Zimbra Releases/8.8.15/P38: Difference between revisions

(Joule-8.8.15.P38)
 
mNo edit summary
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{WIP}}
= Zimbra Collaboration Joule 8.8.15 Patch 38 GA Release =
= Zimbra Collaboration Joule 8.8.15 Patch 38 GA Release =


Line 14: Line 13:


As part of this patch, we are releasing the updated ClamAV and its related packages which are installed only on MTA nodes. Since this patch will not get installed on other nodes (e.g. Mailbox, LDAP), it will continue to display the previously installed patch versions as '''Patch 8.8.15_P37'''.
As part of this patch, we are releasing the updated ClamAV and its related packages which are installed only on MTA nodes. Since this patch will not get installed on other nodes (e.g. Mailbox, LDAP), it will continue to display the previously installed patch versions as '''Patch 8.8.15_P37'''.
If patch 36 or older are currently installed on your server, please ensure you review  [https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P37 Patch 37] release notes to obtain all updates on all components.
</div>
</div>
<br/>
<br/>
Line 25: Line 27:
|-
|-
|style="border: solid #ffffff;"| The ClamAV package has been upgraded to version 0.105.2 to fix multiple vulnerabilities
|style="border: solid #ffffff;"| The ClamAV package has been upgraded to version 0.105.2 to fix multiple vulnerabilities
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-20032 CVE-2023-20032] [https://nvd.nist.gov/vuln/detail/CVE-2023-20052 CVE-2023-20052]
|style="border: solid #ffffff; text-align: center;"|[https://nvd.nist.gov/vuln/detail/CVE-2023-20032 CVE-2023-20032]
|style="border: solid #ffffff; text-align: center;"| TBD
|style="border: solid #ffffff; text-align: center;"| 9.8
|style="border: solid #ffffff; text-align: center;"| Low
|style="border: solid #ffffff; text-align: center;"| Critical
|}
|}



Revision as of 06:08, 17 March 2023

Zimbra Collaboration Joule 8.8.15 Patch 38 GA Release

Check out the Security Fixes, What's New, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.


NOTICE: MTA Patch version

As part of this patch, we are releasing the updated ClamAV and its related packages which are installed only on MTA nodes. Since this patch will not get installed on other nodes (e.g. Mailbox, LDAP), it will continue to display the previously installed patch versions as Patch 8.8.15_P37.

If patch 36 or older are currently installed on your server, please ensure you review Patch 37 release notes to obtain all updates on all components.


Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating
The ClamAV package has been upgraded to version 0.105.2 to fix multiple vulnerabilities CVE-2023-20032 9.8 Critical

Note: Additional configuration for further hardening your Zimbra setup can be found on the Zimbra Support Portal. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration.

What's New

Package Upgrade

  • ClamAV package has been upgraded from 0.105.1-2 to version 0.105.2


Known Issues

  • While deploying zimlets, if the following error is encountered, please refer to the Patch Installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets.
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target
       at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target
       at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)
       at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
       at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
       ... 1 more
  • From Joule-Patch-32 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.
  • With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.

To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions:

1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true

2. Restart mailboxd service:

su - zimbra
zmmailboxdctl restart


Packages

The package lineup for this release is:

FOSS:

PackageName                                       -> Version
zimbra-mta-patch                                  ->  8.8.15.1677488961.p38-1
zimbra-mta-components                             ->  1.0.19-1zimbra8.8b1
zimbra-clamav                                     ->  0.105.2-1zimbra8.8b3


Patch Installation

Please refer to the steps below to install Joule 8.8.15 Patch 38 on Redhat and Ubuntu platforms:

Before Installing the Patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important Note for ZCS Setup with Local ZCS repository: Customers who have set up local ZCS repository should first update the local repository by following instructions in wiki


Redhat

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Ubuntu

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install package
apt-get install zimbra-mta-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Quick note: Open Source repo

The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build

Jump to: navigation, search