Zimbra Releases/9.0.0/P26: Difference between revisions

No edit summary
m (Updated CVSS Score)
Line 29: Line 29:
|style="border: solid #ffffff;"|Authentication Bypass in MailboxImportServlet  
|style="border: solid #ffffff;"|Authentication Bypass in MailboxImportServlet  
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-37042 CVE-2022-37042]
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-37042 CVE-2022-37042]
|style="border: solid #ffffff; text-align: center;"| TBD
|style="border: solid #ffffff; text-align: center;"| 9.8
|style="border: solid #ffffff; text-align: center;"| High
|style="border: solid #ffffff; text-align: center;"| High
|-
|-
|style="border: solid #ffffff;"|Proxy Servlet SSRF Vulnerability  
|style="border: solid #ffffff;"|Proxy Servlet SSRF Vulnerability  
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-37041 CVE-2022-37041]
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-37041 CVE-2022-37041]
|style="border: solid #ffffff; text-align: center;"| TBD
|style="border: solid #ffffff; text-align: center;"| 7.5
|style="border: solid #ffffff; text-align: center;"| Low
|style="border: solid #ffffff; text-align: center;"| Low
|-
|-
Line 44: Line 44:
|style="border: solid #ffffff;"|When using preauth, CSRF tokens are not checked on some post endpoints  
|style="border: solid #ffffff;"|When using preauth, CSRF tokens are not checked on some post endpoints  
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-37043 CVE-2022-37043]
|style="border: solid #ffffff; text-align: center;"| [https://nvd.nist.gov/vuln/detail/CVE-2022-37043 CVE-2022-37043]
|style="border: solid #ffffff; text-align: center;"| TBD
|style="border: solid #ffffff; text-align: center;"| 5.7
|style="border: solid #ffffff; text-align: center;"| Medium
|style="border: solid #ffffff; text-align: center;"| Medium
|}
|}

Revision as of 06:12, 3 April 2023

Zimbra Collaboration Kepler 9.0.0 Patch 26 GA Release

Check out the Security Fixes, What's New. Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues

Change in upgrade process for 9.0.0 Patch 26

Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.

Changes required for SSO setup before patch upgrade

Before upgrade, if the zimbraVirtualHostName parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:

su - zimbra
zmprov md domain_name zimbraVirtualHostName virtual_hostname

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating
Upgraded OpenSSL to 1.1.1q to avoid multiple vulnerabilites CVE-2022-2068 9.8 Low
Authentication Bypass in MailboxImportServlet CVE-2022-37042 9.8 High
Proxy Servlet SSRF Vulnerability CVE-2022-37041 7.5 Low
Cyrus SASL package has been upgraded to version 2.1.28 CVE-2022-24407 8.8 Low
When using preauth, CSRF tokens are not checked on some post endpoints CVE-2022-37043 5.7 Medium


What's New


Zimbra 9.0.0 is now fully supported on Rocky Linux 8 (GA)

Download the latest Rocky Linux 8 binaries from https://www.zimbra.com/downloads


Package Upgrade

  • OpenSSL has been upgraded to version 1.1.1q
  • Cyrus SASL package has been upgraded to version 2.1.28

Classic Web App

  • In the previous patch release, a local config attribute allow_username_within_password was introduced to restrict user's from using their username in the password in Modern Web App. With this patch release, the feature is available for Classic Web App. It will restrict users from not using their names when resetting or changing the password.


Modern Web App

Briefcase

  • Files in briefcase can now maintain multiple versions in Modern UI.


Zimbra Connector for Outlook

  • ZCO is now supported on the Windows 11 platform.
  • Stale auto-complete cache is now automatically detected when sync occurs, and the user is now prompted with a Yes/No dialog to automatically clear the stale cache when YES is chosen.
  • Users could not schedule meeting through MS Teams when clicking the "New Teams Meeting" option. The issue has been fixed.


Fixed Issues

Zimbra Collaboration

  • Updated XML declaration to EWS response for clients to consume.
  • Spamassassin's zmsaupdate script has been updated to remove the--allowplugins option.
  • In the previous patch, a feature was introduced to add an external message warning banner when receiving emails from external domains. In certain scenarios, it caused high CPU usage. The issue has been fixed.
  • On Ubuntu 20 OS, restarting zmmailboxdctl service printed a harmless error on the console, The issue has been fixed.
  • Due to log4j changes in the previous patch, on a Multi-node environment, the /var/log/messages file was continuously getting updated with INFO logs. The issue has been fixed and the default log level is set to ERROR now.
  • Due to log4j changes in the previous patch, the Syslog submission was enabled by default which was updating the /var/log/syslog file continuously. The issue has been fixed and Syslog submission has been disabled.
  • In a multi-node environment, if the user has 2FA enabled and set up and selects "Trust this computer" on the login screen, the setting did not persist and the user was asked to enter the OTP. The issue has been fixed.


