Zimbra Releases/9.0.0/P10

Zimbra Collaboration Kepler 9.0.0 Patch 10 GA Release

Check out the Security Fixes, What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
zm-saml-consumer-store extension vulnerable to XXE attack CVE-2020-35123 6.5 Medium 9.0.0 P10

What's New

NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.


Nginx Upgrade (Beta)

Upgraded 3rd Party Nginx from version 1.7.1 to 1.19.0.

  • Nginx 1.19.0 support for TLSv1.3

We are nearing the end of our extensive QA cycle for this package upgrades. Watch for the GA announcement in an upcoming patch release.


Refer to the wiki for instructions on installing the packages on the systems.

NOTE : For users who don't have previous beta packages, they would need to install that first. Please refer to the wiki for instructions on installing the packages on the systems.

Synacor Announces Support for Social Justice

With this patch, Synacor affirms its support of social justice awareness throughout the world and moves made by the tech community to reexamine and replace dated terminology, pledging inclusive language. Specific terminology changes Synacor will make:

   * Master/Slave to Primary/Secondary or Replica
   * Blacklist/Whitelist to Deny List/Allow List
   * White Hat/Black Hat with Ethical/Unethical.

The scope of these changes will include all Zimbra interfaces Synacor has built: all User Interface Screens and Command Line Interfaces (CLIs). The scope does not include any APIs (SOAP, REST or Libraries), Configuration files, Administrative files and any Third Party Software included as part of our products.

We recognize these changes will take time and have the potential to break certain infrastructure (scripts, for example) that our customers may have built. Thus with this announcement, we want to alert our customers that we will be deprecating such items in the future. Sufficient notice will be given to our customers so they can prepare to change their source code if necessary. Thank you for helping us alter the language to better match our shared values of equality, diversity and inclusion.

Modern Web App

  • In Modern Web App, when the password is reset using the "Forgot Password" feature, necessary checks will be performed for new passwords as per password rules, and visual indication will be provided to indicate these rules to the end-user.

Mail

  • Users can tag events with custom tags to easily categorize events.

Settings

  • Account specific settings are now easier to find. All account related settings can be found by clicking Expand/Collapse buttons next to each account name in Settings->Accounts.

Briefcase

  • Users can now rename files stored in the Briefcase. The "Rename file" option is available in the right-click menu of the file, as well as in the More menu. Depending upon the permissions, Users will also be able to rename the shared folders and files inside them.

ZCO

  • With this release, ZCO has enhanced the address book search feature. The search now includes looking for substrings within the name fields. It is effective specifically when the fields contain multiple words. For more details, please refer to the admin guide section.

Zimbra Video Server (BETA)

  • With this release, we are introducing Video Server (BETA) for Zimbra Connect. The Video Server (BETA) is a WebRTC stream aggregator that improves Team’s performance by merging and decoding/re-encoding all streams in a meeting. Please refer to the admin guide for instructions on installing the Video Server on the systems.

Zimbra Docs

  • New version of Docs Server is available and can be found on the Network Edition Downloads page.
  • The sidebar is now hidden by default in Docs so the interface is more clear.

Zimbra Drive

  • Fixed an issue that would prevent an admin to disable drive at startup from the web admin console

NG Modules

  • Input validation has been added to CLI to warn the administrator when invalid email addresses are given


Fixed Issues

Mail

  • In Modern Web App, message loading got stuck when previous and next mail has the same subject and is loading from the same server. The issue has been fixed and the messages are rendered correctly.

Responsive-UI

  • When accessing the Modern Web App on Mobile or Tablet, opening the Settings and using 'X' or 'Cancel' did not close the Settings. The issue has been fixed.

Zimbra Collaboration

  • Fixed an issue with SPAM assassin training.
  • In the Classic Web App, operations that invoked a lot of GetInfoRequest and GetFolderRequest resulted in "StackOverflowErrors" followed by 'Connection pool shut down'. It also caused the system to become unresponsive. The issue has been fixed.

NG Auth

  • Auth’s "Domain configuration missing" notification will now ignore domain alias and be sent at most once a day.
  • Fixed a bug that caused the account’s password to be usable for EAS synchronization even if a Mobile Password was set.

NG Modules

  • Fixed a bug that prevented the backup volume to be correctly created if S3 credentials are passed to the command.
  • Added a missing ' in the "smarstcan completed" mail.
  • Fixed a bug with the timezone that made the all-day events created via Exchange ActiveSync to be added to the day before instead of the correct one on the webmail.
  • Email sent via Exchange ActiveSync will not automatically have the follow-up flag now.

