8.8.15 Patch 40 GA Release
8.8.15 Patch 40 GA Release
Hi, as subject says Zimbra has just released 8.8.15 Patch 40.
Please share your experience
Please share your experience
-
- Outstanding Member
- Posts: 264
- Joined: Thu May 12, 2016 1:56 pm
- Location: Belgium
- ZCS/ZD Version: 9.0.0
Re: 8.8.15 Patch 40 GA Release
I think those guidelines regarding ClientUploader installation are a bit unclear. As I understand it, it's recommended NOT to install it, it has been removed from the core product because it's not secure (CVE-2023-34193). Only if you still use the ClientUploader extension, you can now install it separately, at your own risk, by following those instructions. But I think many people will just blindly install it as it appears to be part of the P40 installation instructions.
-
- Zimbra Employee
- Posts: 55
- Joined: Wed Jul 27, 2022 6:16 am
Re: 8.8.15 Patch 40 GA Release
There was no concrete evidence that attacker can use ClientUploader feature, as you know ClientUploader can be used only by authenticated admin user. But it has been still considered as part of hardening Zimbra application. And as mentioned in release notes, there are many other options to distribute packages to the end users these days, so having ClientUploader in Zimbra is completely became optional.ghen wrote: ↑Wed May 31, 2023 8:17 am I think those guidelines regarding ClientUploader installation are a bit unclear. As I understand it, it's recommended NOT to install it, it has been removed from the core product because it's not secure (CVE-2023-34193). Only if you still use the ClientUploader extension, you can now install it separately, at your own risk, by following those instructions. But I think many people will just blindly install it as it appears to be part of the P40 installation instructions.
Re: 8.8.15 Patch 40 GA Release
It seems that the old policy "first update the repos, THEN send the email" is still active. If I remember well it was that way that the P32 broke half of the world zimbra installations...
I thought that someone was at least crucifixed for that, but probably no.
So we patched at day zero, luckily only a couple of old stateless machines with LDAP, MTA and Proxy services. 8.8.15 Network on Ubuntu 18 and 16. No issues reported.
We'll test the fatter patch this week on some mailstore.
I thought that someone was at least crucifixed for that, but probably no.
So we patched at day zero, luckily only a couple of old stateless machines with LDAP, MTA and Proxy services. 8.8.15 Network on Ubuntu 18 and 16. No issues reported.
We'll test the fatter patch this week on some mailstore.
Re: 8.8.15 Patch 40 GA Release
I did update our CentOS 7 P39 multi-server install and least it came up again and the control-panel shows all services up. I also could login into my email-account.
More extensive tests will be done today.
More extensive tests will be done today.
- porokh
- Posts: 17
- Joined: Tue May 14, 2019 10:02 am
- Location: Ukraine
- ZCS/ZD Version: 8.8.15 RHEL7 FOSS
Re: 8.8.15 Patch 40 GA Release
Just updated a test single-server instance of 8.8.15 P39 / CentOS 7 to P40. Everything looks OK, web client was updated to 8.8.15_GA_4545 (build 20230516032547), webadmin client was updated to 8.8.15_GA_4545.FOSS (build 20230516032547). Extension com_zimbra_clientupload was disappeared from Configure / Admin Extensions menu. Both incoming and outgoing mails were checked, works well. Will wait until weekend before updating production servers.
Re: 8.8.15 Patch 40 GA Release
So far, no problem.
Re: 8.8.15 Patch 40 GA Release
Updated a single-server instance of 8.8.15 P38 / CentOS 7 to P40, after the upgrade all services are shown to be running and the base web UI loads up. But when a user try's to login a message saying "A network service error has occurred" appears, also the admin page shows up blank when we try to access it through the admin url. Inspecting the page shows 503 (service Unavailable) errors.
Here is what we see in the logs:
Has anyone else experience this problem?
Here is what we see in the logs:
Code: Select all
2023-05-31 22:47:55,838 ERROR [qtp439928219-42:https://mail.example.com/] [] webclient - Unable to get domain config
com.zimbra.common.service.ServiceException: error while proxying request to target server: Service Unavailable
Code: Select all
2023-05-31 18:53:27,660 WARN [qtp439928219-23:https://mail.example.com/] [] webclient - system failure: error while proxying request to target server: Service Unavailable
com.zimbra.common.service.ServiceException: system failure: error while proxying request to target server: Service Unavailable
- JDunphy
- Outstanding Member
- Posts: 901
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: 8.8.15 Patch 40 GA Release
Single Server. Uneventful here and fairly fast. We don't utilize the client uploader.
This is the same test box I am currently doing some modsecurity 3 investigation. Only had to re-apply patches to amavisd.conf, amavisd, and a skin. Everything else untouched including my nginx templates and other updates, etc. Still need to run it through more tests and then hopefully patch this weekend on production servers. It reads email, sends email, and admin console looks good including Backup NG, and HSM (local disk).
Jim
Code: Select all
% zmcontrol -v
Release 8.8.15_GA_3953.RHEL8_64_20200629025823 RHEL8_64 NETWORK edition, Patch 8.8.15_P40.
Jim
Re: 8.8.15 Patch 40 GA Release
I did single-server P38 to p40 on my RHEL7 test server and did not encounter this issue. It's not a perfect replica of prod though, so your issue makes me a bit nervous.rwalcott wrote: ↑Thu Jun 01, 2023 2:07 pm Updated a single-server instance of 8.8.15 P38 / CentOS 7 to P40, after the upgrade all services are shown to be running and the base web UI loads up. But when a user try's to login a message saying "A network service error has occurred" appears, also the admin page shows up blank when we try to access it through the admin url. Inspecting the page shows 503 (service Unavailable) errors.
Here is what we see in the logs:Code: Select all
2023-05-31 22:47:55,838 ERROR [qtp439928219-42:https://mail.example.com/] [] webclient - Unable to get domain config com.zimbra.common.service.ServiceException: error while proxying request to target server: Service Unavailable
Has anyone else experience this problem?Code: Select all
2023-05-31 18:53:27,660 WARN [qtp439928219-23:https://mail.example.com/] [] webclient - system failure: error while proxying request to target server: Service Unavailable com.zimbra.common.service.ServiceException: system failure: error while proxying request to target server: Service Unavailable