This is a reposting of Rene’s original blog announcement on March 18, 2019. Please read and be sure that your Zimbra Patches are up-to-date!
Hello Zimbra Friends,
The Zimbra Security team has been working with security researcher An Trinh in advance of his recently-published blog post. In the blog, Trinh details his findings regarding a vulnerability which, if exploited, could allow an attacker to remotely execute code on an affected Zimbra system.
To secure supported versions of Zimbra (8.7 and 8.8)
- Zimbra customers running versions of 8.8 must upgrade to 8.8.10 Patch 7 or 8.8.11 Patch 3
- Zimbra customers running the long term support version (LTS) 8.7.11 must upgrade to 8.7.11 Patch 10
To secure unsupported version of Zimbra (8.6 and earlier)
- Customers running 8.6 must upgrade to Patch 13 – This Patch is scheduled for release 19 March.
- Older versions of Zimbra are vulnerable until they are upgraded to a supported version.
If you require guidance around your upgrade, please contact your Zimbra Partner or Zimbra Support for further information.
NOTE: Zimbra recommends that you always upgrade to the latest version of Zimbra to protect against possible security vulnerabilities.
Vice President Product eMail and Collaboration