Turns out I was wrong, it was late and admittedly I didn't do much testing. It doesn't appear to affect new messages now, but on reply's it is still an issue.loadaccess_jt wrote:Release 8.8.12.GA.3794.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.12_P3.
I just did an apt update/upgrade on all my servers (multi setup), restarted, left a new message open (with the image in my signature) and no longer appear to be having the issue.
If that changes I'll report back, but it looks like it's fixed (at least on the above version).
8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
-
- Posts: 6
- Joined: Tue May 21, 2019 7:12 am
- Location: Canada
- ZCS/ZD Version: Release 8.8.12.GA.3794.UBUNTU16.64
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Could you explain in more detail this workaround?gbkersey wrote:Amazing... I don't think they had time to test the patch to mbox war..... from the git log:
commit 302b9ec9d99004670e046af58919635618cbf739 (HEAD -> develop, origin/develop, origin/HEAD)
Author: Aumin Patel <auminpatel007@gmail.com>
Date: Tue Jun 11 14:55:01 2019 +0530
ZBUG-7209 : decoding the cid of inline images for owasp feature
commit a0a68883536d3baf0cb64fcea2f3d061a33218ec
Author: Aumin Patel <auminpatel007@gmail.com>
Date: Mon Jun 10 18:03:10 2019 +0530
ZBUG-7209 : adding html-decoder for inline images for owasp feature to decode the @ character
My date math is a bit suspect, but how many hours is it betewwn 3PM India time and noon Central Daylight time in the US??? Not very long...
Anyway, the fix that worked for me (so far) is just to revert the zimbra-mbox-war package to to the original version shipped with 8.8.12 - zimbra-mbox-war_8.8.12.1553847719 - then - su - zimbra -c "zmmailboxdctl restart"
I guess Quality Control is a thing of the past.
- dominix
- Advanced member
- Posts: 51
- Joined: Sat Sep 13, 2014 1:07 am
- Location: Pacific sud
- ZCS/ZD Version: 7.2.7 ... 8.8.15 ... 9.0.0
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
@toslan
that mean if you reinstall the package zimbra-mbox-war_8.8.12.1553847719 from the original install ( zcs-8.8.12_GA_3794.WHATEVER_64.20190329045002.tgz ) you will fix the bug, but you will not fix the breach that the P3 patch did fix.
that said, it doesn't worked for me...
that mean if you reinstall the package zimbra-mbox-war_8.8.12.1553847719 from the original install ( zcs-8.8.12_GA_3794.WHATEVER_64.20190329045002.tgz ) you will fix the bug, but you will not fix the breach that the P3 patch did fix.
that said, it doesn't worked for me...
- oetiker
- Outstanding Member
- Posts: 276
- Joined: Fri Mar 07, 2014 1:05 pm
- Location: Switzerland
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
- Contact:
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Hi
I did unpack the two dpkg files the special thing is that only one file is different....
zimbra-mbox-war_8.8.12.1553847719-1.u16_amd64.deb
zimbra-mbox-war_8.8.12.1559550747-1.u16_amd64.deb
I have in my patched version 8.8.12p3 both files
in the original pkg is only the file owasp-java-html-sanitizer-r239.jar and in the new version is only the file owasp-java-html-sanitizer-20190503.1.jar
strange...
and the two files are exactly the same ...
I did unpack the two dpkg files the special thing is that only one file is different....
zimbra-mbox-war_8.8.12.1553847719-1.u16_amd64.deb
zimbra-mbox-war_8.8.12.1559550747-1.u16_amd64.deb
Code: Select all
diff -r orig p3
diff -r orig/control p3/control
2c2
< Version: 8.8.12.1553847719-1.u16
---
> Version: 8.8.12.1559550747-1.u16
5c5
< Installed-Size: 27358
---
> Installed-Size: 27423
diff -r orig/md5sums p3/md5sums
44c44
< cd1653b71b091cea5f77025ea01bd1ca opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-r239.jar
---
> b2f9662bc3c7e5d26161fe494dd2da2f opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
68c68
< f2e3f2561704b630b3a598009d553528 usr/share/doc/zimbra-mbox-war/changelog.Debian.gz
---
> 77456bf964fb0c0e517314e5b9c14f39 usr/share/doc/zimbra-mbox-war/changelog.Debian.gz
Only in p3/opt/zimbra/jetty_base/webapps/service/WEB-INF/lib: owasp-java-html-sanitizer-20190503.1.jar
Only in orig/opt/zimbra/jetty_base/webapps/service/WEB-INF/lib: owasp-java-html-sanitizer-r239.jar
Binary files orig/usr/share/doc/zimbra-mbox-war/changelog.Debian.gz and p3/usr/share/doc/zimbra-mbox-war/changelog.Debian.gz differ
Code: Select all
431645 209 -rw-r--r-- 1 zimbra zimbra 194485 Jun 6 14:39 /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
431520 209 -r--r--r-- 1 root root 194485 Jun 6 14:50 /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
strange...
and the two files are exactly the same ...
Code: Select all
# md5sum /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
# md5sum /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
Last edited by oetiker on Wed Jun 26, 2019 7:09 am, edited 2 times in total.
- oetiker
- Outstanding Member
- Posts: 276
- Joined: Fri Mar 07, 2014 1:05 pm
- Location: Switzerland
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
- Contact:
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
original patched 8.8.12p3 the two files are the same:
install original zimbra-mbox-war_8.8.12.1553847719-1.u16_amd64.deb from the zimbra 8.8.12 tar file
they are different...
Code: Select all
find /opt/zimbra -name owasp-java-html-sanitizer\* -exec md5sum {} \; -ls
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
146166 192 -rw-r--r-- 1 zimbra zimbra 194485 Jun 6 14:39 /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
156534 192 -r--r--r-- 1 root root 194485 Jun 6 14:50 /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
Code: Select all
find /opt/zimbra -name owasp-java-html-sanitizer\* -exec md5sum {} \; -ls
cd1653b71b091cea5f77025ea01bd1ca /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-r239.jar
148621 128 -rw-r--r-- 1 root root 127438 Mar 29 10:10 /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-r239.jar
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
156534 192 -r--r--r-- 1 root root 194485 Jun 6 14:50 /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
- oetiker
- Outstanding Member
- Posts: 276
- Joined: Fri Mar 07, 2014 1:05 pm
- Location: Switzerland
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
- Contact:
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
this was not helping in my case .... bug is still there ...mgarbin wrote:Here the fix https://github.com/Zimbra/zm-web-client/pull/495/files
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Confirm that this fix is not working on 8.8.12p3 opensource. Also have few systems affected this bug.Its not critical but damn annoying.mgarbin wrote:Here the fix https://github.com/Zimbra/zm-web-client/pull/495/files
- juliano.morona
- Posts: 11
- Joined: Fri May 12, 2017 4:58 pm
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Unfortunately, this patch didn't solve the bugmgarbin wrote:Here the fix https://github.com/Zimbra/zm-web-client/pull/495/files
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
I applied this, restarted zimbra, and reloaded my browser but this does not seem to have helped.mgarbin wrote:Here the fix https://github.com/Zimbra/zm-web-client/pull/495/files
Is there some special step to rebuild the JS archives that are delivered to the browser?