Hello Zimbra Friends, Customers & Partners,
Patch 10 is here for the Zimbra 8.7.11 GA release, and it includes fixes as listed in the release notes.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Release or Patch Version |
|---|---|---|---|---|---|
| 109129 | Bug 109129 – XXE [CWE-611] | CVE-2019-9670 | 6.4 | Major | 8.7.11 Patch 10 |
Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.7.11 Patch 10 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.
Thank you,
Your Zimbra Team
WARNING: This patch breaks mailboxd, I had to recover from backup.
Hi — Did you open a case with Zimbra Support? We haven’t had any other reports that the patch breaks mailboxd.
No, I don’t have a Support subscription (only private use for friends and family).
Also I did not have the time to further investigate before the restore. Only thing I can tell is, mailboxd was running (also restarted without complaint), but did not accept any connection attempts, nor try to connect on its own.
I am running Zimbra OSE for eight years now, never had any serious issues. I guess I have to retry this one and plan for a longer maintenance window this time.
Hi Martin – if you don’t have a Support subscription, please try asking in forums.zimbra.com. Thanks!
Hi Gayle Billat,
Could you please let me know the patch where I can download?
Hi Peter – the patch download link is in the blog. There is a separate link for Network Edition and Open Source Edition. Please let me know if you need further help. Thanks!