Classic Web App

  • Intermittently, the root folder was getting shared when the user shared a particular folder from Classic Web App. The issue has been fixed.
  • If the user has multiple calendars and when viewing the Calendar tab in the day view, double-clicking on the non-default calendar to create an event selects the default calendar. The issue has been fixed.


Modern Web App

General

  • Organization Chart zimlet did not work when used with Kepler 9.0.0 patch 25. This issue has been fixed.
  • When using private tab in Mozilla Firefox, users were not able to logout using the logout button of the Modern Web Client. This issue has been fixed.
  • Organization chart did not display the Display Name of the user on hover. This issue has been fixed.
  • "Block" action was displayed in the context menu for the messages in the Draft folder. As messages in the Draft folder are all sent from the user himself, "Block" action did not make sense in this folder, and hence been removed.


Mail

  • Web client sent multiple requests to fetch favicon.ico These requests have been optimized to improve performance.
  • Localized system folder names are not yet applied in some dialogs. (Empty Trash, Empty Spam, Move to folder, and the Contact Chooser)


Zimbra Connector for Outlook

  • When the user tries to send an email through a shared email folder having SendAs right, an error was encountered. The issue has been fixed.


NG Auth

  • Password change will be no more considered when using application credentials or QR code-based authentication for the apps.


NG Backup

  • Fixed a bug that prevented to update the S3 backup volume.
  • Improved the error handling when running a purge and the ZxBackup_DataRetentionDays attribute has an invalid value.
  • A new attribute backupSkipDLAndDynamicGroups has been added so it is now possible to skip the backup for distribution lists and dynamic groups in order to improve backup time.
  • Fixed a bug that caused the metadata of the accounts to be wrongly uploaded to the bucket’s root folder. Now the metadata files are properly uploaded to the accounts folder.


NG HSM

  • Fixed a bug that prevented to update the S3 backup volume.Fixed a bug that prevented the blobs to be purged from a centralized volume when moving a mailbox from a server with that centralized volume configured to another server that doesn’t have it.


Known Issues

  • While deploying zimlets, if the following error is encountered, please refer to the Patch Installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets.
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target
       at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target
       at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)
       at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
       at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
       ... 1 more
  • From Kepler-Patch-25 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.
  • With OpenJDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.

To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions:

1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true

2. Restart mailboxd service:

su - zimbra
zmmailboxdctl restart

Patch Installation

Please refer to the steps below to install 9.0.0 Patch 26 on Redhat and Ubuntu platforms:

Before Installing the Patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important! Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.

9.0.0 Patch 26 Packages

The package lineup for this release is:

