Security bug fixes and OpenSSL upgrade
Zimbra OpenSSL now runs in FIPS-compliant mode by default. This increases security which requires no additional action on your part.
However, should you run into issues, you can find steps to disable OpenSSL FIPS in the release notes.
This patch upgrades OpenSSL to major version 3.0.x.
To safeguard your system, we recommend you always upgrade to the latest patch and regularly refer to our blog and the Zimbra Security Center for steps to ensure your system is safe.To safeguard your system, we recommend you always upgrade to the latest patch and regularly refer to our blog and the Zimbra Security Center for steps to ensure your system is safe.
Patch Release for the following editions
- Daffodil 10.0.2
- 9.0.0 Kepler Patch 34
- 8.8.15 Joule Patch 41
Patched updated on 26 July include the following listed in their respective releases
- What’s New
- Fixed Issues
- Known Issues
- Security Fixes
Please refer to the release notes for the patch installation on Red Hat and Ubuntu platforms.
An upgrade to the latest patch for your version is highly recommended. More information about the recommended patch can be found at:
We plan to make additional information available on our Security Center page as it becomes available.
Versions Reaching End of General Support
Zimbra 9.0.0 and 8.8.15 will be reaching their end-of-life (EOL). Support, security patches, or updates for these versions of our collaboration software will last through the below dates
Zimbra 9.0.0 End of General Support: 03/31/2024
Zimbra 8.8.15 End of General Support: 12/31/2023
Note: Additional configuration for further hardening your Zimbra setup can be found on the Zimbra Support Portal. It is recommended that all customers consider these additional steps