Zimbra Releases/8.8.8: Difference between revisions
(15 intermediate revisions by 2 users not shown) | |||
Line 4: | Line 4: | ||
<li class="active">Zimbra Collaboration 8.8.8</li> | <li class="active">Zimbra Collaboration 8.8.8</li> | ||
</ol> | </ol> | ||
__FORCETOC__ | __FORCETOC__ | ||
<div class="col-md-12"> | <div class="col-md-12"> | ||
Line 10: | Line 11: | ||
=Zimbra Collaboration 8.8.8 GA Release= | =Zimbra Collaboration 8.8.8 GA Release= | ||
<div class="col-md-9"> | <div class="col-md-9"> | ||
Check out the '''"[[#security|Security Fixes]]"''', '''"[[#fixed|Fixed Issues]]"''' and '''"[[#known|Known Issues]]"''' for this version of Zimbra Collaboration. We've also added a '''"[[#zextras|ZeXtras Suite Changelog]]"''' and '''"[[#compatibility|Compatibility]]"''' section with useful information. As always, you’re encouraged to tell us what you think in the Forums, or | Check out the '''"[[#security|Security Fixes]]"''', '''"[[#fixed|Fixed Issues]]"''' and '''"[[#known|Known Issues]]"''' for this version of Zimbra Collaboration. We've also added a '''"[[#zextras|ZeXtras Suite Changelog]]"''' and '''"[[#compatibility|Compatibility]]"''' section with useful information. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket. | ||
=Security Fixes= | =Security Fixes= | ||
Line 25: | Line 26: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=----- -----]</td> | <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108786 108786]</td> | ||
<td> | <td> Persistent XSS - content-location [CWE-79] </td> | ||
<td> | <td> CVE-2018-6882 </td> | ||
<td> | <td> 4.3 </td> | ||
<td style="text-align: center;"> | <td style="text-align: center;"> Minor </td> | ||
<td style="text-align: center;"> | <td style="text-align: center;">8.8.8</td> | ||
</tr> | |||
<tr> | |||
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108227 108227]</td> | |||
<td> [https://www.cvedetails.com/vulnerability-list/vendor_id-6538/Jquery.html jQuery Multiple vulnerabilities] </td> | |||
<td> Various </td> | |||
<td> 4.3 - 5.0 </td> | |||
<td style="text-align: center;"> Minor </td> | |||
<td style="text-align: center;">8.8.8</td> | |||
</tr> | |||
<tr> | |||
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108221 108221]</td> | |||
<td> Certificate based authentication not working since 8.7.5 </td> | |||
<td> - </td> | |||
<td> - </td> | |||
<td style="text-align: center;"> - </td> | |||
<td style="text-align: center;">8.8.8</td> | |||
</tr> | |||
<tr> | |||
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108894 108894]</td> | |||
<td> Redact Admin SOAP API zimbraSSLPrivateKey access [CWE-199] </td> | |||
<td> CVE-2018-10951</td> | |||
<td> 3.6 </td> | |||
<td style="text-align: center;"> Minor </td> | |||
<td style="text-align: center;">8.8.8</td> | |||
</tr> | </tr> | ||
</table> | </table> | ||
Line 43: | Line 68: | ||
<th colspan="2" class="info"><h4><div id="new">What's New</div></h4></th> | <th colspan="2" class="info"><h4><div id="new">What's New</div></h4></th> | ||
</tr> | </tr> | ||
<tr><td class="col-md-1">''' | <tr><td class="col-md-1">'''Zimbra Talk''' - As announced at [https://info.zimbra.com/zimbra-forum-france-2018 Zimbra Forum France 2018], we're proud to introduce '''Zimbra Talk'''! Experience Group and Corporate Messaging, File Sharing, and '''Videoconferencing''' right inside the Zimbra Web Client. Administrators can learn more by reading the [https://wiki.zimbra.com/wiki/Talk_V2_Admin_Guide Admin Guide].</td></tr> | ||
<tr><td class="col-md-1">'''Simplified SSO support in Zimbra Connector for Outlook™''' - Previously, SSO authentication required matching the ZCO profile (email address) to the Windows logon name, with some other indirect settings. Now users can explicitly set a checkbox to "Connect using my Windows login credentials", which is clearer and supports the common situation where an email address and Windows login are different. Refer to the [https://wiki.zimbra.com/wiki/Configuring_SPNEGO_Single_Sign-On#Beginning_with_release_8.8.8 updated Tech Note] for admin details.</td></tr> | |||
<tr><td class="col-md-1">'''New localization in Zimbra Connector for Outlook''' - ZCO now supports Vietnamese.</td></tr> | |||
</table> | </table> | ||
Line 51: | Line 78: | ||
<table class="table table-striped table-condensed"> | <table class="table table-striped table-condensed"> | ||
<tr> | <tr> | ||
<th colspan="2" class="info"><h4><div id="fixed">Fixed Issues [https://bugzilla.zimbra.com/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&chfield=bug_status&chfieldto=2018-03- | <th colspan="2" class="info"><h4><div id="fixed">Fixed Issues [https://bugzilla.zimbra.com/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&chfield=bug_status&chfieldto=2018-03-28&chfieldvalue=RESOLVED&f1=keywords&list_id=362849&o1=anyexact&query_format=advanced&v1=8_8_8 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th> | ||
</tr> | </tr> | ||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108709 108709] </td><td class="col-md-10"> ZWC affected by Mailsploit due to default zimbraPrefShortEmailAddress TRUE since ZCS 7.0</td></tr> | <tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108709 108709] </td><td class="col-md-10"> ZWC affected by Mailsploit due to default zimbraPrefShortEmailAddress TRUE since ZCS 7.0</td></tr> | ||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108786 108786] </td><td class="col-md-10"> Bug 108786 - Persistent XSS - content-location [CWE-79]</td></tr> | <tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108786 108786] </td><td class="col-md-10"> Bug 108786 - Persistent XSS - content-location [CWE-79]</td></tr> | ||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=104412 104412] </td><td class="col-md-10"> Upgrade to tinymce 4.7.9</td></tr> | |||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=104412 104412] </td><td class="col-md-10"> Upgrade to tinymce 4.7. | |||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108227 108227] </td><td class="col-md-10"> Upgrade to jQuery 3.1.1</td></tr> | <tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108227 108227] </td><td class="col-md-10"> Upgrade to jQuery 3.1.1</td></tr> | ||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101172 101172] </td><td class="col-md-10"> | <tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101172 101172] </td><td class="col-md-10"> Upgrade YUIcompressor to 4.2.8; deprecate for external libs</td></tr> | ||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108221 108221] </td><td class="col-md-10"> Certificate based authentication not working since 8.7.5</td></tr> | <tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108221 108221] </td><td class="col-md-10"> Certificate based authentication not working since 8.7.5</td></tr> | ||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=77129 77129] </td><td class="col-md-10"> Mails should also display time not just date</td></tr> | <tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=77129 77129] </td><td class="col-md-10"> Mails should also display time not just date</td></tr> | ||
Line 67: | Line 92: | ||
<table class="table table-striped table-condensed"> | <table class="table table-striped table-condensed"> | ||
<tr> | <tr> | ||
<th colspan="2" class="info"><h4><div id="known">Known Issues [https://bugzilla.zimbra.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=IN_PROGRESS&bug_status=REOPENED&chfield= | <th colspan="2" class="info"><h4><div id="known">Known Issues [https://bugzilla.zimbra.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=IN_PROGRESS&bug_status=REOPENED&chfield=%5BBug%20creation%5D&f1=keywords&list_id=363730&o1=anyexact&query_format=advanced&v1=8_8_8 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th> | ||
</tr> | </tr> | ||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=----- ---- | <tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108905 108905] </td><td class="col-md-10"> ZimbraNetwork Module is not visible in Admin Console after upgrade to 8.8.8</td></tr> | ||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108906 108906] </td><td class="col-md-10"> Encounter ZxChatRequest error after upgrade to Turing-8.8.8</td></tr> | |||
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108907 108907] </td><td class="col-md-10"> Cannot upgrade directly from 7.2.7 to 8.8.8</td></tr> | |||
</table> | </table> | ||
Line 76: | Line 103: | ||
<th colspan="2" class="info"><h4><div id="zextras">ZeXtras Suite Changelog</div></h4></th> | <th colspan="2" class="info"><h4><div id="zextras">ZeXtras Suite Changelog</div></h4></th> | ||
</tr> | </tr> | ||
<tr><td class="col-md-1"> | <tr><td class="col-md-1">'''Backup NG:''' | ||
* Added an additional safety check and parser for calendar metadata to ensure proper restoring even in case of bad data typing. | |||
* The LDAP Backup feature now also works over SSL and TLS. | |||
</td></tr> | |||
<tr><td class="col-md-1">'''Mobile NG:''' | |||
* Changed the attachment management logic to fix a bug that could cause an illegal value for the EstimatedDataSize value of an EAS transaction. | |||
* Fixed a bug that caused a misleading and harmless exception in the mobile debug log when sending an email with an image or ics attachment. | |||
* Fixed an issue that caused contact notes to be deleted after being synchronized through EAS 2.5. | |||
* Added a sanity check on Server IDs to ensure a badly formatted information can't block the synchronization. | |||
* Modified Content-Disposition Mime parsing, adding quotes for each assignment (=) to avoid illegal characters like commas. Empty assignments are also stripped. | |||
* Error handling code has been tweaked in order not to return an HTTP Status 200 on an error, using the appropriate status code instead (400). | |||
* Fixed a bug that caused attachments to be unretrievable from shared folders. | |||
</td></tr> | |||
<tr><td class="col-md-1">'''HSM NG:''' | |||
* Fixed a typo in the output of the `getAllOperations` command. | |||
* Several exception types have been added to the Mailbox Move feature to better handle errors. | |||
