NEW Zimbra Patches: 8.8.11 Patch 2 + 8.8.10 Patch 6 + 8.7.11 Patch 8

Hello Zimbra Friends, Customers & Partners,

We have three new patches to announce:

  • Zimbra 8.8.11 “Homi Bhabha” Patch 2
  • Zimbra 8.8.10 “Konrad Zuse” Patch 6
  • Zimbra 8.7.11 Patch 8

Zimbra 8.8.11 “Homi Bhabha” Patch 2

Patch 2 is here for the Zimbra 8.8.11 “Homi Bhabha” GA release, and it includes fixes as listed in the release notes.

Fixed Issues

  • Fixed Defang Regex which causes 100% CPU utilization
  • zimbraMtaBlockedExtension is now working when sending a file with trailing spaces

Zimbra Doc server installer is available for Ubuntu 18 , Ubuntu 16 and RHEL 7. You can download the doc server installer here.

Patch Installation

For 8.8.11 Patches, you don’t need to download any patch builds. 8.8.11 Patch packages can be installed using Linux package management commands. Please refer to the release notes for Zimbra 8.8.11 Patch 2 installation on Redhat and Ubuntu platforms.

Note: Installing zimbra-patch package only updates the Zimbra core packages.

Zimbra 8.8.10 “Konrad Zuse” Patch 6

Patch 6 is here for the Zimbra 8.8.10 “Konrad Zuse” GA release, and it includes fixes as listed in the release notes.

Fixed Issues

  • Fixed Defang Regex which causes 100% CPU utilization
  • zimbraMtaBlockedExtension is now working when sending a file with trailing spaces

Zimbra Doc server installer is available for Ubuntu 18 , Ubuntu 16 and RHEL 7. You can download the doc server installer here.

Patch Installation

For 8.8.10 Patches, you don’t need to download any patch builds. 8.8.10 Patch packages can be installed using Linux package management commands. Please refer to the release notes for Zimbra 8.8.10 Patch 6 installation on Redhat and Ubuntu platforms.

Note: Installing zimbra-patch package only updates the Zimbra core packages.

Zimbra 8.7.11 Patch 8

Patch 8 is here for the Zimbra 8.7.11 GA release, and it includes fixes as listed in the release notes.

Fixed Issues

Fixed Defang Regex which causes 100% CPU utilization

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
109017 Backport – Bug 109017 – Non-persistent XSS – Web Client (HTML Search) [CWE-79] CVE-2018-14013 4.3 Major 8.7.11 Patch8
109093 Bug 109093 – XXE – Chat [CWE-611] CVE-2018-20160 6.4 Major 8.7.11 Patch8

Patch Installation

Download the patch for Network Edition and Open Source Edition.

Please refer to the release notes for 8.7.11 Patch 8 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.

Thank you,
Your Zimbra Team

No comments yet.

Leave a Reply