration Service start to reduce resource usage.
Backup
  • Fixed a bug that could cause restores to fail due to a COS ID error when External Accounts are involved.
  • Fixed a bug that could cause tags to be lost when running multiple External Restores over the same target.
  • Fixed a bug that could cause restores to trigger a doCoherencyCheck: java.lang.Long cannot be cast to class java.lang.String error.
  • Fixed a bug that could cause the SmartScan to trigger an Out Of Memory error when all items threw a NoSuchBlob exception.
Mobile
  • Mobile NG threads will now forcibly reset and release the thread context to ensure that logging is accurate.
  • Fixed bug that caused the server to return a truncated response for Sync requests with AllOrNone=1.
  • Added the deleteDeviceId ABQ API call to delete one or more devices.
HSM
  • Running the doCheckBlobs operation with the missing_blob_delete_item option will now also delete database entries of items with an invalid/nonexisting volume locator value.
  • Improved the doFixShares CLI for better usability.
  • Added the read_error_threshold option to the doVolumeToVolumeMove operation.
  • Improved the performances of the doMoveBlobs operation (Apply HSM) thanks to a new logic that makes it quicker to identify items that should be moved, especially on volumes with a very large number of items.
  • Fixed a bug that caused the doCheckBlobs operation to sometimes process only 100 items if the missing_blob_delete_item option was set to true.
  • Fixed a bug that could cause IMAP messages not to be saved in the Sent folder when using Centralized Storage;
Admin
  • Fixed an issue that could cause an Out Of Memory error when performing certain Admin NG actions due to the use of the getAllAccounts() request.
Connect
  • NEW FEATURE: Instant Meetings - Text and Video chat sessions can include external users.
  • NEW FEATURE: User Profile Manager - Users now can manage their Connect notification settings and upload a profile picture;
  • Conversation and Channel lists can be now filtered.
  • Users can now hide the IM Panel in a video chat so that new IM messages appear as toast notification.
  • Improved message delivery responsiveness in multiserver environments.
  • Improved focus management in IM panels - taking the focus away and back when writing a message will not cause the message to disappear anymore.
  • 60+ minor UI and UX improvements.
  • Fixed a bug that could cause text to be unselectable in chats.
  • Fixed a bug that could crop/reduce the video resolution of Screen Sharing.
  • Fixed several compatibility issues with Safari, which should now be working even if not officially supported.
  • Fixed a session cookie management bug that could keep a user's session open after the logout if another user logged in from the same browser right after that.
  • Fixed a bug that did not terminate the video calls properly even when all participants had left the session and participants continued to receive the notifications.

Known Issues

  • Beginning in 8.8.15, Chat History is ID-based instead of email-based: if admins delete a mailbox and then create a new mailbox with the same email address, the history of the old mailbox will not be available to the new mailbox.
  • Automatic Upgrades from previous ZCO Versions to 8.8.15 do not complete. Users of those previous versions should manually download the software and perform a local upgrade to this or future versions. Upgrades from here on forward are not affected.
  • Ubuntu18 configured IPV6 Admin console is not working.


Patch Installation

Please refer to the steps below to install 8.8.15 Patch 1 on Redhat and Ubuntu platforms:

Before Installing the Patch

Before installing the patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important Note for ZCS Setup with Local ZCS repository: Customers who have set up local ZCS repository should first update the local repository by following instructions in wiki
  • Please make note that, installing the zimbra-patch package only updates the Zimbra core packages.

8.8.15 Patch 1 Packages

The package lineup for this release is:

FOSS:

Package Name                       Version
zimbra-patch                   ->  8.8.15.1566550364.p1-1
zimbra-common-core-jar         ->  8.8.15.1566211630-1
zimbra-mbox-webclient-war      ->  8.8.15.1566568420-1
zimbra-timezone-data           ->  1.0.1+1565596046-1
zimbra-mbox-admin-console-war  ->  8.8.15.1565002309-1

NETWORK:

Package Name                       Version
zimbra-patch                   ->  8.8.15.1566550364.p1-2
zimbra-network-modules-ng      ->  6.0.2.1566228068-1
zimbra-drive-ng                ->  3.0.1.1565269660-1
zimbra-zco                     ->  8.8.15.1837.1566293514-1
zimbra-docs                    ->  3.0.1.1565270236-1
zimbra-connect                 ->  1.0.1.1565271387-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-proxy-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade zimbra-mta-components on MTA node for FOSS and NETWORK

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-talk and zimbra-network-modules-ng (NETWORK Only)

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the packages:
yum install zimbra-network-modules-ng
yum install zimbra-talk
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, install the package:
yum install zimbra-docs
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-drive-ng (NETWORK Only)

  • As root, install the package:
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade Modern Web App Zimlets (NETWORK Only)

  • Please refer here for installing zimlets for Modern Web App.


Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server sees there is a new zimbra-patch package in the patch repository:
apt-get update
  • Then update available packages:
apt-get upgrade

OR

  • Update all available packages plus any kernel updates:
apt-get dist-upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-proxy-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Ubuntu 18 zimbra-proxy-patch version

zimbra-proxy-patch        ->  8.8.12.1554984827.p3-1

The installation of this patch is mandatory for the proxy to function on Ubuntu 18 servers.

Install/Upgrade zimbra-mta-components on MTA node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-mta-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-talk and zimbra-network-modules-ng (NETWORK Only)

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-talk
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, install package:
apt-get install zimbra-docs
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-drive-ng (NETWORK Only)

  • As root, install package:
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade Modern Web App Zimlets (NETWORK Only)

  • Please refer here for installing zimlets for Modern Web App.


Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root, install the package:
apt-get install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Quick note: Open Source repo

Downloading and building our Zimbra Code? Keep reading. Starting ZCS 8.7.6 and above we have new steps to download, build, and see our code via Github: https://github.com/Zimbra/zm-build



Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »

Jump to: navigation, search