Zimbra Releases/8.8.15/P17

Revision as of 15:22, 16 December 2020 by RBDurgin (talk | contribs)

Zimbra Collaboration Joule 8.8.15 Patch 17 GA Release

Check out the What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
zm-saml-consumer-store extension vulnerable to XXE attack CVE-2020-35123 Medium 8.8.15 P17

What's New

NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.


Nginx Upgrade (Beta)

Upgraded 3rd Party Nginx from version 1.7.1 to 1.19.0.

  • Nginx 1.19.0 support for TLSv1.3

We are nearing the end of our extensive QA cycle for this package upgrades. Watch for the GA announcement in an upcoming patch release.


NOTE : For users who don't have previous beta packages, they would need to install that first. Please refer to the wiki for instructions on installing the packages on the systems.

Synacor Announces Support for Social Justice

With this patch, Synacor affirms its support of social justice awareness throughout the world and moves made by the tech community to reexamine and replace dated terminology, pledging inclusive language. Specific terminology changes Synacor will make:

   * Master/Slave to Primary/Secondary or Replica
   * Blacklist/Whitelist to Deny List/Allow List
   * White Hat/Black Hat with Ethical/Unethical.

The scope of these changes will include all Zimbra interfaces Synacor has built: all User Interface Screens and Command Line Interfaces (CLIs). The scope does not include any APIs (SOAP, REST or Libraries), Configuration files, Administrative files and any Third Party Software included as part of our products.

We recognize these changes will take time and have the potential to break certain infrastructure (scripts, for example) that our customers may have built. Thus with this announcement, we want to alert our customers that we will be deprecating such items in the future. Sufficient notice will be given to our customers so they can prepare to change their source code if necessary. Thank you for helping us alter the language to better match our shared values of equality, diversity and inclusion.

ZCO

  • With this release, ZCO has enhanced the address book search feature. The search now includes looking for substrings within the name fields. It is effective specifically when the fields contain multiple words. For more details, please refer to the admin guide section.

Zimbra Video Server (BETA)

  • With this release, we are introducing Video Server (BETA) for Zimbra Connect. The Video Server (BETA) is a WebRTC stream aggregator that improves Team’s performance by merging and decoding/re-encoding all streams in a meeting.

Zimbra Docs

  • New version of Docs Server is available and can be found on the Network Edition Downloads page.
  • The sidebar is now hidden by default in Docs so the interface is more clear.

Zimbra Drive

  • Fixed an issue that would prevent an admin to disable drive at startup from the web admin console

NG Modules

  • Input validation has been added to CLI to warn the administrator when invalid email addresses are given

Fixed Issues

Zimbra Collaboration

  • Fixed an issue with SPAM assassin training.
  • In the Classic Web App, operations that invoked a lot of GetInfoRequest and GetFolderRequest resulted in "StackOverflowErrors" followed by 'Connection pool shut down'. It also caused the system to become unresponsive. The issue has been fixed.

NG Auth

  • Auth’s "Domain configuration missing" notification will now ignore domain alias and be sent at most once a day.
  • Fixed a bug that caused the account’s password to be usable for EAS synchronization even if a Mobile Password was set.

NG Modules

  • Fixed a bug that prevented the backup volume to be correctly created if S3 credentials are passed to the command.
  • Added a missing ' in the "smarstcan completed" mail.
  • Fixed a bug with the timezone that made the all day events created via Exchange ActiveSync to be added to the day before instead of the correct one on the webmail.
  • Email sent via Exchange ActiveSync will not automatically have the follow-up flag now.

Zimbra Connect

  • Fixed an issue that would cause video conferences and instant messaging to be unavailable for a few seconds while mail attachments are downloaded.
  • Improved the screen sharing avatar placement so that it no longer makes the screensharing function difficult to use.
  • Fixed an issue that would cause a screen share to continue after closing the group/space/channel/instant meeting window.
  • The "Mute" button has been changed to "Mute for all".
  • Fixed an issue that would prevent all abort button not to work when creating a new instant meeting while another one is already running.
  • Improved TEAM opening screen, now an animation makes clear to the user that the application is loading.
  • Added Edit, Delete, Forward, Reply to to messages in conversations, groups, channels.
  • Connect now verifies if the account status is "maintenance" and if not send or receive further messages for it.
  • If the shared rooms or instant meetings have Deleted accounts, the chat history in Zimbra Connect did not appear. The issue has been fixed.

Zimbra Drive

  • Fixed an issue that would prevent drive items to be shared to distribution lists.

HSM

  • Added further examples when invoking a docheckblobs operation without parameters.
  • doCreateVolume command improved to give the administrator feedback when run.
  • Added the automatic creation of an HSM rule to implement what was once done using the parameter driveSecondaryStore.


Known Issues

  • None



Patch Installation

Please refer to the steps below to install 8.8.15 Patch 17 on Redhat and Ubuntu platforms:

Before Installing the Patch

Before installing the patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important Note for ZCS Setup with Local ZCS repository: Customers who have set up local ZCS repository should first update the local repository by following instructions in wiki
  • Please make note that, installing the zimbra-patch package only updates the Zimbra core packages.