* Mailbox Move commands can now be queued up. | |||
* New parameters available in the Mailbox Move command: | |||
** accounts- a list of mailboxes to move, separated by ";" | |||
** domain - to move an entire domain | |||
** input_file - path to a file containin one email address per line | |||
* Improved output for the doDeduplicate command when executed in dry-run mode. | |||
</td></tr> | |||
<tr><td class="col-md-1">'''Admin Console:''' | |||
* Admin Console upgraded in order to properly handle requests from different servers (Legacy or NG) to improve its usability during Rolling Upgrades. | |||
</td></tr> | |||
<tr><td class="col-md-1">'''Zimbra Chat:''' | |||
* New history management: history is now stored in IM conversations instead of in emails within the Chats folder. | |||
* Added message delivery and read awareness | |||
** 0 ticks, message undelivered | |||
** 1 tick, message delivered | |||
** 2 ticks, message read). | |||
* The auto-away feature has been temporarily disabled due to some ongoing tests, it will be re-enabled as soon as possible. | |||
</td></tr> | |||
<tr><td class="col-md-1">'''Zimbra Drive:''' | |||
* No changes | |||
</td></tr> | |||
<tr><td class="col-md-1">'''Zimbra Talk:''' | |||
* Initial release. | |||
</td></tr> | </td></tr> | ||
</table> | </table> | ||
Line 85: | Line 150: | ||
Zimbra Drive is compatible with: | Zimbra Drive is compatible with: | ||
* [https://nextcloud.com/changelog NextCloud] versions 9, 10, 11, and | * [https://nextcloud.com/changelog NextCloud] versions 9, 10, 11, 12 and 13 only (See NextCloud store for latest.) | ||
* [https://owncloud.com ownCloud] versions 9.0, 9.1, and 10 only | * [https://owncloud.com ownCloud] versions 9.0, 9.1, and 10 only | ||
Latest revision as of 19:48, 26 June 2018
Zimbra Collaboration 8.8.8 GA Release
Check out the "Security Fixes", "Fixed Issues" and "Known Issues" for this version of Zimbra Collaboration. We've also added a "ZeXtras Suite Changelog" and "Compatibility" section with useful information. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
---|---|---|---|---|---|
108786 | Persistent XSS - content-location [CWE-79] | CVE-2018-6882 | 4.3 | Minor | 8.8.8 |
108227 | jQuery Multiple vulnerabilities | Various | 4.3 - 5.0 | Minor | 8.8.8 |
108221 | Certificate based authentication not working since 8.7.5 | - | - | - | 8.8.8 |
108894 | Redact Admin SOAP API zimbraSSLPrivateKey access [CWE-199] | CVE-2018-10951 | 3.6 | Minor | 8.8.8 |
Software changes
NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read "Things to Know Before Upgrading" and "First Steps with the Zimbra NG Modules" for critical information before you upgrade.
|
|
---|---|
Zimbra Talk - As announced at Zimbra Forum France 2018, we're proud to introduce Zimbra Talk! Experience Group and Corporate Messaging, File Sharing, and Videoconferencing right inside the Zimbra Web Client. Administrators can learn more by reading the Admin Guide. | |
Simplified SSO support in Zimbra Connector for Outlook™ - Previously, SSO authentication required matching the ZCO profile (email address) to the Windows logon name, with some other indirect settings. Now users can explicitly set a checkbox to "Connect using my Windows login credentials", which is clearer and supports the common situation where an email address and Windows login are different. Refer to the updated Tech Note for admin details. | |
New localization in Zimbra Connector for Outlook - ZCO now supports Vietnamese. |
NOTE: Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.
|
|
---|---|
108709 | ZWC affected by Mailsploit due to default zimbraPrefShortEmailAddress TRUE since ZCS 7.0 |
108786 | Bug 108786 - Persistent XSS - content-location [CWE-79] |
104412 | Upgrade to tinymce 4.7.9 |
108227 | Upgrade to jQuery 3.1.1 |
101172 | Upgrade YUIcompressor to 4.2.8; deprecate for external libs |
108221 | Certificate based authentication not working since 8.7.5 |
77129 | Mails should also display time not just date |
108894 | SOAP API should not return a value for zimbraSSLPrivateKey |
|
|
---|---|
108905 | ZimbraNetwork Module is not visible in Admin Console after upgrade to 8.8.8 |
108906 | Encounter ZxChatRequest error after upgrade to Turing-8.8.8 |
108907 | Cannot upgrade directly from 7.2.7 to 8.8.8 |
|
|
---|---|
Backup NG:
| |
Mobile NG:
| |
HSM NG:
| |
Admin Console:
| |
Zimbra Chat:
| |
Zimbra Drive:
| |
Zimbra Talk:
|
Quick note: Compatibility
SOAP requests, e.g. those in code for custom admin actions, may need to be updated to maintain compatibility beginning with this release. To address the security issue in Bug 108894, the GetServer, GetAllServers, and GetAllActiveServers SOAP responses now send "VALUE_BLOCKED" for zimbraSSLPrivateKey by default.
Zimbra Drive is compatible with:
- NextCloud versions 9, 10, 11, 12 and 13 only (See NextCloud store for latest.)
- ownCloud versions 9.0, 9.1, and 10 only
Quick note: Open Source repo
Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »