In July of last year, we announced Zimbra Collaboration 8.7, which included four of my favorite, admin-related features including Two-Factor Authentication (2FA), a new Zimbra Packaging System, SSL Server Name Identification (SNI) and Zimbra Postscreen.
Today, I’m thrilled to announce our first minor release of 2017: Zimbra Collaboration 8.7.2, please go to the Downloads page to grab it. We have also a beta for Zimbra Collaboration 8.6 Patch 8, which you can download and install by contacting Support. If you need it, please go here to obtain more information about how to reach Zimbra support.
We are working behind the scenes to make many changes to Zimbra. One of these changes is a more frequent release process for bugs and patches. One of our goals for 2017 is to have more frequent releases, to fix more bugs and to fix bugs faster. We are really happy to have this release acceleration in place, and we’re looking forward to your feedback on our new approach!
Fixed issues ZCS 8.7.2
Here is a comprehensive list of all the items addressed in this Release. One of my favorite fixes is Bug 104027: Mail list view is not refreshed when deleting mails in message view. Enjoy the fixes!
|104578||Pagination support for SyncGalRequest|
|96078||EWS Sharing – Delayed syncing of few folders in mounted share in Macoutlook|
|106661||Chrome: “Script Error: Cannot read property ‘parentAppCtxt’ of null” when accepting share from new window|
|103402||Very long range appointment causes script error and leaves the browser unresponsive|
|30708||Warn user if scheduling an appointment in the past|
|106784||Changing of calendar “Show reminders (zimbraPrefCalendarApptReminderWarningTime)” preference sends zimbraPrefCalendarWorkingHours in ModifyPrefsRequest|
|107153||Image within signature is broken in reply/forward window|
|106409||Problem using mobile web client in french|
|107601||SyncGalRequest throws error if galsync account and user account are not on same host.|
|103402||Add validation for dates in quick add appointment dialog|
|107602||SearchGalRequest throws NPE, if no galsync account present|
|105196||swatchdog alerts are tagged as spam when DKIM is in use|
|30708||New task functionality regressed|
|107603||Upgrade log showing wrong upgrade paths|
|107604||unknown document” exception for some requests on 8.7.2 build on RHEL machines|
|107605||8.7.2 to 8.7.2 (same version) upgrade removes service, zimbra & zimbraAdmin war contents|
|107606||Rolling upgrade from network to network ,gives warning of switching to FOSS.|
|107106||Convertd failed after upgrade to 8.7.1 from 8.7.0|
|107607||upgrade step for 8.7.2|
|104027||Mail list view is not refreshed when deleting mails in message view|
|103456||start and end time is not checked in Print dialog|
|103339||compose new email issue with scrollbar|
|104303||Remove error msg which lists supported browsers|
|103534||Enter key in “Show appointment through” date field doesn’t refresh the page state|
|102980||Some zimlet does not display dismiss text in Dismiss button of Dialog.|
Fixed Issues ZCS 8.6 Patch 8
Here is a comprehensive list of all fixed items in ZCS 8.6 Patch 8. This Patch address mostly Security Issues with different importance. We strongly recommend that all of our Customers running Zimbra Collaboration 8.6 install this Patch as soon as possible.
|Admin – Console|
|100899||CSRF – Admin Console [CWE-352]|
|104294||CSRF – Client uploader extension [CWE-352]|
|104456||extension REST handlers are not protected by CSRF [CWE-352]|
|68445||After session timeout, username field appears disabled so user cannot sign back in Admin Console|
|103497||[RSYNC Failure] Implement mailbox unlocking for Flush Cache|
|EWS – Server|
|101746||Outlook 2016: Auto Sync not working for Outook 2016|
|Other – Server|
|104236||All file uploads are broken in Admin UI (zimlet, certificate, migration wizard, license) because FileUploadServlet no longer supports csrfToken specified in multipart body|
|105029||Soap servlet should log CSRF related error at INFO level|
Security Fixes for ZCS 8.6 Patch 8
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Vulnerability Rating Classification information below for details.
|Fix Release or
|104294104456||CSRF CWE-352||CVE-2016-3406||2.6||Minor||8.6 P8, 8.7.0|
|5.8||Major||8.6 P8, 8.7.0|
|103959||CSRF CWE-352||CVE-2016-3404||4.3||Minor||8.6 P8, 8.7.0|
|103961 104828||CSRF CWE-352||CVE-2016-3405||4.3||Minor||8.6 P8, 8.7.0|
Please refer to the release notes to know more about security in Patch 8 and below
Bonus: Slide deck
We have released a slide deck about What’s New in Zimbra Collaboration 8.7.x, and we hope you like it. Follow us on Twitter and LinkedIn to keep up-to-date about upcoming webinars about Zimbra Collaboration, Zimbra Talk and Zimbra Suite Plus.
Quick note about our git repository and our Open Source Code
Downloading and building our Zimbra code? Keep reading… Starting ZCS 8.7.2 and above we have a new steps to download and see our code:
Note: Code is just published as it is. Objective is people should able to see the code changes. There are some tweaks required to get it build. We are working on restructuring.