[Users] April 6, 2021 Zeta Alliance Conference Call Summary
Barry de Graaff
info at barrydegraaff.nl
Wed Apr 21 07:39:46 CEST 2021
Hello All,
The OnlyOffice integration in the Nextcloud Zimlet for Classic UI, still
works and was tested in the past month.
https://github.com/Zimbra-Community/owncloud-zimlet
The same instance of OnlyOffice can be used with the Zimlet as well as
Nextcloud.
Regards, Barry
On 4/21/21 7:08 AM, Randy Leiker wrote:
> Hello Zeta Alliance Community,
>
> Here is a summary of this week’s conference call. A few brief reminders:
>
> * Conference calls are every Tuesday and open to all using either
> the FreeConferenceCall.com VoIP app or via a dial-in number:
> https://www.freeconferencecall.com/wall/zetalliance
> <https://www.freeconferencecall.com/wall/zetalliance>
> * Each week’s call agenda can be found at:
> _https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J
> <https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J>_
> * A copy of each week’s summary is also posted to the Zimbra Forums:
> o All Prior Months: https://forums.zimbra.org/viewforum.php?f=9
> <https://forums.zimbra.org/viewforum.php?f=9>
> o March 2021:
> https://forums.zimbra.org/viewtopic.php?f=9&t=69488
> <https://forums.zimbra.org/viewtopic.php?f=9&t=69488>
> o April 2021:
> https://forums.zimbra.org/viewtopic.php?f=9&t=69507
> <https://forums.zimbra.org/viewtopic.php?f=9&t=69507>
> * Constructive feedback on these call summaries is always welcome.
>
>
> April 6, 2021
>
> *Mailboxd Java Options*
> Mark S. said that in the 8.8.15 Patch 20 release notes (
> https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Execute_the_following_steps_on_Zimbra_Mailstore
> <https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Execute_the_following_steps_on_Zimbra_Mailstore>
> ), he noticed a recommendation to use the Java parameter:
> “-Djavax.net.debug=ssl,handshake,data” and he wanted to know if using
> this option would significantly increase the size of his logs in
> Zimbra. [Editor Note: the release notes page has since been revised to
> omit this Java parameter.] John E. said it should not hurt and can be
> helpful in determining that things are working correctly. He said
> that in the event the Java parameters do not work, it will present
> itself as a certificate failure upon startup.
>
> *Revised 8.8.15 Patch 20 and 9.0 Patch 13 Releases*
> John H. said there were two issues that arose with 8.8.15 P20 and 9.0
> P13 after their initial release on March 30th that required a revised
> build of each on April 2nd. The first issue related to an
> incompatibility with kernel versions 4.8 and 4.9 with OpenSSL1.1.1h in
> Red Hat 6 and Ubuntu 14 (
> https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Zimbra_OpenSSL_1.1.1h_compatibility_issues_with_some_kernel_versions_.284.8_and_4.9.29
> <https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Zimbra_OpenSSL_1.1.1h_compatibility_issues_with_some_kernel_versions_.284.8_and_4.9.29>
> ). The symptoms of this issue are discussed in this Forum thread:
> http://forums.zimbra.org/viewtopic.php?f=13&t=69414&sid=fc2fb1f2b95efef659a1dde3bba8c87a
> <http://forums.zimbra.org/viewtopic.php?f=13&t=69414&sid=fc2fb1f2b95efef659a1dde3bba8c87a>
> .
>
> The second issue was related to Zimbra installations running a dual
> stack (IPv4 and IPv6) configuration, where the Zimbra IPv4 interface
> can be incorrectly disabled, as described in this Forum thread:
> https://forums.zimbra.org/viewtopic.php?f=13&t=69412
> <https://forums.zimbra.org/viewtopic.php?f=13&t=69412> . [Editor Note:
> a third revised version of 8.8.15 P20 and 9.0 P13 were released on
> April 8th to address a security vulnerability in SpamAssassin 3.4.4,
> discussed in the March 30th Zeta Alliance Call:
> https://forums.zimbra.org/viewtopic.php?f=9&t=69488#p301185
> <https://forums.zimbra.org/viewtopic.php?f=9&t=69488#p301185> ].
>
> *Follow-Up: Zimbra Support For Ubuntu 16.04 LTS*
> To follow-up on the Zeta Alliance March 30th call related to the topic
> of Zimbra support for Ubuntu 16.04 LTS, John H. confirmed that there
> are no plans to end Ubuntu 16.04 LTS support for the foreseeable future.
>
> *Zimbra Video Server*
> Mark S. asked if anyone knew of the timeline for when the Zimbra Video
> Server is anticipated to leave beta and become generally available.
> No one on the call had an update to share.
>
> *HTTP/2.0 Support In Zimbra*
> Randy L. said that he noticed HTTP/2.0 support had been introduced
> with the new Nginx version that is included with 8.8.15 Patch 20 and
> 9.0 Patch 13. He asked if HTTP/2 support is now supported end-to-end
> from the Zimbra Nginx proxy to the mailbox server. John H. said that
> HTTP/2 support is currently only supported on the Nginx front-end and
> not yet supported on the mailbox server back-end. End-to-end support
> for HTTP/2 is still being reviewed to ensure that no security risks
> will be introduced.
>
> *ClamAV Security Vulnerabilities In Zimbra*
> Randy L. shared that the ClamAV 102.2 version included in the recently
> released 8.8.15 Patch 20 and 9.0 Patch 13 has four security
> vulnerabilities:
>
> * CVE-2020-3327 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3341
> <https://nvd.nist.gov/vuln/detail/CVE-2020-3341> ): CVSS Score 7.5
> * CVE-2020-3341 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3341
> <https://nvd.nist.gov/vuln/detail/CVE-2020-3341> ): CVSS Score 7.5
> * CVE-2020-3481 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3481
> <https://nvd.nist.gov/vuln/detail/CVE-2020-3481> ) CVSS Score 7.5
> * CVE-2020-3350 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3350
> <https://nvd.nist.gov/vuln/detail/CVE-2020-3350> ) CVSS Score 6.3
>
> The first three vulnerabilities can be exploited simply by sending a
> carefully crafted email attachment within an email to a Zimbra server
> configured to perform ClamAV scanning of inbound or outbound email.
> The fourth vulnerability requires an attacker to have local shell
> access to a Zimbra server where ClamAV is installed to exploit, making
> the first three vulnerabilities of greater concern for Zimbra
> administrators. Randy L. said he opened a support case with Zimbra and
> was assigned ZBUG-2193. The status of this bug can be monitored from
> the Zimbra Support Portal bug look-up tool.
>
> *NextCloud, ownCloud, and OnlyOffice Integrations With Zimbra*
> Marc S. asked for thoughts on using NextCloud or ownCloud with
> Zimbra. Randy L. said his personal preference is NextCloud and feels
> that many choose either NextCloud or ownCloud based on personal
> preferences and their history with each respective product. Marc G.
> asked if anyone is using OnlyOffice with NextCloud. Randy L. said
> that a few years ago, he tried to negotiate a deal to use OnlyOffice
> for an integration with Zimbra and NextCloud, but found that
> OnlyOffice lacked a service provider orientated licensing program,
> where instead they were offering traditional software licensing terms
> making it a non-starter for use in a service provider environment. He
> added that since then, Zimbra Docs has progressed forward, and knows
> that at one point, Barry D. had a working Zimlet for integrating
> OnlyOffice with Zimbra, but was unsure of the current status of the
> Zimlet. John E. said that in Zimbra Cloud, an OnlyOffice integration
> is currently available.
>
>
> Randy Leiker (randy at skywaynetworks.com )
> Skyway Networks, LLC
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20210421/16d7ff29/attachment-0001.html>
More information about the Users
mailing list