Zimbra Releases/9.0.0/P4

Revision as of 04:26, 2 July 2020 by Ashukla (talk | contribs) (Security Fixes)

Zimbra Collaboration Kepler 9.0.0 Patch 4 GA Release

Check out the Security Fixes, What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
CWE-79 Cross-site scripting (XSS) vulnerabilities CVE-2020-13653 4.3 Minor 9.0.0 P4

What's New


Zimbra 9.0.0 is now fully supported on RHEL 8 (GA)

Download the latest RHEL 8 binaries from https://www.zimbra.com/downloads


Common

  • Event details open in a new tab when users create an event allowing them to navigate and use the Modern Web App without losing unsaved event details information.

Mail

  • Users now have an option to write emails in plain-text.
  • When a user delegates access to another user with "Save a copy of sent messages to my Sent folder" setting enabled, then mails sent by the delegate are saved in delegator's sent folder.
  • After selecting a message, users can create a quick filter from the email context menu.
  • In message and invitation forwards and replies, the header information of the original message is now duplicated in the body of the new message. This gives new recipients a view of who the original message or invitation was sent to, who sent it, and when it was sent.
  • Users may observe improved performance when using composer for creating messages and managing drats.

Contacts

  • "Deleted Contacts" has been renamed to the system folder, "Trash", and the right click context menu for "Trash" now contains an "Empty Trash" action. These changes are present in all supported languages.
  • In Contact list, Users can assign a tag or delete any existing pre-tags for single/multiple contacts.

Calendar

  • Every event invitation now includes a copy of the event information in the email body so that invitees using third-party clients can see the event info without opening the .ics attachment. Previously, only events with content in the "Notes" field would have an email body in the invitation.

Briefcase

  • Users can now share folders with other internal users. All the permissions are similar to Mail folder sharing.
  • Folder Navigation support has been added. Users can now create, rename, delete, and move folders/subfolders.
  • For Briefcase, file moves can be performed via "drag & drop".

Search

  • Users will have more options in Advance Search :- Unread mails, Starred mails, Status, Tag.
  • Enhanced Advanced Search for email. Users will now have options to:
    • Search in subject or body or both.
    • Add Date options -- Send before, Send after, Send on.

Settings

  • Improvements in Persona management in Settings > Accounts. Selecting an existing Persona opens it in an edit mode where users can modify or delete the Persona.
  • We've simplified the user settings for forwarding email, under Settings > Accounts > {DEFAULT} > Access your email elsewhere.

Web UX - Classic

  • We have added a Zimlet for the Classic Web App to notify users of Internet Explorer that it is an unsupported browser, and encourage them to upgrade. It is recommended that this Zimlet be enabled and mandatory for all users in order to reduce support calls.
  • The Sign In screen, Sign in Help modal, "Forgot Password" workflow, Client Preferences, and Profile menu are now localized in all supported languages.

ZCO

  • Inline images in meeting notes now sync to Zimbra encoded to appear as inline images in the Zimbra Web Apps, instead of being attachments.

Zimbra Connect

  • Zimbra Connect has added UI support for: Portuguese, German, Italian, Spanish, Simplified Chinese, Indonesian, Thai, and Hindi languages.

Zimbra Drive

  • Zimbra Drive has added UI support for: Portuguese, German, Italian, Spanish, Simplified Chinese, Indonesian, Thai, and Hindi languages.

Fixed Issues

Platform

  • Zimbra Collaboration on RHEL 8, Monitor -> Server Status shows all the services as stopped even when the services are running on the server.

Web UX - Modern

  • Fixed a problem that caused email address resolution to unexpectedly trigger on some non-English keyboard layouts.
  • Emails that contained HTML <form> tags were not being displayed, as a security precaution. These messages are now shown, with any potentially dangerous form actions suppress by the Zimbra server's OWASP Sanitizer.

ZCO

  • Fixed an internationalization problem with the mailbox rules "Run Now" feature, that caused an error message if the language had been set using a LIP pack instead of the language options in the advanced settings.
  • Signatures containing external images (URL references) also had those images added as attachments to messages. Such messages would appear in "has:attachment" searches when the only attachment was the signature image.
    Users now have an advanced option, "Signature pictures sent as attachments" to control this behavior. When disabled, the image URL will be used without an additional attachment, which also reduces the size of the message.

Zimbra Connect

  • Connect now honors time zone settings when logging in on the modern client.
  • When a meeting host has left one meeting and then tries to start another one, they are now notified if their previous call still has attendees on line. The host may choose to return to that call, or terminate it to start their new one.
  • Connect now honors time zone settings when logging in on the modern client.
  • Now users can choose if activate or not the webcam and the microphone on joining a meeting.
  • Added notification to Connect in the modern interface, now a sound will ring for 10 seconds when a user is invited to join a group/space/channel video call.
  • Added gal searches when an internal user is sending invitations for an existing instant meeting.
  • Users can now choose to join a conference with only their Audio or video.
  • User interactions have been improved and newly implemented. Users can now silence other participants, disable other participants' video, the same can be done on your own and disabled streams are shown with an explicit icon.
  • Graphical restyling: The look of conversations is more clear, space is better used, you can see more messages without scrolling.
  • Removed the requirement of having both a webcam and a microphone to start an audio.
  • Improved user experience when the host leaves an Instant Meeting.
  • Minichat size was increased and the header was rebuilt.
  • Improved instant messaging message text area so that it extends to up to half of the screen height and the emoji panel does not cover it.
  • Added translations for Portuguese, French, German, Italian, Spanish, Dutch locale.
  • Now pictures can be set as an icon in Connect groups to identify them more easily.
  • Improved profile picture management so that profile pictures are always centered and not repeated.

Zimbra Docs

  • Editing documents from the briefcase if the default domain is not set has been fixed.
  • Docs is now able to open a specific version of the file from Drive.

Zimbra Drive

  • Users can now attach files from Zimbra drive while using the Modern web app as well. Earlier, this option was available only in the classic web app.
  • Added translations for
    • Portuguese
    • French
    • German
    • Italian
    • Spanish
    • Dutch
    • Japanese
    • Simplified Chinese
    • Indonesian
    • Thai
    • Hindi
      NOTE: Translations are still in beta. Admin Console translations are planned for the next release.
  • Drive now implements file versions handling.
  • Implemented the save to drive feature in the modern interface, allowing email attachments to be saved directly into drive.
  • Users can now add multiple files from their drive to their emails. Earlier, they had to add each file individually.
  • Implement the possibility to attach files from drive in the modern interface.
  • If a user tries to create a new share to an external email address in Drive, now a popup with an error message is shown instead of the full stack trace.
  • Edit with docs menu entry in drive was missing an icon from both the context menu and info panel.
  • Improved scrollbar management when enabling/disabling the infopanel in drive.
  • Fixed an issue that would display only the first 30 results when searching drive items while the browser zoom setting is close to 70%.

HSM

  • The doCheckBlobs command resets the list of checked files after each mailbox check, to reduce memory usage.
  • Administrators can now choose a target volume when using the command mailboxmove to move mail and drive items.
  • Continue with another policy when an hsm policy’s destination volume has reached the space threshold.
  • doMoveBlobs now checks if a secondary store is set before executing the doMoveBlobs operation and returns the error Secondary store not set when not set.
  • Dumpster items during mailbox move operations are now verified for missing blobs.
  • Fixed a description mismatch for s3 bucket region between command line and web admin interface.
  • doChecBlobs operations, if check_digests true fix_incorrect_compressed_digests true are specified will verify if a blob has been compressed twice and will fix that.
  • Improved doCheckBlobs command output so that an account is listed only once.

NG Backup

  • Now the external restore can restore all the contacts groups in the accounts even if the restore operation is interrupted before all the accounts have been scanned.
  • Smart Scan now does the backup and coherency checks if a missing blob is found in the backup while HSM service is disabled.
  • The command zxsuite backup doRestoreBlobs now checks if the volume id is valid and returns an error if the check fails.
  • Added account id reference in undelete log lines in mailbox.log to simplify the debug operations.
  • Allow only external restore operations to recover accounts that do not belong to any domain present on this host.
  • Improved doCoherencyCheck memory management, now it keeps only the exception message instead of the complete stack trace.

NG Mobile

  • Implemented anti-dos service for mobile devices. Number of requests is counted within a time window, if exceeded device is jailed for a specified duration.
  • The user’s last login in ldap was incorrectly set due to incorrect timezone.
  • Invalid values of WeekOfMonth field are now handled in Exchange ActiveSync synchronization of calendar appointments.
  • Improved flag management to remove risk of conflict between web client and eas client mail flag updates.

Known Issues

NG Backup

  • Users encounter a restore issue that terminates a restore operation before recovering conversations, if users sent attachments in any of the conversations.

Zimbra Connect

  • Connect localisation works only after refreshing browser when the using modern web app.


Patch Installation

Please refer to the steps below to install 9.0.0 Patch 4 on Redhat and Ubuntu platforms:

Before Installing the Patch

Before installing the patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important Note for ZCS Setup with Local ZCS repository: Customers who have set up local ZCS repository should first update the local repository by following instructions in wiki
  • Please make note that, installing the zimbra-patch package only updates the Zimbra core packages.

9.0.0 Patch 4 Packages

The package lineup for this release is:

NETWORK:

Package Name                                       Version
zimbra-patch                               -> 9.0.0.1593427736.p4-2
zimbra-common-core-jar                     -> 9.0.0.1593061490-1
zimbra-openldap-server                     -> 2.4.49-1zimbra8.8b2
zimbra-ldap-components                     -> 1.0.4-1zimbra8.8b1
zimbra-mbox-webclient-war                  -> 9.0.0.1591606049-1
zimbra-common-core-libs                    -> 9.0.0.1591936175-1
zimbra-zco                                 -> 9.0.0.1879.1592391457-1
zimbra-modern-ui                           -> 3.8.1.1592496115-1
zimbra-zimlet-install-pwa                  -> 3.0.2.1589372428-1
zimbra-zimlet-set-default-client           -> 3.0.1.1589372397-1
zimbra-zimlet-date                         -> 3.2.1.1589372379-1
zimbra-zimlet-additional-signature-setting -> 3.1.1.1589372360-1
zimbra-modern-zimlets                      -> 3.8.1.1592496115-1
zimbra-network-modules-ng                  -> 7.0.3.1593294205-1
zimbra-drive-ng                            -> 4.0.3.1592414888-1
zimbra-drive-modern                        -> 1.0.3.1592414888-1
zimbra-connect                             -> 2.0.3.1592414205-1
zimbra-connect-modern                      -> 1.0.3.1592414205-1
zimbra-zimlet-onedrive                     -> 3.0.1.1586888772-1
zimbra-zimlet-slack                        -> 3.0.1.1586888756-1
zimbra-zimlet-google-drive                 -> 3.0.1.1586888748-1
zimbra-zimlet-dropbox                      -> 3.0.1.1586889023-1
zimbra-zimlet-zoom                         -> 4.0.2.1589492807-1
zimbra-zimlet-classic-unsupportedbrowser   -> 1.0.0.1591045240-1
zimbra-docs                                -> 4.0.2.1592415625-1
zimbra-docs-modern                         -> 1.0.2.1592415625-1

RHEL Upgraded Packages

The packages for RHEL 8 are:

