Zimbra Collaboration 8.6 Patch 2 is here

Official Zimbra news, events, releases, and updates.
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Zimbra Collaboration 8.6 Patch 2 is here

Post by jorgedlcruz »


We are proud to announce the Patch 2 for Zimbra Collaboration 8.6.
Please do a full backup or snapshot before install this Patch. You can download the patch and the md5 and the SHA 256 file here:

Download the Patch for Network Edition and for Open Source Edition

Please, read the Full Release Notes here.

All ZCS 8.6.0 sites are recommended to install this patch. Patch 2 is cumulative with Patch 1, so only Patch 2 is required. Also here is a complete list of the fixed Bugs in this Patch 2 for Zimbra Collaboration 8.6.0:
Admin

Bug 98226 – Accounts, Aliases, Distribution Lists and Resources list are cached and reused. When a user clicks the refresh icon in the admin console, cache is bypassed and the request is processed to access the data from the server.
Bug 91986 – Searching in the admin console requires a minimum three (3) characters. If the user enters less than three (3) characters, an error message displays. See Performing a Cross-Mailbox Search for more information.
Bug 97469 – Mailbox search limits in the admin console are applied per mailbox, and not applied to aggregate cross-mailbox searches. See Performing a Cross-Mailbox Search for more information.

Directory

Bug 91793 – Performance improved for CountObjectRequest.

EWS

Bug 97207 – Fixed issue causing errors and duplicate messages when sending mail using EWS.

Mail MTA/SPAM/Antivirus

Bug 96408 – Fixed issue causing zmtrainsa to fail.

Mail - Web Client

Bug 97994 – Improved efficiency when using the tab function to get into the body area of the Compose feature.
Bug 95730 – Date and time both display in the reading pane.
Bug 96715 – Fixed issue causing duplicate/overlapping of sender name in message list of a conversation.
Bug 97563 – Spell check works appropriately in Firefox and OS X Yosemite.
Bug 96808 – Messages display properly when using Google Chrome zoom level at 90%.
Bug 97128 – "New Folder" menu text displays properly in a new window.
Bug 97403 – All messages in a conversation expand and collapse appropriately when clicking the + and - icon in the message header.
Bug 97462 – Expanding a Distribution List in the "To:" field of a message allows the members of the Distribution List to display, and removes the Distribution List name from the "To:" field.
Bug 97956 – Fixed issue causing Firefox to lose cursor focus in first email reply after login.
Bug 97960 – Fixed issue causing Delete button action to lose message focus.
Bug 97838 – Emoticons are included correctly when composing a message.
Bug 96733 – Fixed issue causing Draft count to increase after clicking Cancel from Reply/Forward compose window.
Bug 97000 – When using the reply or forward function in a message, the message opens properly in the reading pane.
Bug 98136 – When using Conversation view in Internet Explorer 8.0 on Windows 7 or XP, the conversation displays properly in the reading pane.
Bug 97283 – Subject text can be selected in Conversation view.
Bug 98501 – Sorting preferences “Group by Date” and ‘Sort by From” work appropriately in the Conversation view.

Mobile

Bug 96166 – Fixed issue causing Imap delete function to leave orphan items on a device when dumpster is enabled.

Other - Server

Bug 97743 – Membership in many domain admin distribution lists causes excessive LDAP searching and slow domain admin login and management access. See Admin Console Performance Issues when using Delegated Admin for more information.
Bug 91009 – Performance improved when accessing membership information for dynamic groups.

Search

Bug 97067 – Performance improved when using the Search feature in the Zimbra Web Client.

Security

Bugs 97625, 98215, 98216, 98358: multiple persistent and non-persistent XSS vulnerabilities.

Security Fixes



ZCS 8.6.0 Patch2 includes the following security fixes. The security fixes listed are rated as “Minor”. For more information, see Zimbra Security Response Policy and Zimbra Vulnerability Rating Classification.



Bug
Rating
CVSS Base Score


98358
Minor
4.3


98216
Minor
4.3


98215
Minor
4.3


97625
Minor
4.3






Zimbra Security Response Policy
For more information about the Zimbra Security Response Policy, see
https://community.zimbra.com/support/w/ ... nse-policy.
Zimbra Vulnerability Rating Classification
For more information about the Zimbra Vulnerability Rating Classification, see
https://community.zimbra.com/support/w/ ... sification.






Known Issues when Installing the 8.6.0 Patch 2
Known issues when installing the 8.6.0 Patch2 include the following exceptions:
Bug 99188 - Patch installer is unable to flush Zimlet cache
The patch installer attempts to flush the Zimlet cache even if the mailboxd service is shutdown. The exception can be ignored and patch installation will continue as expected.
root@example:~# vi /tmp/zmpatch.log
Thu Apr 30 12:04:31 2015 deployed...
Thu Apr 30 12:04:31 2015 *** Running as zimbra user: zmprov flushcache zimlet
[] INFO: I/O exception (java.net.ConnectException) caught when processing request: Connection refused
[] INFO: Retrying request
ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)
Thu Apr 30 12:04:32 2015 updated.



Bug 90678 - GetMailQueueInfoRequest does not work on rolling upgrade setup



The admin console tries to fetch MTA queue info from non-MTA hosts which can lead to this exception in mailbox.log. The exception does not negatively impact the ZCS installation and can be ignored.
2015-04-30 13:37:29,782 INFO [qtp509886383- 663:https://10.137.244.XXX:7071/service/adm ... nfoRequest] [name=admin@zqa-121.eng.example.com;mid=2;ip=10.255.255.31;ua=ZimbraWebClient - FF23 (Mac);] SoapEngine - handler exception

com.zimbra.common.service.ServiceException: system failure: exception executing command: zmqstat all with {RemoteManager: zqa-121.eng.example.com->zimbra@zqa- 122.eng.example.com:22}ExceptionId:qtp509886383- 663:https://10.137.244.XXX:7071/service/adm ... 0426249781: 285e6ff4e07a6430

Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:260) at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:162)
at com.zimbra.cs.service.admin.GetMailQueueInfo.handle(GetMailQueueInfo.java:55) at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:569)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:432)
...
sudo: no tty present and no askpass program specified Sorry, try again.
sudo: 3 incorrect password attempts

at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:154) ... 52 more
Before Installing the Patch
Before installing the patch, consider the following:

Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra- collaboration
Patches are delivered as a TGZ file and are cumulative.
A full backup should be performed before any patch is applied. There is no automated roll-backmechanism.
Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
Only files or Zimlets associated with installed packages will be installed from the patch.
Switch to user zimbra before using ZCS CLI commands.

Install the Patch
Read carefully the Release Notes, for this Patch 2 is important to stop the Zimbra Collaboration Mailbox service before execute the Patch.
Important! You cannot revert to the previous ZCS release after you upgrade to the patch.





Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
ploeger
Advanced member
Advanced member
Posts: 88
Joined: Thu Aug 07, 2014 8:40 am

Zimbra Collaboration 8.6 Patch 2 is here

Post by ploeger »

I guess, you should run the installPatch.sh as user root, right? This is a bit unclear in the release notes with this stopping the mailbox server previously.
MKC
Posts: 26
Joined: Sat Sep 13, 2014 1:49 am

Zimbra Collaboration 8.6 Patch 2 is here

Post by MKC »

Just as with patch 1, perl crashes during when I launch the patch.
$ sudo ./installPatch.sh
./installPatch.sh: line 35: 2007 Segmentation fault (core dumped) perl bin/zmpatch.pl --config conf/zmpatch.xml --verbose $1
User avatar
msquadrat
Advanced member
Advanced member
Posts: 183
Joined: Mon Oct 14, 2013 10:09 am

Zimbra Collaboration 8.6 Patch 2 is here

Post by msquadrat »

I almost missed the line



Bugs 97625, 98215, 98216, 98358: multiple persistent and non-persistent XSS vulnerabilities.



So this patch is actually a critical security release which should be applied ASAP? Any CVE numbers?
User avatar
msquadrat
Advanced member
Advanced member
Posts: 183
Joined: Mon Oct 14, 2013 10:09 am

Zimbra Collaboration 8.6 Patch 2 is here

Post by msquadrat »

Another question: Will users have to manually clear their browser cache again? See https://bugzilla.zimbra.com/show_bug.cgi?id=98598
MKC
Posts: 26
Joined: Sat Sep 13, 2014 1:49 am

Zimbra Collaboration 8.6 Patch 2 is here

Post by MKC »

I have the core dump at hand and I'd love to send it to you.

However, I have been searching and searching again on your profile page for ten straight minutes, looking for an option to PM you but I couldn't find it. And you don't appear on the possible recipients when I try to create a new PM, so I have no idea how to contact you ^^'
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Zimbra Collaboration 8.6 Patch 2 is here

Post by jorgedlcruz »

Hi Dennis,

We have this fixed now, and we will push the new PDF with the fixed instructions soon, thank you very much.



Best regards
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Zimbra Collaboration 8.6 Patch 2 is here

Post by jorgedlcruz »

Hi Malte,

We are working to add the CVE and the Zimbra Vulnerability Classification, this will be included in a updated PDF.



Best regards.
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Zimbra Collaboration 8.6 Patch 2 is here

Post by jorgedlcruz »

Hi Malte and Dennis,

Both issues was fixed and you can read now the Updated PDF, in the same link, I've also added the Security info to this Thread.



Thank you.
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
Post Reply