Patch Security Severity: High
Deployment Risk: Medium
This patch fixes a stored cross-site scripting (XSS) vulnerability and enhances protection by upgrading AntiSamy to version 1.7.8 and removing the outdated code. It includes critical fixes and user experience improvements for the following editions:
We recommend all administrators and users to apply this update to strengthen your system’s stability and ensures uninterrupted service performance.
What’s New in 10.1.13
Communication & Collaboration
- Ignite: Smart email search with instant suggestions and LDAP-supported external email warning
- Modern Web App: Improved drag-and-drop, calendar management, tag organization, dumpster functionality, and POP/IMAP settings in Modern UI
- Zimbra Connector for Outlook (ZCO): Outlook 2024 compatibility, better meeting proposals and shared folder handling
- ActiveSync & Exchange Web Services (EWS): Reliable iOS attachments and consistent calendar sync across all devices. Following Microsoft’s recent announcement extending Legacy EWS support to October 2026 (from the previous October 2025 deadline), Zimbra will maintain EWS compatibility across all currently supported Outlook versions, ensuring uninterrupted service for Outlook clients using this protocol.
- Chat and Video: Chat zimlets and extensions have been updated with the latest improvements. Chat installer zfzi-2.0.1 is now available, and the customization version has been updated to 10.2.1, bringing enhanced performance and bug fixes.
Modern UI Enhancements
- POP/IMAP Management: Users can now manage email access settings directly from Modern Webmail, including on mobile.
- Copy-Paste Formatting: Content from Excel, PowerPoint, Word, and web pages now keeps its formatting when pasted into emails.
- Meeting Control: Meeting organizers can now customize cancellation messages and choose to cancel single meetings or entire series. Users now have ‘Edit Message’ option to personalize their messages before responding.
- Enhanced Recovery: Restore deleted emails, contacts, appointments, and files directly from Trash.
- Quick Distribution List View: See all members of a distribution list instantly from the message preview without having to switch views.
- Improved Tags: Tags now work consistently across all features with bug fixes.
- Drag-and-Drop Uploads: Easily drag files into Briefcase, just like in Classic UI.
- One-Click Recipient Removal: Remove any recipient (To, Cc, Bcc, or invitee) by clicking the “X” next to their name across Mail, Calendar, Briefcase, and Contacts.
- Redesigned Tag Management: Cleaner interface makes creating and organizing tags easier with better visuals and accessibility.
- Visual Drop Indicators: Clear highlighting shows exactly where items will land when dragging and dropping across Mail, Briefcase, and Contacts.
Security Updates
- Enhanced S3 data management and cleanup for mailbox moves
- Strengthened TLS handling per updated RFC standards
Performance Optimizations
- Faster email thread loading with Smart Conversation Loading
- Improved performance for large folders sets in Mail and Briefcase
- Optimized Briefcase memory management
End of Life Notice: 10.0
Zimbra 10.0 will reach End of Life on December 31, 2025. Customers using this version are advised to plan their upgrade/migration to the 10.1 version (our current supported version) to ensure continued security updates and access to the latest features. For assistance during this transition, our support team is available to address any inquiries.
Customer Feedback Portal
Vote on suggested features, propose your own and stay updated with our product roadmap. Join us at pm.zimbra.com, our dedicated customer portal, for product feedback. Contribute to Zimbra’s evolution!
No comments yet.