Archive | Security & Privacy

Zimbra not affected by NGINX CVE-2023-44487

Recently a number of partners have asked if Zimbra is affected by NGINX CVE-2023-44487. When we take a look at the NGINX blog post on CVE-2023-44487 it mentions the following: …it is essential that the following updates are made to NGINX configuration files, minimizing the server’s attack surface: keepalive_requests should be kept at the default […]

Continue Reading 0

What are the benefits of using Zimbra OpenSSL in FIPS mode?

If you installed or upgraded to Zimbra version 9.0.0.P34, 8.8.15.P41, 10.0.2 or higher, Zimbra will use OpenSSL 3.0.x and FIPS compliance for OpenSSL will be enabled by default. To check if your Zimbra OpenSSL is using FIPS you can run the following command, that should fail with Error setting digest: /opt/zimbra/common/bin/openssl md5 /dev/null There are […]

Continue Reading 0

Patch for Zimbra Daffodil 10.0.4, 9.0.0 Patch-36 & 8.8.15 Patch-43

Guarding Against XSS: Security Update This Patch Release is for the following editions Daffodil 10.0.4 9.0.0 Kelper Patch 36 8.8.15 Joule Patch 43 This notification is published ahead of the actual release to enable administrators to schedule time to install the patch. The patch has been released on Wednesday (13 Sept). The steps for installing […]

Continue Reading 6

Review your Zimbra configuration after updating to the latest patch

It has come to our attention that in some cases postconf settings are not retained when updating to the latest patch (9.0.0.P34, 8.8.15.P41, 10.0.2). Make sure to re-apply any customizations, including TLS cipher configurations you had previously configured using the postconf command. In addition, the latest patch also enabled OpenSSL in FIPS mode, more details […]

Continue Reading 3

Patch for Zimbra Daffodil 10.0.2, 9.0.0 Patch-34 & 8.8.15 Patch-41

Security bug fixes and OpenSSL upgrade Zimbra OpenSSL now runs in FIPS-compliant mode by default. This increases security which requires no additional action on your part. However, should you run into issues, you can find steps to disable OpenSSL FIPS in the release notes. This patch upgrades OpenSSL to major version 3.0.x. To safeguard your […]

Continue Reading 2

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures