Zimbra Releases/9.0.0/P42
Zimbra Collaboration Kepler 9.0.0 Patch 42 GA Release
Release Date: October 08, 2024
Check out the Security Fixes for this version of Zimbra Collaboration.
Please refer to the Patch Installation page for Patch Installation instructions.
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues
Security Fixes
Summary | CVE-ID | CVSS Score |
---|---|---|
Addressed a Cross-Site Request Forgery (CSRF) vulnerability by disabling GraphQL GET methods via localconfig. A new local config attribute, zimbra_gql_enable_dangerous_deprecated_get_method_will_be_removed, has been introduced to control these methods. The default value is not TRUE, and customers are recommended not to set it to TRUE. |
Known Issues
- Warning
mv: cannot stat '/opt/zimbra/lib/patches/zmgql.jar': No such file or directory is seen during patch upgrade.
This is harmless warning and can be ignored.
Packages
The package lineup for this release is:
zimbra-patch -> 9.0.0.1728022681.p42-2
Patch Installation
Please refer to below link to install Kepler 9.0.0 Patch 42:
Quick note: Open Source repo
The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build