Difference between revisions of "Zimbra Releases/8.8.8/P1"

(Zimbra Collaboration 8.8.8 Patch 1 GA Release)
m
Line 1: Line 1:
={{WIP}} Zimbra Collaboration 8.8.8 Patch 1 GA Release=
+
=Zimbra Collaboration 8.8.8 Patch 1 GA Release=
 +
{{WIP}}
 
<div class="col-md-9">
 
<div class="col-md-9">
Check out the '''"[[#security|Security Fixes]]"''', '''"[[#fixed|Fixed Issues]]"''' and '''"[[#known|Known Issues]]"''' for this version of Zimbra Collaboration. We've also added a '''"[[#zextras|ZeXtras Suite Changelog]]"''' and '''"[[#compatibility|Compatibility]]"''' section with useful information. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in '''[https://bugzilla.zimbra.com/enter_bug.cgi Bugzilla]'''.
+
Check out the '''"[[#security|Security Fixes]]"''', '''"[[#fixed|Fixed Issues]]"''' and '''"[[#known|Known Issues]]"''' for this version of Zimbra Collaboration. We've also added a '''"[[#zextras|ZeXtras Suite Changelog]]"''' section with useful information. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in '''[https://bugzilla.zimbra.com/enter_bug.cgi Bugzilla]'''.
  
 
=Security Fixes=
 
=Security Fixes=
Line 16: Line 17:
 
</tr>
 
</tr>
 
<tr>
 
<tr>
   <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108786 108786]</td>
+
   <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=97579 97579]</td>
   <td> Persistent XSS - content-location [CWE-79] </td>
+
   <td> login CSRF protection: ZWC login form does not use a csrf token [CWE-352] </td>
 
   <td> tba</td>
 
   <td> tba</td>
 
   <td> tba</td>
 
   <td> tba</td>
 
   <td style="text-align: center;">tba</td>
 
   <td style="text-align: center;">tba</td>
   <td style="text-align: center;">8.8.8</td>
+
   <td style="text-align: center;">8.8.8 Patch1</td>
</tr>
 
<tr>
 
  <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108227 108227]</td>
 
  <td> [https://www.cvedetails.com/vulnerability-list/vendor_id-6538/Jquery.html Multiple vulnerabilities] </td>
 
  <td> Various </td>
 
  <td> 4.3 - 5.0 </td>
 
  <td style="text-align: center;">Low</td>
 
  <td style="text-align: center;">8.8.8</td>
 
</tr>
 
<tr>
 
  <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108221 108221]</td>
 
  <td> Certificate based authentication not working since 8.7.5 </td>
 
  <td> tba</td>
 
  <td> tba</td>
 
  <td style="text-align: center;">tba</td>
 
  <td style="text-align: center;">8.8.8</td>
 
</tr>
 
<tr>
 
  <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108894 108894]</td>
 
  <td> SOAP response with private key </td>
 
  <td> tba</td>
 
  <td> tba</td>
 
  <td style="text-align: center;">tba</td>
 
  <td style="text-align: center;">8.8.8</td>
 
 
</tr>
 
</tr>
 
</table>
 
</table>
 
  
 
=Software changes=
 
=Software changes=
 
<div class="alert alert-dark fade in"> <p>'''NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read [https://wiki.zimbra.com/wiki/Zimbra_Next_Generation_Modules/Things_To_Know_Before_Upgrading "Things to Know Before Upgrading"] and [https://wiki.zimbra.com/wiki/Zimbra_Next_Generation_Modules/First_Steps_with_the_Zimbra_NG_Modules "First Steps with the Zimbra NG Modules"] for critical information before you upgrade.'''</p></div>
 
 
<br />
 
<table class="table table-striped table-condensed">
 
        <tr>
 
            <th colspan="2" class="info"><h4><div id="new">What's New</div></h4></th>
 
        </tr>
 
        <tr><td class="col-md-1">'''Zimbra Talk''' - As announced at [https://info.zimbra.com/zimbra-forum-france-2018 Zimbra Forum France 2018], we're proud to introduce '''Zimbra Talk'''! Experience Group and Corporate Messaging, File Sharing, and '''Videoconferencing''' right inside the Zimbra Web Client. Administrators can learn more by reading the [https://wiki.zimbra.com/wiki/Talk_V2_Admin_Guide Admin Guide].</td></tr>
 
        <tr><td class="col-md-1">'''Simplified SSO support in Zimbra Connector for Outlook™''' - Previously, SSO authentication required matching the ZCO profile (email address) to the Windows logon name, with some other indirect settings. Now users can explicitly set a checkbox to "Connect using my Windows login credentials", which is clearer and supports the common situation where an email address and Windows login are different. Refer to the [https://wiki.zimbra.com/wiki/Configuring_SPNEGO_Single_Sign-On#Beginning_with_release_8.8.8 updated Tech Note] for admin details.</td></tr>
 
        <tr><td class="col-md-1">'''New localization in Zimbra Connector for Outlook''' - ZCO now supports Vietnamese.</td></tr>
 