Package Name                                Version
zimbra-aspell                  ->      0.60.8-1zimbra8.7b1
zimbra-net-snmp                ->      5.8-1zimbra8.7b1
zimbra-memcached               ->      1.6.5-1zimbra8.7b1
zimbra-perl-net-server         ->      2.009-1zimbra8.7b1
zimbra-perl-io-socket-ssl      ->      2.068-1zimbra8.7b1
zimbra-perl-compress-raw-bzip2 ->      2.093-1zimbra8.7b1
zimbra-perl-compress-raw-zlib  ->      2.093-1zimbra8.7b1
zimbra-perl-io-compress        ->      2.093-1zimbra8.7b1
zimbra-perl-list-moreutils     ->      0.428-1zimbra8.7b1
zimbra-perl-carp-clan          ->      6.08-1zimbra8.7b1
zimbra-perl-dbd-mysql          ->      4.043-1zimbra8.7b2
zimbra-pflogsumm               ->      1.1.5-1zimbra8.7b2
zimbra-prepflog                ->      0.4.1-1zimbra8.7b2
zimbra-aspell-ar               ->      1.2.0-1zimbra8.7b2
zimbra-aspell-da               ->      1.4.42.1-1zimbra8.7b2
zimbra-aspell-de               ->      20030222.1-1zimbra8.7b2
zimbra-aspell-en               ->      7.1.0-1zimbra8.7b2
zimbra-aspell-es               ->      1.11.2-1zimbra8.7b2
zimbra-aspell-fr               ->      0.50.3-1zimbra8.7b2
zimbra-aspell-hi               ->      0.02.0-1zimbra8.7b2
zimbra-aspell-hu               ->      0.99.4.2.0-1zimbra8.7b2
zimbra-aspell-it               ->      2.2.20050523.0-1zimbra8.7b2
zimbra-aspell-nl               ->      0.50.2-1zimbra8.7b2
zimbra-aspell-pl               ->      6.0.20061121.0-1zimbra8.7b2
zimbra-aspell-pt-br            ->      20090702.0-1zimbra8.7b2
zimbra-aspell-ru               ->      0.99f7.1-1zimbra8.7b2
zimbra-aspell-sv               ->      0.51.0-1zimbra8.7b2
zimbra-aspell-zimbra           ->      1.0.0-1zimbra8.7b2
zimbra-php                     ->      7.3.1-1zimbra8.7b4
zimbra-perl-net-http           ->      6.09-1zimbra8.7b2
zimbra-perl-http-message       ->      6.11-1zimbra8.7b2
zimbra-perl-http-negotiate     ->      6.01-1zimbra8.7b2
zimbra-perl-http-daemon        ->      6.01-1zimbra8.7b2
zimbra-perl-http-cookies       ->      6.01-1zimbra8.7b2
zimbra-perl-libwww             ->      6.13-1zimbra8.7b2
zimbra-perl-lwp-protocol-https ->      6.06-1zimbra8.7b2
zimbra-perl-config-inifiles    ->      2.86-1zimbra8.7b2
zimbra-perl-bit-vector         ->      7.4-1zimbra8.7b2
zimbra-perl-date-calc          ->      6.4-1zimbra8.7b2
zimbra-perl-archive-zip        ->      1.53-1zimbra8.7b2
zimbra-perl-xml-parser         ->      2.44-1zimbra8.7b2
zimbra-perl-xml-sax-expat      ->      0.51-1zimbra8.7b2
zimbra-perl-xml-simple         ->      2.20-1zimbra8.7b2
zimbra-perl-soap-lite          ->      1.19-1zimbra8.7b2
zimbra-perl-mail-spamassassin  ->      3.4.4-1zimbra8.8b2
zimbra-perl-swatchdog          ->      3.2.4-1zimbra8.7b2
zimbra-perl-innotop            ->      1.9.1-1zimbra8.7b2
zimbra-perl                    ->      1.0.4-1zimbra8.7b1
zimbra-cluebringer             ->      2.1.0.0.cf484f1b93cf9965886cc89d33bdeee9c26426cb-1zimbra8.7b2
zimbra-spamassassin-rules      ->      1.0.0-1zimbra8.8b2
zimbra-apache-components       ->      2.0.1-1zimbra8.8b1
zimbra-mta-components          ->      1.0.8-1zimbra8.8b1
zimbra-snmp-components         ->      1.0.1-1zimbra8.7b1
zimbra-spell-components        ->      2.0.1-1zimbra8.8b1
zimbra-core-components         ->      3.0.0-1zimbra8.8b1

The updated packages for RHEL 8 are:

Package            Old-Version    New-Version
aspell             0.60.7-rc1     0.60.8
Net-Snmp           5.7.3          5.8
memcached          1.4.37         1.6.5
Net-Server         2.008          2.009
IO-Socket-SSL      2.02           2.068
Compress-Raw-Bzip2 2.069          2.093
Compress-Raw-Zlib  2.069          2.093
IO-Compress        2.069          2.093
List-MoreUtils     0.413          0.428
Carp-Clan          6.04           6.08
DBD-mysql          4.033          4.043

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-proxy-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade zimbra-mta-components on MTA node for FOSS and NETWORK

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install the package:
yum install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-talk and zimbra-network-modules-ng (NETWORK Only)

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the packages:
yum install zimbra-network-modules-ng
yum install zimbra-talk
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, install the package:
yum install zimbra-docs
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-drive-ng (NETWORK Only)

  • As root, install the package:
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server sees there is a new zimbra-patch package in the patch repository:
apt-get update
  • Then update available packages:
apt-get upgrade

OR

  • Update all available packages plus any kernel updates:
apt-get dist-upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-proxy-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Ubuntu 18 zimbra-proxy-patch version

zimbra-proxy-patch        ->  8.8.12.1554984827.p3-1

The installation of this patch is mandatory for the proxy to function on Ubuntu 18 servers.

Install/Upgrade zimbra-mta-components on MTA node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-mta-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install package:
apt-get install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-talk and zimbra-network-modules-ng (NETWORK Only)

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-talk
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, install package:
apt-get install zimbra-docs
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-drive-ng (NETWORK Only)

  • As root, install package:
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root, install the package:
apt-get install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart
Jump to: navigation, search