Zimbra Releases/10.0.1

Zimbra Collaboration Daffodil 10.0.1 Patch Release

Release Date: May 30, 2023

Check out the Security Fixes, What's New, Fixed Issues, Things to Know Before Upgrading and Known Issues sections for this version of Zimbra Collaboration. Please refer to the Patch Installation steps for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

Important Upgrade Instructions for Daffodil v10 version older than build 10.0.0_GA_4452

If you are currently using the Beta version build of Daffodil v10 (10.0.0_GA_4452), please follow these upgrade instructions:

  • Upgrade to the latest GA Version build 10.0.0_GA_4518: It is crucial to first upgrade to the latest GA version before proceeding with any further updates. This latest GA release includes essential updates, including modifications to the database schema and various other feature improvements.
  • Upgrade to 10.0.1 Patch: Once you have successfully upgraded to the latest GA version build 10.0.0_GA_4518, you can proceed with the upgrade to the 10.0.1 patch. This patch release addresses specific issues and introduces further enhancements.

By following this upgrade path, you ensure that your system is properly updated, incorporating the necessary database schema changes and other critical updates introduced in the latest GA build.


IMPORTANT: Reactivation of license required

After applying this patch, the customers will have to re-activate the license. Execute this command as a zimbra user:

zmlicense -a

IMPORTANT: Remove Client Uploader

A majority of customers now use other options to distribute packages to the end users. If you want to continue use ClientUploader then follow these manual steps for installation.

Redhat

  • As root, install the package:
yum install zimbra-extension-clientuploader
yum install zimbra-zimlet-admin-clientuploader
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Ubuntu

  • As root, install the package:
apt-get install zimbra-extension-clientuploader
apt-get install zimbra-zimlet-admin-clientuploader
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating
As part of continuous improvement, ClientUploader packages has been removed from core product and moved to an optional package CVE-2023-34193 TBD Medium
Added additional validations for 2FA login CVE-2023-29381 TBD Medium
The Apache package has been upgraded to version 2.4.57 to fix multiple vulnerabilities CVE-2023-25690 9.8 Low
Remove unused JSP file which may bypass the Preauth verification CVE-2023-29382 TBD Low
The Apache CXF package has been upgraded to version 3.5.5 to fix SSRF vulnerability CVE-2022-46364 9.8 Low
The Spring Core package has been upgraded to version 6.0.8 to fix multiple vulnerabilities CVE-2022-22970 5.3 Low


What's New

Package Upgrade


  • The Apache package has been upgraded from 2.4.54 to 2.4.57
  • The Apache CXF package has been upgraded from 3.5.1 to 3.5.5
  • The Spring Core package has been upgraded from 5.3.18 to 6.0.8


Modern Web App

General

  • When opening Classic UI from Modern UI menu, Classic UI is opened in the current browser instead of opening it in a new browser tab.
  • Users can now configure message retention and message disposal policies.

Zimbra Connector for Outlook

To better manage storage on Outlook, the Auto Archive feature is now available for users. The settings can be accessed at File -> Options -> Advanced -> AutoArchive. By default the feature is disabled. This feature does not support auto archiving Calendar and Shared Inbox folders but we continue to support them through Manual Archive feature.

Chat and Video

  • Free hosted one to one chat is now available as part of the Chat and Video module. A free tier for the chat has been introduced, allowing unlimited users to benefit from this feature. The Enterprise offering is *only* available for BSP's at this point in time.
Caption: Free Vs. Enterprise version
Free Enterprise
Number of users Unlimited Unlimited
File storage

Chats and recording files

1GB

per domain

35GB

per user

Max file size on chat 5MB 50MB
Private chats Yes Yes
Group chats No Yes
Message history Unlimited Unlimited
Search in one chat Yes Yes
Search in all chats No Yes
Broadcast No Yes
Videoconference Time - Unlimited
Videoconference Participants - Up to 100
Action logs No Yes
Message auditing No Yes
Youtube Livestream No Yes

Fixed Issues

Zimbra Collaboration

  • Users can now add their Google calendar as an External calendar. ZBUG-2802
  • On the Ubuntu systems, executing zmfixperms script updated incorrect permissions for the /var/log/zimbra.log file. ZBUG-2783
  • When using Load Balancer with a Zimbra Proxy server, if it receives multiple IP addresses in the X-Forwarded-For header, it treated it as one single IP to perform the Whitelist check which resulted in suspending it. The issue has been fixed and now a whitelist check is done on a single IP address even if multiple IP addresses are received. ZBUG-2250

Classic Web App

  • External users with authorized access were unable to view externally shared briefcase folder.
  • Translations have been updated for Arabic, Deutsch (German), French Canadian, Danish, Hindi, Japanese and Español (Spanish).
  • Permission denied error was being displayed when trying to send as distribution list or persona. ZBUG-3364

Modern Web App

General

  • Addresses in To and Cc fields of an email were not being displayed intermittently when viewed in the preview pane. ZBUG-3398
  • When writing new e-mail the 'From' drop-down menu used to show '[object Object]' on hover of an email address. ZBUG-2945
  • Previously, all permissions were not displayed while adding new users in the calendar share list. Now, all permissions are displayed in this scenario. ZBUG-2940

Mobile Sync

  • On an iOS device, when manually moving an email from Inbox to the Trash folder triggered continuous move requests. The issue has been fixed.
  • On the Gmail App, the sharing feature is now available for Mail folders.


Things to Know Before Upgrading

Please review the following information to decide if Zimbra Daffodil (v10) is suitable for you.

  • Zimbra Touch Client, Zimbra Mobile Client, and Zimbra HTML (Standard) Client are no longer a part of Zimbra starting from Version 9.0.0.
  • A Zimbra Network Edition license is required to use Zimbra Daffodil (v10).
  • The customizations implemented for SAML and SPNEGO will be overridden during an upgrade. It is recommended to backup these configurations before upgrading the server.
  • In case of rolling upgrades, if some mailstore nodes are upgraded to zimbra-10 and some mailstore nodes are on Zimbra 9.0.x or Zimbra 8.8.15 then, zimbraReverseProxyUpstreamLoginServers should only contain the list of Zimbra 10.0.0 mailboxes. If this is not followed then in some cases, users on zimbra-10 mailstore nodes will not be able to see Modern Web App after login.
  • Zimbra (v10) continues to support two versions of Zimbra Web Client -- Modern and Classic.
    • To know more about the highlights of the Modern Web App, please refer to Introducing the Modern Web Application
    • The Classic Web App offers the same functionality as the Advanced Web Client in Zimbra version 8.8.15.
    • Existing customized themes, logo branding changes, and crontab changes are incompatible with, and hence do not reflect in the Modern Web App. Branding needs to be re-configured to work with the Modern Web App. The Modern Web App does not currently support themes. Please refer to the Customizing Modern Web App section of Admin Guide for more information related to configuration.
    • Zimlets are supported on both the Web Clients.
    • Zimlets that work with the Classic Web App are incompatible with the Modern Web App. And due to technology changes, there is no way to migrate the Zimlets from the Classic Web App to the Modern Web App or vice-versa.
  • For Non-NG setups, recommendations when using mailbox move (through zmmboxmove utility) on Rolling-Upgrade environment:
    • Always take full backup *before* doing zmmboxmove.
    • If using Storage Management with primary and secondary storage as Internal, then set zimbraMailboxMoveSkipBlobs and zimbraMailboxMoveSkipHsmBlobs attributes to FALSE before doing zmmboxmove.
    • Always recommended to run HSM and move blobs to current primary/secondary volumes in case of multiple primary/secondary volumes present in the system before doing zmmboxmove.
    • zmmboxmove command should be run from Zimbra (v10) mailbox server.

After you review the tasks in this section, please go to Upgrade Instructions.


Known Issues

Zimbra Collaboration

  • On NG based rolling-upgrade setup and before migrating the Internal Storage data to zimbra-10 server using the NG Migration utility, disable the Compression for volumes on zimbra-10 server.
  • When using an external storage provider for Secondary storage, please exclude the Documents from the policy as it appears garbled after it is moved to external storage.
  • On a NG based rolling-upgrade setup, when either sharer or sharee is not moved to zimbra-10 server and the drive data is imported through the NG Migration utility, the drive files sharing information is not available. Hence, the shared files are not available after the import.

Workaround - Before importing the Drive data for the users, move the sharee and sharer from NG server to zimbra-10 server.

  • When upgrading to Zimbra 10 using the rolling upgrade mechanism, if a user on Zimbra 10 shares a Briefcase file with a user on Zimbra 9, then while UI will display a 'Permission denied' error to the user on Zimbra 10, the user on Zimbra 9 still ends up receiving an email that the file has been shared. Even though the mail is received by the Zimbra 9 user, they will not be able to access the file, as the file sharing feature is not available in Zimbra 9.
  • During Rolling Upgrade to Zimbra 10, a user on Zimbra 9 may share a Briefcase folder with a Zimbra 10 user. However, since files were not shared with Zimbra 10 user, the files within the shared folder are not accessible to the Zimbra 10 users.
  • During Rolling Upgrade to Zimbra 10 from Zimbra 9/8.x having NG modules installed, when a Zimbra 9/8.x user creates new files from Briefcase, it results in a error "TypeError: g is null".
  • During Rolling Upgrade to Zimbra 10, a user on Zimbra 10 may share a file with a Zimbra 9 user. However, Zimbra 9 user will not be able to access the file from the shared URL.
  • Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE.
  • Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors
  • When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.
  • When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.
  • User is not able to search files in the "Files shared with me" folder, within Briefcase.
  • Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".

Web UX - Admin

  • In Admin UI, if two users are assigned the Administrator privilege followed by "Assign default domain administrator views and rights", there is an error displayed for the second user, and the request is not completed. This happens due to a caching issue, and flushing the cache of the mail-store resolves this issue.

Mobile Sync

  • On iOS Native App, if the Mail, Calendar, and Contacts folders are shared with the user, the shares are not displayed on the App.Similarly, for Windows Outlook and Windows Native Contacts App, if the Contacts folder is shared with the user, the shares are not displayed on the App.

Workaround - The user will have to reconfigure his account on the device to get the shares mounted on the device.

  • Exchange ActiveSync protocol currently does not support Read-Only permission sharing. It is recommended not to enable Sharing for the users having shares with Read-Only permission.
  • In a Rolling-upgrade environment, if a zimbra-9 user shares a calendar with zimbra-10 user, the events are not synced.

Workaround - For the Rolling-Upgrade environment involving the NG mailbox server, due to technical differences between the NG Mobile feature and Zimbra (v10) Mobile Sync feature, it is recommended to use Sharing feature after moving all the accounts to zimbra-10 mailbox server.

  • For Windows Mail App, the Sent folder emails are not displayed after blocking and unblocking the user.

Workaround - The user can remove and reconfigure the account on the app.

  • When using iOS Outlook App, Out of Office settings are not synced to the user's account in Web App.
  • When the organizer and attendee use the Outlook app, if the organizer cancels an instance from a recurring meeting, the same is not reflected on the attendee's calendar.


Backup Restore

  • When using backup and restore to move data from source 9.x NG server to destination 10.x server, if both the source and destination, primary volumes are 'External', and zimbraBackupSkipBlobs is set to True, then emails moved secondary volume throw 'Missing Blob for item' error.
  • When an account is restored using backup data from NG external secondary volume, the account is displaying garbled data for emails on the destination server.
  • When we schedule backup using zmschedulebackup command, backup is getting scheduled in crontab and LDAP attributes are updated with appropriate values.

Briefcase

  • The zimbraFileUploadMaxSize cannot be set to more than 2GB (2146483647 bytes). Due to this, the users cannot upload files larger than 2GB to their Briefcase.

Packages

The package lineup for this release is:

PackageName                                       -> Version
zimbra-patch                                      ->  10.0.1.1684843569-2
zimbra-mta-patch                                  ->  10.0.1.1684337416-1
zimbra-proxy-patch                                ->  10.0.1.1684242137-1
zimbra-ldap-patch                                 ->  10.0.1.1684242137-1
zimbra-common-core-jar                            ->  10.0.1.1684124726-1
zimbra-mbox-war                                   ->  10.0.1.1684124726-1
zimbra-mbox-ews-service                           ->  10.0.1.1683869041-1
zimbra-common-core-libs                           ->  10.0.1.1678343103-1
zimbra-mbox-webclient-war                         ->  10.0.1.1684143400-1
zimbra-mbox-admin-console-war                     ->  10.0.1.1684142169-1
zimbra-modules-porter                             ->  1.0.0.1683867991-1
zimbra-httpd                                      ->  2.4.57-1zimbra8.7b4
zimbra-apache-components                          ->  2.0.10-1zimbra8.8b1
zimbra-spell-components                           ->  2.0.11-1zimbra8.8b1  ( RHEL8, UBUNTU20: 2.0.12-1zimbra8.8b1 )
zimbra-zco                                        ->  9.0.0.1930.1684419492-1
zimbra-extension-clientuploader                   ->  1.0.0.1683611258-1
zimbra-zimlet-admin-clientuploader                ->  8.0.0
zimbra-modern-ui                                  ->  4.32.0.1684838829-1
zimbra-modern-zimlets                             ->  4.32.0.1684838829-1
zimbra-zimlet-set-default-client                  ->  10.1.0.1684745565-1
zimbra-zimlet-secure-mail                         ->  2.2.0.1684238166-1
zimbra-zimlet-document-editor                     ->  11.0.0.1684238166-1


Patch Installation

Please refer to below link to install 10.0.1 patch :

Patch Installation

Jump to: navigation, search