Zimbra Collaboration Updates (8.0.9 & 8.5.1)

Yesterday, Zimbra released updates to Zimbra Collaboration, both the 8.0.x and 8.5.x trees.


These updates address the OpenSSL security advisory dated October 15 and provide a partial fix for POODLE (due to the need for both client and server changes).

Zimbra Collaboration 8.0.9 and 8.5.1 update the OpenSSL libraries for nginx, OpenLDAP and Postfix to OpenSSL 1.0.1j. Mailboxd doesn’t use OpenSSL, but Zimbra Collaboration 8.6 (coming soon) should fix the issue(s).

These updates provide only a partial fix to POODLE, as TLS_FALLBACK_SCSV must be implemented on server and client sides. Keep in mind, older clients that don’t support TLS_FALLBACK_SCSV may allow protocol downgrades, to the insecure SSLv3 protocol.

Please refer to Zimbra’s wiki for guidance on disabling SSLv3, which was updated to include instruction for Zimbra Collaboration 7.x.y and should be performed as a precautionary measure regardless of software version.

Time Zone Changes

Recently, the Russian Federation passed legislation to make permanent changes to all Russian time zones. This created 11 time zones across Russia, which will be numbered in the UTC standard. The product updates provide support for the time zone changes.

Please download and install the latest versions of Zimbra Collaboration as soon as possible. Visit: zimbra.com/downloads/zimbra-collaboration

, , , , , ,

2 Responses to Zimbra Collaboration Updates (8.0.9 & 8.5.1)

  1. Rahul Yadav July 13, 2015 at 1:16 PM #

    Dear Support team
    i have install successfully zimbra setup in rhel 6.4 and as well i am able to send mail , but i am not able to received mails

  2. Jorge de la Cruz July 14, 2015 at 10:38 AM #

    Hi Rahul,
    Let us know your problem with the exact version of Zimbra Collaboration and the exact problem, could be great have some Logs also

    Come to the Forums https://community.zimbra.com/collaboration/f/1886

    Best regards

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures