Patch Release: Compression support on S3 external volumes, Enabled Concurrent Socket Connection for OpenJDK & Other Enhancements

Patch Security Severity: Medium

Deployment Risk: Medium

This release focuses on essential security and improving user experience for the following editions


Patch updated on Apr 22 include the following in their respective releases

What’s New

  • Performance
    Enabled concurrent socket connection for OpenJDK
  • External Storage (Zimbra Daffodil only)
    Added compression support on S3 external volumes
  • Emails in Modern Web App (Zimbra Daffodil only)
    Users can reply and forward emails in plaintext

Security Enhancements 

  • Upgraded postfix for improved security
    To fix sMTP smuggling vulnerability (CVE-2023-51764)
  • Upgraded PHP
    To reduce security risks
  • Implemented multiple security fixes related to XSS (Cross-Site Scripting) attacks 

#ICYMI (In-Case-You-Missed-It)

  • End of Patch for Zimbra Server on Ubuntu 18.04
    There will no longer be any patch releases for Zimbra Daffodil (v10) on Ubuntu 18.04 operating system. Customers are encouraged to use Ubuntu 20.04 for installations of Zimbra Daffodil (v10) to benefit from future patch releases.

Refer to the release notes for the patch installation on Red Hat and Ubuntu platforms.

An upgrade to the latest patch for your version is highly recommended. Refer to our blog and the Zimbra Security Center for steps to ensure your system is safe.


End of General Support 

Zimbra 8.8.15 has reached the end of General Support.

Support, security patches, or updates for Zimbra 9.0.0 General Support will last through 12/31/2024

No comments yet.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures