Zimbra Releases/8.8.15/P29

Revision as of 16:07, 15 December 2021 by Dawood Shaikh (talk | contribs)

Zimbra Collaboration Joule 8.8.15 Patch 29 GA Release

Check out the What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.


Log4j 0-day exploit vulnerability

After intensive review and testing, Zimbra Development determined that the zero-day exploit vulnerability for Log4j (CVE-2021-44228) does not affect the current Supported Zimbra versions (9.0.0 & 8.8.15). Zimbra Collaboration Server currently uses Log4j version 1.2.16. The cause of the vulnerability is found in the lookup expression feature in Log4j versions 2.0 to 2.17.

Also, the Redhat (CVE-2021-4104) vulnerability does not affect the current Supported Zimbra Collaboration Server versions (8.8.15 & 9.0.0). For this vulnerability to affect the server, it needs JMSAppender and the ability to append configuration files. Zimbra does not use the JMSAppender.

We are in the process of upgrading Log4j and expect it to be completed within the first quarter of 2022.


What's New

ZCO

  • The Organizational Chart feature is now available in ZCO. The feature is controlled by Org Chart zimlet and should be enabled on the server. Once enabled, the feature can be accessed by navigating to Zimbra Ribbon -> Org Browser -> Personnel. The employee information will be displayed in a tree-like hierarchy.
  • If the Org Chart and HAB Features are enabled on the server, the Outlook users will see the Org Browser button in the Zimbra ribbon, which will include both Hierarchical Address Book and Organizational Chart features.


Fixed Issues

Web UX - Admin

  • When the Must Change Password option is enabled for the Admin account, a prompt to change the password is not given when logging into Admin Console. The issue has been fixed.

Platform

  • Earlier, Zimbra recommended not to use any wild card entries for the zimbraProxyAllowedDomains configuration. For the configured zimbraProxyAllowedDomains it was still possible to register to the domains that contain configured domains as a substring. For example, if zimbraProxyAllowedDomains whitelist contains zimbra.com, an attacker could still register notrealzimbra.com and get his request for this domain proxied. The issue has been fixed.
  • In EWS, if the invitation is sent using MS Teams, then the invite links were not displayed since they were not rendered in HTML. The issue has been fixed.

NG Backup

  • Added the start parameter to doSmartScan example in the command help which was missing.
  • Fixed a bug that caused false-positive errors to be reported during the doCoherencyCheck operations if any tags/flags were present.

Zimbra Drive

  • Users can now rename files even if their extension is missing.

HSM

  • Under a few specific scenarios during the MailboxMove procedure, the account_info file was corrupted, making the JSON file invalid. This has now been fixed.


Known Issues

  • None


Patch Installation

Please refer to the steps below to install 8.8.15 Patch 29 on Redhat and Ubuntu platforms:

Before Installing the Patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important! Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.

8.8.15 Patch 29 Packages

The package lineup for this release is:

FOSS:

PackageName                     Version
zimbra-patch                  ->      8.8.15.1638533801.p29-2
zimbra-mta-patch              ->      8.8.15.1638533801.p29-1
zimbra-mta-components         ->      1.0.14-1zimbra8.8b1
zimbra-proxy-patch            ->      8.8.15.1634196512.p27-1
zimbra-proxy-components       ->      1.0.9-1zimbra8.8b1
zimbra-nginx                  ->      1.20.0-1zimbra8.8b2
zimbra-common-core-jar        ->      8.8.15.1638522051-1
zimbra-common-core-libs       ->      8.8.15.1623913824-1
zimbra-mbox-conf              ->      8.8.15.1568012813-1
zimbra-mbox-service           ->      8.8.15.1568694943-1
zimbra-mbox-store-libs        ->      8.8.15.1626439528-1
zimbra-mbox-war               ->      8.8.15.1618222785-1
zimbra-mbox-admin-console-war ->      8.8.15.1638523912-1
zimbra-mbox-webclient-war     ->      8.8.15.1635813854-1
zimbra-drive                  ->      1.0.13.1576152256-1
zimbra-core-components        ->      2.0.14-1zimbra8.8b1
zimbra-openjdk                ->      13.0.1-1zimbra8.8b1
zimbra-openjdk-cacerts        ->      1.0.8-1zimbra8.7b1
zimbra-openssl                ->      1.1.1l-1zimbra8.7b4
zimbra-openldap-lib           ->      2.4.59-1zimbra8.8b5
zimbra-openldap-client	      ->      2.4.59-1zimbra8.8b5
zimbra-openldap-server        ->      2.4.59-1zimbra8.8b5
zimbra-ldap-components        ->      1.0.14-1zimbra8.8b1
zimbra-core-components        ->      2.0.14-1zimbra8.8b1
zimbra-postfix                ->      3.6.1-1zimbra8.7b3
zimbra-postfix-logwatch       ->      1.40.03-1zimbra8.7b1
zimbra-clamav                 ->      0.103.2-1zimbra8.8b3
zimbra-perl-mail-spamassassin ->      3.4.5-1zimbra8.8b3
zimbra-spamassassin-rules     ->      1.0.0-1zimbra8.8b4
zimbra-openldap-server        ->      2.4.59-1zimbra8.8b5
zimbra-chat                   ->      3.0.1.1594306000-1
                                                        

NETWORK:

Package Name                    Version           
zimbra-patch                  ->      8.8.15.1638533801.p29-1
zimbra-mbox-ews-service       ->      8.8.15.1638522634-1
zimbra-drive-ng               ->      3.0.16.1637855904-1
zimbra-network-modules-ng     ->      6.0.31.1637855529-1
zimbra-docs                   ->      3.0.8.1616090809-1
zimbra-connect                ->      1.0.29.1635424238-1
zimbra-zco                    ->      8.8.15.1908.1636710405-1
zimbra-zimlet-auth            ->      1.0.2.1622463729-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • On mailstore node, install the following packages:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually for NETWORK and FOSS

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
yum install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

yum install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
yum install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, install the package:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
yum install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
yum install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
yum install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages (NETWORK Only)

Uninstall zimbra-talk on mailstore node

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
yum remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs and zimbra-drive-ng on mailstore node

yum install zimbra-network-modules-ng
yum install zimbra-connect
yum install zimbra-zimlet-auth
yum install zimbra-docs
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install the package:
yum install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server checks there is a new zimbra-patch package in the patch repository:
apt-get update
  • On mailstore node, install the following packages:
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then update available packages:
apt-get upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually for NETWORK and FOSS

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
apt-get install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

apt-get install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, install package
apt-get install zimbra-mta-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install package
apt-get install zimbra-mta-patch
  • If dnscache is installed, upgrade the package before restarting the services:
apt-get install zimbra-dnscache-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
apt-get install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
apt-get install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
apt-get install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages (NETWORK Only)

Uninstall zimbra-talk on mailstore node

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
apt-get remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs, zimbra-drive-ng on mailstore node

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-connect
apt-get install zimbra-zimlet-auth
apt-get install zimbra-docs
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install package:
apt-get install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgraded 3rd Party Packages

  • OpenSSL and Postfix TLS 1.3 GA Packages

The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:

Package Name      Version
zimbra-openssl : 1.1.1l-1zimbra8.7b4
zimbra-postfix : 3.6.1-1zimbra8.7b3
zimbra-nginx : 1.20.0-1zimbra8.8b2
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b2
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.59-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.103.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2
zimbra-perl-net-http : 6.09-1zimbra8.7b3
zimbra-perl-libwww : 6.13-1zimbra8.7b3
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3
zimbra-httpd : 2.4.46-1zimbra8.7b3
zimbra-php : 7.3.25-1zimbra8.7b3
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1
zimbra-perl : 1.0.5-1zimbra8.7b1
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.4-1zimbra8.8b1
zimbra-spell-components : 2.0.4-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.14-1zimbra8.8b1
zimbra-core-components : 2.0.14-1zimbra8.8b1
zimbra-proxy-components : 1.0.9-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 1.0.14-1zimbra8.8b1
  • OpenSSL and Postfix TLS 1.3 Packages

The GA packages for RHEL8 are:

Package Name      Version
zimbra-openssl : 1.1.1l-1zimbra8.7b4
zimbra-postfix : 3.6.1-1zimbra8.7b3
zimbra-nginx : 1.20.0-1zimbra8.8b2
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b3
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.59-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.103.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3
zimbra-perl-net-http : 6.09-1zimbra8.7b4
zimbra-perl-libwww : 6.13-1zimbra8.7b4
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4
zimbra-httpd : 2.4.46-1zimbra8.7b3
zimbra-php : 7.3.25-1zimbra8.7b3
zimbra-perl : 1.0.6-1zimbra8.7b1 
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.4-1zimbra8.8b1
zimbra-spell-components : 2.0.4-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.14-1zimbra8.8b1
zimbra-core-components : 2.0.14-1zimbra8.8b1
zimbra-proxy-components : 1.0.9-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 1.0.14-1zimbra8.8b1

The updated GA packages are:

Package            Old-Version    New-Version
postfix              3.5.6          3.6.1
openssl              1.1.1k         1.1.1l
openldap             2.4.49         2.4.59
nginx                1.19.0          1.20.0
postfix-logwatch     1.40.01        1.40.03
io-socket-ssl	     2.020          2.068
xml-simple           2.20           2.25
crypt-openssl-rsa    0.28           0.31
net-snmp             5.7.3          5.8
dbd-mysql            4.033          4.050
apr-util             1.5.4          1.6.1
unbound              1.5.9          1.11.0
net-ssleay           1.72           1.88
  • Nginx TLS 1.3 Packages

The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 are:

PackageName                                       Version
zimbra-nginx                               ->     1.20.0-1zimbra8.8b2
zimbra-proxy-patch                         ->     8.8.15.1634196512.p27-1
zimbra-proxy-components                    ->     1.0.9-1zimbra8.8b1

Quick note: Open Source repo

The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build

Jira Summary

Jira Tickets fixed in 8.8.15 Patch 29

ZCS-11084 Permit renaming of files without extension parameter
ZCS-11082 Improve the creation of JSON file under account_info during MailboxMove
ZCS-11080 doSmartScan help usage example fixed
ZCS-11079 False-positive errors in coherency check operation fixed
ZCOMT-2390 Org Chart integration with the HAB dialog
ZCOMT-2361 Rename 'HAB Browser' button with 'HAB/Organization Browser' button on Zimbra ribbon
ZBUG-2457 Selecting 'Must change password' in the admin console for the admin account doesn't work
ZBUG-2368 ProxyServlet domain check: substring match vulnerability
ZBUG-2316 EWS : MS Teams meeting invitation links getting removed after accepting the invite
Jump to: navigation, search