NEW Zimbra Patches: 8.8.8 Patch 4 + 8.7.11 Patch 4

Zimbra Collaboration 8.8.8 Patch 4

Patch 4 is here for the 8.8.8 GA release, and it includes fixes as listed in the release notes.

Fixed Issues (Bugzilla query)

108974 Logging changes in 8.8.8 for sendMsg, createFolder, filters
108975 Cannot print email from zimbra webClient after installing 8.8.8 Patch1

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
108902 Persistent XSS – contact group [CWE-79] CVE-2018-10939 3.5 Minor 8.8.8 Patch 4

Known Issues

108972 Talk Service is stopped after installing/upgrading to version 1.0.6
Workaround: Admin has to start Talk service manually, please see bug comment

Patch Installation

For 8.8.8 Patches, you don’t need to download any patch builds. 8.8.8 Patch packages can be installed using Linux package management commands.
Please refer to the release notes for 8.8.8 Patch 4 installation on Redhat and Ubuntu platforms.

8.8.8 Patch Change: Please Read!
**This note is applicable only if you are upgrading from 8.8.8 GA or 8.8.8 Patch1 to latest patch. Ignore, if you are upgrading from 8.8.8 Patch2 or higher version of 8.8.8 Patch.

8.8.8 Patch (zimbra-patch) checks if your system is Network Edition and if so adds a new Network Edition-only package repository. As a result, after 8.8.8 Patch installation is completed, Network edition customers will need to run another package update/upgrade process to obtain the updated Network Edition-only packages available from newly added package repository.

Note: This patch should be installed only on all mailbox nodes running in your environment.

 

Zimbra Collaboration 8.7.11 Patch 4

Patch 4 is here for the 8.7.11 GA release, and it includes fixes as listed in the release notes.

Fixed Issues (Bugzilla query)

107922 Missing jar files of the Jackson Project prevent zmsoap –json from working
108506 Different date shown for Recurring Appointment Instance

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
108902 Persistent XSS – contact group [CWE-79] CVE-2018-10939 3.5 Minor 8.7.11 Patch 4

Patch Installation

Download the patch for Network Edition and Open Source Edition.

Please refer to the release notes for 8.7.11 Patch 4 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.

 

No comments yet.

Leave a Reply