Hello Zimbra Friends, Customers & Partners,
Patch 13 is here for the Zimbra 8.6.0 GA release, and it includes fixes as listed in the release notes.
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.
|Bug#||Summary||CVE-ID||CVSS Score||Zimbra Rating||Fix Release or Patch Version|
|109129||Bug 109129 – XXE [CWE-611]||CVE-2019-9670||6.4||Major||8.6.0 Patch 13|
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.6.0 Patch 13 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.
Your Zimbra Team