NEW Zimbra Patches: 9.0.0 Patch 10 + 8.8.15 Patch 17

Hello Zimbra Friends, Customers & Partners,

Zimbra 9.0.0 “Kepler” Patch 10 and 8.8.15 “James Prescott Joule” Patch 17 are here.

Synacor Supports Social Justice Awareness, Pledges Inclusive Language

With these patches, Synacor affirms its support of social justice awareness throughout the world and moves made by the tech community to reexamine and replace dated terminology, pledging inclusive language. Specific terminology changes are detailed in the Release Notes. Thank you for helping us alter language to better match our shared values of equality, diversity and inclusion.

For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands. Please refer to the respective release notes for patch installation on Red Hat and Ubuntu platforms.

Note: Installing a zimbra-patch package only updates the Zimbra core packages.

Nginx Upgrade (Beta)
Upgraded 3rd Party Nginx from version 1.7.1 to 1.19.0.
– Nginx 1.19.0 support for TLSv1.3
We are nearing the end of our extensive QA cycle for this package upgrade. Watch for the GA announcement in an upcoming patch release.

Zimbra 9.0.0 “Kepler” Patch 10

Patch 10 is here for the Zimbra 9.0.0 “Kepler” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
zm-saml-consumer-store extension vulnerable to XXE attack CVE-2020-35123 Medium 9.0.0 P10

Patch Installation

Please refer to the release notes for Zimbra 9.0.0 Patch 10 installation on Red Hat and Ubuntu platforms.

Zimbra 8.8.15 “James Prescott Joule” Patch 17

Patch 17 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
zm-saml-consumer-store extension vulnerable to XXE attack CVE-2020-35123 Medium 8.8.15 P17

Patch Installation

Please refer to the release notes for Zimbra 8.8.15 Patch 17 installation on Red Hat and Ubuntu platforms.

Take care and thanks,
Your Zimbra Team

No comments yet.

Leave a Reply