Zimbra Releases/8.7.11 Patch1
Zimbra Collaboration 8.7.11 Patch 1 GA Release
|107925||Persistent XSS - snippet [CWE-79]|
|108265||Persistent XSS - message view as text [CWE-79]|
|108786||Persistent XSS - content-location [CWE-79]|
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
|Fix Release or
|107925||Persistent XSS CWE-79||CVE-2017-8802||3.5||Minor||8.6 P9, 8.7 P1, 8.8.3|
|108265||Persistent XSS CWE-79||CVE-2017-17703||3.5||Minor||8.6 P9, 8.7 P1, 8.8.3|
|108786||Persistent XSS CWE-79||CVE-2018-6882||4.3||Minor||8.7 P1|
Before Installing the Patch
Before installing the patch, consider the following:
- Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbracollaboration
- Patches are cumulative, and delivered as a TGZ file.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to user zimbra before using ZCS CLI commands.
- Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
Install the Patch
Note: This patch should be installed on all nodes running in your environment.
1. Before you begin, confirm you have the following:
- Zimbra Collaboration 8.7.11 GA installed
- Zimbra Collaboration 8.7.11 Patch1 TGZ file
2. Copy the patch.tgz file(s) to your server.
3. Install Zimbra Collaboration 8.7.11 Patch1
- a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.7.11_GA_XXX.tgz cd zcs-patch-8.7.11_GA_XX
- b. As root, install the patch. Type
- c. Switch to user zimbra
su – zimbra
- d. ZCS must be restarted to changes to take effect. Type
Note: For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »