Zimbra not affected by log4j (CVE-2021-44228)
After intensive review and testing, Zimbra Development determined that the 0-day exploit vulnerability for log4j (CVE-2021-44228) does not affect the current Supported Zimbra versions (9.0.0 & 8.8.15). Zimbra Collaboration Server currently uses log4j1 version 1.2.16 which doesn't contain the lookup expression feature that is found within versions 2.0 to 2.17, which is the cause of the vulnerability. Also, Redhat (CVE-2021-4104) vulnerability does not affect the Zimbra Collaboration Server version (8.8.15 & 9.0.0). For this vulnerability to affect the server, it needs JMSAppender, which the ZCS Server does not use, and the ability to append configuration files.

zimbra-zimlet-nextcloud fails to login to nextcloud

Interested in talking about Mash-up's? This is the place.
Posts: 1
Joined: Thu Nov 11, 2021 8:59 am

zimbra-zimlet-nextcloud fails to login to nextcloud

Postby marcelo » Tue Dec 21, 2021 3:55 pm

Hello Everyone,

I installed the zimbra-zimlet-nextcloud on our Zimbra Server. I followed the steps mentioned in https://blog.zimbra.com/2020/12/zimbra-skillz-the-nextcloud-zimlet/.
When I try to activate the nextcloud-connection for a user I get redirected correctly to the login-page of nextcloud where I can grant access to the nextcloud account.
However when granting access it seems to time out and after a few minutes I get redirected back to the zimbra inbox.

The nextcloud.log shows following entries:
{"reqId":"yGYsxGjC4pCe7JY3Utot","level":2,"time":"2021-12-21T15:39:32+00:00","remoteAddr":"","user":"--","app":"core","method":"POST","url":"/nextcloud/index.php/apps/oauth2/api/v1/token","message":"Login failed: 'oEPVppurFNK9pL1Y82SaIJzuGI7sl3p0MJLg8FbXLp8qunZs8289k3a9NdtNDSyj' (Remote IP: '')","userAgent":"Apache-HttpClient/4.5.8 (Java/13.0.1)","version":""}

I already double-checked the Oauth identifier and secret.

What could be the issue?

Zimbra OS: Ubuntu 18.04 LTS 64-bit
Zimbra Version: 9.0.0 GA Patch 20 (2021-10-25)
Nextcloud Version:


Return to “Zimlets”

Who is online

Users browsing this forum: No registered users and 5 guests