Zimbra Releases/8.8.15/P47
Zimbra Collaboration Joule 8.8.15 Patch 47 GA Release
Release Date: December 17, 2024
Security Fixes
Summary | CVE-ID | CVSS Score |
---|---|---|
An issue with encoded @import statements in <style> tags that allowed the loading of malicious CSS has been addressed. | ||
A Cross-Site Scripting (XSS) vulnerability via crafted <img> HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed. | CVE-2024-45516 | |
A Cross-Site Scripting (XSS) vulnerability via crafted HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed. |
Packages
The package lineup for this release is:
FOSS:
PackageName -> Version zimbra-patch -> 8.8.15.1733155846.p47-1 zimbra-common-core-jar -> 8.8.15.1732852408-1 zimbra-common-core-libs -> 8.8.15.1733153009-1 zimbra-mbox-store-libs -> 8.8.15.1733153009-1 zimbra-mbox-webclient-war -> 8.8.15.1728630123-1
NETWORK:
PackageName -> Version zimbra-patch -> 8.8.15.1733155846.p47-2
Patch Installation
Please refer to below link to install Joule 8.8.15 Patch 47:
Quick note: Open Source repo
The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build