Zimbra Releases/8.8.15/P47

Revision as of 12:57, 19 December 2024 by Yogesh.dasi (talk | contribs) (→‎Security Fixes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Zimbra Collaboration Joule 8.8.15 Patch 47 GA Release

Release Date: December 17, 2024

Security Fixes

Summary CVE-ID CVSS Score
An issue with encoded @import statements in <style> tags that allowed the loading of malicious CSS has been addressed.
A Cross-Site Scripting (XSS) vulnerability via crafted <img> HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed. CVE-2024-45516
A Cross-Site Scripting (XSS) vulnerability via crafted HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed.

Packages

The package lineup for this release is:

FOSS:

PackageName                                       -> Version
zimbra-patch                                      ->  8.8.15.1733155846.p47-1
zimbra-common-core-jar                            ->  8.8.15.1732852408-1
zimbra-common-core-libs                           ->  8.8.15.1733153009-1
zimbra-mbox-store-libs                            ->  8.8.15.1733153009-1
zimbra-mbox-webclient-war                         ->  8.8.15.1728630123-1

NETWORK:

PackageName                                       -> Version
zimbra-patch                                      ->  8.8.15.1733155846.p47-2

Patch Installation

Please refer to below link to install Joule 8.8.15 Patch 47:

Patch Installation

Quick note: Open Source repo

The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build

Jump to: navigation, search