NEW Zimbra Patches: 8.8.10 Patch 2 + 8.7.11 Patch 7 + 8.6.0 Patch 12

Hello Zimbra Friends, Customers & Partners,

We have three new patches to announce:

  • Zimbra 8.8.10 “Konrad Zuse” Patch 2
  • 8.7.11 Patch 7
  • 8.6.0 Patch 12

Zimbra 8.8.10 “Konrad Zuse” Patch 2

Patch 2 is here for the Zimbra 8.8.10 “Konrad Zuse” GA release, and it includes fixes as listed in the release notes.

What’s New

Zimbra Drive (Beta) Zimbra Drive v2 is a new Zimbra component that provides a complete file storage system integrated with the Zimbra Web Client that replaces the Zimbra “Briefcase”. The Drive feature is disabled by default, but you can enable it using a command as zimbra user. Refer to the release notes for more information.

NOTE: Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
109020 Persistent XSS – Web Client / Defanger [CWE-79] CVE-2018-18631 5.0 Major 8.8.10 Patch 2

Patch Installation

For 8.8.8 and above Zimbra Patches, you don’t need to download any patch builds. The Patch packages can be installed using Linux package management commands.
Note: Installing the zimbra-patch package only updates the Zimbra core packages. Please refer to the release notes for Zimbra 8.8.10 Patch 2 installation on Redhat and Ubuntu platforms.

Zimbra 8.7.11 Patch 7

Patch 7 is here for the Zimbra 8.7.11 GA release, and it includes fixes as listed in the release notes.

Fixed Issues

Fixed Activesync issue “Low Heap Size errors caused by com.zimbra.zimbrasync.commands.SyncListener accumulating”
Fixed web client issue “text vanished after reply to email”

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
109018 Non-Persistent XSS – Web Client [CWE-79] CVE-2018-18631 5 Major 8.7.11 Patch 7
109020 Persistent XSS – Web Client / Defanger [CWE-79] CVE-2018-18631 5 Major 8.7.11 Patch 7

Patch Installation

Download the patch for Network Edition and Open Source Edition.

Please refer to the release notes for 8.7.11 Patch 7 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.

Zimbra 8.6.0 Patch 12

Patch 12 is here for the Zimbra 8.6.0 GA release, and it includes fixes as listed in the release notes.

Fixed Issues

Fixed Activesync issue “Low Heap Size errors caused by com.zimbra.zimbrasync.commands.SyncListener accumulating”

Patch Installation

Download the patch for Network Edition and Open Source Edition.

Please refer to the release notes for 8.6.0 Patch 12 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.

Thank you,

Your Zimbra Team

No comments yet.

Leave a Reply