Zimbra Patches: 9.0.0 Patch 25 + 8.8.15 Patch 32

NOTICE: Clear to proceed with patch upgrade
As of this time, we have addressed the previously identified issues with the patch release, and recommend customers proceed with this upgrade. As always, we recommend following best practices during patch upgrades (including taking backups of key data and config). We apologize for this unfortunate event.

Hello Zimbra Friends, Customers & Partners,

Zimbra 9.0.0 “Kepler” Patch 25 and 8.8.15 “James Prescott Joule” Patch 32 are here.

PLEASE NOTE: The installation process for these patches has changed and requires additional steps. Please refer to their respective release notes for details before upgrading the servers.

Zimbra 9.0.0 “Kepler” Patch 25

Patch 25 is here for the Zimbra 9.0.0 “Kepler” GA release, and it includes What’s New, Security Fixes, Fixed Issues and Known Issues as listed in the release notes. Please refer to the release notes for Zimbra 9.0.0 Patch 25 installation on Red Hat and Ubuntu platforms.

Zimbra 8.8.15 “James Prescott Joule” Patch 32

Patch 32 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes What’s New, Security Fixes, Fixed Issues and Known Issues as listed in the release notes. Please refer to the release notes for Zimbra 8.8.15 Patch 32 installation on Red Hat and Ubuntu platforms.

Note:

  • For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands.
  • You cannot revert to the previous Zimbra release after you upgrade to the patch.

Please refer Zimbra Releases for latest releases and Zimbra Security Center for security updates.

Thanks,
Your Zimbra Team

18 Responses to Zimbra Patches: 9.0.0 Patch 25 + 8.8.15 Patch 32

  1. Peter June 15, 2022 at 6:56 AM #

    Make an update and get error on proxy and ldap (mailbox is fine):
    File “/opt/zimbra/libexec/zmconfigd”, line 32, in
    from org.apache.log4j import PropertyConfigurator
    ImportError: No module named apache

    Very bad implementation of this update…

  2. Andrew Cartwright June 15, 2022 at 8:10 AM #

    There appears to be issues with smtp auth and 2FA application specific passcodes. The app-specific passcodes are not accepted resulting in smtp auth authentication failures, “invalid password”. This means users cannot send emails via smtp with their configured 2FA app-specific passwords.

    Users can smtp auth with their regular password, even with 2FA set _as required_ on their account. This should not be possible.

    This appears to be a bug with patch 25 and needs an immediate fix.

    • Avatar photo
      Barry de Graaff June 15, 2022 at 11:03 PM #

      Thanks for your report, we confirm the issue and are working on a fix.

    • Saket Patel June 17, 2022 at 10:29 PM #

      This issue is fixed with Latest updates

  3. Andrew Cartwright June 15, 2022 at 5:34 PM #

    Hello moderators. You should update this page to warn customers of newly identified ZBUG-2831, as installing the current patch 25 on ZCS 9 will result in broken systems, where 2FA users are unable to relay via smtp auth with app-specific passwords.

    This bug needs to be fixed with critical urgency as many customers will be having to urgently patch their systems to mitigate the Zimbra Memcached zero-day vulnerability which allows user credential stealing.

    Thanks

    • Avatar photo
      Barry de Graaff June 15, 2022 at 11:03 PM #

      Thanks for your report, we confirm the issue and are working on a fix.

  4. Manuel Oetiker June 16, 2022 at 5:04 AM #

    Any News? I just run in the ZBUG-2831 this night. Or at list show how to roll back … I have a broken not working smtp system…. it is alrady 24 h and nothing happens …

  5. Thom Henderson June 16, 2022 at 2:45 PM #

    I can’t believe the number of issues in P32 for 8.8.15. So far, we’ve run into:

    – The 2FA issue mentioned above

    – Issues with JS errors in the Network Modules NG (and we can’t reinstall them after removing them as previously instructed by support since the repo gives access denied)

    – Zimbra not starting properly on a full machine reboot.

    How can this pass QA!? And what is with this “different upgrade” procedure that is being communicated, both on the Wiki “changelog” and in the Zimbra forums?

    We’ve had our fair share of issues with Zimbra updates, but I think 8.8.15.p32 takes the cake.

    • Thom Henderson June 16, 2022 at 2:48 PM #

      We also see issues with ActiveSync on Android.

  6. Manuel Oetiker June 16, 2022 at 10:09 PM #

    – Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41
    false

    – Restart mailbox service,
    zmmailboxdctl restart

    Refer PR https://github.com/Zimbra/zm-jetty-conf/pull/21

  7. Manuel Oetiker June 16, 2022 at 10:10 PM #

    – Open /opt/zimbra/jetty_base/etc/jetty.xml.in and add below statement on line no 41

    false

    – Restart mailbox service,
    zmmailboxdctl restart

    Refer PR https://github.com/Zimbra/zm-jetty-conf/pull/21

  8. Manuel Oetiker June 16, 2022 at 10:11 PM #

    this was working for my:

    Refer PR https://github.com/Zimbra/zm-jetty-conf/pull/21

    – Restart mailbox service,
    zmmailboxdctl restart

  9. Andreas June 17, 2022 at 4:59 PM #

    Hello,

    after applying patch32 on CentOS7.9 zimbra 8.8.15 zxsuite is not working anymore.
    -Admin-Webfrontend just shows Zimbra Suite Plus Module Symbols without functionality
    -zxsuite on cli shows Unable to communicate with server
    -ActiveSync clients cannot connect anymore

    (applied patch after ‘all-clear’ notice above)

  10. Andreas June 18, 2022 at 2:08 AM #

    thank you, does this mean that the „ NOTICE: Clear to proceed with patch upgrade“ is not valid for ZSP customers?

    • Avatar photo
      Barry de Graaff June 22, 2022 at 5:12 AM #

      ZSP is also fixed now.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures