Zimbra Forums

While 8.6 and 8.7 are out of support, there are stills (lots) of servers running these versions (especially 8.6). Are they vulnerable? Yep. I modified Jim Dunphy's script in order to work with older Versions, too. Please see https://forums.zimbra.org/viewtopic.php?f=15&t=70382&start=20#p303...

Good Morning I can confirm that as of now (12:20 AM CET) the current patches provided by Zimbra contain the fixes for /opt/zimbra/jetty_base/webapps/zimbra/WEB-INF/tags/calendar/multiDay.tag /opt/zimbra/jetty_base/webapps/zimbra/WEB-INF/tags/calendar/monthView.tag for Versions 8.8.15 and 9. It's the...

I understood that we're talking about a XSS Vulnerability. So I'm wondering why Zimbra does not apply basic HTTP Security Headers by default? Doesn't zmprov mcf +zimbraResponseHeader "X-Frame-Options: SAMEORIGIN" zmprov mcf +zimbraResponseHeader "X-XSS-Protection: 1; mode=block" ...

Just to be on the safe side we added "log4j2.formatMsgNoLookups=true" to zimbra_zmjava_options. zmlocalconfig zimbra_zmjava_options zimbra_zmjava_options = -Xmx256m -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djava.net.preferIPv4Stack=true Add ...

Zimbra Support recently posted the following information on https://support.zimbra.com (Login needed): 0-day Exploit Vulnerability for log4j (CVE-2021-44228) After intensive review and testing, Zimbra Development has determined that the 0-day exploit vulnerability for log4j (CVE-2021-44228) does not...

... the old hostname remaines in loggerhostmap. Try to delete the orphaned entries.
List Logger Hostmap with and delete non-existent values with HTH

Hi Mark, Andreas, Just to be clear, are you saying that the 8.8.9 installer endeavors to deploy a zimbra-common-core-jar version of a lesser number than that installed/required by 8.8.8 Patch7? Worth opening a Support Case for that for sure if I understand it correctly. Thanks, Mark I don't think so...

Hi, just a quick heads up: I just tried to upgrade our first 8.8.8 test system to 8.8.9 (based on Ubuntu 16.04) and it failed due to a package conflict. The install.log says ... same here on RHEL/CentOS 7.x The upgrade failed with RPM dependency errors: error: Failed dependencies: zimbra-common-core...

following workaround did the trick for me: service zimbra stop yum remove zimbra-network-modules-ng-1.0.13+1521603981-1.r7.x86_64 now manually install the previous version extracted from ~/zcs-NETWORK-8.8.7_GA_1964.RHEL7_64.20180223145016/packages yum install zimbra-network-modules-ng-1.0.12+1519200...

Same thing here: Just upgraded our test environment from 8.8.6 to 8.8.8.
NG Modules are missing completely and so do other admin extensions.