Zimbra Patches: 8.8.8 Patch 4 + 8.7.11 Patch 4

Zimbra Collaboration 8.8.8 Patch 4

Patch 4 is here for the 8.8.8 GA release, and it includes fixes as listed in the release notes.

Fixed Issues (Bugzilla query)

108974 Logging changes in 8.8.8 for sendMsg, createFolder, filters
108975 Cannot print email from zimbra webClient after installing 8.8.8 Patch1

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
108902 Persistent XSS – contact group [CWE-79] CVE-2018-10939 3.5 Minor 8.8.8 Patch 4

Known Issues

108972 Talk Service is stopped after installing/upgrading to version 1.0.6
Workaround: Admin has to start Talk service manually, please see bug comment

Patch Installation

For 8.8.8 Patches, you don’t need to download any patch builds. 8.8.8 Patch packages can be installed using Linux package management commands.
Please refer to the release notes for 8.8.8 Patch 4 installation on Redhat and Ubuntu platforms.

8.8.8 Patch Change: Please Read!
**This note is applicable only if you are upgrading from 8.8.8 GA or 8.8.8 Patch1 to latest patch. Ignore, if you are upgrading from 8.8.8 Patch2 or higher version of 8.8.8 Patch.

8.8.8 Patch (zimbra-patch) checks if your system is Network Edition and if so adds a new Network Edition-only package repository. As a result, after 8.8.8 Patch installation is completed, Network edition customers will need to run another package update/upgrade process to obtain the updated Network Edition-only packages available from newly added package repository.

Note: This patch should be installed only on all mailbox nodes running in your environment.

 

Zimbra Collaboration 8.7.11 Patch 4

Patch 4 is here for the 8.7.11 GA release, and it includes fixes as listed in the release notes.

Fixed Issues (Bugzilla query)

107922 Missing jar files of the Jackson Project prevent zmsoap –json from working
108506 Different date shown for Recurring Appointment Instance

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
108902 Persistent XSS – contact group [CWE-79] CVE-2018-10939 3.5 Minor 8.7.11 Patch 4

Patch Installation

Download the patch for Network Edition and Open Source Edition.

Please refer to the release notes for 8.7.11 Patch 4 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.

 

2 Responses to Zimbra Patches: 8.8.8 Patch 4 + 8.7.11 Patch 4

  1. Jered Floyd May 26, 2018 at 4:53 PM #

    Could you please, please, please start including direct links to the OSS download page? It’s tedious to fill out the garbage leadgen form every single time when you’re releasing security patches weekly. :-(

    • Gayle Billat October 26, 2018 at 10:18 PM #

      Hi Jered – I’ll check on this for you, but this has been an ongoing discussion for years. To be honest, we need a way to capture lead info, so this is a tough issue. Thanks for your understanding.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures