Zimbra Collaboration 8.8.11 GA Release
Check out the Security Fixes, What's New, Fixed Issues and Known Issues for this version of Zimbra Collaboration. As always, you’re encouraged to tell us what you think in the Forums, or open a support ticket to report issues.
NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read "Things to Know Before Upgrading" and "First Steps with the Zimbra NG Modules" for critical information before you upgrade.
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
|Fix Release or
|109017||Non-persistent XSS - Web Client (HTML Search) [CWE-79]||CVE-2018-14013||4.3||Minor||8.8.11|
NOTE: Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.
|Zimbra Collaboration Suite:
|Zimbra Connector for Outlook:
|NG Admin Console:
|Zimbra Drive NG (Beta)|
|Various||The 8.8.11 release includes all fixes provided in 8.8.10 patches.|
|Personas||Mail sent from a Persona account now properly includes that account as the 'reply-to' address. Previously, the Primary account was given as the return path.|
|LDAP||After an upgrade to 8.8.10, a new LDAP filter that was added in that release was not included in indexing. As a result, query performance could be affected especially with large LDAP databases. LDAP queries are now properly indexed after upgrade or fresh installation.|
|LDAP||When access rights were being modified in large LDAP Master / Replica configurations, cached ACLs could be out-of-sync and result in some admins' rights being lost. This has been fixed by fetching and modifying ACLs from the LDAP Master when granting or revoking rights, instead of relying on cached values.|
|NG Admin||In the Admin Ui, when trying to add a global admin as delegated admin, the operation completes without any error but the new user is not shown in the delegated admin list. By Design, it is not possible to configure a global admin as delegated admin. Added a check in the "Add Delegated Admin" wizard to show an error and prevent the operation in case he/she is trying to add a Global Admin.|
|NG Admin||Fixed an issue related to the new functionality to manage index using HSM Admin UI introduced in 8.8.9p7 / 8.8.10p3. The web interface shows a generic "UNKNOWN ERROR" when you are trying to delete an index that is in use. The API used to delete is not returning the proper error message. Updated the API to catch the exception and log error information.|
|NG Backup||Restoring using legacy zmrestore, "BulkDelete" Thread could delete entire store. Using HSM NG, by design all operations (including deletion) from stores are executed asynchronously. After adding a blob (for example because of a restore), it can be deleted due to a previous deletion request still pending. Will now remove a blob from the "to-be-deleted" queue when there is a request to add it.|
|NG Backup||Identified a very slim possibility of concurrency locking during SmartScan. Introduced a new lock mechanism to prevent this.|
|NG Backup||When redolog was rotated, the realtime backup would not reliably resume operation. The redolog parser will now correctly follow the redolog after rotation.|
|Mobile / EAS||The EAS module was incompatible with the MS Connectivity Tester and some third-party Mobile Device Management (MDM). Analysis determined that some clients don't send HTTP authentication, and therefore authentication fails with error 500 and the client simply stops. To address this, updated the server to return 401 (instead of 500) when authentication is not provided, so the client will re-send the request with the proper authentication information as per specifications.|
|Zimbra Drive NG||This is a Beta feature and it is recommended to deploy only on single server environment. There are issues with Nginx routing on multiple server environment which will be addressed in future release.|
|ZCO||Older versions of the Outlook Connector for ZImbra (prior to Version 8.8.10) do not detect versions 8.8.10 and higher, so users will receive no notification that an upgrade is available. End users with older ZCO versions are recommended to initiate a manual upgrade to this version of the connector.|
|ZCO||A user may experience an Outlook crash while sharing Inbox, Calendar, Contacts or Task folder when either ZCO client machine is disconnected from the internet or if Zimbra Collaboration Server(ZCS) is down.|
|ZCO||If a new ZCO profile is created while search indexing is in process for a previously existing ZCO profile, the new profile may be improperly linked to the index for the old profile. This may be resolved by restarting the Windows search: If Outlook search doesn’t work, Exit from the Outlook and restart 'Windows Search Service' or restart 'Search Protocol Host' process. Affected versions: 8.8.8 and later.|
|ZCO||On a Windows PC hosting multiple user accounts, some users may not be able to "Create a new Zimbra Profile" when ZCO has been previously installed on a click-to-run Outlook version. Users may encounter this situation after their PC is migrated from Workgroup network model to Domain based model, as the SSO / Domain user is different than the local Workgroup user. For more information, see [(https://wiki.zimbra.com/wiki/index.php?curid=23757 KB 23757].|
Quick note: Open Source repo
Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »