Zimbra Releases/8.8.15/P46
Zimbra Collaboration Joule 8.8.15 Patch 46 GA Release
Release Date: September 04, 2024
Check out the Security Fixes, What's New, Fixed Issues, and Known Issues for this version of Zimbra Collaboration. Please refer to the Patch Installation steps for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.
NOTE: If you are upgrading or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read Things to Know Before Upgrading and First Steps with the Zimbra NG Modules for critical information before you upgrade.
Security Fixes
Summary | CVE-ID | CVSS Score |
---|---|---|
Fixed a security vulnerability in the postjournal service which may allow unauthenticated users to execute commands. | CVE-2024-45519 | TBD |
A Server-Side Request Forgery (SSRF) vulnerability that allowed unauthorized access to internal services has been addressed. | CVE-2024-45518 | TBD |
A Cross-Site Scripting (XSS) vulnerability in the `/h/rest` endpoint has been fixed. | CVE-2024-45517 | TBD |
A Cross-Site Scripting (XSS) vulnerability via crafted HTML content in the Zimbra Classic UI has been fixed. | CVE-2024-45516 | TBD |
A Cross-Site Scripting (XSS) vulnerability caused by a non-sanitized `packages` parameter has been resolved. | CVE-2024-45514 | TBD |
A Cross-Site Scripting (XSS) vulnerability via crafted HTML content in the Zimbra Classic UI has been fixed. | TBD | TBD |
A reflected XSS vulnerability in the calendar endpoint has been addressed. | TBD | TBD |
Unauthenticated Local File Inclusion in zimbraAdmin interface via "packages" parameter | CVE-2024-33535 | TBD |
An XSS vulnerability was observed due to the execution of malicious JavaScript code from an externally shared file via non-sanitized parameter | CVE-2024-33536 | TBD |
An XSS vulnerability in a Calendar invite has been resolved | CVE-2024-27443 | TBD |
Known Issues
Breaks touch client on Network Edition - see this thread: https://forums.zimbra.org/viewtopic.php?t=72960
Packages
Jira ticket:
The package lineup for this release is:
FOSS:
PackageName -> Version zimbra-patch -> 8.8.15.1723777774.p46-1 zimbra-mta-patch -> 8.8.15.1723777774.p46-1 zimbra-common-core-jar -> 8.8.15.1723726984-1 zimbra-mbox-webclient-war -> 8.8.15.1723641096-1 zimbra-mbox-admin-console-war -> 8.8.15.1723635850-1
NETWORK:
PackageName -> Version zimbra-patch -> 8.8.15.1723777774.p46-2
Patch Installation
Please refer to below link to install Joule 8.8.15 Patch 46:
Quick note: Open Source repo
The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build