Zimbra Collaboration 8.6.0 Patch 11 GA Release
|ActiveSync Logging changes: Moved Stack trace logs to debug level|
|Fixed Active Sync issue "Listener got cancelled after 0 seconds is thrown repeatedly" observed with client sending multiple Ping requests|
|Fixed Active Sync issue "Can't Move Item thrown repeatedly" observed with client sending MoveItems request for non-existent items|
|"ZInternetHeader.decode java.lang.ArrayIndexOutOfBoundsException" exception - fixed issue with parsing incorrect mime header|
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
|Fix Release or
|106612||Persistent XSS - unsafe content not filtered by defanger [CWE-79]||CVE-2017-7288||4.3||Minor||8.6.0 Patch11|
|105071||Persistent XSS - unsafe content not filtered by defanger [CWE-79]||CVE-2016-3407||4.3||Minor||8.6.0 Patch11|
|105001||Persistent XSS - unsafe content not filtered by defanger [CWE-79]||CVE-2016-5721||4.3||Minor||8.6.0 Patch11|
|104910||Persistent XSS - Contact print [CWE-79]||CVE-2016-3407||3.5||Minor||8.6.0 Patch11|
|104222||Persistent XSS - Signature [CWE-79]||CVE-2016-3407||4.3||Minor||8.6.0 Patch11|
|103609||Non-Persistent XSS - changepass [CWE-79]||CVE-2016-3407||3.5||Minor||8.6.0 Patch11|
|103996||XXE - Bulk Provision [CWE-611]||CVE-2016-3413||2.6||Minor||8.6.0 Patch11|
|103956||Non-Persistent XSS - REST Calendar [CWE-79]||CVE-2016-3410||4.3||Minor||8.6.0 Patch11|
|102637||Persistent XSS - unsafe content not filtered by defanger [CWE-79]||CVE-2016-3409||4.3||Minor||8.6.0 Patch11|
|101813||Persistent XSS - unsafe content not filtered by defanger [CWE-79]||CVE-2016-3408||4.3||Minor||8.6.0 Patch11|
|108902||Persistent XSS - contact group [CWE-79]||CVE-2018-10939||3.5||Minor||8.6.0 Patch11|
Before Installing the Patch
Before installing the patch, consider the following:
- Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration
- Patches are cumulative, and delivered as a TGZ file.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to user zimbra before using ZCS CLI commands.
- Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
Install the Patch
Note: This patch should be installed only on all mailbox nodes running in your environment.
1. Before you begin, confirm you have the following:
- Zimbra Collaboration 8.6.0 GA installed
- Zimbra Collaboration 8.6.0 Patch11 TGZ file
2. Copy the patch.tgz file(s) to your server.
3. Install Zimbra Collaboration 8.6.0 Patch11
- a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.6.0_GA_XXX.tgz cd zcs-patch-8.6.0_GA_XX
- b. As root, install the patch. Type
- c. Switch to user zimbra
su – zimbra
- d. ZCS must be restarted to changes to take effect. Type
Note: For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »