Zimbra Releases/8.8.15/P35

Zimbra Collaboration Joule 8.8.15 Patch 35 GA Release

Release Date: November 21, 2022

Check out the Security Fixes, What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.

Pre-requisite identified for manual installation of pcre2 package

pcre2 package was identified as a dependent package for apache, spell and converted components. We recommend installing the pcre2 package manually before upgrading to this patch. Following are the instructions:

For Ubuntu, execute the command as a root user:

apt-get install libpcre2-8-0

For RHEL/CentOS, execute the command as a root user:

yum install pcre2

Change in upgrade process for 8.8.15 Patch 35

Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.

Changes required for SSO setup before patch upgrade

Before upgrade, we need to set the zimbraVirtualHostName parameter for the domains that are using SAML and SSO based login. Please follow the instructions:

su - zimbra
zmprov md domain_name zimbraVirtualHostName virtual_hostname

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating
RCE through ClientUploader from authenticated admin user. CVE-2022-45912 7.2 Medium
XSS can occur via one of attribute in webmail urls, leading to information disclosure CVE-2022-45913 6.1 Medium
The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerbilities. CVE-2022-26377 7.5 Medium
The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities. CVE-2022-20770

CVE-2022-20771

7.5 Low

Note: Additional configuration for further hardening your Zimbra setup can be found on the Zimbra Support Portal. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration.

What's New

Platform

  • The date header has been added to the mail notification emails.
  • Timezone data has been updated with the latest changes of tzdata2022c

ZCO

  • ZCO is now supported on Microsoft Outlook 2021.


Fixed Issues

NG Admin

  • NG Tab was not visible in Admin Console on a setup where Zimbra is not installed in the default location. The issue has been fixed - ZBUG-2991.

NG HSM

  • The doMoveBlobs operation now ignores accounts deleted after the operation starts.
  • Software now throws an exception if a remote root path is to be appended to the bulk deletion files of a remote volume, and skips the append to avoid unwanted loss of data.

NG Mobile

  • Fixed a bug that caused a single instance of an appointment to be moved to the original time in the organizer’s calendar when the attendee accepts the invitation.
  • Fixed a bug that caused the Outlook app synchronization to start looping when using the remote search.
  • Fixed a bug that prevented the attendees to receive an update when removing them from an appointment so the appointment was still shown in their calendar.
  • Fixed a bug that made the exceptions to recurring events not being synchronized - ZBUG-3011, ZBUG-3016.

Platform

  • JSESSIONID is now marked with HttpOnly and secure flags as true - ZBUG-2341.
  • Mails having unclosed comment tags were not displayed when OWASP sanitization was enabled. In the previous patch, a local config zimbra_strict_unclosed_comment_tag was introduced which fixed the issue. The default value is true which will not display emails having an unclosed comment tag. The emails with unclosed comment tags will be displayed if set to false - ZBUG-2639, ZBUG-2878.

Web UX - Classic

  • Assigning to newly created tag to a selection of files in Briefcase, would result in clearing out the selection. With these release this selection stays even after assigning a newly created tag.
  • Tasks section did not work after installing 8.8.15 Joule-Patch-33. This issue has been fixed - ZBUG-2958.

ZCO

  • When configuring ZCO through the Zimbra profile, the From Address was displayed as "Zimbra Collaboration Server" instead of the configured account name. The issue has been fixed.
  • Intermittently, Outlook would not sync emails with large metadata. The issue has been fixed - ZBUG-2984.


Known Issues

  • While deploying zimlets, if the following error is encountered, please refer to the Patch Installation section to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets.
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target
       at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353)
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target
       at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)
       at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
       at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
       ... 1 more
  • From Joule-Patch-32 onwards, customers using SSO will need to update zimbraVirtualHostName attribute for the domains. Please refer to the instructions to update the attribute.
  • With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.

To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions:

1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true

2. Restart mailboxd service:

su - zimbra
zmmailboxdctl restart

NG Mobile

  • Changes are not synced to Android devices if attendees of an instance in a recurring appointment are modified. - ZBUG-3133.

Packages

The package lineup for this release is:

FOSS:

PackageName                                       -> Version
zimbra-patch                                      -> 8.8.15.1668607279.p35-1
zimbra-mta-patch                                  -> 8.8.15.1667900843.p35-1
zimbra-proxy-patch                                -> 8.8.15.1667900843.p35-1
zimbra-ldap-patch                                 -> 8.8.15.1667900843.p35-1
zimbra-timezone-data                              -> 2.0.1.1667816429-1
zimbra-mbox-webclient-war                         -> 8.8.15.1668517206-1
zimbra-common-core-jar                            -> 8.8.15.1667823299-1
zimbra-unbound                                    -> 1.11.0-1zimbra8.7b4
zimbra-dnscache-components                        -> 1.0.4-1zimbra8.7b1
zimbra-httpd                                      -> 2.4.54-1zimbra8.7b3
zimbra-apache-components                          -> 2.0.8-1zimbra8.8b1
zimbra-spell-components                           -> 2.0.9-1zimbra8.8b1
zimbra-clamav                                     -> 0.105.1.2-1zimbra8.8b3
zimbra-mta-components                             -> 1.0.18-1zimbra8.8b1

NETWORK:

PackageName                                       -> Version
zimbra-patch                                      -> 8.8.15.1668607279.p35-2
zimbra-zco                                        -> 8.8.15.1924.1667892795-1
zimbra-network-modules-ng                         -> 6.0.37.1667816723-1

For RHEL8,UBUNTU20:

zimbra-spell-components->2.0.10-1zimbra8.8b1

Patch Installation

Please refer to below link to install Joule 8.8.15 Patch 35:

Patch Installation

Jump to: navigation, search