Zimbra Releases/8.8.8

Revision as of 03:04, 16 March 2018 by David Bingham (talk | contribs) (Security Fixes)

Zimbra Collaboration 8.8.8 GA Release

Check out the "Security Fixes", "Fixed Issues" and "Known Issues" for this version of Zimbra Collaboration. We've also added a "ZeXtras Suite Changelog" and "Compatibility" section with useful information. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in Bugzilla.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Fix Release or
Patch Version
108786 Persistent XSS - content-location [CWE-79] tba tba tba 8.8.8
108227 Multiple vulnerabilities Various 4.3 - 5.0 Low 8.8.8
108221 SOAP response with private key tba tba tba tba

Software changes

NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read "Things to Know Before Upgrading" and "First Steps with the Zimbra NG Modules" for critical information before you upgrade.

What's New

TBA - details.

NOTE: Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.

Fixed Issues (Bugzilla query)

108709 ZWC affected by Mailsploit due to default zimbraPrefShortEmailAddress TRUE since ZCS 7.0
108786 Bug 108786 - Persistent XSS - content-location [CWE-79]
sec Zimbra User Account Enumeration
sec Verbose Error Handling - Detailed Error Messages
104412 Upgrade to tinymce 4.7.8
108227 Upgrade to jQuery 3.1.1
101172 Deprecate YUIcompressor
108221 Certificate based authentication not working since 8.7.5
77129 Mails should also display time not just date
108894 SOAP API should not return a value for zimbraSSLPrivateKey

Known Issues (Bugzilla query)

----- TBA

ZeXtras Suite Changelog


Quick note: Compatibility

SOAP requests, e.g. those in code for custom admin actions, may need to be updated to maintain compatibility beginning with this release. To address the security issue in Bug 108894, the GetServer, GetAllServers, and GetAllActiveServers SOAP responses now send "VALUE_BLOCKED" for zimbraSSLPrivateKey by default.

Zimbra Drive is compatible with:

Quick note: Open Source repo

Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:

Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »

Jump to: navigation, search