Navigation

NEW! Patch Release: Zimbra Daffodil 10.1.4. New IGNITE Features PLUS! Security Fixes for three other versions

By on December 17, 2024 in Product News, Product Updates, Security & Privacy

Patch Security Severity: Medium

Deployment Risk: Low

This release focuses on essential security and improving user experience for the following editions

Existing Zimbra 9 customers have until 06/30/2025 to upgrade to the new version (Daffodil v10).

Patch updated on Dec 17th includes the following for the respective releases

Security Fix

  • An issue with encoded @import statements in <style> tags, which allowed the loading of malicious CSS, has been addressed.
  • A Cross-Site Scripting (XSS) vulnerability via crafted HTML content in the Zimbra Classic UI has been fixed.
  • A vulnerability in ChangePassword API, which allows unauthorized access, has been fixed to require a valid auth token.

 

What’s New

IGNITE FEATURES GOING INTO ZIMBRA DAFFODIL 10.1.4

Two-Factor Authentication 

Domain admins can now enable account two-factor authentication (2FA), allowing delegated or domain admins to access and manage accounts.

 

CLI Utility 

CLI Utility allows users to move blobs from one volume to another. More information available here.

 

URL Defanger

The email security feature, URL defanging, has been implemented, converting clickable links to non-clickable formats for added protection.

Fixed Issues

EML File Import

EML file importing is now available on Zimbra version 10 and above

 

Users With IMAP-Connected Accounts

After updating to iOS 18, users with IMAP-connected accounts reported poorer search performance, which contributed to overall slowness. The issue has been resolved.

 

Issues with SEND LATER in Modern UI

  • Fixed an issue with scheduled messages sent using Send Later with Send on Behalf or Send As Permissions.
  • Fixed an issue where Send Later messages were erased if the mailbox service was restarted before sending.
  • Resolved an issue with “zimbraAllowFromAddress” that was causing Send Later mails to disappear without sending.

Refer to release notes for full list of fixes

#ICYMI (In-Case-You-Missed-It)

New License Key Required for Zimbra Daffodil 10.1

It is mandatory to obtain a new license key to run the Zimbra Daffodil 10.1 software. 
You will not be able to proceed without a new Zimbra Daffodil V10.1 license key (including trial license). Watch the video or read the blog to find out more. 

Youtube Link to License Management Video

YouTube link to License Management Video

Additional Note

Zimbra Chat & Video is not yet part of the current 10.1.4 version. The new timelines will be communicated soon.

Refer to the release notes for the patch installation on Red Hat and Ubuntu platforms.

An upgrade to the latest patch for your version is highly recommended. Refer to our blog and the Zimbra Security Center for steps to ensure your system is safe.

No comments yet.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures