Zimbra Collaboration 8.6 Patch 2 is here
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Zimbra Collaboration 8.6 Patch 2 is here
We are proud to announce the Patch 2 for Zimbra Collaboration 8.6.
Please do a full backup or snapshot before install this Patch. You can download the patch and the md5 and the SHA 256 file here:
Download the Patch for Network Edition and for Open Source Edition
Please, read the Full Release Notes here.
All ZCS 8.6.0 sites are recommended to install this patch. Patch 2 is cumulative with Patch 1, so only Patch 2 is required. Also here is a complete list of the fixed Bugs in this Patch 2 for Zimbra Collaboration 8.6.0:
Admin
Bug 98226 – Accounts, Aliases, Distribution Lists and Resources list are cached and reused. When a user clicks the refresh icon in the admin console, cache is bypassed and the request is processed to access the data from the server.
Bug 91986 – Searching in the admin console requires a minimum three (3) characters. If the user enters less than three (3) characters, an error message displays. See Performing a Cross-Mailbox Search for more information.
Bug 97469 – Mailbox search limits in the admin console are applied per mailbox, and not applied to aggregate cross-mailbox searches. See Performing a Cross-Mailbox Search for more information.
Directory
Bug 91793 – Performance improved for CountObjectRequest.
EWS
Bug 97207 – Fixed issue causing errors and duplicate messages when sending mail using EWS.
Mail MTA/SPAM/Antivirus
Bug 96408 – Fixed issue causing zmtrainsa to fail.
Mail - Web Client
Bug 97994 – Improved efficiency when using the tab function to get into the body area of the Compose feature.
Bug 95730 – Date and time both display in the reading pane.
Bug 96715 – Fixed issue causing duplicate/overlapping of sender name in message list of a conversation.
Bug 97563 – Spell check works appropriately in Firefox and OS X Yosemite.
Bug 96808 – Messages display properly when using Google Chrome zoom level at 90%.
Bug 97128 – "New Folder" menu text displays properly in a new window.
Bug 97403 – All messages in a conversation expand and collapse appropriately when clicking the + and - icon in the message header.
Bug 97462 – Expanding a Distribution List in the "To:" field of a message allows the members of the Distribution List to display, and removes the Distribution List name from the "To:" field.
Bug 97956 – Fixed issue causing Firefox to lose cursor focus in first email reply after login.
Bug 97960 – Fixed issue causing Delete button action to lose message focus.
Bug 97838 – Emoticons are included correctly when composing a message.
Bug 96733 – Fixed issue causing Draft count to increase after clicking Cancel from Reply/Forward compose window.
Bug 97000 – When using the reply or forward function in a message, the message opens properly in the reading pane.
Bug 98136 – When using Conversation view in Internet Explorer 8.0 on Windows 7 or XP, the conversation displays properly in the reading pane.
Bug 97283 – Subject text can be selected in Conversation view.
Bug 98501 – Sorting preferences “Group by Date” and ‘Sort by From” work appropriately in the Conversation view.
Mobile
Bug 96166 – Fixed issue causing Imap delete function to leave orphan items on a device when dumpster is enabled.
Other - Server
Bug 97743 – Membership in many domain admin distribution lists causes excessive LDAP searching and slow domain admin login and management access. See Admin Console Performance Issues when using Delegated Admin for more information.
Bug 91009 – Performance improved when accessing membership information for dynamic groups.
Search
Bug 97067 – Performance improved when using the Search feature in the Zimbra Web Client.
Security
Bugs 97625, 98215, 98216, 98358: multiple persistent and non-persistent XSS vulnerabilities.
Security Fixes
ZCS 8.6.0 Patch2 includes the following security fixes. The security fixes listed are rated as “Minor”. For more information, see Zimbra Security Response Policy and Zimbra Vulnerability Rating Classification.
Bug
Rating
CVSS Base Score
98358
Minor
4.3
98216
Minor
4.3
98215
Minor
4.3
97625
Minor
4.3
Zimbra Security Response Policy
For more information about the Zimbra Security Response Policy, see
https://community.zimbra.com/support/w/ ... nse-policy.
Zimbra Vulnerability Rating Classification
For more information about the Zimbra Vulnerability Rating Classification, see
https://community.zimbra.com/support/w/ ... sification.
Known Issues when Installing the 8.6.0 Patch 2
Known issues when installing the 8.6.0 Patch2 include the following exceptions:
Bug 99188 - Patch installer is unable to flush Zimlet cache
The patch installer attempts to flush the Zimlet cache even if the mailboxd service is shutdown. The exception can be ignored and patch installation will continue as expected.
root@example:~# vi /tmp/zmpatch.log
Thu Apr 30 12:04:31 2015 deployed...
Thu Apr 30 12:04:31 2015 *** Running as zimbra user: zmprov flushcache zimlet
[] INFO: I/O exception (java.net.ConnectException) caught when processing request: Connection refused
[] INFO: Retrying request
ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)
Thu Apr 30 12:04:32 2015 updated.
Bug 90678 - GetMailQueueInfoRequest does not work on rolling upgrade setup
The admin console tries to fetch MTA queue info from non-MTA hosts which can lead to this exception in mailbox.log. The exception does not negatively impact the ZCS installation and can be ignored.
2015-04-30 13:37:29,782 INFO [qtp509886383- 663:https://10.137.244.XXX:7071/service/adm ... nfoRequest] [name=admin@zqa-121.eng.example.com;mid=2;ip=10.255.255.31;ua=ZimbraWebClient - FF23 (Mac);] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: system failure: exception executing command: zmqstat all with {RemoteManager: zqa-121.eng.example.com->zimbra@zqa- 122.eng.example.com:22}ExceptionId:qtp509886383- 663:https://10.137.244.XXX:7071/service/adm ... 0426249781: 285e6ff4e07a6430
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:260) at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:162)
at com.zimbra.cs.service.admin.GetMailQueueInfo.handle(GetMailQueueInfo.java:55) at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:569)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:432)
...
sudo: no tty present and no askpass program specified Sorry, try again.
sudo: 3 incorrect password attempts
at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:154) ... 52 more
Before Installing the Patch
Before installing the patch, consider the following:
Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra- collaboration
Patches are delivered as a TGZ file and are cumulative.
A full backup should be performed before any patch is applied. There is no automated roll-backmechanism.
Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
Only files or Zimlets associated with installed packages will be installed from the patch.
Switch to user zimbra before using ZCS CLI commands.
Install the Patch
Read carefully the Release Notes, for this Patch 2 is important to stop the Zimbra Collaboration Mailbox service before execute the Patch.
Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
Zimbra Collaboration 8.6 Patch 2 is here
I guess, you should run the installPatch.sh as user root, right? This is a bit unclear in the release notes with this stopping the mailbox server previously.
Zimbra Collaboration 8.6 Patch 2 is here
Just as with patch 1, perl crashes during when I launch the patch.
$ sudo ./installPatch.sh
./installPatch.sh: line 35: 2007 Segmentation fault (core dumped) perl bin/zmpatch.pl --config conf/zmpatch.xml --verbose $1
$ sudo ./installPatch.sh
./installPatch.sh: line 35: 2007 Segmentation fault (core dumped) perl bin/zmpatch.pl --config conf/zmpatch.xml --verbose $1
Zimbra Collaboration 8.6 Patch 2 is here
I almost missed the line
Bugs 97625, 98215, 98216, 98358: multiple persistent and non-persistent XSS vulnerabilities.
So this patch is actually a critical security release which should be applied ASAP? Any CVE numbers?
Bugs 97625, 98215, 98216, 98358: multiple persistent and non-persistent XSS vulnerabilities.
So this patch is actually a critical security release which should be applied ASAP? Any CVE numbers?
Zimbra Collaboration 8.6 Patch 2 is here
Another question: Will users have to manually clear their browser cache again? See https://bugzilla.zimbra.com/show_bug.cgi?id=98598
Zimbra Collaboration 8.6 Patch 2 is here
I have the core dump at hand and I'd love to send it to you.
However, I have been searching and searching again on your profile page for ten straight minutes, looking for an option to PM you but I couldn't find it. And you don't appear on the possible recipients when I try to create a new PM, so I have no idea how to contact you ^^'
However, I have been searching and searching again on your profile page for ten straight minutes, looking for an option to PM you but I couldn't find it. And you don't appear on the possible recipients when I try to create a new PM, so I have no idea how to contact you ^^'
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Zimbra Collaboration 8.6 Patch 2 is here
Hi Dennis,
We have this fixed now, and we will push the new PDF with the fixed instructions soon, thank you very much.
Best regards
We have this fixed now, and we will push the new PDF with the fixed instructions soon, thank you very much.
Best regards
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Zimbra Collaboration 8.6 Patch 2 is here
Hi Malte,
We are working to add the CVE and the Zimbra Vulnerability Classification, this will be included in a updated PDF.
Best regards.
We are working to add the CVE and the Zimbra Vulnerability Classification, this will be included in a updated PDF.
Best regards.
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Zimbra Collaboration 8.6 Patch 2 is here
Hi Malte and Dennis,
Both issues was fixed and you can read now the Updated PDF, in the same link, I've also added the Security info to this Thread.
Thank you.
Both issues was fixed and you can read now the Updated PDF, in the same link, I've also added the Security info to this Thread.
Thank you.