Zimbra Collaboration 8.6 Patch 5 now available


We have been working hard to deliver Patch 5 for the 8.6.0 release before the holidays. There are 32 bugs that are now resolved, including eight important  Security bugs.

Download the Patch 5

Please do a full backup or snapshot before installing this Patch. You can download the patch and the md5 and the SHA 256 file here:

Please, read the Full Release Notes here.

All Zimbra Collaboration 8.6.0 sites are recommended to install this patch. Patch 5 is cumulative with Patch 1, 2, 3, and 4, so only Patch 5 is required in case that you didn’t installed the previous ones.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

ZCS 8.6.0 Patch 5 includes the following security fixes.

Bug Rating CVSS Base Score CVE-Number
Bug 101559 Minor 3.5 CVE-2015-2249
Bug 101436 Minor 2.6 CVE-2015-7609
Bug 101435 Major 6.4 CVE-2015-7609
Bug 100133 Minor 3.5 CVE-2015-2249
Bug 99914 Minor 3.5 CVE-2015-2249
Bug 99854 Minor 3.5 CVE-2015-2249
Bug 99236 Minor 4.3 CVE-2012-5881 CVE-2012-5882 CVE-2012-5883
Bug 96973 Minor 4.3 CVE-2015-2249

ZCS 8.6.0 Patch5 Bug Fixes

You might find useful the complete list of the fixed Bugs in this Patch 5 for Zimbra Collaboration 8.6.0.


Bug Number and Description

Admin – Console
  • Bug 84432 – Active sessions of the domain now display at monitor > server statistics.
  • Bug 94164 – Mailbox quota under Domains displays information correctly.
  • Bug 95434 – Ability to set default COS for Domain in Admin GUI. See bug 102859 in the Known Issues section regarding this bug fix.
  • Bug 95470 – Autocomplete works correctly for COS while creating/editing an account. See bug 102859 in the Known Issues section regarding this bug fix.
  • Bug 97564 – Admin console restore works correctly to restore individual accounts.
  • Bug 98487 – Propensity for MTA globalConfig settings to contains values.
  • Bug 98837 – Ability to remove user from Distribution List from “Member Of” screen within Account management.
  • Bug 99144 – Ability to add external “gst” Grantee to ACLs from admin console.
Admin – Utilities
  • Bug 99828 – zmldapmmrtool query option displays the server ID (SID).
  • Bug 101234 – Fixed issue causing zmldapmmrtool to reset startTLS to critical with ldap URIs when changing the RID.
  • Bug 102892 – zmconfigd: Fixed issue causing failure to rewrite salocal.cf.in correctly.
Calendar – Server
  • Bug 101736 – Updated the latest timezone data for ZWC client.
  • Bug 101313 – FreeBusy results for Exchange users are correct in Outlook display.
Calendar – Web Client
  • Bug 99777 – Fixed script error causing e to be undefined while creating appointment if zimbraFeatureGalEnabled is set to false.
Contacts – Web Client
  • Bug 97514 – Print Preview of Contact Groups display correctly.
Install & Upgrade
  • Bug 95847 – Fixed zmldapmmrtool to disallow deletion of last replication agreement.
  • Bug 99165 – zmldapmmrtool -o rid -u -t off does not cause issues for other replication agreements.
  • Bug 101354 – 8.6.0 patch 1 installation error fixed for FOSS.
Mail – Server
  • Bug 96519 – Zimbra help sets X-Frame-Options by default.
  • Bug 96954 – Fixed issue causing thread-topic header to expose original message subject even if reply subject differs.
  • Bug 97269 – “base href” bitmap image displays correctly.
  • Bug 97339 – External email images display correctly.
  • Bug 98495 – zimbraResponseHeader works correctly.
  • Bug 100966 – Message body displays correctly in Outlook.
Mail – Web Client
  • Bug 97929 – Fixed issue causing script error dialog to display when the subject of a message has a specific character or string.
  • Bug 99992 – Fixed issue causing   to be added to quick replies.
Mobile – Zimbra Mobile Sync
  • Bug 100572 – Fixed issue causing iOS sync to lose email.
  • Bug 102019 – Calendar/Contacts/Tasks Sync works correctly in itemized mode.
Other – Web Client
  • Bug 97314 – Fixed issue causing JS error when going to Signatures page.
  • Bug 97716 – Fixed issue causing list view scrolls to top when scrolling down and the list is populated with more items.
  • Bug 98661 – Ability to destroy a dialog for security text.
Standard HTML Client
  • Bug 96518 – Internal IP address is not exposed on view-source page.

Before Installing the Patch

Before installing the patch, consider the following:

  • Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration
  • Patches are delivered as a TGZ file and are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-backmechanism.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.

Install the Patch

Read carefully the Release Notes, for this Patch 5.

Important! You cannot revert to the previous ZCS release after you upgrade to the patch.

, ,

7 Responses to Zimbra Collaboration 8.6 Patch 5 now available

  1. Muhammad Rohibun December 21, 2015 at 10:27 PM #

    Hi Jorge,
    thanks for the patch. I have another issue wich is not mentioned in current patch. Sometime when user send email from iphone that consist an image in the email body, postfix recognize wrong file extension in the email body. for example:
    “Koala.jpg;??x-apple-part-url=”781fefd5082b213036d392534fe08590@somedomain.com” recognize as .com extension (it will be issue when .com is blocked).

    It appears that postfix not anticipate unknown character (example “) and change it to question mark (??)


  2. Neil December 22, 2015 at 3:57 AM #

    I was surprised lately how much the documentation has improved in the admin doc for each version. If I can’t find the info I’m looking for in there then I go straight to support as anything you search for is nearly alwayd for an older version so check the docs once more below https://www.zimbra.com/documentation/zimbra-collaboration

  3. rainer_d December 24, 2015 at 7:21 AM #


    where can I get more information about the security-fixes?
    E.g. the issue 101435 marked as major is not public in bugzilla – and the CVE-candidate isn’t public either (yet)…

    Or maybe it’s just that everybody is already in X-mas mo(o)d(e)…

    In any case: Thanks for your hard work. A Merry Christmas and a Happy New Year to the Zimbra Team.

  4. Alessandro Zappa January 8, 2016 at 1:42 PM #

    After installing patch 5 and set max users per cos in domain advanced settings the create new user action is broken, please provide a solution.


    • Jorge de la Cruz January 8, 2016 at 2:04 PM #

      Hi Alessandro,
      You can find more information about this behaviour here – https://bugzilla.zimbra.com/show_bug.cgi?id=103122

      We are currently investigating it, please add yourself to the bug and vote for it! If you are a customer, Fill a support ticket and link the bug number to the Support Case

      Best regards

  5. Raj July 29, 2016 at 8:36 AM #

    in zimbra GUI it showing service failed, but in CLI all services are running is any setting is there from GUI


  1. Zimbra Collaboration 8.6 Patch 5 est disponible ! – Zimbra :: Blog France - December 22, 2015

    […] – Ability to set default COS for Domain in Admin GUI. See bug 102859 in the Known Issues section regarding this bug […]

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures