Search found 88 matches

by halfgaar
Wed Apr 07, 2021 11:42 am
Forum: General Zimbra Feedback
Topic: Forums not redirecting to HTTPS
Replies: 2
Views: 3216

Re: Forums not redirecting to HTTPS

I see the certificate is from DigiCert. Using certbot to request one at Let's Encrypt is easy and you can easily add many domains. Of course, depending on how it's hosted. It's easy when hosting oneself.
by halfgaar
Wed Mar 31, 2021 8:55 am
Forum: General Zimbra Feedback
Topic: Forums not redirecting to HTTPS
Replies: 2
Views: 3216

Forums not redirecting to HTTPS

I don't quite know where to post this, but the forums are not redirecting to HTTPS: ZimbraForumScreenshot.png $ curl --head http://forums.zimbra.org HTTP/1.1 200 OK Cache-Control: private, no-cache="set-cookie" Content-Type: text/html; charset=UTF-8 Date: Wed, 07 Apr 2021 11:39:42 GMT Expi...
by halfgaar
Wed Mar 31, 2021 8:51 am
Forum: Announcements
Topic: Zimbra 8.8.15 patch 20 CVE rating 9.8
Replies: 1
Views: 624

Zimbra 8.8.15 patch 20 CVE rating 9.8

By lack of announcement topic, I'm taking the liberty: Zimbra Collaboration Joule 8.8.15 Patch 20 GA Release I don't know what a joule is (aside from a unit of energy), but I guess it's a suite. "Heap-based buffer overflow vulnerabilities in PHP < 7.3.10" has a 9.8 rating. "Upgraded A...
by halfgaar
Tue Jul 07, 2020 6:27 pm
Forum: Administrators
Topic: Update Url Working?
Replies: 9
Views: 3943

Re: Update Url Working?

This still seems to be an issue. I never get e-mail about updates. Current version: Release 8.8.15.GA.3869.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.15_P11. I changed the update URL to HTTP so I could capture it with tcpdump, and I can then see it does this query: https://www.zimbra.com/aus/un...
by halfgaar
Sat Feb 15, 2020 12:04 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 408791

Re: CVE-2019-9670 being actively exploited

The first thing I'd try, is to just upgrade to the latest version (8.8.15 Patch-7). You can download it at zimbra.org (although I don't know why they offer that, as opposed to zimbra.com, where you have to fill out a form for the open source edition). There are some difficulties upgrading from 8.6 t...
by halfgaar
Sat Feb 08, 2020 11:56 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 408791

Re: CVE-2019-9670 being actively exploited

zim_mike wrote:Doesn't the server or the client let you know when there are updates?


It doesn't seem to, to my dismay :(
by halfgaar
Tue Jun 11, 2019 7:16 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 408791

Re: CVE-2019-9670 being actively exploited

I've mentioned it before as a method against attacks on HTTP traffic, but to reiterate: If you have an extra server (small VM will do) and if your user base allows it, you can block the HTTP(S) traffic, and only allow the web mail to be used through an authenticated HTTP proxy . I use this kind of p...
by halfgaar
Sun Jun 09, 2019 12:38 pm
Forum: Administrators
Topic: Zimbra Collaboration 8.7.x and Ubuntu OS update corrupts/removes Zimbra installation
Replies: 40
Views: 111242

Re: Zimbra Collaboration 8.7.x and Ubuntu OS update corrupts/removes Zimbra installation

I just performed an upgrade from Ubuntu 14.04 Zimbra 8.7.11, to Ubuntu 16.04, Zimbra 8.8.12. Let me document my findings: The instructions on the wiki (as per today) didn't work. After having to fix Java VM debugging startup parameters from localconfig.xml , the mailboxdaemon complained about the st...
by halfgaar
Tue Jun 04, 2019 4:54 pm
Forum: Administrators
Topic: Zimbra Collaboration 8.7.x and Ubuntu OS update corrupts/removes Zimbra installation
Replies: 40
Views: 111242

Re: Zimbra Collaboration 8.7.x and Ubuntu OS update corrupts/removes Zimbra installation

Joho and David, did you see/use the (semi) official Upgrade Ubuntu 14.x to Ubuntu 16.x and update ZCS 8.7 & above As always, make some kind of backup. My Zimbra virtual machine is on a logical volume, so I always make a backup snapshot. I close all tcp ports when I do it so nothing gets mutated....
by halfgaar
Thu May 30, 2019 7:47 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 408791

Re: CVE-2019-9670 being actively exploited

You can always use 'stat' to look at the ctime: you can't change that.

Go to advanced search