Zimbra Releases/8.8.15/P20

Zimbra Collaboration Joule 8.8.15 Patch 20 GA Release

Check out the Security Fixes, What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
Heap-based buffer overflow vulnerabilities in PHP < 7.3.10 CVE-2019-9641 CVE-2019-9640 9.8 Critical 8.8.15 P20
Upgraded Apache to 2.4.46 to avoid multiple vulnerabilities. CVE-2019-0211 CVE-2019-0217 7.8 High 8.8.15 P20
Spamassasin vulnerability in versions < 3.4.5. CVE-2020-1946 9.8 Critical 8.8.15 P20

What's New

Critical SpamAssassin Security Fix


In Apache SpamAssassin version < 3.4.5, critical security vulnerability related to malicious rule configuration (.cf) files was detected. This issue has been fixed.

Note: Fixed above issue in updated Patch version today dated Apr 08, 2021 which was reported on the first version of 8.8.15 Patch 20.

Customers who have already deployed 8.8.15 Patch 20 can fix the issue on MTA node by following the below patch installation steps:

Redhat

  • As root, install the packages:
yum check-update
yum install zimbra-mta-patch
  • As zimbra user, restart zimbra services:
su - zimbra
zmcontrol restart

Ubuntu

  • As root, install the packages:
apt-get update
apt-get install zimbra-mta-patch
  • As zimbra user, restart zimbra services:
su - zimbra
zmcontrol restart


NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.


Zimbra Video Server (BETA)

  • The Video Server (BETA) is a WebRTC stream aggregator that improves Zimbra Connect’s performance by merging and decoding/re-encoding all streams in a meeting. Refer to the admin guide for instructions on installing the Video Server on the systems.

We are nearing the end of our extensive QA cycle for these package upgrades. Watch for the GA announcement in an upcoming patch release.


Announcing GA


The following packages are now GA:

  • OpenSSL 1.1.1h support for TLS 1.3.
  • OpenSSL 1.1.1h with FIPS module support.
  • Postfix 3.5.6 support for TLSv1.3
  • Nginx 1.19.0 support for TLSv1.3


Enabling TLS 1.3

The administrator will have to execute separate steps for enabling TLS 1.3 on Zimbra Proxy (Nginx) and Zimbra Mailstore.

Execute the following steps on Zimbra Proxy (Nginx)

Execute these commands as zimbra user

  • View the existing zimbraReverseProxySSLProtocols:
$ zmprov gcf zimbraReverseProxySSLProtocols
zimbraReverseProxySSLProtocols: TLSv1
zimbraReverseProxySSLProtocols: TLSv1.1
zimbraReverseProxySSLProtocols: TLSv1.2
  • Add TLSv1.3 to existing zimbraReverseProxySSLProtocols.
$ zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.3
  • Verify TLSv1.3 is added to zimbraReverseProxySSLProtocols.
$ zmprov gcf zimbraReverseProxySSLProtocols
zimbraReverseProxySSLProtocols: TLSv1
zimbraReverseProxySSLProtocols: TLSv1.1
zimbraReverseProxySSLProtocols: TLSv1.2
zimbraReverseProxySSLProtocols: TLSv1.3
  • View existing cipher's in zimbraReverseProxySSLCiphers.
$ zmprov gcf zimbraReverseProxySSLCiphers
zimbraReverseProxySSLCiphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
  • Add TLSv1.3 cipher TLS_AES_256_GCM_SHA384 to existing zimbraReverseProxySSLCiphers.
$ zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:TLS_AES_256_GCM_SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'
  • Restart Zimbra Proxy service:
$ zmproxyctl restart 

Execute the following steps on Zimbra Mailstore

Execute these commands as zimbra user

  • Get your current mailboxd_java_options:
$ zmlocalconfig mailboxd_java_options
mailboxd_java_options = -server -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true'

Add the TLSv1.3 to https.protocols and tls.client.protocols:

$ zmlocalconfig -e mailboxd_java_options='-server -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true'
  • Restart Zimbra Mailbox service:
$ zmmailboxdctl restart

FIPS Support

FIPS support is now available with OpenSSL 1.1.1h version. After upgrading the OpenSSL package on the Zimbra server, please refer to the below guide for enabling FIPS as per your Operating System:


