Hello Zimbra Friends, Customers & Partners,
Zimbra 9.0.0 “Kepler” Patch 21 and 8.8.15 “James Prescott Joule” Patch 28 are here.
Security Recommendation
Zimbra strongly recommends that you review whether the Proxy Servlet is configured to allow a particular host (via the zimbraProxyAllowedDomains configuration setting on each class of service). Please make sure:
- Each entry in
zimbraProxyAllowedDomainsis a safe and trusted host. - There are NO wild card entries like *.webex.com. Instead use specific hosts like example.webex.com.
Zimbra 9.0.0 is now fully supported on Ubuntu 20 (GA).
Download the latest Ubuntu 20 binaries from https://www.zimbra.com/downloads
Apache has been upgraded from 2.4.46 to 2.4.51.
Security Fixes
| Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Patch Version |
|---|---|---|---|---|
| Upgraded Apache to 2.4.51 to avoid multiple vulnerabilities. | CVE-2021-30641 CVE-2020-35452 |
7.3 | High | 9.0.0 P21 8.8.15 P28 |
Zimbra 9.0.0 “Kepler” Patch 21
Patch 21 is here for the Zimbra 9.0.0 “Kepler” GA release, and it includes What’s New, Fixed Issues and Known Issues as listed in the release notes. Please refer to the release notes for Zimbra 9.0.0 Patch 21 installation on Red Hat and Ubuntu platforms.
Zimbra 8.8.15 “James Prescott Joule” Patch 28
Patch 28 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes What’s New, Fixed Issues and Known Issues as listed in the release notes. Please refer to the release notes for Zimbra 8.8.15 Patch 28 installation on Red Hat and Ubuntu platforms.
Note:
- For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands.
- You cannot revert to the previous ZCS release after you upgrade to the patch.
Take care and thanks,
Your Zimbra Team
Please, I need guidance about patching the open source versions. Do this patches builds work with the open source version? Thanks in advance
Please ask over at https://forums.zimbra.org/