PackageName Version

zimbra-patch                                ->    9.0.0.1658845137.p26-2
zimbra-proxy-patch                          ->    9.0.0.1658845137.p26-1
zimbra-proxy-components                     ->    1.0.10-1zimbra8.8b1
zimbra-mta-patch                            ->    9.0.0.1658845137.p26-1
zimbra-mta-components                       ->    1.0.15-1zimbra8.8b1
zimbra-common-core-jar                      ->    9.0.0.1658837616-1
zimbra-nginx                                ->    1.20.0-1zimbra8.8b3
zimbra-httpd                                ->    2.4.53-1zimbra8.7b3
zimbra-spell-components                     ->    2.0.8-1zimbra8.8b1
zimbra-apache-components                    ->    2.0.7-1zimbra8.8b1
zimbra-lmdb-lib                             ->    2.4.59-1zimbra8.8b5
zimbra-lmdb-dbg                             ->    2.4.59-1zimbra8.8b5
zimbra-lmdb                                 ->    2.4.59-1zimbra8.8b5
zimbra-openldap-lib                         ->    2.4.59-1zimbra8.8b5
zimbra-openldap-client                      ->    2.4.59-1zimbra8.8b5
zimbra-openldap-server                      ->    2.4.59-1zimbra8.8b4
zimbra-openjdk-cacerts                      ->    1.0.8-1zimbra8.7b1
zimbra-openjdk                              ->    17.0.2-1zimbra8.8b1
zimbra-ldap-components                      ->    2.0.8-1zimbra8.8b1
zimbra-core-components                      ->    3.0.14-1zimbra8.8b1
zimbra-clamav                               ->    0.103.3-1zimbra8.8b3
zimbra-clamav-libs                          ->    0.103.3-1zimbra8.8b3
zimbra-openssl                              ->    1.1.1q-1zimbra8.7b4
zimbra-openssl-libs                         ->    1.1.1q-1zimbra8.7b4
zimbra-postfix-logwatch                     ->    1.40.03-1zimbra8.7b1
zimbra-timezone-data                        ->    3.0.0.1646993320-1
zimbra-mbox-store-libs                      ->    9.0.0.1654854341-1
zimbra-mbox-war                             ->    9.0.0.1655457955-1
zimbra-mbox-webclient-war                   ->    9.0.0.1657523432-1
zimbra-mbox-admin-console-war               ->    9.0.0.1653031579-1
zimbra-common-mbox-conf-attrs               ->    9.0.0.1652767366-1
zimbra-common-core-libs                     ->    9.0.0.1654854341-1
zimbra-mbox-ews-service                     ->    9.0.0.1657194604-1
zimbra-zco                                  ->    9.0.0.1922.1657893232-1
zimbra-php                                  ->    7.4.27-1zimbra8.7b3
zimbra-modern-ui                            ->    4.27.0.1657193707-1
zimbra-modern-zimlets                       ->    4.27.0.1657193707-1
zimbra-network-modules-ng                   ->    7.0.25.1652960112-1
zimbra-drive-ng                             ->    4.0.13.1637855796-1
zimbra-drive-modern                         ->    1.0.13.1637855796-1
zimbra-connect                              ->    2.0.21.1635424388-1
zimbra-connect-modern                       ->    1.0.21.1635424388-1
zimbra-docs                                 ->    4.0.6.1616090633-1
zimbra-docs-modern                          ->    1.0.6.1632998065-1
zimbra-chat                                 ->    4.0.2.1654677981-1
zimbra-zimlet-auth                          ->    1.0.4.1652971904-1
zimbra-zimlet-install-pwa                   ->    6.1.1.1652766350-1
zimbra-zimlet-emptysubject                  ->    2.1.1.1652766350-1
zimbra-zimlet-set-default-client            ->    8.1.1.1652766350-1
zimbra-zimlet-document-editor               ->    6.0.1.1631795284-1
zimbra-zimlet-date                          ->    6.2.0.1655915267-1
zimbra-zimlet-additional-signature-setting  ->    7.0.0.1655915267-1
zimbra-zimlet-calendar-subscription         ->    6.2.0.1652766350-1
zimbra-zimlet-sideloader                    ->    7.1.1.1652766350-1
zimbra-zimlet-briefcase-edit-lool           ->    2.2.1.1652766350-1
zimbra-zimlet-org-chart                     ->    2.2.0.1655915267-1
zimbra-zimlet-ads                           ->    8.2.1.1652766350-1
zimbra-zimlet-user-sessions-management      ->    8.1.1.1652766350-1
zimbra-zimlet-user-feedback                 ->    6.1.1.1652766350-1
zimbra-zimlet-privacy-protector             ->    4.1.1.1652766350-1
zimbra-zimlet-duplicate-contacts            ->    5.1.1.1652766350-1
zimbra-zimlet-secure-mail                   ->    1.2.1.1652766350-1
zimbra-zimlet-web-search                    ->    4.1.1.1652766350-1
zimbra-zimlet-restore-contacts              ->    6.1.1.1652766350-1
zimbra-zimlet-zoom                          ->    7.0.0.1621610655-1
zimbra-zimlet-slack                         ->    5.5.0.1621610655-1
zimbra-zimlet-dropbox                       ->    6.0.0.1621610655-1
zimbra-zimlet-onedrive                      ->    6.0.0.1621610655-1
zimbra-zimlet-google-drive                  ->    6.0.0.1621610655-1
zimbra-zimlet-jitsi                         ->    3.3.1.1621610655-1
zimbra-zimlet-video-call-preferences        ->    2.1.0.1621610655-1
zimbra-zimlet-nextcloud                     ->    1.0.8.1656483260-1
zimbra-zimlet-webex                         ->    1.0.1.1629957793-1
zimbra-zimlet-voice-message                 ->    1.0.3.1611114827-1
zimbra-zimlet-classic-unsupportedbrowser    ->    3.1.1.1652766350-1
zimbra-zimlet-email-templates               ->    2.0.0.1630308426-1
zimbra-zimlet-signature-template            ->    1.0.0.1609841753-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • On mailstore node, install the following packages:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
yum install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

yum install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
yum install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, install the package:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
yum install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
yum install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
yum install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages

Uninstall zimbra-talk on mailstore node

In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
yum remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs and zimbra-drive-ng on mailstore node

yum install zimbra-network-modules-ng
yum install zimbra-connect
yum install zimbra-zimlet-auth
yum install zimbra-docs
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Zimbra Additional Zimlets

Note: - You can install the packages of your choice from the below list.

Install/Upgrade zimbra-zimlet-slack, zimbra-zimlet-zoom, zimbra-zimlet-dropbox, zimbra-zimlet-google-drive, zimbra-zimlet-onedrive, zimbra-zimlet-jitsi, zimbra-zimlet-video-call-preferences, zimbra-zimlet-nextcloud, zimbra-zimlet-voice-message, zimbra-zimlet-sideloader, zimbra-zimlet-user-sessions-management on mailstore node

yum install zimbra-zimlet-slack
yum install zimbra-zimlet-zoom
yum install zimbra-zimlet-dropbox
yum install zimbra-zimlet-google-drive
yum install zimbra-zimlet-onedrive
yum install zimbra-zimlet-jitsi
yum install zimbra-zimlet-video-call-preferences
yum install zimbra-zimlet-nextcloud
yum install zimbra-zimlet-voice-message
yum install zimbra-zimlet-sideloader
yum install zimbra-zimlet-user-sessions-management
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server checks there is a new zimbra-patch package in the patch repository:
apt-get update
  • On mailstore node, install the following packages:
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then update available packages:
apt-get upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
apt-get install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

apt-get install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, install package
apt-get install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
apt-get install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install package
apt-get install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
apt-get install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
apt-get install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
apt-get install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages

Uninstall zimbra-talk on mailstore node

In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
apt-get remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs, zimbra-drive-ng on mailstore node

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-connect
apt-get install zimbra-zimlet-auth
apt-get install zimbra-docs
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart


Zimbra Additional Zimlets

Note: - You can install the packages of your choice from the below list.

Install/Upgrade zimbra-zimlet-slack, zimbra-zimlet-zoom, zimbra-zimlet-dropbox, zimbra-zimlet-google-drive, zimbra-zimlet-onedrive, zimbra-zimlet-jitsi, zimbra-zimlet-video-call-preferences, zimbra-zimlet-nextcloud, zimbra-zimlet-voice-message, zimbra-zimlet-sideloader, zimbra-zimlet-user-sessions-management on mailstore node

apt-get install zimbra-zimlet-slack
apt-get install zimbra-zimlet-zoom
apt-get install zimbra-zimlet-dropbox
apt-get install zimbra-zimlet-google-drive
apt-get install zimbra-zimlet-onedrive
apt-get install zimbra-zimlet-jitsi
apt-get install zimbra-zimlet-video-call-preferences
apt-get install zimbra-zimlet-nextcloud
apt-get install zimbra-zimlet-voice-message
apt-get install zimbra-zimlet-sideloader
apt-get install zimbra-zimlet-user-sessions-management
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart


Jira Summary

Jira Tickets fixed in Kepler 9.0.0 Patch 26

ZCS-11689 Upgrade Zimbra OpenSSL to 1.1.1q
ZCS-11686 Purge of centralized volumes blobs fixed
ZCS-11682 Backup volume handler fixed
ZCS-11681 Improved error handling for the purge operation
ZCS-11680 Skip backup of distribution lists and dynamic groups
ZCS-11679 MustChangePassword not evaluated for the application credentials
ZCS-11569 Fix XML missing declaration for EWS
ZCS-11567 Remove allowplugins option from zmsaupdate script of Spamassassin. (Ubuntu 16)
ZCS-11406 Accounts folder on migrating to external backup fixed
ZCS-11302 Classic UI - Users should not be allowed to use username in the password
ZCOMT-2485 ZCO sanity testing on Win 11 platforms
ZCOMT-2479 Detect stale auto-complete cache during Sync (with Interval) and prompt the user with a Yes/No message to clear the stale cache entries automatically.
ZCOMT-2475 Investigate the problem with scheduling meeting with MS Teams through ZCO.
ZBUG-2901 denial of service (high CPU usage) caused by regex even with zimbra_external_email_warning_enabled=false
ZBUG-2898 Ubuntu 20, sed expression error
ZBUG-2865 Authentication Bypass in MailboxImportServlet
ZBUG-2853 Org chart freezes ZWC on patch 25
ZBUG-2849 /var/log/messages filling after applying the Zimbra 9 P25 (2nd release)
ZBUG-2846 Logout button of "Modern UI" does not work with Mozilla Firefox in private tab
ZBUG-2841 Disable Syslog log submission by default in log4j V2.
ZBUG-2821 Disable unintended root sharing
ZBUG-2800 Proxy Servlet SSRF Vulnerability
ZBUG-2676 Upgrade Cyrus SASL to 2.1.28
ZBUG-2662 When using preauth, CSRF tokens are not checked on some post endpoints
ZBUG-2624 Organization chart doesn't show the displayName when hovering on it
ZBUG-2611 Wrong default calendar when creating appointment via double click.
ZBUG-2546 SendAs not getting honoured in ZCO
ZBUG-2373 2FA - Device not detected as Trusted in ZCS multiserver Environment
ZBUG-1777 Modern UI: "Block" action should not be appeared in the Draft folder
PREAPPS-6794 Allow grantee to create multi version of file, if folder shared with Admin rights
PREAPPS-6021 Browser sends multiple requests to fetch favicon.ico
PREAPPS-4847 Localized system folder names not used in Empty [trash/spam], Move to [folder], Contact Chooser
Jump to: navigation, search