Hello Zimbra Friends, Customers & Partners,
We have three new patches to announce:
- Zimbra 8.8.15 “James Prescott Joule” Patch 2
- Zimbra 8.8.12 “Isaac Newton” Patch 6
- Zimbra 8.7.11 Patch 14
Zimbra 8.8.15 “James Prescott Joule” Patch 2
Patch 2 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes fixes as listed in the release notes.
Zimbra 8.8.15 now fully supported on UBUNTU18 (GA).
Download the latest UBUNTU-18 binaries from https://www.zimbra.com/downloads.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Patch Version |
|---|---|---|---|---|---|
| 12356 | Upgraded ClamAV to 0.101.4 | CVE-2019-12625 | – | – | 8.8.15 P2 |
Patch Installation
For 8.8.15 Patches, you don’t need to download any patch builds. 8.8.15 Patch packages can be installed using Linux package management commands. Please refer to the release notes for Zimbra 8.8.15 Patch 2 installation on Redhat and Ubuntu platforms.
Note: Installing a zimbra-patch package only updates the Zimbra core packages.
Zimbra 8.8.12 “Isaac Newton” Patch 6
Patch 6 is here for the Zimbra 8.8.12 “Isaac Newton” GA release, and it includes fixes as listed in the release notes.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Patch Version |
|---|---|---|---|---|---|
| 109174 | Non-Persistent XSS CWE-79 | CVE-2019-12427 | 4.3 | Minor | 8.8.12 P6 |
| 12356 | Upgraded ClamAV to 0.101.4 | CVE-2019-12625 | – | – | 8.8.12 P6 |
Patch Installation
For 8.8.12 Patches, you don’t need to download any patch builds. 8.8.12 Patch packages can be installed using Linux package management commands. Please refer to the release notes for Zimbra 8.8.12 Patch 6 installation on Redhat and Ubuntu platforms.
Note: Installing a zimbra-patch package only updates the Zimbra core packages.
Zimbra 8.7.11 Patch 14
Patch 14 is here for the Zimbra 8.7.11 GA release, and it includes fixes as listed in the release notes.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Patch Version |
|---|---|---|---|---|---|
| 109174 | Non-Persistent XSS CWE-79 | CVE-2019-12427 | 4.3 | Minor | 8.7.11 P14 |
| 12356 | Upgraded ClamAV to 0.101.4 | CVE-2019-12625 | – | – | 8.7.11 P14 |
Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.7.11 Patch 14 installation
Note: This patch should be installed only on all mailbox nodes running in your environment.
Thank you,
Your Zimbra Team
thank you for new version Zimbra
Thanks for 8.7.11 Patch 14! Please consider only security patches for 8.7.11 for at least another year!
Marco
Dears,
we have open source 8.8.11 so we need to upgrade the system into 8.8.15. so is there any prerequisite to upgrade
Hello – you will find the release notes for 8.8.15 here . If you have specific questions about the upgrade, please open a case with Zimbra Support or ask on forums.zimbra.com. Thanks!
thank you for new version Zimbra
thank you for new version Zimbra. Thank you very much!