Search found 264 matches
- Wed Apr 24, 2024 7:45 pm
- Forum: Installation and Upgrade
- Topic: Maldua's Zimbra FOSS Builds - Share your feedback
- Replies: 32
- Views: 2352
Re: Maldua's Zimbra 10.1.0.beta FOSS Builds - Share your feedback
Additionally, 10.1.0 will be a bit more than 10.0.0 plus an additional tool. If you are a Network Edition customer, there is a Beta available (please contact the Sales for details). The Beta agreement includes an embargo, so you will not see information discussed here. Hi John What's the roadmap fo...
- Sat Apr 20, 2024 6:02 pm
- Forum: Administrators
- Topic: How To Use cURL With Zimbra's New Support Vault
- Replies: 1
- Views: 263
Re: How To Use cURL With Zimbra's New Support Vault
Hi Mark
I tried this, but I get an error "password login forbidden" when using curl this way. I can only access the vault with a browser (with the same password...), not with WebDAV.
Is this something Zimbra support needs to enable per location / per user?
I tried this, but I get an error "password login forbidden" when using curl this way. I can only access the vault with a browser (with the same password...), not with WebDAV.
Is this something Zimbra support needs to enable per location / per user?
- Sat Apr 20, 2024 11:49 am
- Forum: Administrators
- Topic: BUG: Cannot set zimbraHttpCompressionEnabled to FALSE in zimbra 9 and 10
- Replies: 5
- Views: 226
Re: BUG: Cannot set zimbraHttpCompressionEnabled to FALSE in zimbra 9 and 10
Yes indeed. That's why I'm subscribed to (some of) their github repo's. But the proprietary parts are not visible there of course.
- Fri Apr 19, 2024 8:58 pm
- Forum: Administrators
- Topic: BUG: Cannot set zimbraHttpCompressionEnabled to FALSE in zimbra 9 and 10
- Replies: 5
- Views: 226
- Fri Apr 19, 2024 2:37 pm
- Forum: Installation and Upgrade
- Topic: Zimbra 10.0.7 FIPS manage ciphers offered?
- Replies: 3
- Views: 168
Re: Zimbra 10.0.7 FIPS manage ciphers offered?
You can easily disable all DHE ciphers, just set zimbraSSLDHParam to an empty value: zmprov mcf zimbraSSLDHParam '' (that's an empty value between quotes). Btw, DHE ciphers are not vulnerable or "weak" in a cryptographic sense (when using a strong group), and FIPS mode will not disable the...
- Tue Apr 16, 2024 5:21 pm
- Forum: Administrators
- Topic: Zimbra suddently extremely slow, multiples java process eat more than 100% Cpu, bug or compromized server?
- Replies: 10
- Views: 486
Re: Zimbra suddently extremely slow, multiples java process eat more than 100% Cpu, bug or compromized server?
From time to time we have "runaway threads" that consume 100% CPU, a zmmailboxdctl restart "fixes" that (until it comes back).
Over the years we have had several exchanges with support about this, but so far no root cause has been identified.
Over the years we have had several exchanges with support about this, but so far no root cause has been identified.
- Wed Feb 28, 2024 2:42 pm
- Forum: Administrators
- Topic: LDAP do not start as zimbra but start as root.
- Replies: 3
- Views: 440
Re: LDAP do not start as zimbra but start as root.
Do you have zimbra-ldap-patch installed on your LDAP server(s)? Traditionally slapd was started as root (via sudo) to bind on port 389, and then dropped privileges to the zimbra user. This was changed some time ago to be started as zimbra, but with "cap_net_bind" capability to allow to bin...
- Thu Feb 15, 2024 8:12 pm
- Forum: Administrators
- Topic: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
- Replies: 7
- Views: 1074
Re: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
No need for all this trickery, merely having cpio installed on your system doesn't make it vulnerable, only amavisd using it to extract untrusted input.
If you're on Zimbra 8.8.15 P40 / 9.0.0 P33 / 10.0.1 or newer, amavisd no longer uses cpio, even if pax is missing.
If you're on Zimbra 8.8.15 P40 / 9.0.0 P33 / 10.0.1 or newer, amavisd no longer uses cpio, even if pax is missing.
- Wed Feb 14, 2024 11:36 am
- Forum: Administrators
- Topic: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
- Replies: 7
- Views: 1074
Re: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
Removing cpio will break generation of initramfs on Red Hat based Linux distributions. This has been warned for on this forum before.
amavisd not using cpio anymore should be sufficient.
amavisd not using cpio anymore should be sufficient.
- Tue Feb 13, 2024 4:39 pm
- Forum: Administrators
- Topic: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
- Replies: 7
- Views: 1074
Re: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
There's still a big difference. You cannot make cpio execute commands, you could only make it write files to arbitrary destinations.
But if you can put an executable .jsp under /opt/zimbra/jetty/webapps/zimbra/public, you can execute it by calling the corresponding URL...
But if you can put an executable .jsp under /opt/zimbra/jetty/webapps/zimbra/public, you can execute it by calling the corresponding URL...