Zimbra Releases/10.0.0
Zimbra Daffodil (v10) GA Release
Release Date: March 8, 2023
Check out the What's New, Things to Know Before Upgrading and Known Issues sections for this version of Zimbra Collaboration.
Please refer to the Single-Server Install Guide, Multi-Server Install Guide, and Upgrade Guide for install and upgrade instructions.
IMPORTANT: Instructions to update Zimbra's onlyoffice repository for installing zimbra-onlyoffice package.
Please note that there is no change in the onlyoffice package. Add Zimbra's onlyoffice repository to the server before Zimbra Daffodil v10 installation/upgrade. These repos will be included by default in upcoming Zimbra Daffodil version.
https://repo.zimbra.com/apt/onlyoffice
https://repo.zimbra.com/rpm/onlyoffice
You must add your local repository to your RHEL/CentOS Configuration :
Redhat
RHEL7
$ cat > /etc/yum.repos.d/zimbra-onlyoffice.repo <<EOF [zimbra-onlyoffice] name=Zimbra Onlyoffice RPM Repository baseurl=https://repo.zimbra.com/rpm/onlyoffice/rhel7 gpgcheck=1 enabled=1 EOF
RHEL8
$ cat > /etc/yum.repos.d/zimbra-onlyoffice.repo <<EOF [zimbra-onlyoffice] name=Zimbra Onlyoffice RPM Repository baseurl=https://repo.zimbra.com/rpm/onlyoffice/rhel8 gpgcheck=1 enabled=1 EOF
yum --disablerepo=* --enablerepo=zimbra-onlyoffice clean metadata yum check-update --disablerepo=* --enablerepo=zimbra-onlyoffice --noplugins
Ubuntu
UBUNTU18
$ cat > /etc/apt/sources.list.d/zimbra-onlyoffice.list << EOF deb [arch=amd64] https://repo.zimbra.com/apt/onlyoffice bionic zimbra deb-src [arch=amd64] https://repo.zimbra.com/apt/onlyoffice bionic zimbra EOF
UBUNTU20
$ cat > /etc/apt/sources.list.d/zimbra-onlyoffice.list << EOF deb [arch=amd64] https://repo.zimbra.com/apt/onlyoffice focal zimbra deb-src [arch=amd64] https://repo.zimbra.com/apt/onlyoffice focal zimbra EOF
apt-get update
NOTICE: Packages updated on 29-March-2023
Some packages have been updated on 29-March-2023 (9:00 AM GMT). In case, you have installed Zimbra 10 before this time and are using either Modern UI or the new Chat & Video feature, we recommend updating the packages using the instruction provided in the section - Upgrade Packages. In case, you have installed Zimbra 10 before this time and you are using Ubuntu and if Ubuntu is set to auto-upgrade, and if chat and video stops working, then you need to manually move the following configuration files from Immail directory to chat-video directory (/opt/zimbra/lib/ext/chat-video).
- Config.properties
- Config.domains.json
Description
We are very excited about the announcement of the release of Zimbra Daffodil (v10). With this release, we've consolidated our core code-base and replaced certain older NG add-on modules with new & improved core modules that will see continuous enhancements in future updates. With Zimbra Daffodil (v10), we're committed and focused on improving its stability, security, quality, features & capabilities, user experience, performance, extensibility, and scalability.
Zimbra (v10) release provides the same or better features than Zimbra 8.8.15 and 9.0 and will be our main code base for continuous improvement and innovation going forward.
What does this mean?
It means that each component integrates at the application layer and is designed to work together in unison. Zimbra Daffodil(v10) also removes data restrictions and allows full access to your data. With all core components managed by us, it will enable us to innovate faster and bring new features to market quicker than before.
What's new or updated in Zimbra (v10)
Installation, Upgrade, & Migration
In the Zimbra Daffodil(v10) release, we focused on new installations, rolling upgrades with and without NG modules, and in-place upgrades for customers running without NG modules. Here are key topics you need to know about upgrading and migration:
- Single and Multi-Server installation is supported for new installations of Zimbra (v10).
