Hello Zimbra Customers, Partners & Friends,
After intensive review and testing, Zimbra Development has determined that the 0-day exploit vulnerability for Log4j (CVE-2021-44228) does not affect the current Supported Zimbra versions (9.0.0 & 8.8.15). The current version of Log4j used in Zimbra is 1.2.16. The vulnerability occurs in log4j versions 2.0 and higher.
Your Zimbra Team