Zimbra Releases/10.1.0

Zimbra Daffodil (v10.1.0) GA Release

Release Date: July 16, 2024

Check out the What's New, Things to Know Before Upgrading and Known Issues sections for this version of Zimbra Collaboration.

Things to know before you upgrade

Changes to Licensing System

Zimbra Daffodil (v10.1) introduced a new license service with significant changes in licensing management. A new service named License Daemon Service (LDS) has been added and is a required service to support the management of the license. Please refer to Licensing Enhancement section for more details.

NOTE: Please reach out to Support to get your 10.1.0 license before you plan your installation or upgrade. You will not be able to proceed with the upgrade without the new license key.

Chat & Video

On-premises version of Zimbra Chat and Video will soon be released as a fast follower to the Zimbra 10.1.0 release. The on-premises version cannot coexist with the hosted or SaaS version of Chat and Video that was released with 10.0.0. Hence, starting with version 10.1.0, Zimbra will only support the on-premises version of Chat and Video.

If you are currently using the hosted/SaaS version of the Zimbra Chat and Video module with Zimbra 10.0.0, we request you wait until the new on-premises version is released. Along with this new version, we will also release a migration utility to help migrate all your chats from the hosted version on 10.0.0 to the on-premises version on 10.1.0.

Security Fixes

Summary CVE-ID CVSS Score
Removed the use of Node integration from the Electron framework used in Modern Zimbra Desktop that allowed remote code execution, preventing Node.js code from being executed in the renderer process. TBD TBD
Upgraded Electron framework used in Modern Zimbra Desktop to version 28.0.0, This update mitigates potential security risks associated with the outdated Electron version 11.5.0. CVE-2023-4863 8.8
Upgraded graphiql from version 3.1.0 to 3.2.0 to address a high severity infinite loop vulnerability TBD TBD
Addressed a high severity Prototype Pollution vulnerability in Modern UI. The concerned library has been removed from the codebase, and a custom utility function has been implemented to achieve the same functionality, mitigating the vulnerability. TBD TBD

Coming Soon

RHEL/Rocky Linux 9 (Beta)

The ZCS build for RHEL/Rocky Linux 9 Operating System is currently under validation. We are working diligently to ensure the build meets our stability and performance criteria. We plan to release beta support for this build in Q3, targeting early September.

What's New

NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.

Ubuntu 22 Support (Beta)

With this release Ubuntu 22 Support (Beta) is available. Watch for the GA announcement in an upcoming patch release.

Licensing Enhancement

A new format of the license, an 18-26 alphanumeric character key has been introduced replacing the older .xml file format.

Once the Zimbra Collaboration license is activated no future license management by the user is required. License management is real-time and is managed by Zimbra Collaboration. Any changes required in the license will be done by the Zimbra Collaboration team and the updates will be reflected on the server in approximately 5-15 minutes.

NOTE: Please reach out to Support to get your 10.1.0 license before you plan your installation or upgrade. You will not be able to proceed with the upgrade without the license key.

Install & Upgrade Changes

With the introduction of the License Daemon Service, there are significant changes to the installation and upgrade process.

License Daemon Service

The License Daemon Service (LDS) is a new service that communicates with the Zimbra License Server.

It is responsible for managing license information with Zimbra License Server. During Install/Upgrade, the LDS package gets displayed as ```zimbra-license-daemon``` in the modules list and is a required service. All real-time licensing operations are carried out through the LDS.

When installing/upgrading the setup, the LDS has to be installed on the server that has internet access - Proxy, MTA.

A dedicated LDS node can also be set up.

NOTE: Zimbra recommends installing LDS either on a dedicated server or on the server that has internet access - Proxy OR MTA node. For more details, please refer to the upgrade/install guides in Documentation section

Activating Licenses

The new licensing system continues to support the Automatic and Manual license methods. From Daffodil (v10.1) onwards, the terms have been changed to Online(Automatic) Activation and Offline(Manual) Activation.

Online License Activation

Licenses are automatically activated if the Zimbra Collaboration server has a connection to the Internet and can communicate with the Zimbra License server. Please refer to Online Activation section for more details.

Please refer to the Online Activation section for more details.

Offline License Activation

The method of generating and activating an Offline(Manual) License in Zimbra Daffodil (v10.1) has changed. As a pre-requisite, a new package ```zimbra-nalpeiron-offline-daemon``` has to be installed on the server that is running the license daemon service. After installing the package, an offline service Offline Lan Daemon is started which acts as a locally run license manager.

Please refer to the Offline Activation section for more details.

Documentation

Please refer to the following documentation before you plan your system installation or upgrades:

  • Refer to the Licensing section in the admin guide to get detailed information on the enhancements.

Modern Web App

General

  • Added the option to pin search result tabs. Users can now pin a search tab, which fixes it in place, and subsequent searches will open in new tabs if the previous tab is pinned. The pinning and unpinning options are accessible via a dropdown menu on the search tab.
  • Added support for Zimlets to set additional email headers in outgoing emails. This allows for custom headers, such as confidentiality markers or custom priorities, to be added through the Modern UI.
  • 2FA through email
    • Overview
      • Enhance your Zimbra account security by using your recovery email as an additional factor for multi-factor authentication (MFA). Set up and manage your 2FA preferences through the Modern UI settings.
    • Setting Up Email as 2FA
      • To set up Email as 2FA, click on the gear icon at the top right to open "Settings." Go to the "Accounts" tab, expand the primary account, and scroll down to the “Two-factor authentication” section. Click "Set up this method" for email, enter your recovery email if not already set up, and verify it with the code sent to your email. During login, you will receive a one-time use code on your recovery email to access your account.
    • Managing 2FA Preferences
      • To select your preferred 2FA method, after setting up both email and an authenticator app, choose your preferred method in the security settings. This preference will be used for subsequent logins. If you face issues with your preferred method during login, you can switch to the other method by selecting "Use a different method." For fallback options, if you cannot access your recovery email, use the authenticator app or other 2FA methods. To update your recovery email, go to Two-factor settings, enter the new email, and verify it.
  • The "From name" and "Reply-to" settings for external POP/IMAP accounts are now hidden when zimbraBlockEmailSendFromImapPop is set to TRUE, aligning the Modern UI with the Classic UI behavior.


Mail

  • Users can reply and forward emails in plaintext in Modern Web App.
  • Added UI indication for busy invitees and locations when creating events. Busy status is now shown with a warning indicator, and invalid invitees are marked with a strikethrough.


Desktop App

  • Modern Zimbra Desktop now has enhanced security after upgrading Electron framework from 11.5.0 to 27.0.4.


Classic Web App

  • 2FA through email
    • Overview
      • Enhance your Zimbra account security by using your recovery email as an additional factor for multi-factor authentication (MFA). Set up and manage your 2FA preferences through the Classic UI security settings.
    • Setting Up Email as 2FA
      • Go to "Preferences" in the top menu, then to the "Accounts" tab and the “Security” section. Click "Setup two-factor authentication" for "Email as 2FA," enter your recovery email, and verify it with the code sent to your email. During login, you will receive a one-time use code on your recovery email to access your account.
    • Managing 2FA Preferences
      • Select your preferred 2FA method in security settings after setting up both email and an authenticator app. You can switch methods during login if needed. If you cannot access your recovery email, use the authenticator app or other 2FA methods. To update your recovery email, go to security settings, enter the new email, and verify it.


ActiveSync

  • To have better control over syncing of shared folders to mobile, users can now choose which folders to sync to their mobile device. The sync option will be available only for shared folders having Admin or Manager permissions. The feature is available in Modern and Classic Web App. Please refer to the Modern userguide -> Shared Folder Sync to Mobile section for more details.

Fixed Issues

Zimbra Collaboration

  • When the zimbraHttpCompressionEnabled is set to FALSE, the jetty.xml file generates nested comments due to which the mailbox service fails to start. The issue has been fixed.
  • When upgrading the server, if a "DB version mismatch" error is encountered, execute the command as root to fix it - /usr/bin/perl -I/opt/zimbra/libexec/scripts/ /opt/zimbra/libexec/scripts/zmdbupgrade.pl
  • Fixed an issue where for certain system-generated emails, the hyperlink was getting modified which resulted in an invalid URL.
  • Inline images and PDF files in some specific mails were not getting previewed in Web App. The issue has been fixed.
  • Optimized the API calls to fetch data of a particular calendar event when the remote calendar is synced to the device and the device sends multiple requests.
  • While performing a system upgrade, when an orphan account is detected on the system, the upgrade gets terminated. The issue has been fixed. As the orphan accounts do not cause any functional issues, a message gets displayed on the screen, and the upgrade proceeds.
  • The Sharing feature for Mobile users has been refactored to provide more control of choosing which folders to sync to the mobile. Please refer to the guide for more details on the functionality under various scenarios.
  • When moving large mailboxes (more than 20GB) across mailbox servers, a timeout value set for zimbra_remote_cmd_channel_timeout_min attribute was not getting honored. This failed to move the mailbox successfully even after increasing the timeout value. The issue has been fixed. Customers facing this issue are required to increase the timeout value and re-initiate the mailbox move.
  • Fixed an issue for Rocky/RHEL 8 OS where the logrotate utility failed to execute.
  • The OpenLDAP package has been upgraded to version 2.5.17.
  • On an LDAP MMR setup an unlimited conditions can be configured in the zimbraMailSieveScript attribute which caused issues with the system. Due to this, a large number of overflow pages are created in lmdb database. The issue has been fixed. The size of the sieve filter rule file is now controlled through zimbraMailSieveScriptMaxSize attribute. For e.g if the size is set to 2MB, the filter rules cannot exceed 2MB. Exception is displayed if the filter rules exceed 2MB.


Modern Web App

General

  • Resolved an issue where files with Russian or Ukrainian characters and brackets in the filename downloaded from the Briefcase were corrupted and could not be opened. The system now correctly handles such filenames, ensuring the files are downloaded and opened properly.
  • Resolved an issue in the Modern UI where the inline image upload process would not complete if the user made changes to the email body during the upload. The upload process now completes as expected, and the Send button becomes enabled once the upload is finished.
  • Resolved an issue where changing the date of an instance in a weekly recurring event was not working properly. Users can now successfully change the date of a specific instance to any weekday, and the change will be reflected correctly.
  • Resolved an issue in the Modern UI where Reply, Reply All, and Forward functions were not working when the preview pane was turned off.
  • Addressed an issue in the Modern UI where events would disappear when using drag and drop in the calendar's work week view. All events now remain intact and properly visible during and after drag-and-drop operations.
  • Resolved an issue where the Modern UI would hang for approximately 10 seconds when clicking on long emails and then attempting to access other emails. The root cause was found in date-zimlet. This fix ensures smooth performance and responsiveness when viewing long emails.
  • Corrected French translations related to Date and right-click menu options in the Modern UI


Mail

  • Resolved an long standing issue in composer where the first draft autosave deleted address inputs in progress. Address inputs now remain intact during autosave.


Classic Web App

  • Resolved an issue in the Classic UI where attempting to save a draft after adding attachments from the original message would throw a "No such message part exists" error. Drafts now save successfully under these conditions.
  • Incorporated the latest IANA Time Zone database to ensure accurate and up-to-date time zone information.
  • Fixed an issue where the "No such message" error would appear if the "Cancel" button was clicked during attachment upload.
  • Resolved an issue where users with an '&' character in their username were unable to log in to webmail.
  • Chile's specific time zone has been added to Zimbra. The time zone is labeled as "Santiago" and functions correctly across all calendar views and event actions.
  • Resolved an issue where external users were unable to view shared calendar events. External users can now see all existing and newly created appointments once the calendar is shared with them.
  • Offline mode is no longer supported in both Classic UI and Modern UI.


Zimbra Connector for Outlook

  • If an Outlook Profile or Outlook is set to a different language than ZCO, then when sending an email through a Draft folder, it appears empty to the recipient. The issue has been fixed.
  • A license check is performed when setting up an account through ZCO. Appropriate error gets displayed if the ZCO account limit is exhausted.
  • Fixed an issue where the tags created in the Web App were getting overwritten with tags created in ZCO.

Known Issues

  • License daemon service is not started automatically on reboot for Redhat server.
  • Zimbra inheritance is followed when setting LDAP attributes. When using Backup & Restore->Message recovery settings from Admin UI, if the value of zimbraDumpsterEnabled attribute is FALSE at COS level and TRUE at Domain level, then the value at COS level will be considered. So the issue here is- adding Domains in the message recovery settings will have no impact on message recovery if the COS level attribute is set to its default value FALSE.
  • Backup and Restore - When mail-store server is restored after moving some of its accounts to another mail store, then old mail data like blobs, metadata, etc. of the accounts which have been moved to another mail store, will also get restored. The workaround is to - execute the restore with --ignoreRedoErrors OR with -rf options like zmrestore -a all --ignoreRedoErrors
  • When user clicks on a file in Briefcase, a preview is displayed for the supported file formats. User can also edit these files in a separate window. The changes take a long time to be reflected in the preview, and sometimes user might need to click on the file multiple times to view the changes.
  • When editing documents from Briefcase, the documents are opened in a separate browser window in which users can edit the document. However, the updated contents are not reflected in the Briefcase file, unless the separate browser window is not closed by the user.
  • User is not able to search files in the "Files shared with me" folder, within Briefcase.
  • Re-sending a file share for a Briefcase document throws the error, "A network service error has occurred".
  • The mobile browser may redirect to Classic UI if the user has selected, Classic UI as the default UI. Since Classic UI is not designed for Mobile devices, users may want to switch to Modern UI. They can edit the URL in the mobile browser as follows, or use the Zimbra Mobile App. If your mobile browser is showing the URL as https://www.server.com/#1 then edit that to https://www.server.com/modern/
Jump to: navigation, search