Zimbra Collaboration 8.8.8 GA Release
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
---|---|---|---|---|---|
108786 | Persistent XSS - content-location [CWE-79] | tba | tba | tba | 8.8.8 |
108227 | Multiple vulnerabilities | Various | 4.3 - 5.0 | Low | 8.8.8 |
108221 | Certificate based authentication not working since 8.7.5 | tba | tba | tba | 8.8.8 |
108894 | SOAP response with private key | tba | tba | tba | 8.8.8 |
Software changes
NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read "Things to Know Before Upgrading" and "First Steps with the Zimbra NG Modules" for critical information before you upgrade.
What's New
|
|
---|---|
Zimbra Talk - As announced at Zimbra Forum France 2018, we're proud to introduce Zimbra Talk! Experience Group and Corporate Messaging, File Sharing, and Videoconferencing right inside the Zimbra Web Client. Administrators can learn more by reading the Admin Guide. | |
Simplified SSO support in Zimbra Connector for Outlook™ - Previously, SSO authentication required matching the ZCO profile (email address) to the Windows logon name, with some other indirect settings. Now users can explicitly set a checkbox to "Connect using my Windows login credentials", which is clearer and supports the common situation where an email address and Windows login are different. Refer to the updated Tech Note for admin details. | |
New localization in Zimbra Connector for Outlook - ZCO now supports Vietnamese. |
NOTE: Beta features should not be installed and are not supported on production systems. Beta modules have been provided for evaluation in lab environments only.
Fixed Issues (Bugzilla query)
|
|
---|---|
108709 | ZWC affected by Mailsploit due to default zimbraPrefShortEmailAddress TRUE since ZCS 7.0 |
108786 | Bug 108786 - Persistent XSS - content-location [CWE-79] |
104412 | Upgrade to tinymce 4.7.9 |
108227 | Upgrade to jQuery 3.1.1 |
101172 | Upgrade YUIcompressor to 4.2.8; deprecate for external libs |
108221 | Certificate based authentication not working since 8.7.5 |
77129 | Mails should also display time not just date |
108894 | SOAP API should not return a value for zimbraSSLPrivateKey |
Known Issues (Bugzilla query)
|
|
---|---|
108905 | ZimbraNetwork Module is not visible in Admin Console after upgrade to 8.8.8 |
108906 | Encounter ZxChatRequest error after upgrade to Turing-8.8.8 |
108907 | Cannot upgrade directly from 7.2.7 to 8.8.8 |
ZeXtras Suite Changelog
|
|
---|---|
Backup NG:
|
|
Mobile NG:
|
|
HSM NG:
|
|
Admin Console:
|
|
Zimbra Chat:
|
|
Zimbra Drive:
|
|
Zimbra Talk:
|