Zimbra Forums

The whole RFE thing is something I want to comment on here. It's a nice idea in theory but in practice it seems that very sane and simple to implement RFE's get ignored.
For example I'm going to use Bug 7958 "Disable "Remember me on this computer" on login screen". This RFE was opened over 8 years ago and seems to have been overlooked ever since.
Now perhaps it's not got enough "votes", but perhaps that's because many people don't have time in their working day to sign up to Bugzilla or that it's not what they're paid to spend time on. I'm sure there's many others who have just crossed Zimbra off their shortlists due to the security issues that this causes.
And how long would it actually take to fix this ? The admin login doesn't have the "Remember me" option so the code is already there.
Now I've taken this RFE because I believe it illustrates my point well but there's plenty more out there. As far as I am concerned Bugzilla is full of them and while I do like the platform as a place to post bugs that are found I feel that many are overlooked.
I think that Zimbra as a company should really spend some more time fixing these before adding new features, that will themselves produce more bugs. I would file a RFE for this but ........

I echo your sentiments.
In addition I would like to highlight another major criticism from my point of view. I have raised quite a few Bugzilla tickets over the past few years against whatever was my then current zimbra version. For now that is 7.2.7 FOSS
Invariably, if the ticket gets actioned, it gets closed out with FIXED in a release that is 8.0.x - which is totally useless to me. I will have to do a complete server swap-out to get to 8.0.x and am not prepared to do that while all these security issues keep cropping up. Worse still for the past year we have been getting FIXED in 9.0 BETA which is totally useless to everyone. You then have to re-open the ticket and plead for the fix to be back-ported.
If a user reports a genuine problem with a non-EOL version of your product which is deemed worthy of a fix to a future version of your product, you should also fix the issue for the major version of the product the customer reported the issue against, and all subsequent affected versions.

Unfortunately zimbra 7.x is already EOL...I'm having to face a similar issue with our secondary mail system which stores alumni and retired faculty...its running on centos 5.x so I have to do an OS replacement to 6.x before I can upgrade it to 8.x.
Zimbra Support Life Cycle Documentation; open source email, contacts, and group calendaring
Back on topic though I'll agree about there being a fair "low hanging fruit" type of tickets that get skipped over. I've actually voted for that "remember me" bug long ago and was pretty upset when I couldn't disable it by editing the code like I used to be able to in 7.x.

[quote user="dik23"]The whole RFE thing is something I want to comment on here. It's a nice idea in theory but in practice it seems that very sane and simple to implement RFE's get ignored.

[/QUOTE]
Well, I'm used to critical bugs being ignored.

After all these years, I expect nothing else than my bugs bein closed as "invalid".

From time to time they get closed "fixed" without being fixed at all, or things made

even worse (even though I already provided a patch). Just happened again yesterday.
My conclusion: community input is not desired. Neither is people out there being

able to build it on their own.
Probably that's what the FOSS stands for - Fake-OSS ...

[quote]

The whole RFE thing is something I want to comment on here. It's a nice idea in theory but in practice it seems that very sane and simple to implement RFE's get ignored.

[/quote]



Same for bugs, even critical ones.

I just remember that it took several years to get security issues fixed (back in Helix times, it was really a nightmare).



[quote]

For example I'm going to use Bug 7958 "Disable "Remember me on this computer" on login screen". This RFE was opened over 8 years ago and seems to have been overlooked ever since.

[/quote]



One of the things, I had to do myself (via direct core customization), as this was regularily excoriated by pentests.



Anyways, there are tens of thousands of open bugs - most of them untouched for many years.



[quote]

Now perhaps it's not got enough "votes", but perhaps that's because many people don't have time in their working day to sign up to Bugzilla or that it's not what they're paid to spend time on. I'm sure there's many others who have just crossed Zimbra off their shortlists due to the security issues that this causes.

[/quote]



Indeed, for many of our projects it was a primary constraints to fix that (so I had to do it myself)



[qoute]

And how long would it actually take to fix this ?

[/quote]



About an hour.

But it really seems that Zimbra devs prefer spending more time with trying to talk away real world problems instead of just fixing them.

Well, that _might_ have to do with the fact that their development infrastructure - beginning with the one of the worst SCMs in the world, and an constantly broken build system ... and yes: certain folks there really seem to use the lack of a proper SCM as a excuse for doing bad things.



[quote]

I think that Zimbra as a company should really spend some more time fixing these before adding new features, that will themselves produce more bugs. I would file a RFE for this but ........

[/quote]



Well, seems that's not the way, typical US companies work: it's all about more and new fancy features - quality obviously is irrelevant.

At that point it's really clear, why they can't even reproduce the moon landing ...

[quote]

I've actually voted for that "remember me" bug long ago and was pretty upset when I couldn't disable it by editing the code like I used to be able to in 7.x.

[/quote]



It's getting even worse: w/ 9.x, all JSP and JS files are moved into .war files, making such changes extremly painful.

At that point, several of our clients (talking about over 100.000 mailboxes) simply can't use NE (since JP) anymore.

[quote]

- The packaging of webapps has always been as .war files since at least ZCS 6

[/quote]



well, let's check it against 8.0.2.GA.5569.UBUNTU12.64:



root@atlantis:/# cat /var/lib/dpkg/info/zimbra-*.list | grep -E ".jsp$"

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/service/error/403.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/service/error/attachment_blocked.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/service/error/sfdc_preauth.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/service/spnego/snoop.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Ajax.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Alert.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Boot.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Briefcase.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/BriefcaseCore.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/BrowserPlus.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Calendar.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/CalendarAppt.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/CalendarCore.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Contacts.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/ContactsCore.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Crypt.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Debug.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Docs.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/DocsPreview.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Extras.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/IM.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/IMConference.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/IMCore.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/ImportExport.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Leaks.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Mail.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/MailCore.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/NewWindow_1.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/NewWindow_2.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Portal.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Preferences.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/PreferencesCore.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Share.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Slides.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Spreadsheet.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/SpreadsheetALE.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/SpreadsheetEmbed.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/SpreadsheetPreview.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Startup1_1.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Startup1_2.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Startup2.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Tasks.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/TasksCore.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/TinyMCE.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/UnitTest.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Voicemail.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/XForms.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Zimbra.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/Zimlet.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/jsp/ZimletApp.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/proto/index.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/Boot.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/Docs.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/Resources.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/Slides.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/Spreadsheet.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/SpreadsheetDoc.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/SpreadsheetEmbed.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/TinyMCEEditor.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/error.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/extuserprov.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/hostedlogin.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/insecureResponse.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/launchNewWindow.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/launchZCS.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/loadImgData.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/login.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/noscript.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/pre-cache.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/search.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/secureRequest.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/public/setResourceBundle.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/portals/example/dynamic.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/jsp/Admin.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/jsp/Ajax.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/jsp/Boot.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/jsp/Debug.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/jsp/TinyMCE.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/jsp/XForms.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/jsp/Zimbra.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/proto/index.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/Boot.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/Docs.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/Resources.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/Slides.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/TinyMCEEditor.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/admin.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/error.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/extuserprov.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/hostedlogin.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/insecureResponse.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/loadImgData.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/noscript.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/pre-cache.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/search.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/secureRequest.jsp

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbraAdmin/public/setResourceBundle.jsp

/opt/zimbra/extensions-extra/oauth/authorize.jsp



root@atlantis:/# cat /var/lib/dpkg/info/zimbra-*.list | grep -E ".war$"

/opt/zimbra/jdk1.7.0_07/db/lib/derby.war

/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/test.war





There seems to be something's wrong with your statement ...