Set below configurations on your Zimbra Server after FIPS is enabled on your Operating System:

Execute these commands as zimbra user

$ zmlocalconfig -e ldap_starttls_supported=0
$ postconf -e "lmtp_tls_fingerprint_digest = sha256"
  • Restart Zimbra services:
$ zmcontrol restart

Deprecation of Zimbra Server on Ubuntu 14.04, Oracle Linux 6 and CentOS/RHEL 6

With a number of supported operating systems entering the end of life, Zimbra will deprecate all Zimbra versions for Ubuntu 14.04, CentOS 6, Redhat 6 and Oracle 6 as of July 31, 2021. At this date, there will no longer be any patch release for 8.8.15 and 9.0.0 on these operating systems.

  • Ubuntu 14.04 end of life occurred on April 30, 2019
  • CentOS and RHEL 6 end of life occurred on November 30, 2020
  • Oracle 6 End of life occurred on October 2020

After July 31, 2021, Zimbra Support will provide best-effort support for the last patch release on the listed operating systems. However, any known or existing bugs will not be addressed and Zimbra Support encourages all customers to follow our recommended upgrade path to a supported OS version at your earliest convenience to ensure no interruption in your support services.

For more information about the direction Zimbra is taking with supporting future operating systems please check our blog.

For questions or guidance with upgrading your operating system please open a support case and our Support team is here to assist you.

Zimbra OpenSSL 1.1.1h compatibility issues with some kernel versions (4.8 and 4.9)


On Ubuntu-14 and CentOS/RHEL-6 with few kernel versions like (4.8, 4.9), the Zimbra Proxy and LDAP services failed to start due to compatibility issues with OpenSSL 1.1.1h. The issue has been fixed.
Note: Fixed above issue in updated Patch version today dated Apr 02, 2021 which was reported on the first version of 8.8.15 Patch 20.

Impacted deployments can fix the issue by following the patch installation steps again.


Platform

  • Upgraded OpenSSL from 1.0.2t to 1.1.1h and added FIPS support.

Zimbra Docs

  • New version of Docs Server is available and can be found on the Network Edition Downloads page.


Fixed Issues

Platform

  • When using DKIM Signing with TLS1.3 beta packages, opendkim service was crashing. The issue has been resolved.
  • The SSL freelist can be exploited in the current version of zimbra-openssl which has been fixed with the upgraded Openssl version 1.1.1g
  • Zimbra Proxy now supports and is enabled with http2 protocol capabilities.
  • Intermittently, there were memory corruption issues encountered during IMAP/POP3 connections. The issue has been fixed now.
  • When synchronizing shared calendar via CalDAV, if the '+' character is present in the event then the sync failed. The issue has been fixed.
  • postfix-logwatch was not able to generate the report. Upgrading postfix-logwatch from 1.40.01 to 1.40.03 fixed the issue.
  • The administrator was unable to save the global configuration data when an Ephemeral storage was used. This is fixed now.
  • When zimbraReverseProxyStrictServerNameEnabled is set to TRUE, the Zimbra Proxy service failed to start. The issue has been fixed.
    Note: Fixed above issue in updated Patch version today dated Mar 31, 2021 which were reported on the first version of 8.8.15 Patch 20.

ZCO

  • Outlook may go in non-responsive state for a few minutes while opening HAB Group node that have more than 5000 accounts.
  • When a user has a signature and sends a message using Apple Mail with attachments, the signature is also sent as an attachment and is not a part of the message body. This issue is due to a bug in the Apple Mail client.

NG Auth

  • Added more information to the log when an invalid credential is used.

NG Backup

  • Fixed an issue with the command zxsuite core getnotification when a host was specified with --host
  • Fixed a bug of pending RealTime Scanner operations were not properly cleared out from the operation queue by the doStopAllOperations command.
  • Anomaly and error management logic in the Coherency Check has been improved.
  • Missing Blob log lines have been made more specific

NG Mobile

  • After a mailboxd failure or restard under heavy load, several partial blobs were leftover in the cache.
  • Fixed an issue that would cause all-day calendar events created or accepted on mobile to be moved to the day before if the device is Samsung or using an older eas version
  • It is now possible to filter devices via RegEx through a dedicated ABQ command set.