- For customers using NG modules on a Multi-Server setup, we are releasing a migration tool that will help the customers to migrate their NG modules data to the new Zimbra-10 server. Please refer to the migration guide for more details. Please note that this tool is being released as a Beta utility and should be tested on dev/test environment(s) before using it on production data. For more guidance, please reach out to our support team.
- For customers using NG modules on a Single-Server setup, currently we do not support an in-place upgrade or migration. We are working on steps to migrate such a setup. We will update you soon.
- For customers on Multi-Server setup and NOT using NG modules, Rolling upgrade is the recommended method where you either upgrade existing or add new replacement LDAP's, Proxy's and MTA's. Once the LDAP, Proxy and MTA's are running the latest version, you then add a new mail store and use zmmboxmove to move accounts from the older store to the new zimbra-10 store. For more information please refer to rolling-upgrade guide.
- In-place upgrade is only recommended for customers who are not running NG modules. In-place upgrades are supported from 8.8.15 and 9.0.0 versions running the latest patch releases.
Backup & Restore
Daffodil backup and recovery is built with the understanding that backups should not affect the server or user experience while providing the best disaster recovery restore. The Daffodil backup offers the ability to backup using auto-grouping or full backup with incremental logging. Here are key topics you need to know about upgrading to 10.0 Backup and Restore:
- A new backup will need to be initialised after the upgrade.
- Backup consists of two backup methods.
- Auto-grouping is a great backup method but is best for large installations where 5,000+ accounts reside on a single mail store. Smaller installations will benefit with creating a full backup once a week.
- The default backup method is known as the 'Standard' method, and is recommended for most customers.
- Backups can be created at the Global, Server, COS, Domain, and account level.
- Dumpster feature has been integrated with backup and restore which is called 'Message Reclaim'. This is the first phase in many to provide a simpler way to manage and restore data that was deleted accidentally. Currently, the reclaim is a command line function but stay tuned for improvements within the coming releases.
- Multiple restore methods. A disaster doesn't always destroy the full store or cluster. 10.0 backup brings back the ability to restore each component (store, meta-data, LDAP data) or a mail-store or the full cluster.
- Advance restore mode, which can be used within a full mail-store disaster recovery where all of the Metadata and accounts are restored to production before the blob data. Because blob restore accounts for the majority of the restore time, the time that takes to restore and put the account back into production has significantly improved. Once the account is active, the restore process will restore the blobs. Please note, users will receive a missing blob error until the blob has been restored.
Storage Management
The Storage Management (SM) feature is where you configure storage volumes for primary, and secondary data stores and indexing. SM using the scheduler also provides the ability to move older data from primary higher-cost to secondary lower-cost storage based on age. In most instances, end users will not experience any performance differences.
Storage Management can be managed within the Administrator UI at the global and server level or from the command line.
SM supports local and external storage for the following providers:
- Amazon AWS S3 - Supports Intelligent Tiering.
- Ceph
- Netapp StorageGrid
- OpenIO
- EMC
- Scality
- Custom S3
Mobile Sync and Device Management
The mobile sync feature supports the latest devices and has improved calendar synchronization. It contains all of the security as the past versions but is now part of the core code.
Following are some more details:
- Support active-sync versions 16.1, 16.0, 14.1, 14.0 & 12.1.
- Support shared Folders and Calendars.
- Support configuring user-level ActiveSync protocol version
- Support Autodiscover.
- Allow/Block/Quarantine (ABQ) support.
- Support Mobile Device Security Policies:
- Remote Wipe.
- Account Only Remote Wipe.
- Device password policies.
- S/MIME encryption policies.
- Support MDM Apps – IBM Maas 360 and Apple Airwatch.
- Notification support for Quarantined devices at specified intervals.
Note: When using a Rolling-Upgrade with NG modules, after the accounts are moved from the NG server to the Zimbra-10 servers, all ActiveSync sync-tokens will be reset. Because of this, all devices will receive a re-sync request, then each device should acknowledge the request and initiate a full re-sync. The majority of devices will do this automatically and with no action required by the device owner. The acknowledgment action is a device action, and some older Samsung devices have been known not to respond which requires the user to either recreate the profile or re-enter the password.
For the Non-NG Rolling-Upgrade setup, ActiveSync users will have to reconfigure their activesync profile on the devices/app to start using the latest ActiveSync version.
Briefcase
10.0 restores documentation management within the Briefcase. This provides a single location where a user can manage, store, share, and edit documents. Here are key topics you need to know about upgrading to 10.0 Documentation Management:
- All document data within Briefcase is stored within the core of server which means the data is within the account mysql database and stored within the data store.
- Each mail store can contain its own instance of Office.
- File sharing internally or publicly.
- Collaborative editing of files.
Office
Daffodil provides an updated set of documentation editors that works with Word, Spreadsheet, & Presentation documents.
- Can be installed on each mail store.
- Supports editing and sharing of documents with multiple users.
- Supports Single file or folder share.
- Supports High fidelity Document preview.
- Supports many document formats.
- Supports Version control.
For the Rolling-Upgrade setup, the Document editing/sharing feature will not work until the Grantor and Grantee are moved to zimbra-10 mailbox servers.
Similarly, any Drive user data migrated to Zimbra (v10), will not work as expected until the Grantor and Grantee are moved to zimbra-10 mailbox servers.
Chat and Video
It is an enterprise video and chat solution. This offering includes individual, group chats, contact and group support, video calling support, chat archival and many other standard chat and video features.
- SAAS offering
- Simplistic configuration - Once the Admin account is created and configured, end users accounts will be automatically created based on COS configuration.
- Supported within the Classic Web App, Modern Web App, Desktop App, and Mobile Apps which are currently available on play store and app store.
Delegated Administrator
Delegated Administrators can now be assigned predefined rights for common tasks. A common example is to create a Helpdesk administrator who can only reset password. Following commonly used predefined rights have been added in this release and more will be added in the upcoming releases:
- Domain administrator
- Reset passwords
- Edit contact info
Things to Know Before Upgrading
Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.
- Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.
- A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).
- The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.
- In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then,
zimbraReverseProxyUpstreamLoginServers
should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login. - Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.
- To know more about the highlights of the Modern Web App, please refer to Introducing the Modern Web Application
- The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.
- Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the Customizing Modern Web App section of Admin Guide for more information related to configuration.
- Zimlets are supported on both the Web Clients.
- Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.
- For Non-NG setups, recommendations when using mailbox move (through zmmboxmove utility) on Rolling-Upgrade environment:
- Always take full backup *before* doing zmmboxmove.
- If using Storage Management with primary and secondary storage as Internal, then set
zimbraMailboxMoveSkipBlobs
andzimbraMailboxMoveSkipHsmBlobs
attributes to FALSE before doing zmmboxmove. - Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing
zmmboxmove
. zmmboxmove
command should be run from Zimbra (v10) mailbox server.
After you review the tasks in this section, please go to Upgrade Instructions.
Known Issues
These are Known Issues against Zimbra 10.0.0 and will be addressed in future updates and/or patches.
Mobile Sync
- On iOS Native App, if the Mail, Calendar, and Contacts folders are shared with the user, the shares are not displayed on the App. Similarly, for Windows Outlook and Windows Native Contacts App, if the Contacts folder is shared with the user, the shares are not displayed on the App.
Workaround - The user will have to reconfigure his account on the device to get the shares mounted on the device.
- The sharing of mail folders on the Gmail app has been disabled. This issue will be fixed in the upcoming zimbra-10 patch release.
- Exchange ActiveSync protocol currently does not support Read-Only permission sharing. It is recommended not to enable Sharing for the users having shares with Read-Only permission.
- In a Rolling-upgrade environment, if a zimbra-9 user shares a calendar with zimbra-10 user, the events are not synced.
Workaround - For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server.
- For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.
Workaround - The user can remove and reconfigure the account on the app.
- When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App.
- When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.
- Syncing of shared calendars has been disabled on Outlook App for iOS and Android due to syncing issues. This issue will be fixed in the upcoming zimbra-10 patch release.
Backup-Restore
- When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are ‘External’, and zimbraBackupSkipBlobs is set to True, then emails restored to Primary volume throws ‘Missing Blob for item’ error.
- When an account is restored using backup data from NG external secondary volume, the account is displaying garbled data for emails on the destination server.
- When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are 'Internal' and secondary volumes are 'External', and zimbraBackupSkipBlobs is set to False, and zimbraBackupSkipHSMBlobs is set to True, then emails moved to primary volume are accessible but emails moved to secondary volume throw 'Missing Blob for item' error.
- When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.
Storage Management
- When using an external storage provider for Secondary storage, please exclude the Documents from the policy as it appears garbled after it is moved to external storage.
Briefcase
- The
zimbraFileUploadMaxSize
cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.
Platform
- On NG based rolling-upgrade setup and before migrating the Internal Storage data to zimbra-10 server using the NG Migration utility, disable the Compression for volumes on zimbra-10 server.
- On a NG based rolling-upgrade setup, when either sharer or sharee is not moved to zimbra-10 server and the drive data is imported through the NG Migration utility, the drive files sharing information is not available. Hence, the shared files are not available after the import.
Workaround - Before importing the Drive data for the users, move the sharee and sharer from NG server to zimbra-10 server.
- When upgrading to Zimbra 10 using the rolling upgrade mechanism, if a user on Zimbra 10 shares a Briefcase file with a user on Zimbra 9, then while UI will display a 'Permission denied' error to the user on Zimbra 10, the user on Zimbra 9 still ends up receiving an email that the file has been shared. Even though the mail is received by the Zimbra 9 user, they will not be able to access the file, as the file sharing feature is not available in Zimbra 9.
- During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users.
- Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE.
- When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.
- When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.
- User is not able to search files in the "Files shared with me" folder, within Briefcase.
- Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".
- During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".
- During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.
- Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors
Web UX - Admin
- In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue.
Web UX - Modern
- Conversations do not expand when a user clicks on the 3 dots within an email.
Upgrade Packages
The following packages have been updated on 29-March-2023 (9:00 AM GMT).
PackageName -> Version zimbra-modern-ui -> 4.31.0.1679402852-1 zimbra-modern-zimlets -> 4.31.0.1679402852-1 zimbra-zimlet-user-sessions-management -> 10.0.0.1679402603-1 zimbra-zimlet-secure-mail -> 2.1.0.1679402603-1 zimbra-zimlet-document-editor -> 10.1.0.1679402603-1 zimbra-zimlet-classic-document-editor -> 2.1.0.1679402603-1 zimbra-extension-chat-video -> 1.3.0.1678947111-1 zimbra-zimlet-chat-video-classic -> 1.3.0.1678947111-1 zimbra-zimlet-chat-video-modern -> 1.3.0.1678947111-1
Zimbra Additional Zimlets:
zimbra-zimlet-onedrive -> 6.2.1.1679445847-1 zimbra-zimlet-google-drive -> 6.2.1.1679445847-1 zimbra-zimlet-slack -> 5.7.1.1679445847-1 zimbra-zimlet-privacy-protector -> 5.1.0.1679402603-1 zimbra-zimlet-duplicate-contacts -> 6.1.0.1679402603-1
Instructions to install/update packages on mailstore node
RHEL/Centos/Rocky Linux
yum clean metadata yum check-update yum update su - zimbra zmcontrol restart
Steps to install Zimbra Additional Zimlets
yum install zimbra-zimlet-onedrive yum install zimbra-zimlet-google-drive yum install zimbra-zimlet-slack yum install zimbra-zimlet-privacy-protector yum install zimbra-zimlet-duplicate-contacts su - zimbra zmmailboxdctl restart
Ubuntu
apt-get update apt-get upgrade su - zimbra zmcontrol restart
Steps to install/update Zimbra Additional Zimlets
apt-get install zimbra-zimlet-onedrive apt-get install zimbra-zimlet-google-drive apt-get install zimbra-zimlet-slack apt-get install zimbra-zimlet-privacy-protector apt-get install zimbra-zimlet-duplicate-contacts su - zimbra zmmailboxdctl restart