8.8.15 Patch 17 Packages

The package lineup for this release is:

FOSS:

PackageName                     Version           
zimbra-patch                  ->      8.8.15.1607671731.p17-1
zimbra-common-core-jar        ->      8.8.15.1607619131-1
zimbra-common-core-libs       ->      8.8.15.1574853769-1
zimbra-mbox-store-libs        ->      8.8.15.1574853769-1
zimbra-mbox-war               ->      8.8.15.1575620896-1
zimbra-mbox-admin-console-war ->      8.8.15.1604310257-1 
zimbra-mbox-webclient-war     ->      8.8.15.1604310784-1
zimbra-drive                  ->      1.0.13.1576152256-1
zimbra-core-components        ->      2.0.2-1zimbra8.8b1
zimbra-openjdk                ->      13.0.1-1zimbra8.8b1
zimbra-openssl                ->      1.0.2t-1zimbra8.7b2
zimbra-chat                   ->      3.0.1.1594306000-1
zimbra-proxy-patch            ->      8.8.15.1604495621.p16-1
zimbra-mta-patch              ->      8.8.15.1607671731.p17-1
zimbra-ldap-components        ->      1.0.4-1zimbra8.8b1
zimbra-clamav                 ->      0.102.2-1zimbra8.8b1
zimbra-perl-mail-spamassassin ->      3.4.4-1zimbra8.8b1
zimbra-spamassassin-rules     ->      1.0.0-1zimbra8.8b1
zimbra-nginx                  ->      1.7.1-1zimbra8.8b1
zimbra-openldap-server        ->      2.4.49-1zimbra8.8b2
zimbra-mta-components         ->      1.0.7-1zimbra8.8b1
zimbra-proxy-components       ->      1.0.4-1zimbra8.8b1

NETWORK:

Package Name                    Version           
zimbra-patch                  ->      8.8.15.1607671731.p17-2
zimbra-mbox-ews-service       ->      8.8.15.1590048861-1
zimbra-drive-ng               ->      3.0.13.1606408458-1
zimbra-network-modules-ng     ->      6.0.18.1606915977-1
zimbra-docs                   ->      3.0.6.1592415783-1
zimbra-connect                ->      1.0.17.1606409013-1
zimbra-zco                    ->      8.8.15.1888.1606809036-1
zimbra-zimlet-auth            ->      1.0.0.1604473561-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-proxy-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade zimbra-mta-components on MTA node for FOSS and NETWORK

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install the package:
yum install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Uninstall zimbra-talk (NETWORK Only)

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk hence it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package:
yum remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect and zimbra-zimlet-auth (NETWORK Only)

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the packages:
yum install zimbra-network-modules-ng
yum install zimbra-connect
yum install zimbra-zimlet-auth
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, install the package:
yum install zimbra-docs
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-drive-ng (NETWORK Only)

  • As root, install the package:
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server sees there is a new zimbra-patch package in the patch repository:
apt-get update
  • Then update available packages:
apt-get upgrade

OR

  • Update all available packages plus any kernel updates:
apt-get dist-upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-proxy-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Ubuntu 18 zimbra-proxy-patch version

zimbra-proxy-patch        ->  8.8.12.1554984827.p3-1

The installation of this patch is mandatory for the proxy to function on Ubuntu 18 servers.

Install/Upgrade zimbra-mta-components on MTA node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-mta-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install package:
apt-get install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Uninstall zimbra-talk (NETWORK Only)

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk hence it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package:
apt-get remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect and zimbra-zimlet-auth (NETWORK Only)

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-connect
apt-get install zimbra-zimlet-auth
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, install package:
apt-get install zimbra-docs
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-drive-ng (NETWORK Only)

  • As root, install package:
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root, install the package:
apt-get install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Nginx TLS 1.3 Packages

The packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 (Beta) are:

PackageName                                       Version
zimbra-nginx                               ->     1.19.0-1zimbra8.8b1
zimbra-proxy-components                    ->     1.0.6-1zimbra8.8b1
zimbra-proxy-patch                         ->     8.8.15.1607930110.p17-1

Quick note: Open Source repo

The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build

Jira Summary

Jira Tickets fixed in 8.8.15 Patch 17

ZCS-10130 Verify zimbra Video Server
ZCS-10123 Fixed download concurrency issue
ZCS-10122 Screen sharing avatar behavior improvement
ZCS-10121 Meeting screen share termination fix
ZCS-10120 Changed "Mute" behavior
ZCS-10119 Fixed new instant meeting window buttons
ZCS-10118 TEAM loading screen Improvement
ZCS-10111 Verify zimbra docs server installation
ZCS-10108 Added Instant message functions
ZCS-10107 Added Connect account status awareness
ZCS-10105 Sidebar hidden by default
ZCS-10104 CLI commands input validation for email addresses
ZCS-10103 Fixed drive startup switch
ZCS-10102 Improved zxsuite online help
ZCS-10101 doCreateVolume command improved for centralized volumes
ZCS-10100 Deprecated drivesecondarystore value migration
ZCS-10099 All day events added to incorrect day fixed
ZCS-10098 Follow-up flag improvement
ZCS-10096 Fixed drive shares on distribution lists
ZCS-10095 Backup volume on S3 creation fixed
ZCS-10094 Fixed typo in smartscan email log
ZCS-10093 Improved "Domain configuration missing" notification
ZCS-10092 Mobile password must be exclusive for EAS
ZCS-9361 zm-saml-consumer-store extension vulnerable to Billion Laughs XXE attack
ZCOMT-2204 Advance search in Outook(ZCO) to get the contact which has middle name included in the firstname
ZBUG-1966 [11.3.2020 reopen]- SPAM Learn - NullPointerException while running zmtrainsa
ZBUG-1946 Zimbra connect doesn't display chat
ZBUG-1456 Connection pool shut down 3.0
Jump to: navigation, search