Navigation

Patch Release Update: Zimbra 10.1.10, 10.0.16

By on July 18, 2025 in Product News

Patch Security Severity: Medium

Deployment Risk: Low

This patch updated on July 18th, 2025 focuses on essential fixes and user experience improvements for the following editions:

End of Life (EOL) Notice

Zimbra Daffodil 10.0: Zimbra Daffodil 10.0 reached the end of General Support on June 31st, 2025, and is set to reach EOL on December 31st, 2025.  No further updates will be provided after this date. Customers using these versions are advised to plan their migration to the 10.1 version to ensure continued security updates and access to the latest features.

Zimbra 9.0: Zimbra 9.0 reached EOL on June 31st, 2025.

We strongly recommend upgrading to a supported version like Zimbra 10.1 to maintain security, performance, and access to our dedicated support. We’re here to help make this transition as smooth as possible: 

CentOS 7, RHEL 7, and Oracle Linux 7

RHEL7 and CentOS 7 reached EOL in June 2024, and Oracle Linux 7 in December 2024.

Zimbra will deprecate support for these operating systems following the release of Zimbra 10.1.10 by July 2025.  After this release, no further updates, patches, or official support will be provided for RHEL/CentOS/Oracle 7 operating systems.

We recommend upgrading to RHEL/Rocky/Oracle Linux 9. For assistance, please contact our Support team.

Things to know before you upgrade

Changes to SpamAssassin

Apache SpamAssassin has been upgraded to version 4.0.1 to fix multiple bugs.  If you have made custom changes to this file, please back up your current file before the upgrade and after the upgrade, re-apply your changes manually to the new salocal.cf.in.  Please refer to the Release Notes for more details.

What’s New in 10.1.10

User Interface (UI) & Usability:

Password expiry reminder

This feature allows system administrators to enable password expiry reminders for users so that they are informed about the upcoming password expiration of their account and accordingly can take the required action.

Modern UI Enhancements

Display a tag icon in the message list

Tagged emails and conversations threads will now display a tag icon directly in the message list, positioned near the attachment icon.

Improved Dark Mode

Previously, mail contents was not visible as expected in dark mode. Modern UI dark theme has been improved to ensure mail contents are displayed correctly.

Smart Scroll Handling

The chat interface now auto-scrolls to new messages, even in active conversations.

Preview markdown files in Modern UI

This feature supports previewing attached Markdown (.md) files directly within the Modern UI. Users can view Markdown content seamlessly in side panel, files stored in Briefcase and included in calendar invites.

 

Security

Block attachment downloads

Modern UI The “zimbraAttachmentsBlocked” attribute now works as expected for the Modern UI. When it is set to true, it blocks attachment downloads for the emails with attachments.

Provide a new option to update the digital certificate for S/MIME

Users can now not only upload but also replace or remove the digital uploaded S/MIME certificate.

Communication & Collaboration

ZCO / ActiveSync / EWS

Multiple enhancements and fixes in calendaring, sharing, delegation, and mail syncing with Outlook and other Apps.

Chat

  • Core Platform Enhancements: massive domain provisioning, internationalization for Classic UI, Zimbra Desktop integration, Chat data preservation
  • Usability & Operational Improvements: General UX polish, Dark Mode improvements, Smart Scroll handling

Security Fix10.1.10 & 10.0.16

  • GraphiQL IDE Disabled: For enhanced security, the accessible GraphiQL IDE has been disabled.
  • Dependency Updates: We’ve upgraded the @babel/runtime package to resolve a ReDoS vulnerability.
  • Authentication & Password Security:
    • Addressed a CSRF vulnerability found on the Reset Password Endpoint.
    • Fixed an issue allowing Two-Factor Authentication bypass through unauthorized 2FA modification.
  • Rsync Package Update: The rsync package has been updated to patch multiple vulnerabilities.

Refer to our Zimbra Security Center to ensure your system is safe.

Fixed Issues – 10.1.10

  • Zimbra, Modern UI, Classic UI, and Admin Console
  • Zimbra Connector for Outlook (ZCO)
  • ActiveSync and EWS
  • Backup&Restore Improvements & Migrations
  • Chat
  • Third party upgrade

Customer Feedback Portal

Vote on suggested features, propose your own and stay updated with our product roadmap. Join us at pm.zimbra.com, our dedicated customer portal, for product feedback. Contribute to Zimbra’s evolution!

No comments yet.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures