Zimbra Releases/10.1.9
Zimbra Daffodil (v10.1.9) Patch Release
Release Date: June 18, 2025
Check out the Things to know before you upgrade sections for this version of Zimbra Collaboration.
End of Life (EOL) Notice - ZCS 9.0 & 10.0
ZCS 9.0 is set to reach its End of Life on June 30, 2025, and ZCS 10.0 is set to reach End of General Support on June 30, 2025. No further updates will be provided after this date. Customers using these versions are advised to plan their migration to the 10.1 version to ensure continued security updates and access to the latest features.
For assistance during this transition, our support team is available to address any inquiries.
10.1 is the active and supported version.
Deprecation of Zimbra Server on RHEL/CentOS/Oracle 7 OS
RHEL/CentOS 7 reached end-of-life (EOL) in June 2024 and Oracle 7 in December 2024. Zimbra will deprecate support for these operating systems following the release of Zimbra 10.1.10 by July 2025. After this release, no further updates, patches, or official support will be provided for RHEL/CentOS/Oracle 7 operating systems. We encourage all our customers to use RHEL/Rocky/Oracle Linux 9 for all their future installations.
Things to know before you upgrade
Changes to SOAP API
We have made updates to the SOAP API affecting the endpoints: SendMsg, SaveDraft, and SecureSendMsg. If you have any custom implementations using these APIs, please review and incorporate the necessary changes to ensure compatibility with the updated behavior.
For details, refer to API reference documentation.
Changes to Licensing System
To upgrade to version 10.1.9 from 10.1.3 or before, it is important to ensure that you are using the latest version of the zimbra-lds-patch package. After upgrading to 10.1.9, you must reactivate the license to maintain synchronization. Please refer to patch installation for LDS patch update steps.
To reactivate the license, execute the following command as zimbra user:
zmlicense -a <license_key>
Security Fixes
| Summary | CVE-ID | CVSS Score |
|---|---|---|
| Addressed a denial of service (DoS) vulnerability in the admin console that could lead to service disruptions. | CVE-2025-53645 | |
| This patch fixes a critical security vulnerability related to stored cross-site scripting in the Zimbra Classic Web Client. The fix strengthens input sanitization and enhances security. All customers are strongly advised to upgrade to this latest patch version immediately. | CVE-2025-27915 |
Packages
The package lineup for this release is:
zimbra-patch -> 10.1.9.1749641395-2 zimbra-mbox-admin-console-war -> 10.1.9.1745843325-1 zimbra-mbox-webclient-war -> 10.1.9.1749552817-1
Patch Installation
Please refer to below link to install 10.1.9 (June 18 2025):
- Current patch packages are only applicable for mailstore nodes.
Quick note: Open Source repo
The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build
