[Users] April 6, 2021 Zeta Alliance Conference Call Summary

Barry de Graaff info at barrydegraaff.nl
Wed Apr 21 07:39:46 CEST 2021 

Hello All,

The OnlyOffice integration in the Nextcloud Zimlet for Classic UI, still 
works and was tested in the past month.

https://github.com/Zimbra-Community/owncloud-zimlet

The same instance of OnlyOffice can be used with the Zimlet as well as 
Nextcloud.

Regards, Barry


On 4/21/21 7:08 AM, Randy Leiker wrote:
> Hello Zeta Alliance Community,
>
> Here is a summary of this week’s conference call.  A few brief reminders:
>
>   * Conference calls are every Tuesday and open to all using either
>     the FreeConferenceCall.com VoIP app or via a dial-in number:
>     https://www.freeconferencecall.com/wall/zetalliance
>     <https://www.freeconferencecall.com/wall/zetalliance>
>   * Each week’s call agenda can be found at:
>     _https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J
>     <https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J>_
>   * A copy of each week’s summary is also posted to the Zimbra Forums:
>       o All Prior Months: https://forums.zimbra.org/viewforum.php?f=9
>         <https://forums.zimbra.org/viewforum.php?f=9>
>       o March 2021:
>         https://forums.zimbra.org/viewtopic.php?f=9&t=69488
>         <https://forums.zimbra.org/viewtopic.php?f=9&t=69488>
>       o April 2021:
>         https://forums.zimbra.org/viewtopic.php?f=9&t=69507
>         <https://forums.zimbra.org/viewtopic.php?f=9&t=69507>
>   * Constructive feedback on these call summaries is always welcome.
>
>
> April 6, 2021
>
> *Mailboxd Java Options*
> Mark S. said that in the 8.8.15 Patch 20 release notes ( 
> https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Execute_the_following_steps_on_Zimbra_Mailstore 
> <https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Execute_the_following_steps_on_Zimbra_Mailstore> 
> ), he noticed a recommendation to use the Java parameter: 
> “-Djavax.net.debug=ssl,handshake,data” and he wanted to know if using 
> this option would significantly increase the size of his logs in 
> Zimbra. [Editor Note: the release notes page has since been revised to 
> omit this Java parameter.]  John E. said it should not hurt and can be 
> helpful in determining that things are working correctly.  He said 
> that in the event the Java parameters do not work, it will present 
> itself as a certificate failure upon startup.
>
> *Revised 8.8.15 Patch 20 and 9.0 Patch 13 Releases*
> John H. said there were two issues that arose with 8.8.15 P20 and 9.0 
> P13 after their initial release on March 30th that required a revised 
> build of each on April 2nd.  The first issue related to an 
> incompatibility with kernel versions 4.8 and 4.9 with OpenSSL1.1.1h in 
> Red Hat 6 and Ubuntu 14 ( 
> https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Zimbra_OpenSSL_1.1.1h_compatibility_issues_with_some_kernel_versions_.284.8_and_4.9.29 
> <https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P20#Zimbra_OpenSSL_1.1.1h_compatibility_issues_with_some_kernel_versions_.284.8_and_4.9.29> 
> ).  The symptoms of this issue are discussed in this Forum thread: 
> http://forums.zimbra.org/viewtopic.php?f=13&t=69414&sid=fc2fb1f2b95efef659a1dde3bba8c87a 
> <http://forums.zimbra.org/viewtopic.php?f=13&t=69414&sid=fc2fb1f2b95efef659a1dde3bba8c87a> 
> .
>
> The second issue was related to Zimbra installations running a dual 
> stack (IPv4 and IPv6) configuration, where the Zimbra IPv4 interface 
> can be incorrectly disabled, as described in this Forum thread: 
> https://forums.zimbra.org/viewtopic.php?f=13&t=69412 
> <https://forums.zimbra.org/viewtopic.php?f=13&t=69412> . [Editor Note: 
> a third revised version of 8.8.15 P20 and 9.0 P13 were released on 
> April 8th to address a security vulnerability in SpamAssassin 3.4.4, 
> discussed in the March 30th Zeta Alliance Call: 
> https://forums.zimbra.org/viewtopic.php?f=9&t=69488#p301185 
> <https://forums.zimbra.org/viewtopic.php?f=9&t=69488#p301185> ].
>
> *Follow-Up: Zimbra Support For Ubuntu 16.04 LTS*
> To follow-up on the Zeta Alliance March 30th call related to the topic 
> of Zimbra support for Ubuntu 16.04 LTS, John H. confirmed that there 
> are no plans to end Ubuntu 16.04 LTS support for the foreseeable future.
>
> *Zimbra Video Server*
> Mark S. asked if anyone knew of the timeline for when the Zimbra Video 
> Server is anticipated to leave beta and become generally available.  
> No one on the call had an update to share.
>
> *HTTP/2.0 Support In Zimbra*
> Randy L. said that he noticed HTTP/2.0 support had been introduced 
> with the new Nginx version that is included with 8.8.15 Patch 20 and 
> 9.0 Patch 13.  He asked if HTTP/2 support is now supported end-to-end 
> from the Zimbra Nginx proxy to the mailbox server.  John H. said that 
> HTTP/2 support is currently only supported on the Nginx front-end and 
> not yet supported on the mailbox server back-end.  End-to-end support 
> for HTTP/2 is still being reviewed to ensure that no security risks 
> will be introduced.
>
> *ClamAV Security Vulnerabilities In Zimbra*
> Randy L. shared that the ClamAV 102.2 version included in the recently 
> released 8.8.15 Patch 20 and 9.0 Patch 13 has four security 
> vulnerabilities:
>
>   * CVE-2020-3327 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3341
>     <https://nvd.nist.gov/vuln/detail/CVE-2020-3341> ): CVSS Score 7.5
>   * CVE-2020-3341 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3341
>     <https://nvd.nist.gov/vuln/detail/CVE-2020-3341> ): CVSS Score 7.5
>   * CVE-2020-3481 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3481
>     <https://nvd.nist.gov/vuln/detail/CVE-2020-3481> ) CVSS Score 7.5
>   * CVE-2020-3350 ( https://nvd.nist.gov/vuln/detail/CVE-2020-3350
>     <https://nvd.nist.gov/vuln/detail/CVE-2020-3350> ) CVSS Score 6.3
>
> The first three vulnerabilities can be exploited simply by sending a 
> carefully crafted email attachment within an email to a Zimbra server 
> configured to perform ClamAV scanning of inbound or outbound email.  
> The fourth vulnerability requires an attacker to have local shell 
> access to a Zimbra server where ClamAV is installed to exploit, making 
> the first three vulnerabilities of greater concern for Zimbra 
> administrators. Randy L. said he opened a support case with Zimbra and 
> was assigned ZBUG-2193.  The status of this bug can be monitored from 
> the Zimbra Support Portal bug look-up tool.
>
> *NextCloud, ownCloud, and OnlyOffice Integrations With Zimbra*
> Marc S. asked for thoughts on using NextCloud or ownCloud with 
> Zimbra.  Randy L. said his personal preference is NextCloud and feels 
> that many choose either NextCloud or ownCloud based on personal 
> preferences and their history with each respective product.  Marc G. 
> asked if anyone is using OnlyOffice with NextCloud.  Randy L. said 
> that a few years ago, he tried to negotiate a deal to use OnlyOffice 
> for an integration with Zimbra and NextCloud, but found that 
> OnlyOffice lacked a service provider orientated licensing program, 
> where instead they were offering traditional software licensing terms 
> making it a non-starter for use in a service provider environment. He 
> added that since then, Zimbra Docs has progressed forward, and knows 
> that at one point, Barry D. had a working Zimlet for integrating 
> OnlyOffice with Zimbra, but was unsure of the current status of the 
> Zimlet.  John E. said that in Zimbra Cloud, an OnlyOffice integration 
> is currently available.
>
>
> Randy Leiker (randy at skywaynetworks.com )
> Skyway Networks, LLC
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20210421/16d7ff29/attachment-0001.html>

More information about the Users mailing list