</table>
 
 
<div class="alert alert-dark fade in"> <p>'''NOTE:''' Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.</p></div>
 
<br />
 
  
 
<table class="table table-striped table-condensed">
 
<table class="table table-striped table-condensed">
Line 71: Line 32:
 
             <th colspan="2" class="info"><h4><div id="fixed">Fixed Issues [https://bugzilla.zimbra.com/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&chfield=bug_status&chfieldto=2018-03-28&chfieldvalue=RESOLVED&f1=keywords&list_id=362849&o1=anyexact&query_format=advanced&v1=8_8_8 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th>
 
             <th colspan="2" class="info"><h4><div id="fixed">Fixed Issues [https://bugzilla.zimbra.com/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&chfield=bug_status&chfieldto=2018-03-28&chfieldvalue=RESOLVED&f1=keywords&list_id=362849&o1=anyexact&query_format=advanced&v1=8_8_8 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th>
 
         </tr>
 
         </tr>
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108709 108709] </td><td class="col-md-10">  ZWC affected by Mailsploit due to default zimbraPrefShortEmailAddress TRUE since ZCS 7.0</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108786 108786] </td><td class="col-md-10">  Bug 108786 - Persistent XSS - content-location [CWE-79]</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=104412 104412] </td><td class="col-md-10">  Upgrade to tinymce 4.7.9</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108227 108227] </td><td class="col-md-10">  Upgrade to jQuery 3.1.1</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=101172 101172] </td><td class="col-md-10">  Upgrade YUIcompressor to 4.2.8; deprecate for external libs</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108221 108221] </td><td class="col-md-10">  Certificate based authentication not working since 8.7.5</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=77129 77129] </td><td class="col-md-10">  Mails should also display time not just date</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108894 108894] </td><td class="col-md-10">  SOAP API should not return a value for zimbraSSLPrivateKey</td></tr>
 
 
</table>
 
</table>
  
Line 85: Line 38:
 
             <th colspan="2" class="info"><h4><div id="known">Known Issues [https://bugzilla.zimbra.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=IN_PROGRESS&bug_status=REOPENED&chfield=%5BBug%20creation%5D&f1=keywords&list_id=363730&o1=anyexact&query_format=advanced&v1=8_8_8 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th>
 
             <th colspan="2" class="info"><h4><div id="known">Known Issues [https://bugzilla.zimbra.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=IN_PROGRESS&bug_status=REOPENED&chfield=%5BBug%20creation%5D&f1=keywords&list_id=363730&o1=anyexact&query_format=advanced&v1=8_8_8 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th>
 
         </tr>
 
         </tr>
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108905 108905] </td><td class="col-md-10">  ZimbraNetwork Module is not visible in Admin Console after upgrade to 8.8.8</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108906 108906] </td><td class="col-md-10">  Encounter ZxChatRequest error after upgrade to Turing-8.8.8</td></tr>
 
        <tr><td class="col-md-1">  [https://bugzilla.zimbra.com/show_bug.cgi?id=108907 108907] </td><td class="col-md-10">  Cannot upgrade directly from 7.2.7 to 8.8.8</td></tr>
 
 
</table>
 
</table>
  
Line 94: Line 44:
 
             <th colspan="2" class="info"><h4><div id="zextras">ZeXtras Suite Changelog</div></h4></th>
 
             <th colspan="2" class="info"><h4><div id="zextras">ZeXtras Suite Changelog</div></h4></th>
 
         </tr>
 
         </tr>
 +
<tr><td class="col-md-1">'''General NG:'''
 +
* Fixed a missing sentence in the "Module not running" Admin Console banner.
 +
* Fixed an issue that could cause double clicks not to open the proper "edit" window in the Delegated Admin and Device List sections of the Admin Console.
 +
</td></tr>
 
<tr><td class="col-md-1">'''Backup NG:'''
 
<tr><td class="col-md-1">'''Backup NG:'''
* Added an additional safety check and parser for calendar metadata to ensure proper restoring even in case of bad data typing.
+
* Fixed a glitch that could cause the Scanned Accounts counter in the "Account Scan" operation not to increment properly for accounts that took less than one second to scan.
* The LDAP Backup feature now also works over SSL and TLS.
 
 
</td></tr>
 
</td></tr>
 
<tr><td class="col-md-1">'''Mobile NG:'''
 
<tr><td class="col-md-1">'''Mobile NG:'''
* Changed the attachment management logic to fix a bug that could cause an illegal value for the EstimatedDataSize value of an EAS transaction.
+
* Fixed a bug that could cause attachments to return an invalid value in the "EstimatedDataSize" field of the synchronisation causing the client to loop.
* Fixed a bug that caused a misleading and harmless exception in the mobile debug log when sending an email with an image or ics attachment.
 
* Fixed an issue that caused contact notes to be deleted after being synchronized through EAS 2.5.
 
* Added a sanity check on Server IDs to ensure a badly formatted information can't block the synchronization.
 
* Modified Content-Disposition Mime parsing, adding quotes for each assignment (=) to avoid illegal characters like commas. Empty assignments are also stripped.
 
* Error handling code has been tweaked in order not to return an HTTP Status 200 on an error, using the appropriate status code instead (400).
 
* Fixed a bug that caused attachments to be unretrievable from shared folders.
 
 
</td></tr>
 
</td></tr>
 
<tr><td class="col-md-1">'''HSM NG:'''
 
<tr><td class="col-md-1">'''HSM NG:'''
* Fixed a typo in the output of the `getAllOperations` command.
+
* Improved Mailbox Move logics in order to handle multiple briefcase file revisions.
* Several exception types have been added to the Mailbox Move feature to better handle errors.
+
* Improved Mailbox Move logics in order to retry moving an item should the first try fail.
* Mailbox Move commands can now be queued up.
+
* Improved "RemoveOrphanedBlobsOperation" logics in order to remove items on different volumes (e.g. because of item duplication)**  
* New parameters available in the Mailbox Move command:
 
** accounts- a list of mailboxes to move, separated by ";"
 
** domain - to move an entire domain
 
** input_file - path to a file containin one email address per line
 
* Improved output for the doDeduplicate command when executed in dry-run mode.
 
 
</td></tr>
 
</td></tr>
<tr><td class="col-md-1">'''Admin Console:'''
+
<tr><td class="col-md-1">'''Zimbra Drive:'''
* Admin Console upgraded in order to properly handle requests from different servers (Legacy or NG) to improve its usability during Rolling Upgrades.  
+
* Fixed an issue where a "/zimbra/" path was added to the upload and download Drive URLs returning a 404 error to some users.
 
</td></tr>
 
</td></tr>
 
<tr><td class="col-md-1">'''Zimbra Chat:'''
 
<tr><td class="col-md-1">'''Zimbra Chat:'''
* New history management: history is now stored in IM conversations instead of in emails within the Chats folder.
+
* Fixed an issue that caused multiple whitespaces to be trimmed from chat messages.
* Added message delivery and read awareness
+
* Improved focus management and window resize handling.
** 0 ticks, message undelivered
 
** 1 tick, message delivered
 
** 2 ticks, message read).
 
* The auto-away feature has been temporarily disabled due to some ongoing tests, it will be re-enabled as soon as possible.
 
</td></tr>
 
<tr><td class="col-md-1">'''Zimbra Drive:'''
 
* No changes
 
 
</td></tr>
 
</td></tr>
 
<tr><td class="col-md-1">'''Zimbra Talk:'''
 
<tr><td class="col-md-1">'''Zimbra Talk:'''
* Initial release.
+
* Fixed a bug that caused group invites to fail when the group was hosted on a different server than the one the user is hosted on.
 +
* Fixed a bug that could cause group creation to fail on multiserver environments where not all servers host the mailboxd service.
 +
* When clicking on a Group or Channel in the Tab View, the focus is now automatically set to the text input area.
 
</td></tr>
 
</td></tr>
 
</table>
 
</table>

Revision as of 11:23, 6 April 2018

Zimbra Collaboration 8.8.8 Patch 1 GA Release

Check out the "Security Fixes", "Fixed Issues" and "Known Issues" for this version of Zimbra Collaboration. We've also added a "ZeXtras Suite Changelog" section with useful information. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in Bugzilla.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Score
Zimbra
Rating
Fix Release or
Patch Version
97579 login CSRF protection: ZWC login form does not use a csrf token [CWE-352] tba tba tba 8.8.8 Patch1

Software changes

Fixed Issues (Bugzilla query)

Known Issues (Bugzilla query)

ZeXtras Suite Changelog

General NG:
  • Fixed a missing sentence in the "Module not running" Admin Console banner.
  • Fixed an issue that could cause double clicks not to open the proper "edit" window in the Delegated Admin and Device List sections of the Admin Console.
Backup NG:
  • Fixed a glitch that could cause the Scanned Accounts counter in the "Account Scan" operation not to increment properly for accounts that took less than one second to scan.
Mobile NG:
  • Fixed a bug that could cause attachments to return an invalid value in the "EstimatedDataSize" field of the synchronisation causing the client to loop.
HSM NG:
  • Improved Mailbox Move logics in order to handle multiple briefcase file revisions.
  • Improved Mailbox Move logics in order to retry moving an item should the first try fail.
  • Improved "RemoveOrphanedBlobsOperation" logics in order to remove items on different volumes (e.g. because of item duplication)**
Zimbra Drive:
  • Fixed an issue where a "/zimbra/" path was added to the upload and download Drive URLs returning a 404 error to some users.
Zimbra Chat:
  • Fixed an issue that caused multiple whitespaces to be trimmed from chat messages.
  • Improved focus management and window resize handling.
Zimbra Talk:
  • Fixed a bug that caused group invites to fail when the group was hosted on a different server than the one the user is hosted on.
  • Fixed a bug that could cause group creation to fail on multiserver environments where not all servers host the mailboxd service.
  • When clicking on a Group or Channel in the Tab View, the focus is now automatically set to the text input area.
Jump to: navigation, search