Zimbra Connect

  • Fixed an issue that would cause video conferences and instant messaging to be unavailable for a few seconds while mail attachments are downloaded.
  • Improved the screen sharing avatar placement so that it no longer makes the screen-sharing function difficult to use.
  • Fixed an issue that would cause a screen share to continue after closing the group/space/channel/instant meeting window.
  • The "Mute" button has been changed to "Mute for all".
  • Fixed an issue that would prevent all abort button not to work when creating a new instant meeting while another one is already running.
  • Improved TEAM opening screen, now an animation makes clear to the user that the application is loading.
  • Added Edit, Delete, Forward, Reply to messages in conversations, groups, channels.
  • Connect now verifies if the account status is "maintenance" and if not send or receive further messages for it.
  • If the shared rooms or instant meetings have Deleted accounts, the chat history in Zimbra Connect did not appear. The issue has been fixed.

Zimbra Drive

  • Updated zimbraXVersion value in the com_zimbra_drive_modern zimlet manifest.
  • Fixed an issue that would prevent drive items to be shared to distribution lists.

HSM

  • Added further examples when invoking a docheckblobs operation without parameters.
  • doCreateVolume command improved to give the administrator feedback when run.
  • Added the automatic creation of an HSM rule to implement what was once done using the parameter driveSecondaryStore.


Known Issues

  • None



Patch Installation

Please refer to the steps below to install 9.0.0 Patch 10 on Redhat and Ubuntu platforms:

Before Installing the Patch

Before installing the patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important Note for ZCS Setup with Local ZCS repository: Customers who have set up local ZCS repository should first update the local repository by following instructions in wiki
  • Please make note that, installing the zimbra-patch package only updates the Zimbra core packages.

9.0.0 Patch 10 Packages

The package lineup for this release is:

PackageName Version

zimbra-patch                               ->     9.0.0.1608034192.p10-2
zimbra-proxy-patch                         ->     9.0.0.1604495468.p9-1
zimbra-mta-patch                           ->     9.0.0.1607664338.p10-1
zimbra-common-core-jar                     ->     9.0.0.1607619312-1
zimbra-openldap-server                     ->     2.4.49-1zimbra8.8b2
zimbra-ldap-components                     ->     1.0.4-1zimbra8.8b1
zimbra-mbox-webclient-war                  ->     9.0.0.1606908944-1
zimbra-mbox-admin-console-war              ->     9.0.0.1604316178-1
zimbra-common-mbox-conf-attrs              ->     9.0.0.1602835824-1
zimbra-common-core-libs                    ->     9.0.0.1591936175-1
zimbra-zco                                 ->     9.0.0.1888.1606746532-1
zimbra-modern-ui                           ->     4.1.0.1608032519-1
zimbra-zimlet-install-pwa                  ->     4.0.0.1606479635-1
zimbra-zimlet-set-default-client           ->     4.0.0.1606479917-1
zimbra-zimlet-date                         ->     4.0.0.1606496021-1
zimbra-zimlet-additional-signature-setting ->     4.0.0.1606500817-1
zimbra-zimlet-sideloader                   ->     5.0.0.1606717050-1
zimbra-zimlet-calendar-subscription        ->     4.0.0.1606479804-1
zimbra-modern-zimlets                      ->     4.1.0.1608032519-1.u14
zimbra-zimlet-restore-contacts             ->     4.0.0.1606479574-1
zimbra-network-modules-ng                  ->     7.0.9.1606916266-1.u14
zimbra-drive-ng                            ->     4.0.9.1606408802-1
zimbra-drive-modern                        ->     1.0.9.1606408802-1
zimbra-connect                             ->     2.0.9.1606409184-1
zimbra-connect-modern                      ->     1.0.9.1606409184-1
zimbra-docs                                ->     4.0.3.1592415625-1
zimbra-docs-modern                         ->     1.0.4.1606409421-1
zimbra-zimlet-auth                         ->     1.0.0.1604473561-1
zimbra-zimlet-zoom                         ->     6.0.0.1606762413-1
zimbra-zimlet-slack                        ->     5.0.0.1606762413-1
zimbra-zimlet-dropbox                      ->     5.0.0.1606762413-1
zimbra-zimlet-onedrive                     ->     5.0.0.1606762413-1
zimbra-zimlet-google-drive                 ->     5.0.0.1606762413-1
zimbra-zimlet-jitsi                        ->     3.0.0.1606762413-1
zimbra-zimlet-video-call-preferences       ->     2.0.0.1606762413-1
zimbra-zimlet-nextcloud                    ->     1.0.1.1604579215-1
zimbra-zimlet-voice-message                ->     1.0.0.1606150168-1
zimbra-zimlet-classic-unsupportedbrowser   ->     1.0.0.1591045240-1
zimbra-zimlet-email-templates              ->     2.0.0.1606716802-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-proxy-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade zimbra-mta-components on MTA node for FOSS and NETWORK

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install the package:
yum install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Uninstall zimbra-talk (NETWORK Only)

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk hence it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package:
yum remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect and zimbra-zimlet-auth (NETWORK Only)

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the packages:
yum install zimbra-network-modules-ng
yum install zimbra-connect
yum install zimbra-zimlet-auth
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, install the package:
yum install zimbra-docs
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-drive-ng (NETWORK Only)

  • As root, install the package:
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root, install the package:
yum install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server sees there is a new zimbra-patch package in the patch repository:
apt-get update
  • Then update available packages:
apt-get upgrade

OR

  • Update all available packages plus any kernel updates:
apt-get dist-upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually

Install/Upgrade zimbra-proxy-components on Proxy node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-proxy-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-proxy-patch on Proxy node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Ubuntu 18 zimbra-proxy-patch version

zimbra-proxy-patch        ->  8.8.12.1554984827.p3-1

The installation of this patch is mandatory for the proxy to function on Ubuntu 18 servers.

Install/Upgrade zimbra-mta-components on MTA node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-mta-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node for FOSS and NETWORK

  • As root, install package
apt-get install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node for FOSS and NETWORK

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-chat for FOSS

  • As root, install package:
apt-get install zimbra-chat
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Uninstall zimbra-talk (NETWORK Only)

Starting Zimbra 8.8.15 GA, zimbra-connect replaces zimbra-talk hence it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package:
apt-get remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect and zimbra-zimlet-auth (NETWORK Only)

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-connect
apt-get install zimbra-zimlet-auth
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-docs (NETWORK Only)

  • As root, install package:
apt-get install zimbra-docs
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Install/Upgrade zimbra-drive-ng (NETWORK Only)

  • As root, install package:
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgrade OpenLDAP on LDAP node for FOSS and NETWORK

  • As root, install the package:
apt-get install zimbra-ldap-components
  • Restart ldap as zimbra user:
su - zimbra
ldap restart

Nginx TLS 1.3 Packages

NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.

The packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18 (Beta) are:

PackageName                                       Version
zimbra-nginx                               ->     1.19.0-1zimbra8.8b1
zimbra-proxy-components                    ->     1.0.6-1zimbra8.8b1
zimbra-proxy-patch                         ->     9.0.0.1607929581.p10-1

Jira Summary

Jira Tickets fixed in 9.0.0 Patch 10

ZCS-10130 Verify zimbra Video Server
ZCS-10123 Fixed download concurrency issue
ZCS-10122 Screen sharing avatar behavior improvement
ZCS-10121 Meeting screen share termination fix
ZCS-10120 Changed "Mute" behavior
ZCS-10119 Fixed new instant meeting window buttons
ZCS-10118 TEAM loading screen Improvement
ZCS-10111 Verify zimbra docs server installation
ZCS-10108 Added Instant message functions
ZCS-10107 Added Connect account status awareness
ZCS-10105 Sidebar hidden by default
ZCS-10104 CLI commands input validation for email addresses
ZCS-10103 Fixed drive startup switch
ZCS-10102 Improved zxsuite online help
ZCS-10101 doCreateVolume command improved for centralized volumes
ZCS-10100 Deprecated drivesecondarystore value migration
ZCS-10099 All day events added to incorrect day fixed
ZCS-10098 Follow-up flag improvement
ZCS-10097 Updated zimbraXverstion to 4.0.0
ZCS-10096 Fixed drive shares on distribution lists
ZCS-10095 Backup volume on S3 creation fixed
ZCS-10094 Fixed typo in smartscan email log
ZCS-10093 Improved "Domain configuration missing" notification
ZCS-10092 Mobile password must be exclusive for EAS
ZCS-9361 zm-saml-consumer-store extension vulnerable to Billion Laughs XXE attack
ZCOMT-2204 Advance search in Outook(ZCO) to get the contact which has middle name included in the firstname
ZBUG-1966 [11.3.2020 reopen]- SPAM Learn - NullPointerException while running zmtrainsa
ZBUG-1946 Zimbra connect doesn't display chat
ZBUG-1456 Connection pool shut down 3.0
PREAPPS-5577 Zimbra 9 Modern - Slow mail opening
PREAPPS-5444 Modern UI - Reset Password flow: handle remote rules
PREAPPS-5358 Add navigation for account settings
PREAPPS-5353 Mobile | Cancel or X does not close the setting page
PREAPPS-5238 Rename files in Briefcase
PREAPPS-2837 Tags support for events
Jump to: navigation, search