Difference between revisions of "Zimbra Releases/9.0.0/P24"

 
Line 4: Line 4:
 
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues
 
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues
  
<br/>
+
== Spring4Shell Security Hotfix Alert ==
 +
<div style="padding:1%; color:#f68b1f;font-size:18px;" >
 +
An RCE vulnerability was identified in Spring Framework. Zimbra was not directly impacted with this issue. But given the evolving and broad nature of this issue we, have updated the following affected packages.
 +
zimbra-patch : 9.0.0.1650532159.p24-2
 +
zimbra-mta-patch : 9.0.0.1650532159.p24-1
 +
zimbra-common-core-jar : 9.0.0.1650522520-1
 +
zimbra-common-core-libs : 9.0.0.1650522826-1
 +
zimbra-mbox-ews-service : 9.0.0.1650522968-1
 +
 
 +
Please re-apply Patch 24 to obtain the updated packages.
 +
 
 +
If you have questions or issues, please contact Zimbra Support.
 +
 
 +
{|class="wikitable" style="border: solid #ffffff; padding: 20px;"
 +
!style="background-color:#f15922; color: white; border:solid #ffffff"|Summary
 +
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVE-ID
 +
!style="background-color:#f15922; color: white; border:solid #ffffff"|CVSS Score
 +
!style="background-color:#f15922; color: white; border:solid #ffffff"|Zimbra Rating
 +
!style="background-color:#f15922; color: white; border:solid #ffffff"|Fix Patch Version
 +
|-
 +
|style="border: solid #ffffff;"|RCE vulnerability in Spring Framework
 +
|style="border: solid #ffffff;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-22965 CVE-2022-22965]
 +
|style="border: solid #ffffff;text-align:center;"| 9.8
 +
|style="border: solid #ffffff;text-align:center;"| Low
 +
|style="border: solid #ffffff;text-align:center;"| 9.0.0 P24
 +
|-
 +
|}
 +
</div>
 +
 
 +
==Log4j zero-day exploit vulnerability==
 
<div style="padding:1%; color:#008000;font-size:18px;" >
 
<div style="padding:1%; color:#008000;font-size:18px;" >
'''Log4j zero-day exploit vulnerability'''
 
 
 
After intensive review and testing, Zimbra Development determined that the zero-day exploit vulnerability for Log4j (CVE-2021-44228) does not affect the current Supported Zimbra versions (9.0.0 & 8.8.15). Zimbra Collaboration Server currently uses Log4j version 1.2.16. The cause of the vulnerability is found in the lookup expression feature in Log4j versions 2.0 to 2.17.
 
After intensive review and testing, Zimbra Development determined that the zero-day exploit vulnerability for Log4j (CVE-2021-44228) does not affect the current Supported Zimbra versions (9.0.0 & 8.8.15). Zimbra Collaboration Server currently uses Log4j version 1.2.16. The cause of the vulnerability is found in the lookup expression feature in Log4j versions 2.0 to 2.17.
  
 
Following are some more updates on the existing and newly reported vulnerabilities:
 
Following are some more updates on the existing and newly reported vulnerabilities:
  
* (CVE-2021-4104): This RedHat vulnerability does not affect the current Supported Zimbra Collaboration Server versions (8.8.15 & 9.0.0). For this vulnerability to affect the server, it needs JMSAppender and the ability to append configuration files. Zimbra does not use the JMSAppender.
+
* [https://www.mail-archive.com/announce@apache.org/msg06936.html CVE-2021-4104]: This RedHat vulnerability does not affect the current Supported Zimbra Collaboration Server versions (8.8.15 & 9.0.0). For this vulnerability to affect the server, it needs JMSAppender and the ability to append configuration files. Zimbra does not use the JMSAppender.
* CVE-2022-23307: Zimbra is vulnerable but is not exploitable. To be exploited the system must be running Chainsaw.  It is included but is never running.
+
* [https://www.mail-archive.com/announce@apache.org/msg07042.html CVE-2022-23307]: Zimbra is vulnerable but is not exploitable. To be exploited the system must be running Chainsaw.  It is included but is never running.
* CVE-2022-23305: Zimbra is not vulnerable to this vulnerability, since it does not run the JDBCAppender.
+
* [https://www.mail-archive.com/announce@apache.org/msg07041.html CVE-2022-23305]: Zimbra is not vulnerable to this vulnerability, since it does not run the JDBCAppender.
* CVE-2022-23302: Zimbra is not vulnerable to this vulnerability, since it does not run the JMSSink.
+
* [https://www.mail-archive.com/announce@apache.org/msg07040.html CVE-2022-23302]: Zimbra is not vulnerable to this vulnerability, since it does not run the JMSSink.
  
  
Line 161: Line 188:
 
{{PatchInstallation-900|Version=9.0.0 Patch 24|Packages=
 
{{PatchInstallation-900|Version=9.0.0 Patch 24|Packages=
 
  '''PackageName'''                                      '''Version'''
 
  '''PackageName'''                                      '''Version'''
  zimbra-patch                              ->    9.0.0.1648259872.p24-2
+
  zimbra-patch                              ->    9.0.0.1650532159.p24-2
 
  zimbra-proxy-patch                        ->    9.0.0.1648259872.p24-1
 
  zimbra-proxy-patch                        ->    9.0.0.1648259872.p24-1
 
  zimbra-proxy-components                    ->    1.0.9-1zimbra8.8b1
 
  zimbra-proxy-components                    ->    1.0.9-1zimbra8.8b1
  zimbra-mta-patch                          ->    9.0.0.1647337247.p24-1
+
  zimbra-mta-patch                          ->    9.0.0.1650532159.p24-1
 
  zimbra-mta-components                      ->    1.0.14-1zimbra8.8b1
 
  zimbra-mta-components                      ->    1.0.14-1zimbra8.8b1
  zimbra-common-core-jar                    ->    9.0.0.1647325909-1
+
  zimbra-common-core-jar                    ->    9.0.0.1650522520-1
 
  zimbra-nginx                              ->    1.20.0-1zimbra8.8b2
 
  zimbra-nginx                              ->    1.20.0-1zimbra8.8b2
 
  zimbra-httpd    ->    2.4.53-1zimbra8.7b3
 
  zimbra-httpd    ->    2.4.53-1zimbra8.7b3
Line 191: Line 218:
 
  zimbra-mbox-admin-console-war              ->    9.0.0.1641806303-1
 
  zimbra-mbox-admin-console-war              ->    9.0.0.1641806303-1
 
  zimbra-common-mbox-conf-attrs              ->    9.0.0.1602835824-1
 
  zimbra-common-mbox-conf-attrs              ->    9.0.0.1602835824-1
  zimbra-common-core-libs                    ->    9.0.0.1647230016-1
+
  zimbra-common-core-libs                    ->    9.0.0.1650522826-1
  zimbra-mbox-ews-service      ->    9.0.0.1647230616-1
+
  zimbra-mbox-ews-service      ->    9.0.0.1650522968-1
 
  zimbra-zco                                ->    9.0.0.1919.1647347914-1
 
  zimbra-zco                                ->    9.0.0.1919.1647347914-1
 
  zimbra-php                                ->    7.4.27-1zimbra8.7b3
 
  zimbra-php                                ->    7.4.27-1zimbra8.7b3

Latest revision as of 15:07, 21 April 2022

Zimbra Collaboration Kepler 9.0.0 Patch 24 GA Release

Check out the Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues

Spring4Shell Security Hotfix Alert

An RCE vulnerability was identified in Spring Framework. Zimbra was not directly impacted with this issue. But given the evolving and broad nature of this issue we, have updated the following affected packages.

zimbra-patch : 9.0.0.1650532159.p24-2
zimbra-mta-patch : 9.0.0.1650532159.p24-1
zimbra-common-core-jar : 9.0.0.1650522520-1
zimbra-common-core-libs : 9.0.0.1650522826-1
zimbra-mbox-ews-service : 9.0.0.1650522968-1

Please re-apply Patch 24 to obtain the updated packages.

If you have questions or issues, please contact Zimbra Support.

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
RCE vulnerability in Spring Framework CVE-2022-22965 9.8 Low 9.0.0 P24

Log4j zero-day exploit vulnerability

After intensive review and testing, Zimbra Development determined that the zero-day exploit vulnerability for Log4j (CVE-2021-44228) does not affect the current Supported Zimbra versions (9.0.0 & 8.8.15). Zimbra Collaboration Server currently uses Log4j version 1.2.16. The cause of the vulnerability is found in the lookup expression feature in Log4j versions 2.0 to 2.17.

Following are some more updates on the existing and newly reported vulnerabilities:

  • CVE-2021-4104: This RedHat vulnerability does not affect the current Supported Zimbra Collaboration Server versions (8.8.15 & 9.0.0). For this vulnerability to affect the server, it needs JMSAppender and the ability to append configuration files. Zimbra does not use the JMSAppender.
  • CVE-2022-23307: Zimbra is vulnerable but is not exploitable. To be exploited the system must be running Chainsaw. It is included but is never running.
  • CVE-2022-23305: Zimbra is not vulnerable to this vulnerability, since it does not run the JDBCAppender.
  • CVE-2022-23302: Zimbra is not vulnerable to this vulnerability, since it does not run the JMSSink.


Even though Zimbra is not affected by the Log4j vulnerabilities, we are in the process of updating Log4j to a version that is not affected. Please watch for more updates in the upcoming release.


Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
Upgraded Apache to 2.4.53 to avoid multiple vulnerabilities. CVE-2021-40438CVE-2021-39275 9.0 Critical 9.0.0 P24
Upgraded PHP to 7.4.27 to avoid DoS vulnerability. CVE-2021-21702 7.5 High 9.0.0 P24
An endpoint URL accepts parameters without sanitizing it caused XSS vulnerability. CVE-2022-27926 TBD Medium 9.0.0 P24
RCE through mboximport from authenticated user. CVE-2022-27925 TBD Medium 9.0.0 P24
Memcached poisoning with unauthenticated request. CVE-2022-27924 TBD High 9.0.0 P24

What's New

NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.

Rocky Linux 8 Support (Beta)

We are nearing the end of our extensive QA cycle for this major upgrade. Watch for the GA announcement in an upcoming patch release.

Package Upgrade

  • PHP has been upgraded from 7.3.25 to 7.4.27.
  • Apache has been upgraded from 2.4.51 to 2.4.53

Web UX - Modern

  • There were some areas in Danish translations which needed corrections. It has been fixed now.
  • For improved security, several third-party libraries used in Modern Web App have been upgraded to the latest stable versions.
  • S/MIME support has now been added to the Modern Web App. A new zimlet zimbra-zimlet-secure-mail has been introduced to provide the functionality for Modern Web App. Please refer to user guide section for more details.

Mail

  • Modern UI now supports attaching emails (EML attachments) while composing a message.

Briefcase

  • Next item in the list is selected automatically after performing delete/move operation on briefcase and contact item.


Fixed Issues

Platform

  • Users were not able to set the out-of-office setting using EWS through Outlook. The issue has been fixed.
  • When creating filter rules through EWS using Outlook, an error was encountered and the filters were not getting created. The issue has been fixed.
  • zmmsgtrace utility was not getting executed when encountered particular logs. The issue has been fixed.
  • When a user receives a converted PDF file from MS Word or Excel and tries to search it through keyword or filename, the file did not appear in search results. The issue has been fixed and the file appears in search results.
  • Support for the SameSite cookie flag has now been added. A local config variable zimbra_same_site_cookie has been introduced to control the cookie. The default value is set to Strict but the user can change it to Lax, None or ""(empty). Refer to the wiki article for more details.
  • The allowplugins option in zmsaupdate script of Spamassasin has been deprecated due to security concerns. The option has been moved to localconfig antispam_saupdate_reallyallowplugins. Bydefault, the config is not set. Execute command to setup the attribute - zmlocalconfig -e antispam_saupdate_reallyallowplugins=true
  • When using EWS and creating folders for Contact, Task or Calendar, the folders were not created due to the backend returning an incorrect folder in response. The issue has been fixed.
  • When creating contact through EWS, the changekey parameter was not returned. Due to this, further updates to the contacts were not saved. The issue has been fixed.
  • When sending an inline attachment from one user to another user where both are using EWS, the attachment was not displayed correctly. The issue has been fixed.
  • For the shared external account, users were not able to rename a folder in the external account folder structure. The issue has been fixed.
  • If a user who is not allowed to send an email to a distribution list adds the distribution list as the forward address, then the email coming to the user is forwarded to the distribution list bypassing the rule. The issue has been fixed.
  • When using EWS and executing the GetInboxRules operation, an error was seen. The issue has been fixed and the GetInboxRules gets executed successfully.
  • When using EWS and trying to send an email through Mac Outlook Client without specifying any address in the To field, an error was encountered and the mail was not sent. The issue has been fixed.
  • When using OWASP and sending an email with href link which has the &num character, it got replaced with #_. The issue has been fixed.
  • When using a command zmprov -gadl -v to get the list of members and count in the distribution list, the details were not displayed. The issue has been fixed.
  • In Admin Console, when searching the users from Home -> Search -> Accounts and downloading the user's information by clicking on the gear icon at the right-hand top corner, the .csv file did not have Last Login and Description field in it. The issue has been fixed and these field now appear in the .csv file.
  • The external accounts which get created for public sharing were being counted towards the server's account quota. The issue has been fixed.

Web UX - Classic

  • When a user gets a mailto: link in the email, right-clicks on it and select the New Email option, the new composer is opened and mailto: text is added in front of the email address in the To field. The issue has been fixed.
  • The profile image uploaded by the user was not correctly displayed. The issue has been fixed.
  • When using the Arabic language, Classic Web App did not load. The issue has been fixed.
  • In Classic Web App, the Firefox Sidebar option has been deprecated since the supporting Firefox Social API is no more available and is obsolete.
  • Few emails were not displayed correctly in Classic Web App and appeared overlapping. The issue has been fixed.
  • When the user updates the From field in Preferences -> Accounts -> Settings for Sent Messages, the updated From name is not displayed in the From field in the email. The issue has been fixed.
  • When adding a mailto: link in the email with subject field in it and send to another user, when he clicks on the link, the > character is added in the subject field. The issue has been fixed.
  • When using the Catalan language, the spell checker button was not displayed in the composer. The issue has been fixed.
  • Contact information of recently Shared contacts did not appear in Mail tab, until user did not click on the shared address book in the Contacts tab. This issue has been fixed.
  • When using Web App on Linux Operating System and trying to move the messages to a new folder, the blue background was displayed and users were not able to execute the move operation. The issue has been fixed.

Web UX - Modern

  • User encountered an error when trying to access messages by clicking on Tags. This issue has been fixed.
  • Shared folder only loaded the first 100 messages in the folder. New messages were not loaded when user scrolled down to the 100th message. This issue has been fixed, and pagination works seamlessly.
  • When using Croatian language, the Job Title field for a contact was not translated correctly. The issue has been fixed.
  • When user re-sized the browser window to smaller size, user did not get the option to Add to contacts upon clicking on a contact in a mail. This issue has been fixed.
  • All day events were getting created 1 day less than the selected date, when created with Repeat: Every Week. This issue has been fixed.
  • Some messages did not render on Safari mobile client with iOS-15. This issue has been fixed.
  • While creating an appointment in Month view if user mouse hover on the appointment then From and To date of the appointment was not displayed. This issue has been fixed.

Calendar

  • When creating an event in Year view, errors were seen and the event was not created. This issue has been fixed now.

Mail

  • Mark as spam option is disabled for messages which are already marked as spam.

ZCO

  • In the previous patch release, an issue was seen where the mails were not arriving automatically. Users had to click on Send/Recieve to get new mails. The issue has been fixed.

HSM

  • In case of an unexpected folder in the store path, a clearer warning is reported in the check blobs operation log to avoid misunderstandings.

NG Auth

  • The mobile passwords can now be created and deleted by the delegated admins.

NG Backup

  • Fixed a bug that made the purge operation only delete the blob relative to the last state of the item, causing lots of orphaned blobs in the backup path for items with different blob versions such as emails drafts for instance.

Zimbra Connect

  • Fixed a bug that caused the Team DB migration to fail when legacy Chat data was already present.


Known Issues

  • None


Patch Installation

Please refer to the steps below to install 9.0.0 Patch 24 on Redhat and Ubuntu platforms:

Before Installing the Patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important! Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.

9.0.0 Patch 24 Packages

The package lineup for this release is:

PackageName Version

zimbra-patch                               ->     9.0.0.1650532159.p24-2
zimbra-proxy-patch                         ->     9.0.0.1648259872.p24-1
zimbra-proxy-components                    ->     1.0.9-1zimbra8.8b1
zimbra-mta-patch                           ->     9.0.0.1650532159.p24-1
zimbra-mta-components                      ->     1.0.14-1zimbra8.8b1
zimbra-common-core-jar                     ->     9.0.0.1650522520-1
zimbra-nginx                               ->     1.20.0-1zimbra8.8b2
zimbra-httpd  				   ->     2.4.53-1zimbra8.7b3
zimbra-spell-components                    ->     2.0.8-1zimbra8.8b1
zimbra-apache-components 		   ->     2.0.7-1zimbra8.8b1
zimbra-lmdb-lib                            ->     2.4.59-1zimbra8.8b5
zimbra-lmdb-dbg                            ->     2.4.59-1zimbra8.8b5
zimbra-lmdb                                ->     2.4.59-1zimbra8.8b5
zimbra-openldap-lib		           ->	  2.4.59-1zimbra8.8b5
zimbra-openldap-client		           ->	  2.4.59-1zimbra8.8b5
zimbra-openldap-server                     ->     2.4.59-1zimbra8.8b4
zimbra-openjdk-cacerts			   ->	  1.0.8-1zimbra8.7b1
zimbra-ldap-components                     ->     2.0.4-1zimbra8.8b1
zimbra-core-components                     ->     3.0.10-1zimbra8.8b1
zimbra-clamav                              ->	  0.103.2-1zimbra8.8b3
zimbra-clamav-libs                         ->     0.103.2-1zimbra8.8b3
zimbra-openssl                             ->     1.1.1l-1zimbra8.7b4
zimbra-openssl-libs                        ->     1.1.1l-1zimbra8.7b4
zimbra-postfix-logwatch                    ->     1.40.03-1zimbra8.7b1
zimbra-timezone-data                       ->     3.0.0.1646993320-1
zimbra-mbox-store-libs                     ->     9.0.0.1647230016-1
zimbra-mbox-war                            ->     9.0.0.1647325909-1
zimbra-mbox-webclient-war                  ->     9.0.0.1647538190-1
zimbra-mbox-admin-console-war              ->     9.0.0.1641806303-1
zimbra-common-mbox-conf-attrs              ->     9.0.0.1602835824-1
zimbra-common-core-libs                    ->     9.0.0.1650522826-1
zimbra-mbox-ews-service     		   ->     9.0.0.1650522968-1
zimbra-zco                                 ->     9.0.0.1919.1647347914-1
zimbra-php                                 ->     7.4.27-1zimbra8.7b3
zimbra-modern-ui                           ->     4.22.0.1647849185-1
zimbra-modern-zimlets                      ->     4.22.0.1647849185-1
zimbra-network-modules-ng                  ->     7.0.24.1646915366-1
zimbra-drive-ng                            ->     4.0.13.1637855796-1
zimbra-drive-modern                        ->     1.0.13.1637855796-1
zimbra-connect                             ->     2.0.21.1635424388-1
zimbra-connect-modern                      ->     1.0.21.1635424388-1
zimbra-docs                                ->     4.0.6.1616090633-1
zimbra-docs-modern                         ->     1.0.6.1632998065-1
zimbra-chat                                ->     4.0.1.1594306412-1
zimbra-zimlet-auth                         ->     1.0.2.1622463729-1
zimbra-zimlet-install-pwa                  ->     6.0.0.1647851139-1
zimbra-zimlet-emptysubject		   ->     2.0.0.1647851139-1
zimbra-zimlet-set-default-client           ->     8.0.0.1647851139-1
zimbra-zimlet-document-editor              ->     6.0.1.1631795284-1
zimbra-zimlet-date                         ->     6.0.0.1647851139-1
zimbra-zimlet-additional-signature-setting ->     6.0.0.1647851139-1
zimbra-zimlet-calendar-subscription        ->     6.0.0.1647851139-1
zimbra-zimlet-sideloader                   ->     7.0.0.1647851139-1
zimbra-zimlet-briefcase-edit-lool          ->     2.0.0.1647851139-1
zimbra-zimlet-org-chart                    ->     2.0.0.1647851139-1
zimbra-zimlet-zulip-chat                   ->     7.0.1.1631795284-1
zimbra-zimlet-ads                          ->     8.0.0.1647851139-1
zimbra-zimlet-user-sessions-management	   ->	  8.0.0.1647851139-1
zimbra-zimlet-user-feedback                ->     6.0.0.1647851139-1
zimbra-zimlet-privacy-protector            ->     4.0.0.1647851139-1
zimbra-zimlet-duplicate-contacts           ->     5.0.0.1647851139-1
zimbra-zimlet-secure-mail		   ->	  1.0.0.1647851139-1
zimbra-zimlet-web-search		   ->	  4.0.0.1647851139-1
zimbra-zimlet-restore-contacts             ->     6.0.0.1647851139-1
zimbra-zimlet-zoom                         ->     7.0.0.1621610655-1
zimbra-zimlet-slack                        ->     5.5.0.1621610655-1
zimbra-zimlet-dropbox                      ->     6.0.0.1621610655-1
zimbra-zimlet-onedrive                     ->     6.0.0.1621610655-1
zimbra-zimlet-google-drive                 ->     6.0.0.1621610655-1
zimbra-zimlet-jitsi                        ->     3.3.1.1621610655-1
zimbra-zimlet-video-call-preferences       ->     2.1.0.1621610655-1
zimbra-zimlet-nextcloud                    ->     1.0.7.1641799022-1
zimbra-zimlet-webex	                   ->     1.0.1.1629957793-1
zimbra-zimlet-voice-message                ->     1.0.3.1611114827-1
zimbra-zimlet-classic-unsupportedbrowser   ->     3.0.0.1647851139-1
zimbra-zimlet-email-templates              ->     2.0.0.1630308426-1
zimbra-zimlet-signature-template           ->     1.0.0.1609841753-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • On mailstore node, install the following packages:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
yum install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

yum install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
yum install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, install the package:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
yum install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
yum install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
yum install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages

Uninstall zimbra-talk on mailstore node

In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
yum remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs and zimbra-drive-ng on mailstore node

yum install zimbra-network-modules-ng
yum install zimbra-connect
yum install zimbra-zimlet-auth
yum install zimbra-docs
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Zimbra Additional Zimlets

Note: - You can install the packages of your choice from the below list.

Install/Upgrade zimbra-zimlet-slack, zimbra-zimlet-zoom, zimbra-zimlet-dropbox, zimbra-zimlet-google-drive, zimbra-zimlet-onedrive, zimbra-zimlet-jitsi, zimbra-zimlet-video-call-preferences, zimbra-zimlet-nextcloud, zimbra-zimlet-voice-message, zimbra-zimlet-sideloader, zimbra-zimlet-user-sessions-management on mailstore node

yum install zimbra-zimlet-slack
yum install zimbra-zimlet-zoom
yum install zimbra-zimlet-dropbox
yum install zimbra-zimlet-google-drive
yum install zimbra-zimlet-onedrive
yum install zimbra-zimlet-jitsi
yum install zimbra-zimlet-video-call-preferences
yum install zimbra-zimlet-nextcloud
yum install zimbra-zimlet-voice-message
yum install zimbra-zimlet-sideloader
yum install zimbra-zimlet-user-sessions-management
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server checks there is a new zimbra-patch package in the patch repository:
apt-get update
  • On mailstore node, install the following packages:
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then update available packages:
apt-get upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
apt-get install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

apt-get install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, install package
apt-get install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
apt-get install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install package
apt-get install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
apt-get install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
apt-get install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
apt-get install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages

Uninstall zimbra-talk on mailstore node

In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
apt-get remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs, zimbra-drive-ng on mailstore node

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-connect
apt-get install zimbra-zimlet-auth
apt-get install zimbra-docs
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart


Zimbra Additional Zimlets

Note: - You can install the packages of your choice from the below list.

Install/Upgrade zimbra-zimlet-slack, zimbra-zimlet-zoom, zimbra-zimlet-dropbox, zimbra-zimlet-google-drive, zimbra-zimlet-onedrive, zimbra-zimlet-jitsi, zimbra-zimlet-video-call-preferences, zimbra-zimlet-nextcloud, zimbra-zimlet-voice-message, zimbra-zimlet-sideloader, zimbra-zimlet-user-sessions-management on mailstore node

apt-get install zimbra-zimlet-slack
apt-get install zimbra-zimlet-zoom
apt-get install zimbra-zimlet-dropbox
apt-get install zimbra-zimlet-google-drive
apt-get install zimbra-zimlet-onedrive
apt-get install zimbra-zimlet-jitsi
apt-get install zimbra-zimlet-video-call-preferences
apt-get install zimbra-zimlet-nextcloud
apt-get install zimbra-zimlet-voice-message
apt-get install zimbra-zimlet-sideloader
apt-get install zimbra-zimlet-user-sessions-management
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgraded 3rd Party Packages

  • OpenSSL and Postfix TLS 1.3 Packages

The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:

Package Name      Version
zimbra-openssl : 1.1.1l-1zimbra8.7b4
zimbra-postfix : 3.6.1-1zimbra8.7b3
zimbra-nginx : 1.20.0-1zimbra8.8b2
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b2
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.49-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.103.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2
zimbra-perl-net-http : 6.09-1zimbra8.7b3
zimbra-perl-libwww : 6.13-1zimbra8.7b3
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3
zimbra-httpd : 2.4.53-1zimbra8.7b3
zimbra-php : 7.4.27-1zimbra8.7b3
zimbra-aspell-ca : 2.1.5.1-1zimbra8.8b1
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1
zimbra-perl : 1.0.5-1zimbra8.7b1
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.7-1zimbra8.8b1
zimbra-spell-components : 2.0.8-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.14-1zimbra8.8b1
zimbra-core-components : 3.0.10-1zimbra8.8b1
zimbra-proxy-components : 1.0.9-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 2.0.4-1zimbra8.8b1
  • OpenSSL and Postfix TLS 1.3 Packages

The GA packages for RHEL8 and UBUNTU20 are:

Package Name      Version
zimbra-openssl : 1.1.1l-1zimbra8.7b4
zimbra-postfix : 3.6.1-1zimbra8.7b3
zimbra-nginx : 1.20.0-1zimbra8.8b2
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b3
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.49-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.103.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3
zimbra-perl-net-http : 6.09-1zimbra8.7b4
zimbra-perl-libwww : 6.13-1zimbra8.7b4
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4
zimbra-httpd : 2.4.53-1zimbra8.7b3
zimbra-php : 7.4.27-1zimbra8.7b3
zimbra-perl : 1.0.6-1zimbra8.7b1
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.7-1zimbra8.8b1
zimbra-spell-components : 2.0.9-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.14-1zimbra8.8b1
zimbra-core-components : 3.0.10-1zimbra8.8b1
zimbra-proxy-components : 1.0.9-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 2.0.4-1zimbra8.8b1
zimbra-mbox-store-libs : 9.0.0.1615887345-1

The updated GA packages are:

Package            Old-Version    New-Version
postfix              3.5.6          3.6.1
openssl              1.1.1k         1.1.1l
openldap             2.4.49         2.4.59
nginx                1.19.0         1.20.0
postfix-logwatch     1.40.01        1.40.03
io-socket-ssl	     2.020          2.068
xml-simple           2.20           2.25
crypt-openssl-rsa    0.28           0.31
net-snmp             5.7.3          5.8
dbd-mysql            4.033          4.050
apr-util             1.5.4          1.6.1
unbound              1.5.9          1.11.0
net-ssleay           1.72           1.88
PHP                  7.3.25         7.4.27
httpd                2.4.51         2.4.53
  • Nginx TLS 1.3 Packages

The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18, UBUNTU20 are:

PackageName                                       Version
zimbra-nginx                               ->     1.20.0-1zimbra8.8b2
zimbra-proxy-patch                         ->     9.0.0.1634196752.p20-1
zimbra-proxy-components                    ->     1.0.9-1zimbra8.8b1

Jira Summary

Jira Tickets fixed in 9.0.0 Patch 24

ZCS-11245 Solved chat database migration error
ZCS-11244 Correcting the warning in check blobs operation log for unexpected folder
ZCS-11243 Orphan blobs on purge bug fixed
ZCS-11242 Delegated admins can now manage the mobile passwords
ZCS-11130 Support for Rocky Linux OS
ZCS-4562 EWS: not able to set OutOfOffice settings through outlook
ZCS-4552 EWS filter rule is not available
ZBUG-2711 RCE through mboximport from authenticated user
ZBUG-2706 [Security] Memcached poisoning with unauthenticated request
ZBUG-2674 Problem to display tagged messages in modern WEB interface
ZBUG-2671 zmmsgtrace not working
ZBUG-2667 In modern UI: Pagination is not working properly in shared folders
ZBUG-2649 Mail compose issues with selection of "New Email" option on right-click
ZBUG-2625 Modern UI: "Job Title" translated incorrectly in Croatian Language
ZBUG-2621 Thumbnail Photo doesn't show up in GAL in Modern UI and Classic UI
ZBUG-2604 Classic client is not loading in Arabic language.
ZBUG-2600 ModernUI: Option 'add to contacts' is not available when browser window is shrunk
ZBUG-2568 Modern UI: All day events are getting created 1 day less than the selected date when created with "Repeat: Every Week"
ZBUG-2517 Firefox Sidebar - Not Working
ZBUG-2514 Upgrade Apache to version 2.4.49 or later.
ZBUG-2510 Messages are not rendering on Iphone Safari browser
ZBUG-2505 Modern UI, "End date" not displaying when we mouse over
ZBUG-2498 Upgrade to PHP version 7.3.27, 7.4.15, 8.0.2 or later.
ZBUG-2484 New mails not arriving automatically until we click send/receive button with 32 bit ZCO.
ZBUG-2481 Unable to parse pdf while searching on centos.
ZBUG-2447 Enabled to re-edit the bubbled email address in To/Cc/Bcc field
ZBUG-2397 Authentication break after enabling the "SameSite" cookie flag
ZBUG-2363 Modern UI, message body displaying partially
ZBUG-2358 Remove allowplugins option from zmsaupdate script of Spamassassin.
ZBUG-2332 Read recipient response as an attachment
ZBUG-2328 Zimbra EWS CreateCalendar folder returns incorrect response
ZBUG-2327 Zimbra EWS doesn't return changekey in response
ZBUG-2300 Email Text Overlapping
ZBUG-2236 Display name of the sender not displaying as per zimbraPrefFromDisplay
ZBUG-2222 Inline attachments sent from apple mail to Outlook EWS causes garble text.
ZBUG-2192 Error renaming external account's imap folder structure.
ZBUG-2165 milter not working with forwarding
ZBUG-2164 mailto links are not properly handled in zimbra webmail
ZBUG-2145 The button of the spell checker does NOT appear when it is accessed with Catalan language.
ZBUG-2084 RXSS on '/public/launchNewWindow.jsp' via 'errCode
ZBUG-2048 Weird fields are showing under contact in Modern UI
ZBUG-1945 Shared contact information not appear in mail
ZBUG-1926 No option to select persona in the From field in modern UI
ZBUG-1922 Shared folder Navigation issue in ModernUI
ZBUG-1853 Unexpected blue background on many actions in zimbra9 classic WebClient using Linux
ZBUG-1840 Modern UI: Browser's default context menu is appeared on the external account in Mail app side bar
ZBUG-1793 Modern UI: "Star" and "Clear Star" in the context menu should be toggled
ZBUG-1676 EWS 500 error on GetInboxRules Operation
ZBUG-1633 Can't send mails through EWS when keeping TO field is blank and put recipients in CC/BCC.
ZBUG-1541 Accounts created by a user for public sharing are being counted toward the account quota for the domain.
ZBUG-1385 Webmail : character &num replace by #_
ZBUG-651 No Distribution List Members displaying with "gadl -v"
ZBUG-143 Admin Console: "Last login" and "Description" fields are missing in downloaded csv file
PREAPPS-6619 Correction for Danish translations
PREAPPS-6576 Upgrade webpack dependencies to latest version
PREAPPS-6542 Mark as Spam options in context menu remains enabled even for mails present in Spam folder
PREAPPS-6503 Allow attaching EML attachments from Composer
PREAPPS-6419 Next item in the list should get selected on deleting/moving an item from the contact or briefcase list
PREAPPS-6255 Can't create event in year view, throws "t is not a function" script error
PREAPPS-6191 Server SMIME | Sign / Sign+Encrypt emails
Jump to: navigation, search