Zimbra Releases/10.1.16

Zimbra Daffodil (v10.1.16) Patch Release

Release Date: Feb 04, 2026

Security Fixes

Summary CVE-ID CVSS Score
Restored mail rendering stability while maintaining the existing security protections.
Addressed a XSS vulnerability in zimbra webmail
Fixed an authenticated LDAP injection vulnerability by sanitizing user-controlled input.
PDF attachment preview functionality has been restored in the Classic UI while maintaining security protections.
Addressed a stored XSS vulnerability in the Briefcase feature caused by inline rendering of specific uploaded file types when shared publicly.
Addressed an authenticated XXE vulnerability in the EWS SOAP endpoint.
Fixed a CSRF validation issue where tokens were incorrectly accepted from the request body instead of the required header.

What's New

Ubuntu 24 Support (Beta)

With this release Ubuntu 24 Support (Beta) is available. Watch for the GA announcement in an upcoming patch release. 

 NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.

Modern Web App

General

  • Briefcase in Modern Web App now supports creating new documents and correctly opening files created in the Classic Web App. Existing Briefcase documents can be previewed and downloaded without corruption, ensuring content remains intact and accessible.
  • Searching in the Modern Web App just got better. The new search experience is faster, smarter, and easier to use, helping you find emails and information more quickly. With a refreshed Advanced Search, applying filters is simpler, results are clearer, and you can now combine search options for more precise searches.
  • Mail navigation just got a visual upgrade! The Modern Web app now shows clear, consistent icons for Inbox, Drafts, Sent, Trash, shared folders, and more. Making mail navigation easier to recognize at a glance. With aligned icon styles across navigation and actions, managing mail feels faster, cleaner, and more intuitive.
  • The Modern Web app now supports custom colors for mail tags, making it easier to visually organize messages. Users can choose colors for their tags, see them applied consistently across the mailbox, and update them instantly, while ensuring clear readability and accessibility across devices.
  • Reading emails in other languages just got effortless. With the new Translate button, Modern Web App can automatically detect the email’s language and instantly translate it into your preferred language, right in the message view. You can easily switch back to the original and enjoy fast, seamless translations.
    • Available for only Google Chrome browser users.
    • Admins can manage the email translation feature using the zimbra-zimlet-mail-translate Zimlet. The Zimlet can be enabled or disabled at both the COS and User level via the Admin Console.
    • For COS: go to Configure → Class of Service → <cos_name> → Zimlets, and enable zimbra-zimlet-mail-translate.
    • For User: go to Manage → Accounts → <user_name> → Zimlets, and enable zimbra-zimlet-mail-translate.
  • The image preview now supports panning for zoomed-in images. Users can click-and-drag (or touch-and-drag on mobile) to move the image within the preview area, view all hidden portions, and maintain proper aspect ratio and image quality. Zoom and pan work smoothly across all supported browsers and devices.
  • Zoom is back in Zimbra! The refreshed integration makes it easy to schedule and manage Zoom meetings directly from Zimbra, with improved compatibility and a foundation for reliable, ongoing support.

Backup Restore

This release introduces major enhancements to the Backup & Restore module, delivering massive gains in performance and disk usage efficiency. Customers can experience up to 50% faster backup performance and upto 45% reduction in storage consumption, while maintaining full backward compatibility.

What’s New

Enhanced Deduplication

  • Deduplication now applies to data stored on both internal and external (S3) volumes, eliminating redundant data.
  • Enabled by default for new backups.

Improved Compression

  • Introduces Zstandard (zstd) compression for deduplicated backups, delivering better compression with lower resource usage.

Optional - Cross-Session Deduplication

  • Adds support for cross-session deduplication (CSD) for scheduled backups.
  • Reuses unchanged data across multiple full backup runs using a COMMON + DELTA model.
  • Disabled by default and can be enabled as needed.

Backward Compatibility

  • All existing backups remain restorable. New and legacy backups can coexist without workflow changes.

Operational Impact

  • No changes to existing backup schedules or restore workflows.
  • Restore operations automatically detect the backup format and apply the appropriate restore logic.


IMPORTANT: Refer to the Admin Guide for the following:

  • Configuration details, upgrade guidance, and operational best practices are available in the Backup & Restore section.
  • Scheduler transition steps for adopting the V2 Backup Engine are documented in Transitioning Scheduler Configuration for Backup Engine v2.
  • Deployment and sizing recommendations for selecting the right backup strategy are covered in Backup & Restore Recommendations.
  • After upgrading to 10.1.16, the Backup feature will default to V2. If you prefer to continue using V1 (legacy backup), set zimbraBackupDeduplication to nodedupe and restart the mailstore service immediately after completing the upgrade.

Fixed Issues

Modern Web App

General

  • While viewing in Dark Theme, text in the Calendar Notes/Description field now displays with proper contrast. Previously, light grey text on a white background made notes hard to read. This update ensures text is clearly visible and readable in Dark Theme.
  • When a Persona is deleted, it now disappears immediately from the configuration list. Previously, deleted Personas remained visible until the user switched tabs or reopened the Settings.
  • Persona folder selections under “When composing, replying to, or forwarding messages in folders” now remain saved in Modern Web App which were not being saved previously
  • In Modern Web App, folder names were previously missing from search results when the preview pane was set at the bottom, making it difficult to see the context of messages. This issue has been resolved, and folder names now appear correctly in search results, providing users with complete and accurate search information.
  • Navigating emails with the keyboard arrow keys previously caused the message selector to become misaligned when returning to the first email in a folder. This could prevent users from moving between messages and partially freeze the interface, requiring a refresh or mailbox reopen. This issue has been resolved, and keyboard navigation now works smoothly without misalignment or interface freezes.
  • Error and informational notifications in Modern Webapp can now be dismissed immediately by clicking the close (X) icon, eliminating the need to refresh the page.
  • In Modern Web App the Mark as Read now respects the configured timeout and only marks emails actually viewed. In conversation view, individual messages retain their read/unread status, preventing all messages in a thread from being marked read at once.
  • Translation errors in the German Modern Web App have been corrected, ensuring accurate and consistent localization throughout the interface.
  • Emails deleted from a shared mailbox’s Trash folder in Modern Web app now remain permanently deleted. Previously, deleted messages would reappear after refreshing the interface.
  • An issue where the Undo option was missing after deleting a message from search results has been fixed. The Undo action is now available when deleting messages in search results.
  • An issue where Zimbra Desktop generated multiple large temporary .tmp.node files in the Windows Temp directory, leading to excessive disk usage, has been addressed. Previously, these files were created on each application launch and were not cleaned up automatically. This update improves handling of temporary files to prevent unnecessary disk space consumption.
  • An issue where replying to messages or adding attachments from shared folders triggered a “Something went wrong” error has been resolved. Previously, messages failed to save as drafts due to permission checks, even when the grantee had full or delegated rights. With this fix, users can now reply and attach files from shared folders as expected.
  • An issue where links added to calendar appointment comments appeared as plain text has been fixed. Links are now correctly recognized and clickable when viewing calendar appointments.
  • An issue where tags applied to emails in shared folders did not appear in the Tag folder has been resolved. Tags from both personal and shared mailboxes are now displayed correctly.
  • An issue where mail filters imported via Sieve were not displayed in the Modern Web App has been resolved. The imported filters are now correctly parsed and displayed.

Classic Web App

  • Issues with Hungarian characters (such as accented letters) displaying incorrectly in the Modern Web App have been resolved. Characters now appear correctly across the interface, including folder names and email sender fields.
  • An issue where users were unable to change their password when logging in with a short username on domains configured with a virtual hostname has been fixed. Previously, this scenario resulted in a generic “Error 500” instead of displaying the Change Password dialog. Users can now complete password changes successfully, with password rules validated correctly.

ActiveSync

  • An issue where calendar appointments synced via the Samsung Email app were missing location and notes has been resolved.
  • An issue where recurring Zimbra calendar appointments appeared one hour off in Outlook Mobile after a daylight saving time change has been resolved. Recurring events now maintain the correct time across DST transitions when synced with Outlook Mobile.

Chat

  • For Zimbra chat renaming an account now works correctly even when chat is enabled but no chat account exists, eliminating the previous system error.

EWS

  • Cancellation notifications are now correctly sent to attendees added at the exception level of a recurring meeting when the entire series is cancelled, preventing stale calendar entries.

ZD

  • An issue where PST file imports consistently failed in Zimbra Desktop has been resolved. PST files can now be imported successfully without errors.
  • The Print button in Zimbra Desktop’s attachment preview is now fully functional. Previously, clicking the button did nothing and no print dialog appeared. With this fix, users can print attachments directly from the preview, matching the behavior of the Zimbra Web App.

Known Issues

Backup Restore

  • When CSD backups are configured (manually via CLI) to skip incremental backups and use only full and full-delta backups, point-in-time restore is limited. In restore scenarios where redo logs are not available on the mail store, the restore operation recovers data only up to the last full or full-delta backup created before the specified restore time. Data generated after that backup is not restored.
  • When Cross Session Deduplication (CSD) is enabled, creating a v1 backup using CLI options such as --nodedupe --zip results in the backup being labeled as a CSD backup, even though it is internally generated as a v1 backup. This mismatch can cause confusion for users, as the backup behavior and structure follow v1 semantics while the label indicates CSD.

Activesync

  • Outlook Mobile Intermittent Sync Issues
    • Some users may experience intermittent email synchronization issues when using the Microsoft Outlook mobile app (primarily on iOS, but also reported on Android). This behavior is not caused by Zimbra and has been acknowledged by Microsoft as a client-side issue in the Outlook app.
    • Workaround
      • Simply removing and re-adding the account on the same device may not always resolve the issue. The most reliable workaround is:
        • Open the Outlook app.
        • Go to Settings → Account → Remove Account.
          • Select Remove from all devices (not just “Remove from this device”).
          • Re-add the account to Outlook.
      • This forces a complete reset of Outlook’s cached synchronization state and establishes a fresh handshake with the mail server, which restores normal sync behavior.

