Zimbra not affected by log4j (CVE-2021-44228)
After intensive review and testing, Zimbra Development determined that the 0-day exploit vulnerability for log4j (CVE-2021-44228) does not affect the current Supported Zimbra versions (9.0.0 & 8.8.15). Zimbra Collaboration Server currently uses log4j1 version 1.2.16 which doesn't contain the lookup expression feature that is found within versions 2.0 to 2.17, which is the cause of the vulnerability. Also, Redhat (CVE-2021-4104) vulnerability does not affect the Zimbra Collaboration Server version (8.8.15 & 9.0.0). For this vulnerability to affect the server, it needs JMSAppender, which the ZCS Server does not use, and the ability to append configuration files.

Universal UI beta phase is now completing

Forum about the new Universal UI work, feedback, ideas, comments are always welcome.
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Universal UI beta phase is now completing

Postby jorgedlcruz » Tue Jan 30, 2018 3:48 pm

Thank you for asking about Zimbra's Universal UI project. The Universal UI beta phase is now completing--we got great input during that process and appreciate all the enthusiastic participation. While we are suspending plans for Universal UI's release, we are aggressively advancing another exciting project we'd like you to be a part of. (Actually, you're already a part of it--our team is applying your input from Universal UI's beta phase toward this future project.)

Want to know more? Want to be an even greater part of Zimbra's next generation of products? Please sign-up to request an invite to the beta program.

Thank you! Your Zimbra friends & colleagues


Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/

Return to “Universal UI”

Who is online

Users browsing this forum: No registered users and 2 guests