Today, Novell announced the release of GroupWise 8.0.2 HP2. In conjunction, Research in Motion will soon announce the certification of BES 5.0.1 MR1 against this version of GroupWise.
I am sitting at GWAVACon, Torrance California and have been notified by my engineering team that we have posted GroupWise 8.0.2 HP2.
The Hot Patch is now available and can be downloaded here!
BES 5.0.1 MR1 is available and can be downloaded from the RIM site! MR1 released in November 2010.
This Hot Patch, build #92377 (agents) #92614 (Clients), was built/delivered specifically to address SOAP issues that customers have reported and that have been affecting their mobility solutions.
Both BES and Mobility will benefit from the changes made in this Hot Patch. It has not been a long time since our last Hot Patch – just early November. However, the issues that were reported were significant enough and were affecting a broader section of our customer base that we felt it was appropriate to put this patch together and get it to our customers as soon as possible.
The changes include performance enhancements, API changes and SOAP thread hang fixes. The changes and improvements will equally benefit all integrations that utilize the SOAP interface into the POA. This includes Mobility, BES, any 3rd-party mobility solution and any 3rd-party integration that utilizes the SOAP interface.
Please check out the readme and release notes to see the most important changes and fixes that went into this Hot Patch.
Research in Motion continues to be a fantastic partner. Our development and quality control teams worked closely together over the last several months to track down, improve and deliver a joint solution that would benefit all of our customers who have deployed a BES solution for their Blackberry devices. The transition that RIM has had to do to support BES 5.0.1 with GroupWise and moving from the ObjectAPI to the SOAP interface has been significant. I have been a Blackberry user for almost 4 years now and have now transitioned to the Blackberry Torch. What a great device!
We have heard from so many of our customers who require a Blackberry solution for their enterprise. Novell is no exception. We run several BES and Mobility servers in order to effectively support the variety of mobile users and devices within our organization. We are part of RIM’s ‘Early Adopter Program’ and have had BES 5.0.1 running in our two production environments for several months. We look forward to the continued support and collaboration of these two companies and product lines.
There are also a couple of security issues to be aware of that were resolved with this Hot Patch.
Novell bug 657818, CVE-2010-4325 – The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses the TZID variable within a received VCALENDAR message, which could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
Related TID: http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007638
Novell Bug 642340, CVE-2010-4326 – The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses the REQUEST-STATUS variable within a received VCALENDAR message, which could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
Related TID: http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007155
GroupWise 8.0x, 8.01x, 8.02 and 8.0.2 HP1. Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP2 in order to secure their system.
These vulnerabilities were discovered and reported by Anonymous working with TippingPoint’s Zero Day Initiative (http://www.zerodayinitiative.com), ZDI-CAN-955, ZDI-CAN-967
NOTE: The second vulnerability was resolved in GroupWise 8.02 Hot Patch 1 (released November 2010), but was not disclosed until January 2011 pending final verification of the fix.
Novell Data Synchronizer Mobility Pack
As a preview, I want to give a quick heads up to the fact that the next update to the Mobility Pack will be available soon. The latest ‘sprint’ is complete, the demo looked awesome and the improvements continue to happen. We are completing the QA and some of the other final checkboxes as we move to ‘First Customer Ship’ This release, code named ‘Chinook’, is currently scheduled for early February.
Watch for additional details as this product is released.