Zimbra Releases/9.0.0/P10
Zimbra Collaboration Kepler 9.0.0 Patch 10 GA Release
Check out the Security Fixes, What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.
Security Fixes
Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Patch Version |
---|---|---|---|---|
zm-saml-consumer-store extension vulnerable to XXE attack | CVE-2020-35123 | 6.5 | Medium | 9.0.0 P10 |
What's New
NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.
Nginx Upgrade (Beta)
Upgraded 3rd Party Nginx from version 1.7.1 to 1.19.0.
- Nginx 1.19.0 support for TLSv1.3
We are nearing the end of our extensive QA cycle for this package upgrades. Watch for the GA announcement in an upcoming patch release.
Refer to the wiki for instructions on installing the packages on the systems.
NOTE : For users who don't have previous beta packages, they would need to install that first. Please refer to the wiki for instructions on installing the packages on the systems.
Synacor Announces Support for Social Justice
With this patch, Synacor affirms its support of social justice awareness throughout the world and moves made by the tech community to reexamine and replace dated terminology, pledging inclusive language. Specific terminology changes Synacor will make:
* Master/Slave to Primary/Secondary or Replica * Blacklist/Whitelist to Deny List/Allow List * White Hat/Black Hat with Ethical/Unethical.
The scope of these changes will include all Zimbra interfaces Synacor has built: all User Interface Screens and Command Line Interfaces (CLIs). The scope does not include any APIs (SOAP, REST or Libraries), Configuration files, Administrative files and any Third Party Software included as part of our products.
We recognize these changes will take time and have the potential to break certain infrastructure (scripts, for example) that our customers may have built. Thus with this announcement, we want to alert our customers that we will be deprecating such items in the future. Sufficient notice will be given to our customers so they can prepare to change their source code if necessary. Thank you for helping us alter the language to better match our shared values of equality, diversity and inclusion.
Modern Web App
- In Modern Web App, when the password is reset using the "Forgot Password" feature, necessary checks will be performed for new passwords as per password rules, and visual indication will be provided to indicate these rules to the end-user.
- Users can tag events with custom tags to easily categorize events.
Settings
- Account specific settings are now easier to find. All account related settings can be found by clicking Expand/Collapse buttons next to each account name in Settings->Accounts.
Briefcase
- Users can now rename files stored in the Briefcase. The "Rename file" option is available in the right-click menu of the file, as well as in the More menu. Depending upon the permissions, Users will also be able to rename the shared folders and files inside them.
ZCO
- With this release, ZCO has enhanced the address book search feature. The search now includes looking for substrings within the name fields. It is effective specifically when the fields contain multiple words. For more details, please refer to the admin guide section.
Zimbra Video Server (BETA)
- With this release, we are introducing Video Server (BETA) for Zimbra Connect. The Video Server (BETA) is a WebRTC stream aggregator that improves Team’s performance by merging and decoding/re-encoding all streams in a meeting. Please refer to the admin guide for instructions on installing the Video Server on the systems.
Zimbra Docs
- New version of Docs Server is available and can be found on the Network Edition Downloads page.
- The sidebar is now hidden by default in Docs so the interface is more clear.
Zimbra Drive
- Fixed an issue that would prevent an admin to disable drive at startup from the web admin console
NG Modules
- Input validation has been added to CLI to warn the administrator when invalid email addresses are given
Fixed Issues
- In Modern Web App, message loading got stuck when previous and next mail has the same subject and is loading from the same server. The issue has been fixed and the messages are rendered correctly.
Responsive-UI
- When accessing the Modern Web App on Mobile or Tablet, opening the Settings and using 'X' or 'Cancel' did not close the Settings. The issue has been fixed.
Zimbra Collaboration
- Fixed an issue with SPAM assassin training.
- In the Classic Web App, operations that invoked a lot of GetInfoRequest and GetFolderRequest resulted in "StackOverflowErrors" followed by 'Connection pool shut down'. It also caused the system to become unresponsive. The issue has been fixed.
NG Auth
- Auth’s "Domain configuration missing" notification will now ignore domain alias and be sent at most once a day.
- Fixed a bug that caused the account’s password to be usable for EAS synchronization even if a Mobile Password was set.
NG Modules
- Fixed a bug that prevented the backup volume to be correctly created if S3 credentials are passed to the command.
- Added a missing ' in the "smarstcan completed" mail.
- Fixed a bug with the timezone that made the all-day events created via Exchange ActiveSync to be added to the day before instead of the correct one on the webmail.
- Email sent via Exchange ActiveSync will not automatically have the follow-up flag now.
Zimbra Connect
- Fixed an issue that would cause video conferences and instant messaging to be unavailable for a few seconds while mail attachments are downloaded.
- Improved the screen sharing avatar placement so that it no longer makes the screen-sharing function difficult to use.
- Fixed an issue that would cause a screen share to continue after closing the group/space/channel/instant meeting window.
- The "Mute" button has been changed to "Mute for all".
- Fixed an issue that would prevent all abort button not to work when creating a new instant meeting while another one is already running.
- Improved TEAM opening screen, now an animation makes clear to the user that the application is loading.
- Added Edit, Delete, Forward, Reply to messages in conversations, groups, channels.
- Connect now verifies if the account status is "maintenance" and if not send or receive further messages for it.
- If the shared rooms or instant meetings have Deleted accounts, the chat history in Zimbra Connect did not appear. The issue has been fixed.
Zimbra Drive
- Updated zimbraXVersion value in the com_zimbra_drive_modern zimlet manifest.
- Fixed an issue that would prevent drive items to be shared to distribution lists.
HSM
- Added further examples when invoking a docheckblobs operation without parameters.
- doCreateVolume command improved to give the administrator feedback when run.
- Added the automatic creation of an HSM rule to implement what was once done using the parameter driveSecondaryStore.
Known Issues
- None
Patch Installation
Please refer to the steps below to install 9.0.0 Patch 10 on Redhat and Ubuntu platforms:
Before Installing the Patch
Before installing the patch, consider the following:
- Patches are cumulative.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to
zimbra
user before using ZCS CLI commands. - Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
- Important Note for ZCS Setup with Local ZCS repository: Customers who have set up local ZCS repository should first update the local repository by following instructions in wiki
- Please make note that, installing the zimbra-patch package only updates the Zimbra core packages.
9.0.0 Patch 10 Packages
The package lineup for this release is:
PackageName Version
zimbra-patch -> 9.0.0.1608034192.p10-2 zimbra-proxy-patch -> 9.0.0.1604495468.p9-1 zimbra-mta-patch -> 9.0.0.1607664338.p10-1 zimbra-common-core-jar -> 9.0.0.1607619312-1 zimbra-openldap-server -> 2.4.49-1zimbra8.8b2 zimbra-ldap-components -> 1.0.4-1zimbra8.8b1 zimbra-mbox-webclient-war -> 9.0.0.1606908944-1 zimbra-mbox-admin-console-war -> 9.0.0.1604316178-1 zimbra-common-mbox-conf-attrs -> 9.0.0.1602835824-1 zimbra-common-core-libs -> 9.0.0.1591936175-1 zimbra-zco -> 9.0.0.1888.1606746532-1 zimbra-modern-ui -> 4.1.0.1608032519-1 zimbra-zimlet-install-pwa -> 4.0.0.1606479635-1 zimbra-zimlet-set-default-client -> 4.0.0.1606479917-1 zimbra-zimlet-date -> 4.0.0.1606496021-1 zimbra-zimlet-additional-signature-setting -> 4.0.0.1606500817-1 zimbra-zimlet-sideloader -> 5.0.0.1606717050-1 zimbra-zimlet-calendar-subscription -> 4.0.0.1606479804-1 zimbra-modern-zimlets -> 4.1.0.1608032519-1.u14 zimbra-zimlet-restore-contacts -> 4.0.0.1606479574-1 zimbra-network-modules-ng -> 7.0.9.1606916266-1.u14 zimbra-drive-ng -> 4.0.9.1606408802-1 zimbra-drive-modern -> 1.0.9.1606408802-1 zimbra-connect -> 2.0.9.1606409184-1 zimbra-connect-modern -> 1.0.9.1606409184-1 zimbra-docs -> 4.0.3.1592415625-1 zimbra-docs-modern -> 1.0.4.1606409421-1 zimbra-zimlet-auth -> 1.0.0.1604473561-1 zimbra-zimlet-zoom -> 6.0.0.1606762413-1 zimbra-zimlet-slack -> 5.0.0.1606762413-1 zimbra-zimlet-dropbox -> 5.0.0.1606762413-1 zimbra-zimlet-onedrive -> 5.0.0.1606762413-1 zimbra-zimlet-google-drive -> 5.0.0.1606762413-1 zimbra-zimlet-jitsi -> 3.0.0.1606762413-1 zimbra-zimlet-video-call-preferences -> 2.0.0.1606762413-1 zimbra-zimlet-nextcloud -> 1.0.1.1604579215-1 zimbra-zimlet-voice-message -> 1.0.0.1606150168-1 zimbra-zimlet-classic-unsupportedbrowser -> 1.0.0.1591045240-1 zimbra-zimlet-email-templates -> 2.0.0.1606716802-1
Redhat
Installing Zimbra packages with system package upgrades
- As
root
, first clear the yum cache and check for updates so the server sees there is a newzimbra-patch
package in the patch repository:
yum clean metadata yum check-update
- Then ask yum to update available packages:
yum update
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing Zimbra packages individually
Install/Upgrade zimbra-proxy-components
on Proxy node for FOSS and NETWORK
- As
root
, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata yum check-update
- Then install the package:
yum install zimbra-proxy-components
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart
Install/Upgrade zimbra-proxy-patch
on Proxy node for FOSS and NETWORK
- As
root
, install the package:
yum install zimbra-proxy-patch
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart zmmemcachedctl restart
Install/Upgrade zimbra-mta-components
on MTA node for FOSS and NETWORK
- As
root
, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata yum check-update
- Then install the package:
yum install zimbra-mta-components
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-mta-patch
on MTA node for FOSS and NETWORK
- As
root
, install the package:
yum install zimbra-mta-patch
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-patch
on mailstore node for FOSS and NETWORK
- As
root
, install the package:
yum install zimbra-patch
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Install/Upgrade zimbra-chat
for FOSS
- As
root
, install the package:
yum install zimbra-chat
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Uninstall zimbra-talk
(NETWORK Only)
Starting Zimbra 8.8.15 GA, zimbra-connect
replaces zimbra-talk
hence it is important to remove zimbra-talk
before installing zimbra-connect
.
- As
root
, uninstall the package:
yum remove zimbra-talk
Install/Upgrade zimbra-network-modules-ng
, zimbra-connect
and zimbra-zimlet-auth
(NETWORK Only)
- As
root
, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata yum check-update
- Then install the packages:
yum install zimbra-network-modules-ng yum install zimbra-connect yum install zimbra-zimlet-auth
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Install/Upgrade zimbra-docs
(NETWORK Only)
- As
root
, install the package:
yum install zimbra-docs
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Install/Upgrade zimbra-drive-ng
(NETWORK Only)
- As
root
, install the package:
yum install zimbra-drive-ng
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Upgrade OpenLDAP on LDAP node for FOSS and NETWORK
- As
root
, install the package:
yum install zimbra-ldap-components
- Restart
ldap
aszimbra
user:
su - zimbra ldap restart
Ubuntu
Installing zimbra packages with system package upgrades
- As
root
, check for updates so the server sees there is a newzimbra-patch
package in the patch repository:
apt-get update
- Then update available packages:
apt-get upgrade
OR
- Update all available packages plus any kernel updates:
apt-get dist-upgrade
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing zimbra packages individually
Install/Upgrade zimbra-proxy-components
on Proxy node for FOSS and NETWORK
- As
root
, install package
apt-get install zimbra-proxy-components
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart
Install/Upgrade zimbra-proxy-patch
on Proxy node for FOSS and NETWORK
- As
root
, install package
apt-get install zimbra-proxy-patch
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart zmmemcachedctl restart
Ubuntu 18 zimbra-proxy-patch version
zimbra-proxy-patch -> 8.8.12.1554984827.p3-1
The installation of this patch is mandatory for the proxy to function on Ubuntu 18 servers.
Install/Upgrade zimbra-mta-components
on MTA node for FOSS and NETWORK
- As
root
, install package
apt-get install zimbra-mta-components
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-mta-patch
on MTA node for FOSS and NETWORK
- As
root
, install package
apt-get install zimbra-mta-patch
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-patch
on mailstore node for FOSS and NETWORK
- As
root
, check for updates and install package:
apt-get update apt-get install zimbra-patch
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Install/Upgrade zimbra-chat for FOSS
- As
root
, install package:
apt-get install zimbra-chat
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Uninstall zimbra-talk
(NETWORK Only)
Starting Zimbra 8.8.15 GA, zimbra-connect
replaces zimbra-talk
hence it is important to remove zimbra-talk
before installing zimbra-connect
.
- As
root
, uninstall the package:
apt-get remove zimbra-talk
Install/Upgrade zimbra-network-modules-ng, zimbra-connect and zimbra-zimlet-auth (NETWORK Only)
- As
root
, check for updates and install packages:
apt-get update apt-get install zimbra-network-modules-ng apt-get install zimbra-connect apt-get install zimbra-zimlet-auth
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Install/Upgrade zimbra-docs (NETWORK Only)
- As
root
, install package:
apt-get install zimbra-docs
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Install/Upgrade zimbra-drive-ng (NETWORK Only)
- As
root
, install package:
apt-get install zimbra-drive-ng
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Upgrade OpenLDAP on LDAP node for FOSS and NETWORK
- As
root
, install the package:
apt-get install zimbra-ldap-components
- Restart
ldap
aszimbra
user:
su - zimbra ldap restart
Nginx TLS 1.3 Packages
NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.
The packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 (Beta) are:
PackageName Version zimbra-nginx -> 1.19.0-1zimbra8.8b1 zimbra-proxy-components -> 1.0.6-1zimbra8.8b1 zimbra-proxy-patch -> 9.0.0.1607929581.p10-1
Jira Summary
Jira Tickets fixed in 9.0.0 Patch 10
ZCS-10130 | Verify zimbra Video Server |
ZCS-10123 | Fixed download concurrency issue |
ZCS-10122 | Screen sharing avatar behavior improvement |
ZCS-10121 | Meeting screen share termination fix |
ZCS-10120 | Changed "Mute" behavior |
ZCS-10119 | Fixed new instant meeting window buttons |
ZCS-10118 | TEAM loading screen Improvement |
ZCS-10111 | Verify zimbra docs server installation |
ZCS-10108 | Added Instant message functions |
ZCS-10107 | Added Connect account status awareness |
ZCS-10105 | Sidebar hidden by default |
ZCS-10104 | CLI commands input validation for email addresses |
ZCS-10103 | Fixed drive startup switch |
ZCS-10102 | Improved zxsuite online help |
ZCS-10101 | doCreateVolume command improved for centralized volumes |
ZCS-10100 | Deprecated drivesecondarystore value migration |
ZCS-10099 | All day events added to incorrect day fixed |
ZCS-10098 | Follow-up flag improvement |
ZCS-10097 | Updated zimbraXverstion to 4.0.0 |
ZCS-10096 | Fixed drive shares on distribution lists |
ZCS-10095 | Backup volume on S3 creation fixed |
ZCS-10094 | Fixed typo in smartscan email log |
ZCS-10093 | Improved "Domain configuration missing" notification |
ZCS-10092 | Mobile password must be exclusive for EAS |
ZCS-9361 | zm-saml-consumer-store extension vulnerable to Billion Laughs XXE attack |
ZCOMT-2204 | Advance search in Outook(ZCO) to get the contact which has middle name included in the firstname |
ZBUG-1966 | [11.3.2020 reopen]- SPAM Learn - NullPointerException while running zmtrainsa |
ZBUG-1946 | Zimbra connect doesn't display chat |
ZBUG-1456 | Connection pool shut down 3.0 |
PREAPPS-5577 | Zimbra 9 Modern - Slow mail opening |
PREAPPS-5444 | Modern UI - Reset Password flow: handle remote rules |
PREAPPS-5358 | Add navigation for account settings |
PREAPPS-5353 | Mobile | Cancel or X does not close the setting page |
PREAPPS-5238 | Rename files in Briefcase |
PREAPPS-2837 | Tags support for events |