Zimbra Connect

  • Fonts now honor the small-normal-large-very large value of the display font size option for the instant messaging features
  • Edited messages, either in 1:1 conversations, groups, spaces, or channels, are not resend if the content has not been changed
  • Channel names now have the character # in front of their name
  • Instant messages longer than 4096 characters are now truncated and no longer stay in the queue

Zimbra Docs

  • Fixed a bug that caused a 50 concurrent documents limit on the server's side
  • Docs no longer sets itself in idle/standby remaining ready to accept user interaction
  • Due to some missing icons, the sidebar in Docs appeared broken.

Zimbra Network Modules NG

  • Fixed an issue with the command zxsuite core getnotification when a host was specified with --host

HSM

  • Fixed a bug that caused mailbox moves to hang due to drive indexing being running on the same mailbox.
  • The doMailboxMove is now capable to move accounts that lack a mailbox.


Known Issues

  • None


Patch Installation

Please refer to the steps below to install 8.8.15 Patch 20 on Redhat and Ubuntu platforms:

Before Installing the Patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important! Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.

8.8.15 Patch 20 Packages

The package lineup for this release is:

FOSS:

PackageName                     Version           
zimbra-patch                  ->      8.8.15.1617362579.p20-2
zimbra-common-core-jar        ->      8.8.15.1616580791-1
zimbra-common-core-libs       ->      8.8.15.1574853769-1
zimbra-mbox-store-libs        ->      8.8.15.1615887031-1
zimbra-mbox-war               ->      8.8.15.1575620896-1
zimbra-mbox-admin-console-war ->      8.8.15.1615895916-1
zimbra-mbox-webclient-war     ->      8.8.15.1612871182-1
zimbra-drive                  ->      1.0.13.1576152256-1
zimbra-core-components        ->      2.0.8-1zimbra8.8b1
zimbra-openjdk                ->      13.0.1-1zimbra8.8b1
zimbra-openssl                ->      1.1.1h-1zimbra8.7b4
zimbra-chat                   ->      3.0.1.1594306000-1
zimbra-proxy-patch            ->      8.8.15.1617362579.p20-1
zimbra-mta-patch              ->      8.8.15.1617770195.p20-1
zimbra-ldap-components        ->      1.0.8-1zimbra8.8b1
zimbra-clamav                 ->      0.102.2-1zimbra8.8b1
zimbra-perl-mail-spamassassin ->      3.4.5-1zimbra8.8b3
zimbra-spamassassin-rules     ->      1.0.0-1zimbra8.8b4
zimbra-nginx                  ->      1.19.0-1zimbra8.8b3
zimbra-openldap-server        ->      2.4.49-1zimbra8.8b4
zimbra-mta-components         ->      1.0.12-1zimbra8.8b1
zimbra-proxy-components       ->      1.0.8-1zimbra8.8b1
zimbra-postfix                ->      3.5.6-1zimbra8.7b3
zimbra-mariadb                ->      10.1.25-1zimbra8.7b3
zimbra-curl                   ->      7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay        ->      1.88-1zimbra8.7b2
zimbra-perl-dbd-mysql         ->      4.050-1zimbra8.7b4
zimbra-perl-crypt-openssl-random ->   0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa    ->   0.31-1zimbra8.7b2
zimbra-cyrus-sasl             ->      2.1.26-1zimbra8.7b3
zimbra-opendkim               ->      2.10.3-1zimbra8.7b5
zimbra-perl-io-socket-ssl     ->      2.068-1zimbra8.7b2
zimbra-perl-net-http          ->      6.09-1zimbra8.7b3
zimbra-perl-libwww            ->      6.13-1zimbra8.7b3
zimbra-perl-lwp-protocol-https ->     6.06-1zimbra8.7b3
zimbra-perl-xml-parser        ->      2.44-1zimbra8.7b3
zimbra-perl-soap-lite         ->      1.19-1zimbra8.7b3
zimbra-perl-xml-sax-expat     ->      0.51-1zimbra8.7b3
zimbra-perl-mail-dkim         ->      0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin ->      3.4.4-1zimbra8.8b3
zimbra-spamassassin-rules     ->      1.0.0-1zimbra8.8b3
zimbra-perl-innotop           ->      1.9.1-1zimbra8.7b3
zimbra-postfix-logwatch       ->      1.40.03-1zimbra8.7b1
zimbra-perl                   ->      1.0.5-1zimbra8.7b1
zimbra-dnscache-components    ->      1.0.2-1zimbra8.7b1
zimbra-unbound                ->      1.11.0-1zimbra8.7b2
zimbra-apache-components      ->      2.0.4-1zimbra8.8b1
zimbra-httpd                  ->      2.4.46-1zimbra8.7b3
zimbra-php                    ->      7.3.25-1zimbra8.7b3
zimbra-spell-components       ->      2.0.4-1zimbra8.8b1
zimbra-net-snmp               ->      5.8-1zimbra8.7b2
zimbra-store-components       ->      1.0.3-1zimbra8.7b1
zimbra-heimdal                ->      1.5.3-1zimbra8.7b3
zimbra-apr-util-lib           ->      1.6.1-1zimbra8.7b2
zimbra-perl-xml-simple        ->      2.25-1zimbra8.7b2

NETWORK:

Package Name                    Version           
zimbra-patch                  ->      8.8.15.1617362579.p20-2
zimbra-mbox-ews-service       ->      8.8.15.1590048861-1
zimbra-drive-ng               ->      3.0.14.1611239837-1
zimbra-network-modules-ng     ->      6.0.21.1613663345-1
zimbra-docs                   ->      3.0.7.1611238855-1
zimbra-connect                ->      1.0.20.1613662867-1
zimbra-zco                    ->      8.8.15.1893.1615955009-1
zimbra-zimlet-auth            ->      1.0.1.1615572388-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • On mailstore node, install the following packages:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually for NETWORK and FOSS

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
yum install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

yum install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
yum install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, install the package:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
yum install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
yum install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
yum install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages (NETWORK Only)

Uninstall zimbra-talk on mailstore node

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
yum remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs and zimbra-drive-ng on mailstore node

yum install zimbra-network-modules-ng
yum install zimbra-connect
yum install zimbra-zimlet-auth
yum install zimbra-docs
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install the package:
yum install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server checks there is a new zimbra-patch package in the patch repository:
apt-get update
  • On mailstore node, install the following packages:
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then update available packages:
apt-get upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually for NETWORK and FOSS

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
apt-get install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

apt-get install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, install package
apt-get install zimbra-mta-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install package
apt-get install zimbra-mta-patch
  • If dnscache is installed, upgrade the package before restarting the services:
apt-get install zimbra-dnscache-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
apt-get install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
apt-get install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
apt-get install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages (NETWORK Only)

Uninstall zimbra-talk on mailstore node

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
apt-get remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs, zimbra-drive-ng on mailstore node

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-connect
apt-get install zimbra-zimlet-auth
apt-get install zimbra-docs
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install package:
apt-get install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgraded 3rd Party Packages

  • OpenSSL and Postfix TLS 1.3 GA Packages

The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:

Package Name      Version
zimbra-openssl : 1.1.1h-1zimbra8.7b4
zimbra-postfix : 3.5.6-1zimbra8.7b3
zimbra-nginx : 1.19.0-1zimbra8.8b3
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b2
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.49-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.102.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2
zimbra-perl-net-http : 6.09-1zimbra8.7b3
zimbra-perl-libwww : 6.13-1zimbra8.7b3
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b3
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b4
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3
zimbra-httpd : 2.4.46-1zimbra8.7b3
zimbra-php : 7.3.25-1zimbra8.7b3
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1
zimbra-perl : 1.0.5-1zimbra8.7b1
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.4-1zimbra8.8b1
zimbra-spell-components : 2.0.4-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.12-1zimbra8.8b1
zimbra-core-components : 2.0.8-1zimbra8.8b1
zimbra-proxy-components : 1.0.8-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 1.0.8-1zimbra8.8b1
  • OpenSSL and Postfix TLS 1.3 Packages

The GA packages for RHEL8 are:

Package Name      Version
zimbra-openssl : 1.1.1h-1zimbra8.7b4
zimbra-postfix : 3.5.6-1zimbra8.7b3
zimbra-nginx : 1.19.0-1zimbra8.8b3
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b3
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.49-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.102.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3
zimbra-perl-net-http : 6.09-1zimbra8.7b4
zimbra-perl-libwww : 6.13-1zimbra8.7b4
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4
zimbra-httpd : 2.4.46-1zimbra8.7b3
zimbra-php : 7.3.25-1zimbra8.7b3
zimbra-perl : 1.0.6-1zimbra8.7b1 
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.4-1zimbra8.8b1
zimbra-spell-components : 2.0.4-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.12-1zimbra8.8b1
zimbra-core-components : 2.0.8-1zimbra8.8b1
zimbra-proxy-components : 1.0.8-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 1.0.8-1zimbra8.8b1

The updated GA packages are:

Package            Old-Version    New-Version
postfix              3.1.1          3.5.6
openssl              1.0.2t         1.1.1h
nginx                1.7.1          1.19.0
postfix-logwatch     1.40.01        1.40.03
io-socket-ssl	     2.020          2.068
xml-simple           2.20           2.25
crypt-openssl-rsa    0.28           0.31
net-snmp             5.7.3          5.8
dbd-mysql            4.033          4.050
apr-util             1.5.4          1.6.1
unbound              1.5.9          1.11.0
net-ssleay           1.72           1.88
  • Nginx TLS 1.3 Packages

The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 are:

PackageName                                       Version
zimbra-nginx                               ->     1.19.0-1zimbra8.8b1
zimbra-proxy-components                    ->     1.0.6-1zimbra8.8b1
zimbra-proxy-patch                         ->     8.8.15.1617362579.p20-1

Quick note: Open Source repo

The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build

Jira Summary

Jira Tickets fixed in 8.8.15 Patch 20

ZCS-10378 Remote getnotification fix
ZCS-10377 Docs document limit bugfix
ZCS-10376 Docs idle/standby removal
ZCS-10375 Docs Sidebar View bugfix
ZCS-10373 Instant messaging interface font
ZCS-10372 Edit message behavior improvement
ZCS-10371 Added # character to channels
ZCS-10370 Messages longer than 4096 handling
ZCS-10367 Mailbox Move concurrency issue fixed
ZCS-10366 doMailboxMove` can now move mailboxless accounts
ZCS-10365 HSM cache improvements
ZCS-10364 Eas 2.5 and Samsung allday calendar item fix
ZCS-10363 Added regex filtering to ABQ
ZCS-10362 Coherency Check logic improvement
ZCS-10361 doStopAllOperation realtime scanner queue bugfix
ZCS-10360 Coherency Check logic improvement
ZCS-10359 Missing Blob logging improvement
ZCS-10358 Improved logging
ZCS-10199 Verify zimbra docs server installation
ZCS-10060 Add FIPS support in OpenSSL 1.1.1h
ZCOMT-2256 The HAB browser window takes around 7-8 mins to fetch HAB data if group have ~15000 members and during this process UI goes in non responsive state
ZBUG-2175 [Crash] When zimbraReverseProxyStrictServerNameEnabled is set to TRUE (default), the proxy will fail to start.
ZBUG-2173 CVE-2020-1946 - SpamAssassin vulnerability
ZBUG-2148 [Crash] Patch 20 breaks (nginx, LDAP, and Jetty SSL) on kernels 4.8+
ZBUG-2140 opendkim is crashing with TLS1.3 beta packages
ZBUG-2121 [Security] DoS Attack on nginx exploiting flaw in SSL Freelist
ZBUG-2099 Nginx: Enable http_v2 in conf file.
ZBUG-2098 Nginx: memory leak (legacy issue)
ZBUG-1969 Update PHP version to 7.3.23 or later.
ZBUG-1967 Problem synchronizing shared calendar via caldav when a '+' character is present on the EVENT
ZBUG-1798 postfix-logwatch not generating report
ZBUG-1556 Unable to save Global config from admin console after setting Ephemeral BackendURL
ZBUG-1361 HTML signature configured in Apple Mail shows as attachment in Outlook with ZCO
ZBUG-1312 Upgrade to Apache version 2.4.41 or later
Jump to: navigation, search