8.8.12 Patch 3 breaks printing messages with inline images

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
andrey.ivanov
Posts: 48
Joined: Wed Aug 08, 2018 8:44 am

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby andrey.ivanov » Thu Jun 27, 2019 11:57 am

Workaround from Zimbra support :

Code: Select all

As a workaround please do the following on all mailbox servers
zmlocalconfig -e zimbra_use_owasp_html_sanitizer=FALSE
zmmailboxdctl restart


It did help me. Unfortunately it means that their new owasp sanitizing framework is disabled (https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.12/P3). But it fixes both attachments and printing problems, i. e. it fixes both cases :
"Case 00850083 Upgrade from 8.8.12_P2 to 8.8.12_P3 breaks printing inline images"
"Case 00849909 Infinite attachement since 8.8.12P3 in mail window"


It also fixed some broken html messages in web client.

It corresponds to the following commit in the git : https://github.com/Zimbra/zm-mailbox/co ... ae79c9272a
Last edited by andrey.ivanov on Thu Jun 27, 2019 12:40 pm, edited 2 times in total.


vpascual
Posts: 2
Joined: Thu Jul 12, 2018 10:43 am

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby vpascual » Thu Jun 27, 2019 12:16 pm

Hello,
Same problem in Release 8.8.12.GA.3794.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.12_P3.
phoenix
Ambassador
Ambassador
Posts: 26417
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby phoenix » Thu Jun 27, 2019 12:32 pm

vpascual wrote:Hello,
Same problem in Release 8.8.12.GA.3794.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.12_P3.
Did you not read the two solutions in the posts just prior to yours or are you saying you tried those and they didn't work?
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
vpascual
Posts: 2
Joined: Thu Jul 12, 2018 10:43 am

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby vpascual » Fri Jun 28, 2019 6:43 am

phoenix wrote:
vpascual wrote:Hello,
Same problem in Release 8.8.12.GA.3794.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.12_P3.
Did you not read the two solutions in the posts just prior to yours or are you saying you tried those and they didn't work?


Sorry, I dont read the two solutions in the post few minuts before my post, should have coincided when I was writing.

I have tried the indicated solution and it works perfectly, thank you very much
phoenix
Ambassador
Ambassador
Posts: 26417
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby phoenix » Fri Jun 28, 2019 6:49 am

vpascual wrote:I have tried the indicated solution and it works perfectly, thank you very much
That's good, I'm glad you've resolved it. :)
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
rickaotc
Posts: 21
Joined: Thu Jul 07, 2016 12:28 pm
ZCS/ZD Version: Release 8.8.15_GA_3829.RHEL7_64_201

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby rickaotc » Fri Jun 28, 2019 10:55 am

Unfortunately it means that their new owasp sanitizing framework is disabled


I'm told by support this doesn't even work, disabling it is actually a good thing.
khalilquza
Posts: 12
Joined: Wed Sep 06, 2017 8:20 am

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby khalilquza » Sun Jun 30, 2019 8:08 am

when I apply the fix, the emojis goes again
gulaschcowboy
Posts: 2
Joined: Mon Jun 24, 2019 1:30 pm

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby gulaschcowboy » Thu Jul 04, 2019 5:54 am

Hi guys,

isn't the OWASP sanitizer a security related feature? Is it a good idea to disable it?

I tried this setting and I can confirm, that it fixes 3 problems:

- broken HTML rendering
- duplicated attachments
- broken printing preview rendering

BTW:
Unfortunately the Zimbra support was not helpful at all in this case.
They made me execute 9 or 10 tests, as they thought we have been hacked seeing those 3 issues.
Only one test (grep ua=python-requests /opt/zimbra/log/access_log*) was positive (not really - only 404 responses), but the support told me: You have been hacked, reinstall your server.
Searching for this user-agent string on a internet facing webserver is the weakest indication possible...

So I'm under-satisfied* with the support quality

*hard to stay polite
gulaschcowboy
Posts: 2
Joined: Mon Jun 24, 2019 1:30 pm

Re: 8.8.12 Patch 3 breaks printing messages with inline images

Postby gulaschcowboy » Thu Jul 04, 2019 9:20 am

To answer my own question, this is the official answer from Zimbra support:

Yes, that is correct. That is official workaround for now until the issue is properly fixed.
That is a new feature, and the developers decided to set this to FALSE. If they suggested that, that means no affect will have on the production. For more information you can see:
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.12/P3
https://www.owasp.org/index.php/OWASP_J ... er_Project

I am suspecting the new fix will be included in the P4, which will be released on July 29th

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 12 guests