Hello Zimbra Friends, Customers & Partners,
We have three new patches to announce:
- Zimbra 8.8.10 “Konrad Zuse” Patch 2
- 8.7.11 Patch 7
- 8.6.0 Patch 12
Zimbra 8.8.10 “Konrad Zuse” Patch 2
Patch 2 is here for the Zimbra 8.8.10 “Konrad Zuse” GA release, and it includes fixes as listed in the release notes.
What’s New
Zimbra Drive (Beta) Zimbra Drive v2 is a new Zimbra component that provides a complete file storage system integrated with the Zimbra Web Client that replaces the Zimbra “Briefcase”. The Drive feature is disabled by default, but you can enable it using a command as zimbra user. Refer to the release notes for more information.
NOTE: Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Release or Patch Version |
|---|---|---|---|---|---|
| 109020 | Persistent XSS – Web Client / Defanger [CWE-79] | CVE-2018-18631 | 5.0 | Major | 8.8.10 Patch 2 |
Patch Installation
For 8.8.8 and above Zimbra Patches, you don’t need to download any patch builds. The Patch packages can be installed using Linux package management commands.
Note: Installing the zimbra-patch package only updates the Zimbra core packages. Please refer to the release notes for Zimbra 8.8.10 Patch 2 installation on Redhat and Ubuntu platforms.
Zimbra 8.7.11 Patch 7
Patch 7 is here for the Zimbra 8.7.11 GA release, and it includes fixes as listed in the release notes.
Fixed Issues |
|
|---|---|
| Fixed Activesync issue “Low Heap Size errors caused by com.zimbra.zimbrasync.commands.SyncListener accumulating” | |
| Fixed web client issue “text vanished after reply to email” | |
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Release or Patch Version |
|---|---|---|---|---|---|
| 109018 | Non-Persistent XSS – Web Client [CWE-79] | CVE-2018-18631 | 5 | Major | 8.7.11 Patch 7 |
| 109020 | Persistent XSS – Web Client / Defanger [CWE-79] | CVE-2018-18631 | 5 | Major | 8.7.11 Patch 7 |
Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.7.11 Patch 7 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.
Zimbra 8.6.0 Patch 12
Patch 12 is here for the Zimbra 8.6.0 GA release, and it includes fixes as listed in the release notes.
Fixed Issues |
|
|---|---|
| Fixed Activesync issue “Low Heap Size errors caused by com.zimbra.zimbrasync.commands.SyncListener accumulating” | |
Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.6.0 Patch 12 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.
Thank you,
Your Zimbra Team
Comments are closed.