Zimbra Collaboration 8.8.8 Patch 4
Patch 4 is here for the 8.8.8 GA release, and it includes fixes as listed in the release notes.
Fixed Issues (Bugzilla query) |
|
|---|---|
| 108974 | Logging changes in 8.8.8 for sendMsg, createFolder, filters |
| 108975 | Cannot print email from zimbra webClient after installing 8.8.8 Patch1 |
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Release or Patch Version |
|---|---|---|---|---|---|
| 108902 | Persistent XSS – contact group [CWE-79] | CVE-2018-10939 | 3.5 | Minor | 8.8.8 Patch 4 |
Known Issues |
|
|---|---|
| 108972 | Talk Service is stopped after installing/upgrading to version 1.0.6 Workaround: Admin has to start Talk service manually, please see bug comment |
Patch Installation
For 8.8.8 Patches, you don’t need to download any patch builds. 8.8.8 Patch packages can be installed using Linux package management commands.
Please refer to the release notes for 8.8.8 Patch 4 installation on Redhat and Ubuntu platforms.
8.8.8 Patch Change: Please Read!
**This note is applicable only if you are upgrading from 8.8.8 GA or 8.8.8 Patch1 to latest patch. Ignore, if you are upgrading from 8.8.8 Patch2 or higher version of 8.8.8 Patch.
8.8.8 Patch (zimbra-patch) checks if your system is Network Edition and if so adds a new Network Edition-only package repository. As a result, after 8.8.8 Patch installation is completed, Network edition customers will need to run another package update/upgrade process to obtain the updated Network Edition-only packages available from newly added package repository.
Note: This patch should be installed only on all mailbox nodes running in your environment.
Zimbra Collaboration 8.7.11 Patch 4
Patch 4 is here for the 8.7.11 GA release, and it includes fixes as listed in the release notes.
Fixed Issues (Bugzilla query) |
|
|---|---|
| 107922 | Missing jar files of the Jackson Project prevent zmsoap –json from working |
| 108506 | Different date shown for Recurring Appointment Instance |
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Release or Patch Version |
|---|---|---|---|---|---|
| 108902 | Persistent XSS – contact group [CWE-79] | CVE-2018-10939 | 3.5 | Minor | 8.7.11 Patch 4 |
Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.7.11 Patch 4 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.
Could you please, please, please start including direct links to the OSS download page? It’s tedious to fill out the garbage leadgen form every single time when you’re releasing security patches weekly. :-(
Hi Jered – I’ll check on this for you, but this has been an ongoing discussion for years. To be honest, we need a way to capture lead info, so this is a tough issue. Thanks for your understanding.