Zimbra Releases/9.0.0/P43
Zimbra Collaboration Kepler 9.0.0 Patch 43 GA Release
Release Date: December 17, 2024
Check out the Security Fixes for this version of Zimbra Collaboration.
Please refer to the Patch Installation page for Patch Installation instructions.
As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues
Things to know before you upgrade
Changes to SOAP API
There are changes in ChangePassword SOAP API. Please refer to API reference documentation. If you have custom auth implementation with ChangePassword, please incorporate changes to support new API changes.
Security Fixes
Summary | CVE-ID | CVSS Score |
---|---|---|
An issue with encoded @import statements in <style> tags that allowed the loading of malicious CSS has been addressed. | ||
SSRF vulnerability in the RSS feed parser that allowed unauthorized redirection to internal network endpoints has been resolved. | ||
A Cross-Site Scripting (XSS) vulnerability via crafted <img> HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed. | CVE-2024-45516 | |
A Cross-Site Scripting (XSS) vulnerability via crafted HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed. | ||
A vulnerability in the ChangePassword API has been fixed to require a valid auth token. |
Fixed Issues
Zimbra Collaboration
- After upgrading to iOS 18, users with IMAP-connected accounts experienced slower search performance, which led to overall slowness. It happened due to an update in the query parameters. The issue has been fixed.
- In 9.0.0-P42, the command to add zmgql.jar was executed twice during the post-install script of the patch and displayed an error. The issue has been fixed.
Packages
The package lineup for this release is:
zimbra-patch -> 9.0.0.1733747325.p43-2 zimbra-mbox-admin-console-war -> 9.0.0.1732701570-1 zimbra-mbox-webclient-war -> 9.0.0.1732702347-1 zimbra-common-core-jar -> 9.0.0.1733200613-1 zimbra-common-core-libs -> 9.0.0.1733153162-1 zimbra-mbox-store-libs -> 9.0.0.1733153162-1 zimbra-modern-ui -> 4.39.1.1733745171-1 zimbra-modern-zimlets -> 4.39.1.1732708629-1
Patch Installation
Please refer to below link to install Kepler 9.0.0 Patch 43:
Quick note: Open Source repo
The steps to download, build, and see our code via Github can be found here: https://github.com/Zimbra/zm-build