Zimbra Releases/9.0.0/P25: Difference between revisions
(Created page with "{{WIP}} = Zimbra Collaboration Kepler 9.0.0 Patch 25 GA Release = Check out the '''Security Fixes''', '''What's New'''. '''#Fixed Issues...") |
No edit summary |
||
Line 1: | Line 1: | ||
= Zimbra Collaboration Kepler 9.0.0 Patch 25 GA Release = | = Zimbra Collaboration Kepler 9.0.0 Patch 25 GA Release = | ||
Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration. | Check out the '''[[#Security Fixes|Security Fixes]]''', '''[[#What's New|What's New]]'''. '''[[#Fixed Issues|Fixed Issues]]''', and '''[[#Known Issues|Known Issues]]''' for this version of Zimbra Collaboration. |
Revision as of 18:37, 14 June 2022
Zimbra Collaboration Kepler 9.0.0 Patch 25 GA Release
Check out the Security Fixes, What's New. Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues
Change in upgrade process for 9.0.0 Patch 25
Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.
Changes required for SSO setup before patch upgrade
Before upgrade, if the zimbraVirtualHostName parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:
su - zimbra zmprov md domain_name zimbraVirtualHostName virtual_hostname
Security Fixes
Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Patch Version |
---|---|---|---|---|
Upgraded OpenSSL to 1.1.1n to avoid DoS vulnerability. | CVE-2022-0778 | 7.5 | Low | 9.0.0 P25 |
Upgraded Jetty to 9.4.46 to avoid vulnerability due to large TLS packets causing 100% CPU usage. | CVE-2021-28165 | 7.5 | Low | 9.0.0 P25 |
Upgraded mina-core to version 2.1.6 | CVE-2019-0231 | 7.5 | Low | 9.0.0 P25 |
Fixed an issue with Zimbra Classic WebApp where input sanitization was required in displaying attachment data. | TBD | TBD | Medium | 9.0.0 P25 |
- Vulnerability in RARLAB UnRAR before 6.12 has been identified CVE-2022-30333 and has a score of 7.5 - HIGH. Zimbra has made configuration changes to use the 7zip package instead of unrar. Customers are requested to remove the unrar package (if installed) and use 7zip instead.
What's New
NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.
Rocky Linux 8 Support (Beta)
We are nearing the end of our extensive QA cycle for this major upgrade. Watch for the GA announcement in an upcoming patch release.
Package Upgrade
- Log4j package has been upgraded to version 2.17.1 which includes CVE-2021-44228, CVE-2021-45105, CVE-2019-17571 fixes. As communicated in earlier patch releases, Zimbra was not impacted by any of these security issues since Zimbra was using an older version of Log4j. Please refer to wiki for changes in the logging options.
- OpenJDK package has been upgraded to version 17.0.2
- SpamAssassin package has been upgraded to version 3.4.6.
- ClamAV package has been upgraded to version 0.103.3.
- OpenSSL has been upgraded to version 1.1.1n.
- Jetty has been upgraded to version 9.4.46.
- Mina-core has been upgraded to version 2.1.6
Platform
- A new attribute zimbra_gal_fallback_ldap_search_enabled has been introduced to control the AutoComplete request being sent to LDAP server. The default value of the attribute is TRUE. If we have a galsync account, the autocomplete request would be served from the galsync account. In case galsync account is not present, the autocomplete requests will be then served from LDAP server.
- Support to add a warning for messages arriving from the external domain is now available. Introduced two new localconfig attributes:
- zimbra_external_email_warning_enabled - Attribute to enable/disable the feature. Default is disabled.
- zimbra_external_email_warning_message - Attribute the message to be displayed for external emails.
- To promote better password security, a new feature has been introduced to restrict users from using their names in the password when changing or resetting it. The feature is controlled by a local config attribute allow_username_within_password. The default value is true. When set to false, users won't be allowed to specify their username in the password when changing or resetting it.
Web UX - Modern
- If the Admin has disabled a new attribute for handling better password security allow_username_within_password, it will restrict users from not using their names when resetting or changing the password.
- Zimlets now support all the languages which are supported by Modern Web App.
- When hovering over the folder, additional information will be displayed:
- For Mail folders - # of messages, # of unread, size.
- For Trash - # of items, size.
- For Calendar - # of appointment.
- For Contacts - # of contacts.
Contacts
- For a user, If the attribute zimbraFeatureAntispamEnabled is set to FALSE, then all the spam-related options will appear disabled.
- If the Tasks feature is disabled for a user, it will not get displayed in the Calendar tab.
- User-friendly error messages have been added for the following errors received from the server:
- SEND_ABORTED_ADDRESS_FAILURE - "Could not send message due to invalid or blocked address(es)“
- SEND_FAILURE - “Could not send message"
Web UX - Admin
- In Admin Console, Department and Office field has been added for user accounts at Account -> Contact information. These fields are used when viewing the organizational structure of the user.
- Administrator defined Sieve scripts can now be configured in the Admin Console on a per domain or CoS basis. Previously this was CLI only functionality.
Fixed Issues
Platform
- In the previous patch, SameSite cookie support was added and the default value of the variable zimbra_same_site_cookie was set to true. It caused pre-auth login failure where the Admin domain and the User's domain were different. The default value of the variable zimbra_same_site_cookie has now been set to false. If any customer wants to enable the SameSite cookie, they can set the variable to true and set ProxyDomain.
- SameSite cookie support was added in the previous patch, and the default value of the variable zimbra_same_site_cookie was set to true. It caused webmail login failure when the proxy was set up to access both HTTP and HTTPS requests. The default value of the variable zimbra_same_site_cookie has now been set to false. If any customer wants to enable the SameSite cookie, they can set the variable to true and set ProxyDomain.
- SameSite cookie support was added in the previous patch, and the default value of the variable zimbra_same_site_cookie was set to true. It caused pre-auth login failure where the Admin domain and the User's domain differed. The default value of the variable zimbra_same_site_cookie has now been set to false. If any customer wants to enable the SameSite cookie, they can set the variable to true and set ProxyDomain.
- Zimbra's DNS cache service now supports DNSSEC validation.
- When generating CSR, the preview appeared blank. The issue has been fixed.
- When the user shares the root level folder with another user and sets zimbraPrefSharedAddrBookAutoCompleteEnabled to TRUE, autocomplete request failed for sharee. The issue has been fixed.
- Changes made to the zimbraAmavisOutboundDisclaimersOnly attribute did not take effect after restarting the MTA service. The issue has been fixed.
- When the user enabled 2FA for his account, it was still possible to bypass it and list the Briefcase contents. The issue has been fixed.
- If the user has added an external IMAP account and creates or edits a Draft, it was not getting synced to the external account. The issue has been fixed.
- In a multi-node environment, a user has "sendAs" delegation rights of the user situated on another node, if he tries to send an XML file as an attachment, it gets corrupted. The issue has been fixed.
- When using EWS, if the user had a Common Name (CN) and Display Name(DN) set, the CN was always used when sending a meeting request. The issue has been fixed. If DN and CN are set, then use DN will be used as the Organizer name. If DN is not set and CN is set, then CN will be used as Organizer's name.
- If an account has multiple aliases, they were not getting displayed in autocomplete when composing a message. The issue has been fixed.
- Corrected the description of zimbraFeatureMailForwardingInFiltersEnabled attribute from enable end-user mail forwarding to enable end-user mail redirecting.
- The JDK version 13 contains a bug wherein under certain random conditions (depending on load/memory), the JVM may crash. The issue has been fixed by upgrading the JDK to version 17.
Web UX - Modern
- Corrected folder name n the tooltip message when moving the message to the Spam folder.
- If a customer has a shared folder in his Mail tab, sorting the emails was not working correctly. The issue has been fixed.
- When copy pasting the email address from excel into the composer, the email address was not converted to the contact or email id. The issue has been fixed.
- After forwarding a message, HTML code was displayed in the headers of the forwarded message. The issue has been fixed.
- When composing a message in plain text mode, users were unable to add the signatures. The issue has been fixed.
- Users could set mail forwarding to themselves by going to Settings > Accounts -> Access your mail anywhere. To correct the behavior, users are no more allowed to specify the same address as their logged in email address. An appropriate error message is displayed if the user tries to do that.
- If the user has any shared email folder and performs a search, matching emails from the shared folder were not returned in the search results. The issue has been fixed.
- When hovering over the :mailto link in the message, the link appeared duplicated. The issue has been fixed.
- When composing a message, the tab is updated with the subject of the message. After reloading the Modern Web App, the tab appeared blank. The issue has been fixed.
Web UX - Classic
- In the previous patch, the default search folder was set to the shared contact folder instead of the Inbox. The issue has been fixed.
- Fixed a regression bug that prevented SAML SP initiated log out from working correctly.
- In the Tasks tab, If the user sets Subject as a default sort, it was not maintained after visiting other tabs or reloading the UI. The issue has been fixed.
- Corrected date format for the Portuguese language.
HSM
- Now the doMailboxMove operation skips non-local accounts to avoid issues caused by running the command on the wrong server.
- To make the new volume creation experience simpler for the admins, bucket creation has been split by the volume creation commands. Admins can now create a new bucket and then pass its UUID to the volume creation command.
NG Auth
- Fixed a bug that made the mobile apps able to bypass the Zimbra Network 2FA.
NG Backup
- To make the external restore operation more reliable and avoid errors, now the mailboxes quota is removed during the restore operation. The quota is set back once the operation completes successfully.
- Fixed a bug that prevented the doItemSearch command to work properly. Now the command returns the results according to the given filters.
NG Mobile
- ABQ API has been reworked to fix a bug that prevented the set command from working with devices not already present in the list.
- A new abq_enabled_at_startup attribute has been added to the configuration to avoid the ABQ feature being loaded at the server startup if not used to save the server’s resources.
NG Modules
- Firebase-token-renewer-service has been completely removed.
- Fixed a bug that prevented the right-click from working properly on contacts and calendars folders using Internet Explorer 11 when com_zextras_client zimlet is enabled.
Zimbra Connect
- Fixed a bug that caused a room to disappear when moved between the servers.
- Now using the internal mode, the resources are kept after the user close the call. The result is that the tab keep the red-dot on the browser’s tab
- Fixed the issue - if user manually opens the minichat, it works, but if the setting is set to automatically open the minichat for each message, it’s not working automatically.
Zimbra Docs
- In Modern Web App, now the users will always be navigated back to the Drive tab on closing a Docs document.
Known Issues
- While deploying zimlets, if the following error is encountered, please refer to the Patch Installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets.
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353) Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602) at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521) ... 1 more
- From Kepler-Patch-25 onwards, customers using SSO will need to update
zimbraVirtualHostName
attribute for the domains. Please refer to the instructions to update the attribute.
- With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions:
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true
2. Restart mailboxd service:
su - zimbra zmmailboxdctl restart
Patch Installation
Please refer to the steps below to install 9.0.0 Patch 25 on Redhat and Ubuntu platforms:
Before Installing the Patch, consider the following:
- Patches are cumulative.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to
zimbra
user before using ZCS CLI commands. - Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
- Important! Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.
9.0.0 Patch 25 Packages
The package lineup for this release is:
PackageName Version
zimbra-patch -> 9.0.0.1655187100.p25-2 zimbra-proxy-patch -> 9.0.0.1654879215.p25-1 zimbra-proxy-components -> 1.0.10-1zimbra8.8b1 zimbra-mta-patch -> 9.0.0.1654879215.p25-1 zimbra-mta-components -> 1.0.15-1zimbra8.8b1 zimbra-common-core-jar -> 9.0.0.1654861684-1 zimbra-nginx -> 1.20.0-1zimbra8.8b3 zimbra-httpd -> 2.4.53-1zimbra8.7b3 zimbra-spell-components -> 2.0.8-1zimbra8.8b1 zimbra-apache-components -> 2.0.7-1zimbra8.8b1 zimbra-lmdb-lib -> 2.4.59-1zimbra8.8b5 zimbra-lmdb-dbg -> 2.4.59-1zimbra8.8b5 zimbra-lmdb -> 2.4.59-1zimbra8.8b5 zimbra-openldap-lib -> 2.4.59-1zimbra8.8b5 zimbra-openldap-client -> 2.4.59-1zimbra8.8b5 zimbra-openldap-server -> 2.4.59-1zimbra8.8b4 zimbra-openjdk-cacerts -> 1.0.8-1zimbra8.7b1 zimbra-openjdk -> 17.0.2-1zimbra8.8b1 zimbra-ldap-components -> 2.0.6-1zimbra8.8b1 zimbra-core-components -> 3.0.12-1zimbra8.8b1 zimbra-clamav -> 0.103.3-1zimbra8.8b3 zimbra-clamav-libs -> 0.103.3-1zimbra8.8b3 zimbra-openssl -> 1.1.1n-1zimbra8.7b4 zimbra-openssl-libs -> 1.1.1n-1zimbra8.7b4 zimbra-postfix-logwatch -> 1.40.03-1zimbra8.7b1 zimbra-timezone-data -> 3.0.0.1646993320-1 zimbra-mbox-store-libs -> 9.0.0.1654854341-1 zimbra-mbox-war -> 9.0.0.1653048422-1 zimbra-mbox-webclient-war -> 9.0.0.1654769864-1 zimbra-mbox-admin-console-war -> 9.0.0.1653031579-1 zimbra-common-mbox-conf-attrs -> 9.0.0.1652767366-1 zimbra-common-core-libs -> 9.0.0.1654854341-1 zimbra-mbox-ews-service -> 9.0.0.1654977318-1 zimbra-zco -> 9.0.0.1919.1647347914-1 zimbra-php -> 7.4.27-1zimbra8.7b3 zimbra-modern-ui -> 4.25.0.1653056413-1 zimbra-modern-zimlets -> 4.25.0.1653056413-1 zimbra-network-modules-ng -> 7.0.25.1652960112-1 zimbra-drive-ng -> 4.0.13.1637855796-1 zimbra-drive-modern -> 1.0.13.1637855796-1 zimbra-connect -> 2.0.21.1635424388-1 zimbra-connect-modern -> 1.0.21.1635424388-1 zimbra-docs -> 4.0.6.1616090633-1 zimbra-docs-modern -> 1.0.6.1632998065-1 zimbra-chat -> 4.0.2.1654677981-1 zimbra-zimlet-auth -> 1.0.4.1652971904-1 zimbra-zimlet-install-pwa -> 6.1.1.1652766350-1 zimbra-zimlet-emptysubject -> 2.1.1.1652766350-1 zimbra-zimlet-set-default-client -> 8.1.1.1652766350-1 zimbra-zimlet-document-editor -> 6.0.1.1631795284-1 zimbra-zimlet-date -> 6.1.1.1652766350-1 zimbra-zimlet-additional-signature-setting -> 6.1.1.1652766350-1 zimbra-zimlet-calendar-subscription -> 6.2.0.1652766350-1 zimbra-zimlet-sideloader -> 7.1.1.1652766350-1 zimbra-zimlet-briefcase-edit-lool -> 2.2.1.1652766350-1 zimbra-zimlet-org-chart -> 2.1.1.1652766350-1 zimbra-zimlet-zulip-chat -> 7.0.2.1641892590-1 zimbra-zimlet-ads -> 8.2.1.1652766350-1 zimbra-zimlet-user-sessions-management -> 8.1.1.1652766350-1 zimbra-zimlet-user-feedback -> 6.1.1.1652766350-1 zimbra-zimlet-privacy-protector -> 4.1.1.1652766350-1 zimbra-zimlet-duplicate-contacts -> 5.1.1.1652766350-1 zimbra-zimlet-secure-mail -> 1.2.1.1652766350-1 zimbra-zimlet-web-search -> 4.1.1.1652766350-1 zimbra-zimlet-restore-contacts -> 6.1.1.1652766350-1 zimbra-zimlet-zoom -> 7.0.0.1621610655-1 zimbra-zimlet-slack -> 5.5.0.1621610655-1 zimbra-zimlet-dropbox -> 6.0.0.1621610655-1 zimbra-zimlet-onedrive -> 6.0.0.1621610655-1 zimbra-zimlet-google-drive -> 6.0.0.1621610655-1 zimbra-zimlet-jitsi -> 3.3.1.1621610655-1 zimbra-zimlet-video-call-preferences -> 2.1.0.1621610655-1 zimbra-zimlet-nextcloud -> 1.0.7.1641799022-1 zimbra-zimlet-webex -> 1.0.1.1629957793-1 zimbra-zimlet-voice-message -> 1.0.3.1611114827-1 zimbra-zimlet-classic-unsupportedbrowser -> 3.1.1.1652766350-1 zimbra-zimlet-email-templates -> 2.0.0.1630308426-1 zimbra-zimlet-signature-template -> 1.0.0.1609841753-1
Redhat
Installing Zimbra packages with system package upgrades
- As
root
, first clear the yum cache and check for updates so the server sees there is a newzimbra-patch
package in the patch repository:
yum clean metadata yum check-update
- On mailstore node, install the following packages:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
- Then ask yum to update available packages:
yum update
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing Zimbra packages individually
Upgrade OpenLDAP on LDAP node
- As
root
, install the package:
yum install zimbra-ldap-patch
- Restart
ZCS
aszimbra
user:
su - zimbra zmcontrol restart
Install/Upgrade zimbra-proxy-patch
on Proxy node
- As
root
, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata yum check-update
- Then install the package:
yum install zimbra-proxy-patch
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart zmmemcachedctl restart
Install/Upgrade snmp
if it is installed on Proxy node
yum install zimbra-snmp-components
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart
Install/Upgrade zimbra-mta-components
on MTA node
- As
root
, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata yum check-update
- Then install the package:
yum install zimbra-mta-components
- If
dnscache
is installed, upgrade the package before restarting the services:
yum install zimbra-dnscache-components
- If
snmp
is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-mta-patch
on MTA node
- As
root
, install the package:
yum install zimbra-mta-patch
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-patch
on mailstore node
- As
root
, install the package:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs yum install zimbra-patch
- If
apache
is installed, upgrade the package before restarting the services:
yum install zimbra-apache-components
- If
spell
is installed, upgrade the package before restarting the services:
yum install zimbra-spell-components
- If
snmp
is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing NG packages
Uninstall zimbra-talk
on mailstore node
In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk
before installing zimbra-connect
.
- As
root
, uninstall the packagezimbra-talk
:
yum remove zimbra-talk
Install/Upgrade zimbra-network-modules-ng
, zimbra-connect
, zimbra-zimlet-auth
, zimbra-docs
and zimbra-drive-ng
on mailstore node
yum install zimbra-network-modules-ng yum install zimbra-connect yum install zimbra-zimlet-auth yum install zimbra-docs yum install zimbra-drive-ng
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Zimbra Additional Zimlets
Note: - You can install the packages of your choice from the below list.
Install/Upgrade zimbra-zimlet-slack
, zimbra-zimlet-zoom
, zimbra-zimlet-dropbox
, zimbra-zimlet-google-drive
, zimbra-zimlet-onedrive
, zimbra-zimlet-jitsi
, zimbra-zimlet-video-call-preferences
, zimbra-zimlet-nextcloud
, zimbra-zimlet-voice-message
, zimbra-zimlet-sideloader
, zimbra-zimlet-user-sessions-management
on mailstore node
yum install zimbra-zimlet-slack yum install zimbra-zimlet-zoom yum install zimbra-zimlet-dropbox yum install zimbra-zimlet-google-drive yum install zimbra-zimlet-onedrive yum install zimbra-zimlet-jitsi yum install zimbra-zimlet-video-call-preferences yum install zimbra-zimlet-nextcloud yum install zimbra-zimlet-voice-message yum install zimbra-zimlet-sideloader yum install zimbra-zimlet-user-sessions-management
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Ubuntu
Installing zimbra packages with system package upgrades
- As
root
, check for updates so the server checks there is a newzimbra-patch
package in the patch repository:
apt-get update
- On mailstore node, install the following packages:
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
- Then update available packages:
apt-get upgrade
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing zimbra packages individually
Upgrade OpenLDAP on LDAP node
- As
root
, install the package:
apt-get install zimbra-ldap-patch
- Restart
ZCS
aszimbra
user:
su - zimbra zmcontrol restart
Install/Upgrade zimbra-proxy-patch
on Proxy node
- As
root
, install package
apt-get install zimbra-proxy-patch
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart zmmemcachedctl restart
Install/Upgrade snmp
if it is installed on Proxy node
apt-get install zimbra-snmp-components
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart
Install/Upgrade zimbra-mta-components
on MTA node
- As
root
, install package
apt-get install zimbra-mta-components
- If
dnscache
is installed, upgrade the package before restarting the services:
apt-get install zimbra-dnscache-components
- If
snmp
is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-mta-patch
on MTA node
- As
root
, install package
apt-get install zimbra-mta-patch
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-patch
on mailstore node
- As
root
, check for updates and install package:
apt-get update apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs apt-get install zimbra-patch
- If
apache
is installed, upgrade the package before restarting the services:
apt-get install zimbra-apache-components
- If
spell
is installed, upgrade the package before restarting the services:
apt-get install zimbra-spell-components
- If
snmp
is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing NG packages
Uninstall zimbra-talk
on mailstore node
In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk
before installing zimbra-connect
.
- As
root
, uninstall the packagezimbra-talk
:
apt-get remove zimbra-talk
Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs, zimbra-drive-ng on mailstore node
- As
root
, check for updates and install packages:
apt-get update apt-get install zimbra-network-modules-ng apt-get install zimbra-connect apt-get install zimbra-zimlet-auth apt-get install zimbra-docs apt-get install zimbra-drive-ng
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Zimbra Additional Zimlets
Note: - You can install the packages of your choice from the below list.
Install/Upgrade zimbra-zimlet-slack
, zimbra-zimlet-zoom
, zimbra-zimlet-dropbox
, zimbra-zimlet-google-drive
, zimbra-zimlet-onedrive
, zimbra-zimlet-jitsi
, zimbra-zimlet-video-call-preferences
, zimbra-zimlet-nextcloud
, zimbra-zimlet-voice-message
, zimbra-zimlet-sideloader
, zimbra-zimlet-user-sessions-management
on mailstore node
apt-get install zimbra-zimlet-slack apt-get install zimbra-zimlet-zoom apt-get install zimbra-zimlet-dropbox apt-get install zimbra-zimlet-google-drive apt-get install zimbra-zimlet-onedrive apt-get install zimbra-zimlet-jitsi apt-get install zimbra-zimlet-video-call-preferences apt-get install zimbra-zimlet-nextcloud apt-get install zimbra-zimlet-voice-message apt-get install zimbra-zimlet-sideloader apt-get install zimbra-zimlet-user-sessions-management
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Upgraded 3rd Party Packages
- OpenSSL and Postfix TLS 1.3 Packages
The packages for RHEL7, UBUNTU16, UBUNTU18 are:
Package Name Version zimbra-openssl : 1.1.1l-1zimbra8.7b4 zimbra-postfix : 3.6.1-1zimbra8.7b3 zimbra-nginx : 1.20.0-1zimbra8.8b2 zimbra-mariadb : 10.1.25-1zimbra8.7b3 zimbra-heimdal : 1.5.3-1zimbra8.7b3 zimbra-curl : 7.49.1-1zimbra8.7b3 zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2 zimbra-unbound : 1.11.0-1zimbra8.7b2 zimbra-apr-util : 1.6.1-1zimbra8.7b2 zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4 zimbra-net-snmp : 5.8-1zimbra8.7b2 zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3 zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2 zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3 zimbra-openldap : 2.4.49-1zimbra8.8b4 zimbra-opendkim : 2.10.3-1zimbra8.7b5 zimbra-clamav : 0.103.3-1zimbra8.8b3 zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2 zimbra-perl-net-http : 6.09-1zimbra8.7b3 zimbra-perl-libwww : 6.13-1zimbra8.7b3 zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3 zimbra-perl-xml-parser : 2.44-1zimbra8.7b3 zimbra-perl-soap-lite : 1.19-1zimbra8.7b3 zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3 zimbra-perl-xml-simple : 2.25-1zimbra8.7b2 zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3 zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4 zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5 zimbra-perl-innotop : 1.9.1-1zimbra8.7b3 zimbra-httpd : 2.4.53-1zimbra8.7b3 zimbra-php : 7.4.27-1zimbra8.7b3 zimbra-aspell-ca : 2.1.5.1-1zimbra8.8b1 zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1 zimbra-perl : 1.0.5-1zimbra8.7b1 zimbra-dnscache-components : 1.0.2-1zimbra8.7b1 zimbra-apache-components : 2.0.7-1zimbra8.8b1 zimbra-spell-components : 2.0.8-1zimbra8.8b1 zimbra-snmp-components : 1.0.3-1zimbra8.7b1 zimbra-mta-components : 1.0.14-1zimbra8.8b1 zimbra-core-components : 3.0.10-1zimbra8.8b1 zimbra-proxy-components : 1.0.9-1zimbra8.8b1 zimbra-store-components : 1.0.3-1zimbra8.7b1 zimbra-ldap-components : 2.0.4-1zimbra8.8b1
- OpenSSL and Postfix TLS 1.3 Packages
The GA packages for RHEL8 and UBUNTU20 are:
Package Name Version zimbra-openssl : 1.1.1n-1zimbra8.7b4 zimbra-postfix : 3.6.1-1zimbra8.7b3 zimbra-nginx : 1.20.0-1zimbra8.8b2 zimbra-mariadb : 10.1.25-1zimbra8.7b3 zimbra-heimdal : 1.5.3-1zimbra8.7b3 zimbra-curl : 7.49.1-1zimbra8.7b3 zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2 zimbra-unbound : 1.11.0-1zimbra8.7b2 zimbra-apr-util : 1.6.1-1zimbra8.7b2 zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4 zimbra-net-snmp : 5.8-1zimbra8.7b3 zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3 zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2 zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3 zimbra-openldap : 2.4.49-1zimbra8.8b4 zimbra-opendkim : 2.10.3-1zimbra8.7b5 zimbra-clamav : 0.103.3-1zimbra8.8b3 zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3 zimbra-perl-net-http : 6.09-1zimbra8.7b4 zimbra-perl-libwww : 6.13-1zimbra8.7b4 zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4 zimbra-perl-xml-parser : 2.44-1zimbra8.7b4 zimbra-perl-soap-lite : 1.19-1zimbra8.7b4 zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4 zimbra-perl-xml-simple : 2.25-1zimbra8.7b3 zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3 zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4 zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5 zimbra-perl-innotop : 1.9.1-1zimbra8.7b4 zimbra-httpd : 2.4.53-1zimbra8.7b3 zimbra-php : 7.4.27-1zimbra8.7b3 zimbra-perl : 1.0.6-1zimbra8.7b1 zimbra-dnscache-components : 1.0.2-1zimbra8.7b1 zimbra-apache-components : 2.0.7-1zimbra8.8b1 zimbra-spell-components : 2.0.9-1zimbra8.8b1 zimbra-snmp-components : 1.0.3-1zimbra8.7b1 zimbra-mta-components : 1.0.14-1zimbra8.8b1 zimbra-core-components : 3.0.10-1zimbra8.8b1 zimbra-proxy-components : 1.0.9-1zimbra8.8b1 zimbra-store-components : 1.0.3-1zimbra8.7b1 zimbra-ldap-components : 2.0.4-1zimbra8.8b1 zimbra-mbox-store-libs : 9.0.0.1615887345-1
The updated GA packages are:
Package Old-Version New-Version postfix 3.5.6 3.6.1 openssl 1.1.1l 1.1.1n openldap 2.4.49 2.4.59 nginx 1.19.0 1.20.0 postfix-logwatch 1.40.01 1.40.03 io-socket-ssl 2.020 2.068 xml-simple 2.20 2.25 crypt-openssl-rsa 0.28 0.31 net-snmp 5.7.3 5.8 dbd-mysql 4.033 4.050 apr-util 1.5.4 1.6.1 unbound 1.5.9 1.11.0 net-ssleay 1.72 1.88 PHP 7.3.25 7.4.27 httpd 2.4.51 2.4.53
- Nginx TLS 1.3 Packages
The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18, UBUNTU20 are:
PackageName Version zimbra-nginx -> 1.20.0-1zimbra8.8b2 zimbra-proxy-patch -> 9.0.0.1634196752.p20-1 zimbra-proxy-components -> 1.0.9-1zimbra8.8b1
Jira Summary
Jira Tickets fixed in 9.0.0 Patch 25
ZCS-11416 | Move room fixed |
ZCS-11415 | Red dot of camera is kept after meetings on internal mode |
ZCS-11414 | Minichat are not opening on Suite |
ZCS-11412 | Firebase-token-renewer-service has been completely removed |
ZCS-11411 | Mailbox move skips non-local accounts |
ZCS-11410 | Splitted volumes and buckets creation |
ZCS-11409 | ABQ set commands fixed |
ZCS-11408 | ABQ disabled at startup |
ZCS-11407 | Right-click on contact and calendar folders fixed for IE11 |
ZCS-11405 | External restore operation quota override |
ZCS-11404 | doItemSearch command fixed |
ZCS-11403 | Zimbra Network 2FA honoured by mobile apps |
ZCS-11349 | Toggle off direct searches for autocomplete and galsync against Zimbra LDAP |
ZCS-11344 | Set the default value zimbra_same_site_cookie to Empty |
ZCS-11116 | Update Java JRE Version |
ZCS-11096 | Implementation - milter to add a warning message when a email came from outside our organisation |
ZCS-11040 | Zextras NG Docs | Back to Drive folder on closing a document |
ZCS-10969 | Add "Department" field in org chart |
ZCS-10678 | Server Side work to Force users not to use username in the password |
ZCS-1426 | Support for new sieve features on zimbra's browser clients and admin console |
ZBUG-2807 | Attacker got access to user's email. |
ZBUG-2772 | [Security] Vulnerability in Unrar leading to Pre-Auth RCE in Zimbra |
ZBUG-2762 | In Webclient the search bar is set to search in a shared contact folder instead of a inbox folder |
ZBUG-2738 | Create a hash of the key in Nginx instead of raw value |
ZBUG-2734 | webmail login not work when proxy set to accept both http and https request. |
ZBUG-2732 | View mail admin feature no longer working in latest patch ZCS 9 P24 |
ZBUG-2723 | dnscache service does not support DNSSEC validation |
ZBUG-2720 | Spam folder called "Junk" in toast message |
ZBUG-2718 | Sorting issue - 01309590 |
ZBUG-2713 | Zimbra OpenSSL needs to update to 1.1.1n for CVE-2022-0778 |
ZBUG-2701 | Modern UI - Paste address list from xls or txt file in the mail composer in to field not working in modern theme. |
ZBUG-2681 | Html, body { overflow:visible; height:auto.... is visible when forwarding a mail and without adding text in Modern UI |
ZBUG-2679 | Signature is not added in plain text mode composed mail |
ZBUG-2666 | No information for CSR review operation from ZimbraWebAdmin |
ZBUG-2633 | DoS Zimbra is vulnerable to CVE-2021-28165- Jetty pins when large TLS packet is sent |
ZBUG-2627 | (JDK-8228811) JVM/mailboxd can crash endlessly with JDK 13.0.1 |
ZBUG-2588 | Autocomplete bug with "/" shares |
ZBUG-2583 | mina-core-2.0.4.jar is vulnerable; CVE-2019-0231, CVE-2019-0231 |
ZBUG-2578 | CVE-2021-45105 |
ZBUG-2571 | "RCE 0-day exploit vulnerability found in log4j " |
ZBUG-2569 | Attribute zimbraAmavisOutboundDisclaimersOnly does not work after restarting MTA service |
ZBUG-2542 | Users can set forwarding to their own account |
ZBUG-2477 | Upgrade ClamAV to latest version 0.103.3 |
ZBUG-2426 | SAML SP-initiated logout does not work - zimbraWebClientLogoutURL (9.0.0) |
ZBUG-2390 | Briefcase content accessible without 2FA |
ZBUG-2361 | Modified Draft not synced to external imap account |
ZBUG-2322 | Task not getting sorted |
ZBUG-2246 | shared folder content cannot be searched using All mail search |
ZBUG-2233 | SA Version 3.4.5 issues |
ZBUG-2207 | Update Java JRE Version |
ZBUG-2119 | Xml attachment truncated if sent from account with "sendAs" delegation |
ZBUG-2056 | Mail to link not rendering properly in modern UI |
ZBUG-1975 | Portuguese, Date format showing wrong |
ZBUG-1860 | Wrong encoding of organizer with ios mail client |
ZBUG-1838 | Auto complete displaying single email address from matching account |
ZBUG-1755 | Modern UI: The tab label of the message composing page is empty after reloading entire Modern UI |
ZBUG-1455 | zimbraFeatureMailForwardingInFiltersEnabled, Attribute funtionality is wrong |
ZBUG-1335 | log4j-1.2.16.jar is vulnerable reported in CVE-2019-17571 |
PREAPPS-6698 | Modern UI - Users should not be allowed to use username in the password |
PREAPPS-6651 | All Zimlets should support languages that are supported by ModernUI |
PREAPPS-6639 | Display folder info on hover |
PREAPPS-6617 | Hide all spam related options when the spam feature is disabled |
PREAPPS-6616 | Hide task list from calendar when the task feature is disabled |
PREAPPS-5342 | User friendly error messages for 503 code |