Zimbra Collaboration 8.7.11 Patch 3 GA Release
|108452||EWS: Cannot create a basic meeting/appointment from Calendar app|
|108777||Calendar read only on MacOS High Sierra with Exchange Account|
|108964||error during tgz import results in endless loop and memory leak|
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
|Fix Release or
|108962||Account Enumeration [CWE-203]||CVE-2018-10949||5.0||Major||8.7.11 Patch3|
|108963||Verbose Error Messages [CWE-209]||CVE-2018-10950||3.6||Minor||8.7.11 Patch3|
|107948||Persistent XSS - mail addrs [CWE-79]||CVE-2018-10948||3.5||Minor||8.7.11 Patch3|
|108894||Redact Admin SOAP API zimbraSSLPrivateKey access [CWE-199]||CVE-2018-10951||3.6||Minor||8.7.11 Patch3|
Before Installing the Patch
Before installing the patch, consider the following:
- Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration/
- Patches are cumulative, and delivered as a TGZ file.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to user zimbra before using ZCS CLI commands.
- Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
Install the Patch
Note: This patch should be installed only on all mailbox nodes running in your environment.
1. Before you begin, confirm you have the following:
- Zimbra Collaboration 8.7.11 GA installed
- Zimbra Collaboration 8.7.11 Patch3 TGZ file
2. Copy the patch.tgz file(s) to your server.
3. Install Zimbra Collaboration 8.7.11 Patch3
- a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.7.11_GA_XXX.tgz cd zcs-patch-8.7.11_GA_XXX
- b. As root, install the patch. Type
- c. Switch to user zimbra
su – zimbra
- d. ZCS must be restarted to changes to take effect. Type
Note: For users who have the web-client open and are running the FOSS edition, the refresh notice might state that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.