Tag Archives | security

Deprecation of the “X-XSS-Protection” header

Hello Zimbra Customers, Partners & Friends, In the past Zimbra recommended to set the X-XSS-Protection HTTP response header. This header used to enable additional protection against cross-site scripting (XSS) attacks in some web browsers. However this header is now deprecated and support is removed from most browsers. In case you have configured Zimbra to use […]

Continue Reading 0

Zimbra Wiki to Latest Patches & More!

Hello Zimbra Friends,   Looking for the latest Zimbra Patch?   This Zimbra wiki page lists all Zimbra product releases with a link to the current Patch: https://wiki.zimbra.com/wiki/Zimbra_Releases   Click a Patch link for additional details + installation instructions. Important Patch install info: Patches are cumulative, so you usually don’t need to install any prior patches. […]

Continue Reading

[REPOST] Recent Zimbra XXE / SSRF Vulnerability Disclosure

This is a reposting of Rene’s original blog announcement on March 18, 2019. Please read and be sure that your Zimbra Patches are up-to-date! Hello Zimbra Friends, Background The Zimbra Security team has been working with security researcher An Trinh in advance of his recently-published blog post. In the blog, Trinh details his findings regarding […]

Continue Reading

Install Zimbra Patches!

Zimbra releases software patches about every 4 weeks. Please install these patches … they are IMPORTANT to keep your Zimbra environment running smoothly. Patches address security vulnerabilities, software improvements, bug fixes and so much more. If you don’t install every patch, your Zimbra deployment could be at risk. Click here to see the latest Zimbra […]

Continue Reading

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures