[Users] April 6, 2021 Zeta Alliance Conference Call Summary

Barry de Graaff info at barrydegraaff.nl
Wed Apr 21 07:39:46 CEST 2021

Hello All,

The OnlyOffice integration in the Nextcloud Zimlet for Classic UI, still 
works and was tested in the past month.


The same instance of OnlyOffice can be used with the Zimlet as well as 

Regards, Barry

On 4/21/21 7:08 AM, Randy Leiker wrote:
> Hello Zeta Alliance Community,
> Here is a summary of this week’s conference call.  A few brief reminders:
>   * Conference calls are every Tuesday and open to all using either
>     the FreeConferenceCall.com VoIP app or via a dial-in number:
>     https://www.freeconferencecall.com/wall/zetalliance
>     <https://www.freeconferencecall.com/wall/zetalliance>
>   * Each week’s call agenda can be found at:
>     _https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J
>     <https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J>_
>   * A copy of each week’s summary is also posted to the Zimbra Forums:
>       o All Prior Months: https://forums.zimbra.org/viewforum.php?f=9
>         <https://forums.zimbra.org/viewforum.php?f=9>
>       o March 2021:
>         https://forums.zimbra.org/viewtopic.php?f=9&t=69488
>         <https://forums.zimbra.org/viewtopic.php?f=9&t=69488>
>       o April 2021:
>         https://forums.zimbra.org/viewtopic.php?f=9&t=69507
>         <https://forums.zimbra.org/viewtopic.php?f=9&t=69507>
>   * Constructive feedback on these call summaries is always welcome.
> April 6, 2021
> *Mailboxd Java Options*
> Mark S. said that in the 8.8.15 Patch 20 release notes ( 
> https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Execute_the_following_steps_on_Zimbra_Mailstore 
> <https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Execute_the_following_steps_on_Zimbra_Mailstore> 
> ), he noticed a recommendation to use the Java parameter: 
> “-Djavax.net.debug=ssl,handshake,data” and he wanted to know if using 
> this option would significantly increase the size of his logs in 
> Zimbra. [Editor Note: the release notes page has since been revised to 
> omit this Java parameter.]  John E. said it should not hurt and can be 
> helpful in determining that things are working correctly.  He said 
> that in the event the Java parameters do not work, it will present 
> itself as a certificate failure upon startup.
> *Revised 8.8.15 Patch 20 and 9.0 Patch 13 Releases*
> John H. said there were two issues that arose with 8.8.15 P20 and 9.0 
> P13 after their initial release on March 30th that required a revised 
> build of each on April 2nd.  The first issue related to an 
> incompatibility with kernel versions 4.8 and 4.9 with OpenSSL1.1.1h in 
> Red Hat 6 and Ubuntu 14 ( 
> https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Zimbra_OpenSSL_1.1.1h_compatibility_issues_with_some_kernel_versions_.284.8_and_4.9.29 
> <https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Zimbra_OpenSSL_1.1.1h_compatibility_issues_with_some_kernel_versions_.284.8_and_4.9.29> 
> ).  The symptoms of this issue are discussed in this Forum thread: 
> http://forums.zimbra.org/viewtopic.php?f=13&t=69414&sid=fc2fb1f2b95efef659a1dde3bba8c87a 
> <http://forums.zimbra.org/viewtopic.php?f=13&t=69414&sid=fc2fb1f2b95efef659a1dde3bba8c87a> 
> .
> The second issue was related to Zimbra installations running a dual 
> stack (IPv4 and IPv6) configuration, where the Zimbra IPv4 interface 
> can be incorrectly disabled, as described in this Forum thread: 
> https://forums.zimbra.org/viewtopic.php?f=13&t=69412 
> <https://forums.zimbra.org/viewtopic.php?f=13&t=69412> . [Editor Note: 
> a third revised version of 8.8.15 P20 and 9.0 P13 were released on 
> April 8th to address a security vulnerability in SpamAssassin 3.4.4, 
> discussed in the March 30th Zeta Alliance Call: 
> https://forums.zimbra.org/viewtopic.php?f=9&t=69488#p301185 
> <https://forums.zimbra.org/viewtopic.php?f=9&t=69488#p301185> ].
> *Follow-Up: Zimbra Support For Ubuntu 16.04 LTS*
> To follow-up on the Zeta Alliance March 30th call related to the topic 
> of Zimbra support for Ubuntu 16.04 LTS, John H. confirmed that there 
> are no plans to end Ubuntu 16.04 LTS support for the foreseeable future.
> *Zimbra Video Server*
> Mark S. asked if anyone knew of the timeline for when the Zimbra Video 
> Server is anticipated to leave beta and become generally available.  
> No one on the call had an update to share.
> *HTTP/2.0 Support In Zimbra*
> Randy L. said that he noticed HTTP/2.0 support had been introduced 
> with the new Nginx version that is included with 8.8.15 Patch 20 and 
> 9.0 Patch 13.  He asked if HTTP/2 support is now supported end-to-end 
> from the Zimbra Nginx proxy to the mailbox server.  John H. said that 
> HTTP/2 support is currently only supported on the Nginx front-end and 
> not yet supported on the mailbox server back-end.  End-to-end support 
> for HTTP/2 is still being reviewed to ensure that no security risks 
> will be introduced.
> *ClamAV Security Vulnerabilities In Zimbra*
> Randy L. shared that the ClamAV 102.2 version included in the recently 
> released 8.8.15 Patch 20 and 9.0 Patch 13 has four security 
> vulnerabilities:
>   * CVE-2020-3327 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3341
>     <https://nvd.nist.gov/vuln/detail/CVE-2020-3341> ): CVSS Score 7.5
>   * CVE-2020-3341 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3341
>     <https://nvd.nist.gov/vuln/detail/CVE-2020-3341> ): CVSS Score 7.5
>   * CVE-2020-3481 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3481
>     <https://nvd.nist.gov/vuln/detail/CVE-2020-3481> ) CVSS Score 7.5
>   * CVE-2020-3350 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3350
>     <https://nvd.nist.gov/vuln/detail/CVE-2020-3350> ) CVSS Score 6.3
> The first three vulnerabilities can be exploited simply by sending a 
> carefully crafted email attachment within an email to a Zimbra server 
> configured to perform ClamAV scanning of inbound or outbound email.  
> The fourth vulnerability requires an attacker to have local shell 
> access to a Zimbra server where ClamAV is installed to exploit, making 
> the first three vulnerabilities of greater concern for Zimbra 
> administrators. Randy L. said he opened a support case with Zimbra and 
> was assigned ZBUG-2193.  The status of this bug can be monitored from 
> the Zimbra Support Portal bug look-up tool.
> *NextCloud, ownCloud, and OnlyOffice Integrations With Zimbra*
> Marc S. asked for thoughts on using NextCloud or ownCloud with 
> Zimbra.  Randy L. said his personal preference is NextCloud and feels 
> that many choose either NextCloud or ownCloud based on personal 
> preferences and their history with each respective product.  Marc G. 
> asked if anyone is using OnlyOffice with NextCloud.  Randy L. said 
> that a few years ago, he tried to negotiate a deal to use OnlyOffice 
> for an integration with Zimbra and NextCloud, but found that 
> OnlyOffice lacked a service provider orientated licensing program, 
> where instead they were offering traditional software licensing terms 
> making it a non-starter for use in a service provider environment. He 
> added that since then, Zimbra Docs has progressed forward, and knows 
> that at one point, Barry D. had a working Zimlet for integrating 
> OnlyOffice with Zimbra, but was unsure of the current status of the 
> Zimlet.  John E. said that in Zimbra Cloud, an OnlyOffice integration 
> is currently available.
> Randy Leiker (randy at skywaynetworks.com )
> Skyway Networks, LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20210421/16d7ff29/attachment-0001.html>

More information about the Users mailing list