Navigation

Zimbra Patches: 8.8.9 Patch 1 + 8.8.8 Patch 7 + 8.7.11 Patch 5

By on July 19, 2018 in Product News, Product Updates, Zimbra Server

Hello Zimbra Friends, Customers & Partners,

Zimbra 8.8.9 “Curie” Patch 1, Zimbra 8.8.8 “Turing” Patch 7 and Zimbra Collaboration 8.7.11 Patch 5 are here.

Zimbra 8.8.9 “Curie” Patch 1

Patch 1 is here for the 8.8.9 “Curie” GA release, and it includes fixes as listed in the release notes.

Fixed Issues
Forgot password feature implementation

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
108970 Persistent XSS – briefcase [CWE-79] TBD 3.5 Minor 8.8.9 Patch 1

Known Issues
Forgot password UI work is under development for 2FA enabled users
Primary remote volume is moved to secondary volume after setting it as current volume in HSM module of Admin console
Workaround: Volume can be set as current using “zxsuite hsm doUpdateVolume” command

Patch Installation

For 8.8.9 Patches, you don’t need to download any patch builds. 8.8.9 Patch packages can be installed using Linux package management commands.
Please refer to the release notes for 8.8.9 Patch 1 installation on Redhat and Ubuntu platforms.

 

Zimbra 8.8.8 “Turing” Patch 7

Patch 7 is here for the 8.8.8 “Turing” GA release, and it includes fixes as listed in the release notes.

Fixed Issues
Fixed email subject encoding issue – Handled spaces in encoded word for us-ascii charset
Scrolling down after toggle read/unread in Webclient causes network error)

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
108970 Persistent XSS – briefcase [CWE-79] TBD 3.5 Minor 8.8.8 Patch 7

Patch Installation

For 8.8.8 Patches, you don’t need to download any patch builds. 8.8.8 Patch packages can be installed using Linux package management commands.
Please refer to the release notes for 8.8.8 Patch 7 installation on Redhat and Ubuntu platforms.

8.8.8 Patch Change: Please Read!
**This note is applicable only if you are upgrading from 8.8.8 GA or 8.8.8 Patch 1 to the latest patch. Ignore this note if you are upgrading from 8.8.8 Patch 2 or higher.

8.8.8 Patch (zimbra-patch) checks if your system is Network Edition, and if so, it adds a new Network Edition-only package repository. As a result, after the 8.8.8 Patch installation is completed, Network Edition customers will need to run another package update/upgrade process to obtain the updated Network Edition-only packages available from the newly added package repository.

Note: This patch should be installed only on all mailbox nodes running in your environment. On other nodes, other packages need to be installed to upgrade OpenJDK and ClamAV, as per the below instructions.

OpenJDK/ClamAV Installation Instructions for Non-mailbox/MTA nodes:
**This note is applicable only if upgrading from 8.8.8 Patch 4 or previous versions to Patch 6. Ignore if you are upgrading from 8.8.8 Patch 5 or higher.

  • Install zimbra-core-components package to upgrade OpenJDK on non-mailstore nodes. On mailstore nodes, OpenJDK will be updated using zm-patch.
  • Install zimbra-mta-components package to upgrade ClamAV on Mailstore and MTA nodes. zm-patch will not update ClamAV on any nodes.

 

Zimbra Collaboration 8.7.11 Patch 5

Patch 5 is here for the 8.7.11 GA release, and it includes fixes as listed in the release notes.

Fixed Issues
Fixed email subject encoding issue – Handled spaces in encoded word for us-ascii charset
SMIME signed mail showing invalid in gmail
“ZInternetHeader.decode java.lang.ArrayIndexOutOfBoundsException” exception – fixed issue with parsing incorrect mime header

Patch Installation

Download the patch for Network Edition and Open Source Edition.

Please refer to the release notes for 8.7.11 Patch 5 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.

Thank you,

Your Zimbra Team

 

Comments are closed.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures