Zimbra Collaboration Kepler 9.0.0 Patch 29 GA Release
Release Date: December 7, 2022
Check out the Security Fixes, What's New. Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation page for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues
Change in upgrade process for 9.0.0 Patch 29
Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release.
We have also introduced a new package zimbra-ldap-patch to be installed only on the LDAP node.
Please refer to the Patch Installation steps to install the packages in its order.
Changes required for SSO setup before patch upgrade
Before upgrade, if the zimbraVirtualHostName parameter is not set for the domains that are using SAML and SSO based login, please set by following the instructions:
su - zimbra zmprov md domain_name zimbraVirtualHostName virtual_hostname
Note: Additional configuration for further hardening your Zimbra setup can be found on the Zimbra Support Portal. It is recommended that all customers consider these additional steps. If someone had applied this configuration previously, then after upgrading to this patch, they will have to re-apply the same configuration.
- After upgrading the ClamAV package in the previous patch, if the Attachments Scanning feature is enabled, users were not able to send messages containing an attachment. The issue has been fixed. ZBUG-3129
- In the previous patch, the apache package had a dependency on an incorrect version of pcre package. The issue has been fixed. ZBUG-3126
- While deploying zimlets, if the following error is encountered, please refer to the Patch Installation page to install the zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages in a particular order and re-deploy the zimlets.
/opt/zimbra/bin/zmjava: line 59: /bin/java: No such file or directory Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/appender/ConsoleAppender$Target at com.zimbra.cs.localconfig.LocalConfigCLI.main(LocalConfigCLI.java:353) Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.appender.ConsoleAppender$Target at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602) at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521) ... 1 more
- From Kepler-Patch-25 onwards, customers using SSO will need to update
zimbraVirtualHostNameattribute for the domains. Please refer to the instructions to update the attribute.
- With JDK 17, weaker Kerberos encryption types like 3DES and RC4 have now been disabled by default. This can cause SPNEGO auth to fail if described encryption types are being used. We recommend using stronger encryption types like AES256.
To get SPNEGO auth working with weak encryption types, weak encryption can be enabled by setting the allow_weak_crypto property to true in the krb5.conf configuration file. Please follow below instructions:
1. In /opt/zimbra/jetty_base/etc/krb5.ini.in -> [libdefaults] section, set allow_weak_crypto = true
2. Restart mailboxd service:
su - zimbra zmmailboxdctl restart
- Changes are not synced to Android devices if attendees of an instance in a recurring appointment are modified. - ZBUG-3133.
The package lineup for this release is:
zimbra-patch -> 220.127.116.119440287.p29-2 zimbra-mta-patch -> 18.104.22.1689440287.p29-1 zimbra-proxy-patch -> 22.214.171.1249440287.p29-1 zimbra-ldap-patch -> 126.96.36.1999440287.p29-1 zimbra-common-core-jar -> 188.8.131.529404357-1 zimbra-httpd -> 2.4.54-1zimbra8.7b4 zimbra-apache-components -> 2.0.9-1zimbra8.8b1 zimbra-spell-components -> 2.0.10-1zimbra8.8b1
Please refer to below link to install Kepler 9.0.0 Patch 29: