Author Archive | Rene Otto

Recent Zimbra XXE / SSRF Vulnerability Disclosure

Hello Zimbra Friends, Background The Zimbra Security team has been working with security researcher An Trinh in advance of his recently-published blog post. In the blog, Trinh details his findings regarding a vulnerability which, if exploited, could allow an attacker to remotely execute code on an affected Zimbra system. To secure supported versions of Zimbra […]

Continue Reading 2

Zimbra’s New Software Development Lifecycle

Zimbra is committed to delivering top performing products, and integral to that is our new Software Development Lifecycle (SDLC), which will help us create quality products delivered in a customer-friendly, predictable way. There are two streams in the SDLC: the Standard Release Model and the Longterm Release Model. The Standard Release Model This stream of […]

Continue Reading 2

#EFAIL: Zimbra Not Affected

There has been active commentary about the “EFAIL” paper released May 14 by a German and Belgian research team that presented potential vulnerability in PGP and S/MIME encrypted emails. The Zimbra Security team has analyzed the paper and tested Zimbra for any exposure to the EFAIL attack patterns. The Results? Good news. Zimbra S/MIME solutions […]

Continue Reading 0