Search found 4 matches

by David Bingham
Fri Mar 09, 2018 2:57 am
Forum: Announcements
Topic: Zimbra Collaboration & ZCO 8.8.7 now available
Replies: 9
Views: 40594

Zimbra Collaboration & ZCO 8.8.7 now available

Well, this is exciting! We're pleased to announce a new release for Zimbra Collaboration 8.8 as well as a long-awaited update for the Zimbra Connector for Outlook (ZCO). This release includes two security updates, ZCO localization for Catalan and Norwegian, and dozens of fixes for issues you've repo...
by David Bingham
Tue Feb 13, 2018 2:16 pm
Forum: Installation and Upgrade
Topic: Since Upgrading To Zimbra 8.8.5, Have Been Getting Numerous Lock Errors
Replies: 42
Views: 32185

Re: Since Upgrading To Zimbra 8.8.5, Have Been Getting Numerous Lock Errors

Hi Jorge, what is the ticket/bug ID for this issue? We don't have a public bug for this, as it has been reported through Zimbra support. We've had a team of engineers focused on this, and have a hotfix in test now. It's anticipated to be available before the end of this week - I expect EOD Thursday...
by David Bingham
Tue Feb 13, 2018 1:13 pm
Forum: Installation and Upgrade
Topic: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
Replies: 32
Views: 19685

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

I still cannot access, with my bugzilla account, bugs #108265 or #107925 (the two I've tried). In many cases where the bug report includes details of an exploit, as for those two, publication before people have had a chance to patch or upgrade isn't responsible. Now that we have the fixes for those...
by David Bingham
Sat Feb 10, 2018 2:42 am
Forum: Installation and Upgrade
Topic: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
Replies: 32
Views: 19685

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

Merci. Does it means 8.6 is not vulnerable to all other XSS discovered in 2017 (such as CVE-2017-17703)? Because the Security Advisories page on the wiki still doesn't give any information on vulnerable versions, bug per bug (and the bug are private). CVE-2017-8802 is rated as "minor" by ...