Recently, a critical vulnerability affecting Zimbra’s postjournal service (CVE-2024-45519) was identified and is now disclosed on various security websites. The good news? Postjournal service is not enabled by default and Zimbra has already patched this vulnerability. This patch was published in early September. Read the blog post here. Patch Release: Multiple security issues related to […]
Enhance Zimbra Security with AuditD and ACLs
Auditd (Linux Audit Daemon) can be used to capture detailed information about file accesses, system calls, and user actions. Auditd provides administrators the ability to track changes and identify suspicious activities and potentially get an early warning on system compromise by hackers. Adding Auditd to your system will give you more detailed logs, but it […]
FAQ: Understand the different stages of your feature requests on pm.zimbra.com
Contributed by Shardool Gore, Product Manager, Zimbra (a product of Synacor) Co-edited by: Karyn Tan, Senior Manager in Marketing Reading time: 3 minutes In this article, we will provide an overview of the different stages that your feature request will go through when you post a new feature request on https://pm.zimbra.com. The idea is to […]
2FA: A Simple Step, a Huge Impact on Your Business Security
Contributed by Yasuko Komiyama, Zimbra Senior Sales Engineer Co-edited by: Karyn Tan, Senior Manager in Marketing Imagine a world where every piece of your business’s sensitive data was as public as a viral social media video. A world where hackers could easily access and exploit information meant to be confidential. That is the reality without […]
Patch Release: Multiple security issues related to Cross-Site Scripting (XSS) addressed and resolved
Patch Security Severity: Medium Deployment Risk: Medium This release focuses on essential security and improving user experience for the following editions Zimbra Daffodil 10.1.1 (Release Notes) Zimbra Daffodil 10.0.9 (Release Notes) Zimbra 9.0.0 Patch-41 (Release Notes) Support, security patches, or updates for Zimbra 9.0.0 General Support will last through 12/31/2024 One-time fix for Zimbra 8.8.15 […]
Prevent Host header injection vulnerability in Zimbra
This is an old issue but Zimbra installations can have a very long life span, in addition it is a good precaution to validate your configuration, just in case. Zimbra Proxy has the ability to strictly enforce which values are allowed in the Host header passed in by the client. This is enabled by default […]