Zimbra Releases/8.6.0/P11

Revision as of 18:38, 16 August 2018 by Pajari (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Zimbra Collaboration 8.6.0 Patch 11 GA Release

Check out the "Fixed Issues" and "Security Fixes" for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forum, or open a support ticket.

Fixed Issues

ActiveSync Logging changes: Moved Stack trace logs to debug level
Fixed Active Sync issue "Listener got cancelled after 0 seconds is thrown repeatedly" observed with client sending multiple Ping requests
Fixed Active Sync issue "Can't Move Item thrown repeatedly" observed with client sending MoveItems request for non-existent items
"ZInternetHeader.decode java.lang.ArrayIndexOutOfBoundsException" exception - fixed issue with parsing incorrect mime header

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Fix Release or
Patch Version
106612 Persistent XSS - unsafe content not filtered by defanger [CWE-79] CVE-2017-7288 4.3 Minor 8.6.0 Patch11
105071 Persistent XSS - unsafe content not filtered by defanger [CWE-79] CVE-2016-3407 4.3 Minor 8.6.0 Patch11
105001 Persistent XSS - unsafe content not filtered by defanger [CWE-79] CVE-2016-5721 4.3 Minor 8.6.0 Patch11
104910 Persistent XSS - Contact print [CWE-79] CVE-2016-3407 3.5 Minor 8.6.0 Patch11
104222 Persistent XSS - Signature [CWE-79] CVE-2016-3407 4.3 Minor 8.6.0 Patch11
103609 Non-Persistent XSS - changepass [CWE-79] CVE-2016-3407 3.5 Minor 8.6.0 Patch11
103996 XXE - Bulk Provision [CWE-611] CVE-2016-3413 2.6 Minor 8.6.0 Patch11
103956 Non-Persistent XSS - REST Calendar [CWE-79] CVE-2016-3410 4.3 Minor 8.6.0 Patch11
102637 Persistent XSS - unsafe content not filtered by defanger [CWE-79] CVE-2016-3409 4.3 Minor 8.6.0 Patch11
101813 Persistent XSS - unsafe content not filtered by defanger [CWE-79] CVE-2016-3408 4.3 Minor 8.6.0 Patch11
108902 Persistent XSS - contact group [CWE-79] CVE-2018-10939 3.5 Minor 8.6.0 Patch11

Before Installing the Patch

Before installing the patch, consider the following:

  • Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration
  • Patches are cumulative, and delivered as a TGZ file.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.

Install the Patch

Note: This patch should be installed only on all mailbox nodes running in your environment.

1. Before you begin, confirm you have the following:

  • Zimbra Collaboration 8.6.0 GA installed
  • Zimbra Collaboration 8.6.0 Patch11 TGZ file

2. Copy the patch.tgz file(s) to your server.

3. Install Zimbra Collaboration 8.6.0 Patch11

  • a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.6.0_GA_XXX.tgz
cd zcs-patch-8.6.0_GA_XX
  • b. As root, install the patch. Type
  • c. Switch to user zimbra
su – zimbra
  • d. ZCS must be restarted to changes to take effect. Type
zmcontrol restart

Note: For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.

Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »

Jump to: navigation, search