Zimbra Collaboration 8.7.11 Patch 1 Available, Includes Security Fixes

A patch has been issued for 8.7.11 GA release that includes security fixes as listed in the release notes.

Download the Patch

Please do a full backup or snapshot before installing this patch. You can download the patch, MD5 and SHA 256 files here:

Please read the release notes here.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See Zimbra Security Response Policy and Zimbra Vulnerability Rating Classification information below for details.


Bug# Summary CVE-ID CVSS
108265 Persistent XSS CWE-79 CVE-2017-17703 4.3 Minor
107925 Persistent XSS CWE-79 CVE-2017-8802 3.5 Minor
108786 Persistent XSS CWE-79 CVE-2018-6882 4.3 Minor

Before installing the patch, consider the following:

  • Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration.
  • Patches are delivered as a TGZ file and are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back mechanism.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.


2 Responses to Zimbra Collaboration 8.7.11 Patch 1 Available, Includes Security Fixes

  1. javier March 21, 2018 at 2:33 PM #

    como puedo obtener una ayuda para un inconveniente con el correo en el movil

    • Gayle Billat March 27, 2018 at 4:01 PM #

      Hi Javier – please contact your email service provider or your Zimbra administrator. Thanks.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures