Navigation

Archive | Security & Privacy

Zimbra and SMTP Smuggling attack on Postfix

By on December 28, 2023 in Product News, Partners, Security & Privacy

Recently an SMTP Smuggling attack on Postfix was published, as mentioned by the Postfix project: Days before a 10+ day holiday break and associated production change freeze, SEC Consult has published an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than <CR><LF>. […]

Continue Reading 9

Patch Release For Deprecated Files Deletion, OpenJDK Security Enhancement, Migration Support to Zimbra Daffodil (v10)

By on December 18, 2023 in Product News, Partners, Product Updates, Security & Privacy

Patch Severity: High. This release addresses critical bug fixes and essential security updates  Patch Release for the following editions Zimbra Daffodil 10.0.6 (Release Notes) Zimbra 9.0.0 Kepler Patch-38 (Release Notes) Zimbra 8.8.15 Joule Patch-45 (Release Notes)  Patch updated on 18 Dec include the following in their respective releases What’s New OpenJDK has been upgraded to […]

Continue Reading 1

How to stay informed about Zimbra security announcements?

By on November 1, 2023 in Product News, Security & Privacy, Zimbra Partners

Zimbra can be updated using apt update or yum update, and it is highly recommended to install Zimbra updates (patches) as they are released, especially in case of patches that include security fixes. Here are a few ways to stay informed on Zimbra Security updates: Subscribe to these RSS feeds: https://wiki.zimbra.com/security-advisory-feed.php (no details, can be […]

Continue Reading 3

Patch for Zimbra Daffodil 10.0.5, 9.0.0 Patch-37 & 8.8.15 Patch-44

By on October 19, 2023 in Product News, Partners, Product Updates, Security & Privacy

Daffodil Migration Patch: Assist Users in Moving to Daffodil  This patch has newly added functions that will aid in the upgrade/migration process to Daffodil.  To safeguard your system, we recommend you always upgrade to the latest patch and regularly refer to our blog and the Zimbra Security Center for steps to ensure your system is safe. Patch Release […]

Continue Reading 0

Zimbra not affected by NGINX CVE-2023-44487

By on October 12, 2023 in Product News, Partners, Security & Privacy

Recently a number of partners have asked if Zimbra is affected by NGINX CVE-2023-44487. When we take a look at the NGINX blog post on CVE-2023-44487 it mentions the following: …it is essential that the following updates are made to NGINX configuration files, minimizing the server’s attack surface: keepalive_requests should be kept at the default […]

Continue Reading 0

What are the benefits of using Zimbra OpenSSL in FIPS mode?

By on September 20, 2023 in Product News, Security & Privacy

If you installed or upgraded to Zimbra version 9.0.0.P34, 8.8.15.P41, 10.0.2 or higher, Zimbra will use OpenSSL 3.0.x and FIPS compliance for OpenSSL will be enabled by default. To check if your Zimbra OpenSSL is using FIPS you can run the following command, that should fail with Error setting digest: /opt/zimbra/common/bin/openssl md5 /dev/null There are […]

Continue Reading 0

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures