Ace Suares wrote: ↑Sun Jan 12, 2025 7:51 am
Actually, I build 9.00 Zextas with these migration files:
I understand that you somehow have built that specific version on your own.
Did you actually meant to say: Actually, I had installed a 9.0.0. Zextras build ?
Hi, many thanks for your builds. With these, I was finally able to upgrade from 8.8.15 which I had put off for years.
One comment, if you put a 7 day delay on all your builds, they are much less useful as Zimbra has had so many medium/high level security issues of late. If like today Zimbra emails everyone with a 'CRITICAL SECURITY PATCH' with 'APPLY THIS PATCH IMMEDIATELY', it's irresponsible of admins to wait at least a week to apply the update.
Sorry if this is documented somewhere, I must have missed it, but is there a simple way to make your builds ourself faster?
siliconalchemy wrote: ↑Mon Jan 27, 2025 2:31 pm
Hi, many thanks for your builds. With these, I was finally able to upgrade from 8.8.15 which I had put off for years.
One comment, if you put a 7 day delay on all your builds, they are much less useful as Zimbra has had so many medium/high level security issues of late. If like today Zimbra emails everyone with a 'CRITICAL SECURITY PATCH' with 'APPLY THIS PATCH IMMEDIATELY', it's irresponsible of admins to wait at least a week to apply the update.
Sorry if this is documented somewhere, I must have missed it, but is there a simple way to make your builds ourself faster?
Every zimbra sysadmin on earth waits at least 7 days before apply a zimbra patch. Those who did not follow this rule are dead or are now working in coal mining.
Especially if the warning email comes with the copypasted subject from a previous patch alert...
siliconalchemy wrote: ↑Mon Jan 27, 2025 2:31 pm
Sorry if this is documented somewhere, I must have missed it, but is there a simple way to make your builds ourself faster?
Not that I am aware of it. The easiest trick, from my point of view, is to use Github Actions.
siliconalchemy wrote: ↑Mon Jan 27, 2025 2:31 pm
One comment, if you put a 7 day delay on all your builds, they are much less useful as Zimbra has had so many medium/high level security issues of late.
Please reply to [RFE] Synacor Zimbra Source Code Only versions announcements so that Synacor finally notices that we are waiting for them to write down their policy regarding how their Github repos are being updated so that we can rely on it.
FWIW, I don't see the 9.0.0.p44 tag in any of their repositories. I see the new tags for 10.1.5 and 10.0.13 but have no idea if the FOSS community has the security patches associated with this critical security vulnerability given my inability to locate P44.
I generated a tag list using your latest zm-build-filter-tags-9.sh 9.0 and with build-zimbra.sh --tags 9.0 which uses ls-remote --tags vs local copy of each repository ... Also tried a search on github. Maybe I am not understanding what is going on here.
JDunphy wrote: ↑Mon Jan 27, 2025 8:03 pm
FWIW, I don't see the 9.0.0.p44 tag in any of their repositories. I see the new tags for 10.1.5 and 10.0.13 but have no idea if the FOSS community has the security patches associated with this critical security vulnerability given my inability to locate P44.
I generated a tag list using your latest zm-build-filter-tags-9.sh 9.0 and with build-zimbra.sh --tags 9.0 which uses ls-remote --tags vs local copy of each repository ... Also tried a search on github. Maybe I am not understanding what is going on here.
siliconalchemy wrote: ↑Mon Jan 27, 2025 2:31 pm
Hi, many thanks for your builds. With these, I was finally able to upgrade from 8.8.15 which I had put off for years.
One comment, if you put a 7 day delay on all your builds, they are much less useful as Zimbra has had so many medium/high level security issues of late. If like today Zimbra emails everyone with a 'CRITICAL SECURITY PATCH' with 'APPLY THIS PATCH IMMEDIATELY', it's irresponsible of admins to wait at least a week to apply the update.
Sorry if this is documented somewhere, I must have missed it, but is there a simple way to make your builds ourself faster?
Every zimbra sysadmin on earth waits at least 7 days before apply a zimbra patch. Those who did not follow this rule are dead or are now working in coal mining.
Especially if the warning email comes with the copypasted subject from a previous patch alert...
If you wait 7 days to apply critical patches to your systems, you should take up a new career. Zimbra in particular has a recent track record of active attacks against vulnerabilities. I've been running Zimbra for 20 years since it first came out in beta and happily patched on day after release as a policy with zero issues.