Zimbra 9.0.0 “Kepler” Patch 5 and 8.8.15 “James Prescott Joule” Patch 12 are here.
For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands. Please refer to the respective release notes for patch installation on Red Hat and Ubuntu platforms.
Note: Installing a zimbra-patch package only updates the Zimbra core packages.
Zimbra 9.0.0 “Kepler” Patch 5
Patch 5 is here for the Zimbra 9.0.0 “Kepler” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.
Security Fixes
| Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Patch Version |
|---|---|---|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | CVE-2019-1010091 | 6.1 | Medium | 9.0.0 P5 |
| Updated third-party mem component due to vulnerability | WS-2018-0236 | 6.1 | Medium | 9.0.0 P5 |
Patch Installation
Please refer to the release notes for Zimbra 9.0.0 Patch 5 installation on Red Hat and Ubuntu platforms.
Zimbra 8.8.15 “James Prescott Joule” Patch 12
Patch 12 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.
Patch Installation
Please refer to the release notes for Zimbra 8.8.15 Patch 12 installation on Red Hat and Ubuntu platforms.