Rilis Zimbra Collaboration Suite Versi 6.0.9 & 5.0.25

Sambil menunggu versi 7.0.0 dirilis, Zimbra mengeluarkan update patch untuk Zimbra versi 5.x dan versi 6.x yaitu rilis Zimbra 5.0.25 dan Zimbra 6.0.9.

Selain beberapa perbaikan normal, rilis kali ini terutama untuk mengatasi OpenSSL security vulnerability. Berikut adalah beberapa perbaikan lengkapnya :

Due to the number of ZCS components where OpenSSL is used, this is a full release and not a patch. Zimbra considers this release critical for any site allowing TLS and SSL connections from the Internet.

You are strongly encouraged to update to one of these versions at the first possible opportunity, if you are allowing SSL/TLS connections from untrusted sources (i.e., the Internet) on any protocol directly to any ZCS component.

ID Sev Summary
45030 cri Wrong attachment after saving draft on child account
51898 cri ical/webdav allows unrestricted GAL query – no current ability to deny this
50191 cri error HTTP 500 on shared notebooks in zcs 6.0.8 when not in English
53002 cri OpenSSL security vulnerability
51328 cri LDAP connection leak
52279 maj Cannot compose email on first try
52695 maj Chrome : delegatees cannot open shared calendar invitation email
51092 maj unable to set message size limit for IMAP
49987 maj Workaround for iCal 4 sending cancellations to all attendees
when one attendee is removed
50398 maj Invitations with empty CN field result
50517 maj HSM NPE when revisions are stored on multiple volumes
49624 maj Appointment doesnt show the details in Calendar (after it was
accepted)
50785 nor Delegated admin loses “List Name” Field
52580 nor zimbraFeatureMailEnabled set to false unable to create new
events
50156 nor zimbra.log not logged to after log rotation on UBUNTU10_64
50174 nor UB10: Clamav unnecessarily depends on libtool
53409 nor Special 6.0.9 ZCO
51175 nor Use negative domain cache for domain lookup by virtual host
50251 nor Deleting messages does not remove them from message list view
47488 nor Preemptive auth incorrectly applied to http requests
50419 nor UserServlet basic auth challenge is not working
49412 nor zmmailbox modifyFolderGrant bug with all
52438 nor http acceptor becomes unresponsive – Socket operation on
non-socket
49717 nor Same blob is added twice to the blobs zip file during backup,
causing error during restore
50953 nor malformed appointment disrupts iCal sync
53096 nor Upgrade to JDK 1.6u22
51005 nor Calendar sync inconsistent on iPhone 4
50603 nor When emptying large folder, batch size ignores zimbraMailEmptyFolderBatchSize
47361 enh support for SLES11 SP1

Untuk saat ini, binary Zimbra bisa didownload langsung di website Zimbra. Mirror Zimbra di Indonesia sedang dalam proses sinkronisasi binary, mungkin baru besok bisa komplit dan saya publikasikan linknya. Untuk release notes lengkap silakan download disini.

Saya belum sempat mencoba kedua versi diatas, karena baru saja selesai mendownload binary Zimbra untuk SLES 11 SP1 dan niatnya akhir pekan ini justru mencoba paket Zimbra 7.0.0 beta 2.

Mengingat update kali ini berupa security fix, baiknya siapkan Zimbra anda untuk diupdate sebagai antisipasi celah keamanan, meski updatenya bersifat minor. Jangan lupa melakukan backup total sebelum menjalankan proses upgrade.