Hello Zimbra Friends, Customers & Partners,
Zimbra 8.8.9 “Curie” Patch 4 and Zimbra “Turing” 8.8.8 Patch 9 are here.
Zimbra 8.8.9 “Curie” Patch 4
Patch 4 is here for the 8.8.9 “Curie” GA release, and it includes fixes as listed in the release notes.
|Admin Console: Move alias operation is now working|
|SMIME: Save message sender’s SMIME certificate to corresponding contact|
For 8.8.9 Patches, you don’t need to download any patch builds. 8.8.9 Patch packages can be installed using Linux package management commands. Please refer to the release notes for 8.8.9 Patch 4 installation on Redhat and Ubuntu platforms.
Zimbra 8.8.8 “Turing” Patch 9
Patch 9 is here for the 8.8.8 GA release, and it includes fixes as listed in the release notes.
Major Feature Announcements
- OpenLDAP 2.4.46 package with multiVal and sortVal support is available. Multival configuration is recommended for large deployments.
Please follow https://wiki.zimbra.com/wiki/Zimbra-LDAP_Multival_Configuration for Multival configuration steps.
|Email with an encoded subject not rendering properly|
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.
|Bug#||Summary||CVE-ID||CVSS Score||Zimbra Rating||Fix Release or Patch Version|
|109012||Account Enumeration [CWE-203]||CVE-2018-15131||5||Major||8.8.8 Patch 9|
For 8.8.8 Patches, you don’t need to download any patch builds. 8.8.8 Patch packages can be installed using Linux package management commands. Please refer to the release notes for 8.8.8 Patch 9 installation on Redhat and Ubuntu platforms.
8.8.8 Patch Change: Please Read!
**This note is applicable only if you are upgrading from 8.8.8 GA or 8.8.8 Patch 1 to the latest patch. Ignore this note if you are upgrading from 8.8.8 Patch 2 or higher.
8.8.8 Patch (zimbra-patch) checks if your system is Network Edition, and if so, it adds a new Network Edition-only package repository. As a result, after the 8.8.8 Patch installation is completed, Network Edition customers will need to run another package update/upgrade process to obtain the updated Network Edition-only packages available from the newly added package repository.
Note: This patch should be installed only on all mailbox nodes running in your environment. On other nodes, other packages need to be installed to upgrade OpenJDK and ClamAV, as per the below instructions.
OpenJDK/ClamAV Installation Instructions for Non-mailbox/MTA nodes:
**This note is applicable only if upgrading from 8.8.8 Patch 4 or previous versions to Patch 9. Ignore if you are upgrading from 8.8.8 Patch 5 or higher version of 8.8.8 Patch.
- Install zimbra-core-components package to upgrade OpenJDK on non-mailstore nodes. On mailstore nodes, OpenJDK will be updated using zm-patch.
- Install zimbra-mta-components package to upgrade ClamAV on Mailstore and MTA nodes. zm-patch will not update ClamAV on any nodes.
Your Zimbra Team