Packages

Jira ticket:

The package lineup for this release is: 

zimbra-patch                                      ->  10.1.16.1770142646-2
zimbra-lds-patch                                  ->  10.1.16.1767758060-1
zimbra-mta-patch                                  ->  10.1.16.1767758060-1
zimbra-onlyoffice-patch                           ->  10.1.16.1767758060-1
zimbra-proxy-patch                                ->  10.1.16.1767758060-1
zimbra-ldap-patch                                 ->  10.1.16.1767758060-1
zimbra-mbox-ews-service                           ->  10.1.16.1767679185-1
zimbra-timezone-data                              ->  4.0.0.1767689591-1
zimbra-license-tools                              ->  10.1.16.1770023818-1
zimbra-common-core-jar                            ->  10.1.16.1767688871-1
zimbra-common-mbox-conf-attrs                     ->  10.1.16.1767646890-1
zimbra-common-mbox-docs                           ->  10.1.16.1767683702-1
zimbra-common-core-libs                           ->  10.1.16.1767690030-1
zimbra-mbox-store-libs                            ->  10.1.16.1767690030-1
zimbra-mbox-webclient-war                         ->  10.1.16.1770139981-1
zimbra-mbox-admin-console-war                     ->  10.1.16.1767695025-1
zimbra-license-daemon                             ->  1.0.0.1767754512-1
zimbra-zco                                        ->  1950.1767678700-1
zimbra-modern-ui                                  ->  4.48.0.1768303686-1
zimbra-modern-zimlets                             ->  4.48.0.1768303686-1
zimbra-zimlet-admin-chat                          ->  2.1.2.1767345513-1
zimbra-zimlet-attachment-missing-alert            ->  1.2.0.1767345513-1
zimbra-zimlet-chat                                ->  13.0.0.1767345513-1
zimbra-zimlet-classic-chat                        ->  3.0.0.1767345513-1
zimbra-zimlet-classic-set-default-client          ->  1.5.0.1767345513-1
zimbra-zimlet-custom-fonts                        ->  2.2.0.1767345513-1
zimbra-zimlet-deceptive-link-detector             ->  2.3.0.1767345513-1
zimbra-zimlet-desktop-auto-update                 ->  1.2.0.1767345513-1
zimbra-zimlet-disable-screen-capture              ->  1.2.0.1767345513-1
zimbra-zimlet-download-email                      ->  2.3.0.1767345513-1
zimbra-zimlet-email-defanger                      ->  2.1.0.1767345513-1
zimbra-zimlet-email-reminder                      ->  1.2.0.1767345513-1
zimbra-zimlet-external-setting-links              ->  1.3.0.1767345513-1
zimbra-zimlet-import-export-ics                   ->  2.3.0.1767345513-1
zimbra-zimlet-mail-translate                      ->  1.0.0.1767345513-1
zimbra-zimlet-modern-welcometour                  ->  6.4.0.1767345513-1
zimbra-zimlet-personal-notes                      ->  1.2.0.1767345513-1
zimbra-zimlet-preventive-ooo                      ->  2.2.0.1767345513-1
zimbra-zimlet-signature-template                  ->  1.2.0.1767345513-1
zimbra-zimlet-spy-blocker                         ->  2.2.0.1767345513-1
zimbra-zimlet-tlp                                 ->  2.2.0.1767345513-1
zimbra-zimlet-additional-signature-setting        ->  10.0.0.1767345513-1
zimbra-zimlet-ads                                 ->  9.4.0.1767345513-1
zimbra-zimlet-calendar-subscription               ->  8.1.0.1767345513-1
zimbra-zimlet-classic-unsupportedbrowser          ->  4.2.2.1767345513-1
zimbra-zimlet-date                                ->  10.2.0.1767345513-1
zimbra-zimlet-emptysubject                        ->  3.4.0.1767345513-1
zimbra-zimlet-install-pwa                         ->  7.4.0.1767345513-1
zimbra-zimlet-org-chart                           ->  5.0.0.1767345513-1
zimbra-zimlet-privacy-protector                   ->  6.2.0.1767345513-1
zimbra-zimlet-secure-mail                         ->  5.0.0.1767345513-1
zimbra-zimlet-set-default-client                  ->  11.3.0.1767345513-1
zimbra-zimlet-sideloader                          ->  10.0.0.1767345513-1
zimbra-zimlet-user-feedback                       ->  7.5.0.1767345513-1
zimbra-zimlet-user-sessions-management            ->  11.0.0.1767345513-1
zimbra-zimlet-web-search                          ->  5.4.0.1767345513-1
zimbra-zimlet-classic-document-editor             ->  2.4.2.1767345513-1
zimbra-zimlet-document-editor                     ->  14.0.0.1767345513-1

Patch Installation

Please refer to below link to install 10.1.16 (Feb 04 2026):

Patch Installation

Retrieved from "http://wiki.zimbra.com/index.php?title=Zimbra_Releases/10.1.16&oldid=71341"
Jump to: navigation, search