Zimbra Patches: 8.8.15 Patch 1 + 8.8.12 Patch 5

Hello Zimbra Friends, Customers & Partners,

Zimbra 8.8.15 “James Prescott Joule” Patch 1 and 8.8.12 “Isaac Newton” Patch 5 are here.

For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands. Please refer to the respective release notes for patch installation on Red Hat and Ubuntu platforms.

Note: Installing a zimbra-patch package only updates the Zimbra core packages.

Zimbra 8.8.15 “James Prescott Joule” Patch 1

Patch 1 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes fixes as listed in the release notes.

Highlights:

  • Zimbra 8.8.15 now fully supported on UBUNTU18 (GA). Download the latest UBUNTU-18 binaries from https://www.zimbra.com/downloads
  • Zimbra Connect (New Features)
    • Instant Meetings – Text and video chat sessions can include external users.
    • User Profile Manager – Users now can manage their Connect notification settings and upload a profile picture.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
109174 Non-Persistent XSS – admin console CVE-2019-12427 4.3 Minor 8.8.15 P1
109141 Non-Persistent XSS – web client CVE-2019-15313 4.3 Minor 8.8.15 P1

Zimbra 8.8.12 “Isaac Newton” Patch 5

Patch 5 is here for the Zimbra 8.8.12 “Isaac Newton” GA release, and it includes fixes as listed in the release notes.

Fixed Issues

CSS display attribute is now configurable in OWASP allowing users to have better control over HTML rendering elements.
Introduction of OWASP sanitization caused HTML action buttons shown in emails to open the links inside the email preview pane. They now open in a new tab or window.
The zimbraLastLogonTimeStampFrequency setting now limits the frequency of updates to the ‘’lastLoginTimeStamp’’ in ephemeral data storage, reducing the load for syncing those changes in multi-node systems.

Thank you,
Your Zimbra Team

2 Responses to Zimbra Patches: 8.8.15 Patch 1 + 8.8.12 Patch 5

  1. Marco September 4, 2019 at 3:04 PM #

    Hi,
    is Zimbra 8.7.11 affected from the CVE listed in this patch ?
    thanks
    Marco

    • Gayle Billat September 30, 2019 at 6:30 PM #

      Hi Marco – sorry for the delayed response! Yes, we released 8.7.11 patch 14 today which fixes the CVE. Thanks!

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures