Zimbra Collaboration 8.7.2 and 8.6 Patch 8 are Available


In July of last year, we announced Zimbra Collaboration 8.7, which included four of my favorite, admin-related features including Two-Factor Authentication (2FA), a new Zimbra Packaging System, SSL Server Name Identification (SNI) and Zimbra Postscreen.

Today, I’m thrilled to announce our first minor release of 2017: Zimbra Collaboration 8.7.2, please go to the Downloads page to grab it. We have also a beta for Zimbra Collaboration 8.6 Patch 8, which you can download and install by contacting Support. If you need it, please go here to obtain more information about how to reach Zimbra support.

We are working behind the scenes to make many changes to Zimbra. One of these changes is a more frequent release process for bugs and patches. One of our goals for 2017 is to have more frequent releases, to fix more bugs and to fix bugs faster. We are really happy to have this release acceleration in place, and we’re looking forward to your feedback on our new approach!

Fixed issues ZCS 8.7.2

Here is a comprehensive list of all the items addressed in this Release. One of my favorite fixes is Bug 104027: Mail list view is not refreshed when deleting mails in message view. Enjoy the fixes!

104578 Pagination support for SyncGalRequest
96078 EWS Sharing – Delayed syncing of few folders in mounted share in Macoutlook
106661 Chrome: “Script Error: Cannot read property ‘parentAppCtxt’ of null” when accepting share from new window
103402 Very long range appointment causes script error and leaves the browser unresponsive
30708 Warn user if scheduling an appointment in the past
106784 Changing of calendar “Show reminders (zimbraPrefCalendarApptReminderWarningTime)” preference sends zimbraPrefCalendarWorkingHours in ModifyPrefsRequest
107153 Image within signature is broken in reply/forward window
106409 Problem using mobile web client in french
107601 SyncGalRequest throws error if galsync account and user account are not on same host.
103402 Add validation for dates in quick add appointment dialog
107602 SearchGalRequest throws NPE, if no galsync account present
105196 swatchdog alerts are tagged as spam when DKIM is in use
30708 New task functionality regressed
107603 Upgrade log showing wrong upgrade paths
107604 unknown document” exception for some requests on 8.7.2 build on RHEL machines
107605 8.7.2 to 8.7.2 (same version) upgrade removes service, zimbra & zimbraAdmin war contents
107606 Rolling upgrade from network to network ,gives warning of switching to FOSS.
107106 Convertd failed after upgrade to 8.7.1 from 8.7.0
107607 upgrade step for 8.7.2
104027 Mail list view is not refreshed when deleting mails in message view
103456 start and end time is not checked in Print dialog
103339 compose new email issue with scrollbar
104303 Remove error msg which lists supported browsers
103534 Enter key in “Show appointment through” date field doesn’t refresh the page state
102980 Some zimlet does not display dismiss text in Dismiss button of Dialog.

Fixed Issues ZCS 8.6 Patch 8

Here is a comprehensive list of all fixed items in ZCS 8.6 Patch 8. This Patch address mostly Security Issues with different importance. We strongly recommend that all of our Customers running Zimbra Collaboration 8.6 install this Patch as soon as possible.

Admin – Console
100899 CSRF – Admin Console [CWE-352]
104294 CSRF – Client uploader extension [CWE-352]
104456 extension REST handlers are not protected by CSRF [CWE-352]
68445 After session timeout, username field appears disabled so user cannot sign back in Admin Console
103497 [RSYNC Failure] Implement mailbox unlocking for Flush Cache
EWS – Server
101746 Outlook 2016: Auto Sync not working for Outook 2016
Other – Server
104236 All file uploads are broken in Admin UI (zimlet, certificate, migration wizard, license) because FileUploadServlet no longer supports csrfToken specified in multipart body
105029 Soap servlet should log CSRF related error at INFO level

Security Fixes for ZCS 8.6 Patch 8

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Fix Release or
Patch Version
104294104456 CSRF CWE-352 CVE-2016-3406 2.6 Minor 8.6 P8, 8.7.0
CSRF CWE-352 CVE-2015-6542
5.8 Major 8.6 P8, 8.7.0
103959 CSRF CWE-352 CVE-2016-3404 4.3 Minor 8.6 P8, 8.7.0
103961  104828 CSRF CWE-352 CVE-2016-3405 4.3 Minor 8.6 P8, 8.7.0

Please refer to the release notes to know more about security in Patch 8 and below

Bonus: Slide deck

We have released a slide deck about What’s New in Zimbra Collaboration 8.7.x, and we hope you like it. Follow us on Twitter and LinkedIn to keep up-to-date about upcoming webinars about Zimbra Collaboration, Zimbra Talk and Zimbra Suite Plus.

Click here if the slide deck is not working for you.

Quick note about our git repository and our Open Source Code

Downloading and building our Zimbra code? Keep reading… Starting ZCS 8.7.2 and above we have a new steps to download and see our code:

Note: Code is just published as it is. Objective is people should able to see the code changes. There are some tweaks required to get it build. We are working on restructuring.


  • Read the Release Notes for Zimbra Collaboration 8.7.2 here
  • Read the Release Notes for Zimbra Collaboration 8.6 Patch 8 here
  • Download Zimbra Collaboration 8.7.2 and 8.6 Patch 8 here
  • Forum about Installation and Upgrade here

, , , , ,

5 Responses to Zimbra Collaboration 8.7.2 and 8.6 Patch 8 are Available

  1. Bob W February 3, 2017 at 7:04 PM #

    A faster release schedule is much appreciated. 8.7.2 installed on my test environment with no issues. Thanks!

  2. Dennis S February 6, 2017 at 7:17 AM #


    It seems that Patch 8 for Zimbra 8.6.0 is not available on the downloads page. On the zimbra.org website is says “Patch-8 (beta): contact support in order to obtain it.”. Could you please update the links?


    • Jorge de la Cruz February 7, 2017 at 2:51 PM #

      Hi Dennis,
      Are you a Zimbra Customer? You can open a support ticket and grab it, if not, we will mark it as GA in about one/two weeks.

      Best regards

    • Maqueira February 8, 2017 at 11:21 PM #

      Hi Dennis,

      You can download the Patch 8 for Zimbra 8.6.0 here:
      Removed by the admin – it should be requested to Support for now

      Best regards

  3. Phil Pearl May 11, 2017 at 9:06 PM #

    Note: CVE-2015-6542 is being marked as a reservation duplicate of CVE-2016-3403 by Mitre.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures