NEW Zimbra 8.7.11 Patch 10

Hello Zimbra Friends, Customers & Partners,

Patch 10 is here for the Zimbra 8.7.11 GA release, and it includes fixes as listed in the release notes.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
109129 Bug 109129 – XXE [CWE-611] CVE-2019-9670 6.4 Major 8.7.11 Patch 10

Patch Installation

Download the patch for Network Edition and Open Source Edition.

Please refer to the release notes for 8.7.11 Patch 10 installation.

Note: This patch should be installed only on all mailbox nodes running in your environment.

Thank you,
Your Zimbra Team

6 Responses to NEW Zimbra 8.7.11 Patch 10

  1. Martin March 19, 2019 at 11:56 AM #

    WARNING: This patch breaks mailboxd, I had to recover from backup.

    • Gayle Billat March 25, 2019 at 8:18 PM #

      Hi — Did you open a case with Zimbra Support? We haven’t had any other reports that the patch breaks mailboxd.

    • Martin March 29, 2019 at 6:56 PM #

      No, I don’t have a Support subscription (only private use for friends and family).
      Also I did not have the time to further investigate before the restore. Only thing I can tell is, mailboxd was running (also restarted without complaint), but did not accept any connection attempts, nor try to connect on its own.
      I am running Zimbra OSE for eight years now, never had any serious issues. I guess I have to retry this one and plan for a longer maintenance window this time.

    • Gayle Billat April 17, 2019 at 7:08 PM #

      Hi Martin – if you don’t have a Support subscription, please try asking in forums.zimbra.com. Thanks!

  2. Peter Parker April 7, 2019 at 9:09 AM #

    Hi Gayle Billat,

    Could you please let me know the patch where I can download?

    • Gayle Billat April 17, 2019 at 7:06 PM #

      Hi Peter – the patch download link is in the blog. There is a separate link for Network Edition and Open Source Edition. Please let me know if you need further help. Thanks!

Leave a Reply