Zimbra Releases/8.8.15/P28

Zimbra Collaboration Joule 8.8.15 Patch 28 GA Release

Check out the Security Fixes,What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.


Security Recommendation

Zimbra would strongly recommend the customer to review whether the Proxy Servlet is configured to allow a particular host (via zimbraProxyAllowedDomains configuration setting on each class of services), please make sure each entry in zimbraProxyAllowedDomains should be a safe and trusted host, there should NOT be any wild card entries like *.webex.com instead use specific host example.webex.com.

Any entry in zimbraProxyAllowedDomains resolves to an internal IP address (such as 127.0.0.1), an attacker could possibly access services running on a different port on the same server, which would normally not be exposed publicly. So we urge our customers to review this configuration setting to ensure that there are no vulnerabilities are introduced.


Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
Upgraded Apache to 2.4.51 to avoid multiple vulnerabilities. CVE-2021-30641 CVE-2020-35452 7.3 High 8.8.15 P28

What's New


Zimbra 8.8.15 is now fully supported on Ubuntu 20 (GA)

Download the latest Ubuntu 20 binaries from https://www.zimbra.com/downloads


Package Upgrade


  • Apache has been upgraded from 2.4.46 to 2.4.51.


Fixed Issues

Web UX - Classic

  • In Classic Web App, an incorrect date was set when the user creates an appointment, set start date from the second week of the month with a Monthly custom recurrence rule - "The second day of every month". The issue has been fixed.
  • When creating an appointment with the location and setting an "End by" date in the custom recurrent rule, if an appointment exists on the set "End by" date with the same location, then the location did not return conflict. The issue has been fixed.
  • If the user composes an email and pastes an image from another email and sends it, the recipient receives the email without an image in it. The issue has been fixed.

ZCO

  • Corruption in the user's profile property which stores the ZDB path causes Outlook to crash. The issue has been fixed.

Zimbra Connect

  • Now every icon in Connect has an alternative text, a title and a label to improve accessibility.
  • Fixed a bug that loaded a Matomo instance on log into Zimbra, raising an HTTP 404 bug. Now Matomo is no more loaded on login.
  • Text paste on the conversation component will now work after upgrading Chrome to version 92.
  • Improved the download of a file from one-to-one chat that suffered casual failures due to buffer issues. Now, the possibility of a file download failing has been drastically reduced.
  • Information regarding the mute state of a conversation, such as groups or spaces, is now deleted when the user leaves it, whether he leaves the conversation or is being kicked by it.
  • Updated logs for ChatAutoCleanup procedure.
  • Video reference will be cleaned after every span of view mode.
  • Removed secondary bar on external meeting and updated year in the external access login page.
  • Now meetings on the external tab require login if the domain is different from the user’s domain.
  • Now mini chats are automatically closed when the user is removed from the conversation or the conversation is removed.
  • Changed meeting action name from "Mute for All" to "Mute".

NG Mobile

  • Fixed a bug that caused the PARTSTAT field of an invitation to be wrongly set as NEED-ACTION on accepting one appointment via Exchange ActiveSync. This bug caused the appointment not to be shown via CalDAV.

HSM

  • The default behaviour of the mailbox move now will not move the backup from the source server so the operation will take less time.

NG Auth

  • A new widget *Mobile Password* has been added to the Zimbra Admin so the admins can manage mobile passwords from the GUI.

NG Backup

  • The doPurgeMailboxes operation now marks as deleted mailboxes the ones that are moved to other servers. This makes the Backup purge operation clean the data left after by the move operations too.


Known Issues

  • None


Patch Installation

Please refer to the steps below to install 8.8.15 Patch 28 on Redhat and Ubuntu platforms:

Before Installing the Patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.

8.8.15 Patch 28 Packages

The package lineup for this release is:

FOSS:

PackageName                     Version
zimbra-patch                  ->      8.8.15.1636710484.p28-2
zimbra-mta-patch              ->      8.8.15.1634924656.p27-1
zimbra-mta-components         ->      1.0.14-1zimbra8.8b1
zimbra-proxy-patch            ->      8.8.15.1634196512.p27-1
zimbra-proxy-components       ->      1.0.9-1zimbra8.8b1
zimbra-nginx                  ->      1.20.0-1zimbra8.8b2
zimbra-common-core-jar        ->      8.8.15.1634917408-1
zimbra-common-core-libs       ->      8.8.15.1623913824-1
zimbra-mbox-conf              ->      8.8.15.1568012813-1
zimbra-mbox-service           ->      8.8.15.1568694943-1
zimbra-mbox-store-libs        ->      8.8.15.1626439528-1
zimbra-mbox-war               ->      8.8.15.1618222785-1
zimbra-mbox-admin-console-war ->      8.8.15.1624007059-1
zimbra-mbox-webclient-war     ->      8.8.15.1635813854-1
zimbra-drive                  ->      1.0.13.1576152256-1
zimbra-core-components        ->      2.0.14-1zimbra8.8b1
zimbra-openjdk                ->      13.0.1-1zimbra8.8b1
zimbra-openjdk-cacerts        ->      1.0.8-1zimbra8.7b1
zimbra-openssl                ->      1.1.1l-1zimbra8.7b4
zimbra-openldap-lib           ->      2.4.59-1zimbra8.8b5
zimbra-openldap-client	      ->      2.4.59-1zimbra8.8b5
zimbra-openldap-server        ->      2.4.59-1zimbra8.8b5
zimbra-ldap-components        ->      1.0.14-1zimbra8.8b1
zimbra-core-components        ->      2.0.14-1zimbra8.8b1
zimbra-postfix                ->      3.6.1-1zimbra8.7b3
zimbra-postfix-logwatch       ->      1.40.03-1zimbra8.7b1
zimbra-clamav                 ->      0.103.2-1zimbra8.8b3
zimbra-perl-mail-spamassassin ->      3.4.5-1zimbra8.8b3
zimbra-spamassassin-rules     ->      1.0.0-1zimbra8.8b4
zimbra-openldap-server        ->      2.4.59-1zimbra8.8b5
zimbra-chat                   ->      3.0.1.1594306000-1
                                                        

NETWORK:

Package Name                    Version           
zimbra-patch                  ->      8.8.15.1636710484.p28-1
zimbra-mbox-ews-service       ->      8.8.15.1590048861-1
zimbra-drive-ng               ->      3.0.15.1616091166-1
zimbra-network-modules-ng     ->      6.0.30.1635431729-1
zimbra-docs                   ->      3.0.8.1616090809-1
zimbra-connect                ->      1.0.29.1635424238-1
zimbra-zco                    ->      8.8.15.1908.1636710405-1
zimbra-zimlet-auth            ->      1.0.2.1622463729-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually for NETWORK and FOSS

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
yum install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, install the package:
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade zimbra-proxy-components on Proxy node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-proxy-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
yum install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, install the package:
yum install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
yum install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
yum install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages (NETWORK Only)

Uninstall zimbra-talk on mailstore node

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
yum remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs and zimbra-drive-ng on mailstore node

yum install zimbra-network-modules-ng
yum install zimbra-connect
yum install zimbra-zimlet-auth
yum install zimbra-docs
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install the package:
yum install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server checks there is a new zimbra-patch package in the patch repository:
apt-get update
  • Then update available packages:
apt-get upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually for NETWORK and FOSS

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
apt-get install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade zimbra-proxy-components on Proxy node

  • As root, install package
apt-get install zimbra-proxy-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, install package
apt-get install zimbra-mta-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install package
apt-get install zimbra-mta-patch
  • If dnscache is installed, upgrade the package before restarting the services:
apt-get install zimbra-dnscache-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
apt-get install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
apt-get install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages (NETWORK Only)

Uninstall zimbra-talk on mailstore node

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
apt-get remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs, zimbra-drive-ng on mailstore node

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-connect
apt-get install zimbra-zimlet-auth
apt-get install zimbra-docs
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install package:
apt-get install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgraded 3rd Party Packages

  • OpenSSL and Postfix TLS 1.3 GA Packages

The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:

Package Name      Version
zimbra-openssl : 1.1.1l-1zimbra8.7b4
zimbra-postfix : 3.6.1-1zimbra8.7b3
zimbra-nginx : 1.20.0-1zimbra8.8b2
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b2
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.59-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.103.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2
zimbra-perl-net-http : 6.09-1zimbra8.7b3
zimbra-perl-libwww : 6.13-1zimbra8.7b3
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3
zimbra-httpd : 2.4.46-1zimbra8.7b3
zimbra-php : 7.3.25-1zimbra8.7b3
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1
zimbra-perl : 1.0.5-1zimbra8.7b1
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.4-1zimbra8.8b1
zimbra-spell-components : 2.0.4-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.14-1zimbra8.8b1
zimbra-core-components : 2.0.14-1zimbra8.8b1
zimbra-proxy-components : 1.0.9-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 1.0.14-1zimbra8.8b1
  • OpenSSL and Postfix TLS 1.3 Packages

The GA packages for RHEL8 are:

Package Name      Version
zimbra-openssl : 1.1.1l-1zimbra8.7b4
zimbra-postfix : 3.6.1-1zimbra8.7b3
zimbra-nginx : 1.20.0-1zimbra8.8b2
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b3
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.59-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.103.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3
zimbra-perl-net-http : 6.09-1zimbra8.7b4
zimbra-perl-libwww : 6.13-1zimbra8.7b4
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4
zimbra-httpd : 2.4.46-1zimbra8.7b3
zimbra-php : 7.3.25-1zimbra8.7b3
zimbra-perl : 1.0.6-1zimbra8.7b1 
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.4-1zimbra8.8b1
zimbra-spell-components : 2.0.4-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.14-1zimbra8.8b1
zimbra-core-components : 2.0.14-1zimbra8.8b1
zimbra-proxy-components : 1.0.9-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 1.0.14-1zimbra8.8b1

The updated GA packages are:

Package            Old-Version    New-Version
postfix              3.5.6          3.6.1
openssl              1.1.1k         1.1.1l
openldap             2.4.49         2.4.59
nginx                1.19.0          1.20.0
postfix-logwatch     1.40.01        1.40.03
io-socket-ssl	     2.020          2.068
xml-simple           2.20           2.25
crypt-openssl-rsa    0.28           0.31
net-snmp             5.7.3          5.8
dbd-mysql            4.033          4.050
apr-util             1.5.4          1.6.1
unbound              1.5.9          1.11.0
net-ssleay           1.72           1.88
  • Nginx TLS 1.3 Packages

The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 are:

PackageName                                       Version
zimbra-nginx                               ->     1.20.0-1zimbra8.8b2
zimbra-proxy-patch                         ->     8.8.15.1634196512.p27-1
zimbra-proxy-components                    ->     1.0.9-1zimbra8.8b1

Quick note: Open Source repo

The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build

Jira Summary

Jira Tickets fixed in 8.8.15 Patch 28

ZCS-11056 Accessibility improved in Connect
ZCS-11055 Bug with PARTSTAT field on appointment invitation fixed
ZCS-11054 Moved mailboxes now marked as deleted
ZCS-11053 Introducing new widget "Mobile password"
ZCS-11052 Prevent Matomo requests
ZCS-11051 Fix paste bug on Chrome > 91
ZCS-11050 Connect file download improved
ZCS-11049 Delete mute information on leaving a conversation
ZCS-11047 Updated logs for ChatAutoCleanup procedure
ZCS-11046 Forced video reference to clean after every spaw of view mode
ZCS-11045 Mailbox move speed improvement
ZCS-10993 Remove secondary bar on external meeting
ZCS-10989 Meetings on external tab require login if domain is different from user’s one
ZCS-10985 Auto close mini chat on kick
ZCS-10981 Change "Mute for All" in "Mute"
ZCS-10918 Wrong start date is set when <ordinal number> day is specified in custom monthly repeat dialog on Classic UI
ZCS-10912 End day of custom repeat doesn't include the specified day on Classic UI
ZCOMT-2384 Merge changes done as part of ZESC-2083 into develop
ZBUG-2411 zmdhparam is broken
ZBUG-2362 Apache vulnerabilities
ZBUG-1344 Copying an image from existing email to a composed email, receiver receives an email without image.
Jump to: navigation, search