Page 1 of 1

Zimbra Collaboration 8.6 Patch 5 now available

Posted: Mon Dec 21, 2015 6:51 pm
by jorgedlcruz

We have been working hard to deliver Patch 5 for the 8.6.0 release before the holidays. There are 32 bugs that are now resolved, including eight important  Security bugs.
Download the Patch 5
Please do a full backup or snapshot before installing this Patch. You can download the patch and the md5 and the SHA 256 file here:

Download the Patch for Network Edition and for Open Source Edition

Please, read the Full Release Notes here.
All Zimbra Collaboration 8.6.0 sites are recommended to install this patch. Patch 5 is cumulative with Patch 1, 2, 3, and 4, so only Patch 5 is required in case that you didn't installed the previous ones.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
ZCS 8.6.0 Patch 5 includes the following security fixes.


BugRatingCVSS Base ScoreCVE-Number







Bug 101559
Minor
3.5
CVE-2015-2249








Bug 101436
Minor
2.6
CVE-2015-7609








Bug 101435
Major
6.4
CVE-2015-7609








Bug 100133
Minor
3.5
CVE-2015-2249








Bug 99914
Minor
3.5
CVE-2015-2249








Bug 99854
Minor
3.5
CVE-2015-2249








Bug 99236
Minor
4.3
CVE-2012-5881 CVE-2012-5882 CVE-2012-5883








Bug 96973
Minor
4.3
CVE-2015-2249



ZCS 8.6.0 Patch5 Bug Fixes
You might find useful the complete list of the fixed Bugs in this Patch 5 for Zimbra Collaboration 8.6.0.




Component


Bug Number and Description




Admin – Console



Bug 84432 – Active sessions of the domain now display at monitor > server statistics.
Bug 94164 – Mailbox quota under Domains displays information correctly.
Bug 95434 – Ability to set default COS for Domain in Admin GUI. See bug 102859 in the Known Issues section regarding this bug fix.
Bug 95470 – Autocomplete works correctly for COS while creating/editing an account. See bug 102859 in the Known Issues section regarding this bug fix.
Bug 97564 – Admin console restore works correctly to restore individual accounts.
Bug 98487 – Propensity for MTA globalConfig settings to contains values.
Bug 98837 – Ability to remove user from Distribution List from "Member Of" screen within Account management.
Bug 99144 – Ability to add external "gst" Grantee to ACLs from admin console.









Admin – Utilities



Bug 99828 – zmldapmmrtool query option displays the server ID (SID).
Bug 101234 – Fixed issue causing zmldapmmrtool to reset startTLS to critical with ldap URIs when changing the RID.
Bug 102892 – zmconfigd: Fixed issue causing failure to rewrite salocal.cf.in correctly.





Calendar – Server



Bug 101736 – Updated the latest timezone data for ZWC client.
Bug 101313 – FreeBusy results for Exchange users are correct in Outlook display.





Calendar – Web Client



Bug 99777 – Fixed script error causing e to be undefined while creating appointment if zimbraFeatureGalEnabled is set to false.





Contacts – Web Client



Bug 97514 – Print Preview of Contact Groups display correctly.





Install & Upgrade



Bug 95847 – Fixed zmldapmmrtool to disallow deletion of last replication agreement.
Bug 99165 – zmldapmmrtool -o rid -u -t off does not cause issues for other replication agreements.
Bug 101354 – 8.6.0 patch 1 installation error fixed for FOSS.





Mail – Server



Bug 96519 – Zimbra help sets X-Frame-Options by default.
Bug 96954 – Fixed issue causing thread-topic header to expose original message subject even if reply subject differs.
Bug 97269 – "base href" bitmap image displays correctly.
Bug 97339 – External email images display correctly.
Bug 98495 – zimbraResponseHeader works correctly.
Bug 100966 – Message body displays correctly in Outlook.





Mail – Web Client



Bug 97929 – Fixed issue causing script error dialog to display when the subject of a message has a specific character or string.
Bug 99992 – Fixed issue causing   to be added to quick replies.





Mobile – Zimbra Mobile Sync



Bug 100572 – Fixed issue causing iOS sync to lose email.
Bug 102019 – Calendar/Contacts/Tasks Sync works correctly in itemized mode.





Other – Web Client



Bug 97314 – Fixed issue causing JS error when going to Signatures page.
Bug 97716 – Fixed issue causing list view scrolls to top when scrolling down and the list is populated with more items.
Bug 98661 – Ability to destroy a dialog for security text.





Standard HTML Client




Bug 96518 – Internal IP address is not exposed on view-source page.






Before Installing the Patch
Before installing the patch, consider the following:

Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration
Patches are delivered as a TGZ file and are cumulative.
A full backup should be performed before any patch is applied. There is no automated roll-backmechanism.
Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
Only files or Zimlets associated with installed packages will be installed from the patch.
Switch to user zimbra before using ZCS CLI commands.

Install the Patch
Read carefully the Release Notes, for this Patch 5.
Important! You cannot revert to the previous ZCS release after you upgrade to the patch.