Zimbra Collaboration 8.7.2 and 8.6 Patch 8 are Available


In July of last year, we announced Zimbra Collaboration 8.7, which included four of my favorite, admin-related features including Two-Factor Authentication (2FA), a new Zimbra Packaging System, SSL Server Name Identification (SNI) and Zimbra Postscreen.

Today, I’m thrilled to announce our first minor release of 2017: Zimbra Collaboration 8.7.2, please go to the Downloads page to grab it. We have also a beta for Zimbra Collaboration 8.6 Patch 8 which you can download and install by contacting Support, if you need it, please go here to obtain more information about how to reach Zimbra support.

We are working behind the scenes to make many changes to Zimbra; one of these changes is that we are moving to more frequent release process for bugs and patches. One of our goals for 2017 is to have more frequent releases, to fix more bugs, and to fix bugs faster. We are really happy to have this release acceleration in place and we’re looking forward to your feedback on our more frequent release approach!

Fixed issues ZCS 8.7.2

Here is a comprehensive list of all the items addressed in this Release. One of my favorite fixes is Bug 104027: Mail list view is not refreshed when deleting mails in message view. Enjoy the fixes!

ZCS-11 Pagination support for SyncGalRequest
ZCS-58 EWS Sharing – Delayed syncing of few folders in mounted share in Macoutlook
ZCS-205 Chrome: “Script Error: Cannot read property ‘parentAppCtxt’ of null” when accepting share from new window
ZCS-207 Very long range appointment causes script error and leaves the browser unresponsive
ZCS-217 Warn user if scheduling an appointment in the past
ZCS-239 Changing of calendar “Show reminders (zimbraPrefCalendarApptReminderWarningTime)” preference sends zimbraPrefCalendarWorkingHours in ModifyPrefsRequest
ZCS-257 Image within signature is broken in reply/forward window
ZCS-264 Problem using mobile web client in french
ZCS-378 SyncGalRequest throws error if galsync account and user account are not on same host.
ZCS-440 Add validation for dates in quick add appointment dialog
ZCS-455 SearchGalRequest throws NPE, if no galsync account present
ZCS-476 swatchdog alerts are tagged as spam when DKIM is in use
ZCS-501 New task functionality regressed
ZCS-525 Upgrade log showing wrong upgrade paths
ZCS-551 unknown document” exception for some requests on 8.7.2 build on RHEL machines
ZCS-558 8.7.2 to 8.7.2 (same version) upgrade removes service, zimbra & zimbraAdmin war contents
ZCS-567 Rolling upgrade from network to network ,gives warning of switching to FOSS.
ZCS-621 Convertd failed after upgrade to 8.7.1 from 8.7.0
ZCS-504 upgrade step for 8.7.2
104027 Mail list view is not refreshed when deleting mails in message view
103456 start and end time is not checked in Print dialog
103339 compose new email issue with scrollbar
104303 Remove error msg which lists supported browsers
103534 Enter key in “Show appointment through” date field doesn’t refresh the page state
102980 Some zimlet does not display dismiss text in Dismiss button of Dialog.

Fixed Issues ZCS 8.6 Patch 8

Here is a comprehensive list of all fixed items in ZCS 8.6 Patch 8. This Patch address mostly Security Issues with different importance. We strongly recommend that all of our Customers running Zimbra Collaboration 8.6 install this Patch as soon as possible.

Admin – Console
100899 CSRF – Admin Console [CWE-352]
104294 CSRF – Client uploader extension [CWE-352]
104456 extension REST handlers are not protected by CSRF [CWE-352]
68445 After session timeout, username field appears disabled so user cannot sign back in Admin Console
103497 [RSYNC Failure] Implement mailbox unlocking for Flush Cache
EWS – Server
101746 Outlook 2016: Auto Sync not working for Outook 2016
Other – Server
104236 All file uploads are broken in Admin UI (zimlet, certificate, migration wizard, license) because FileUploadServlet no longer supports csrfToken specified in multipart body
105029 Soap servlet should log CSRF related error at INFO level

Security Fixes for ZCS 8.6 Patch 8

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Fix Release or
Patch Version
104294104456 CSRF CWE-352 CVE-2016-3406 2.6 Minor 8.6 P8, 8.7.0 Zimbra
CSRF CWE-352 CVE-2015-6542
5.8 Major 8.6 P8, 8.7.0 Sysdream

Please refer to the release notes to know more about security in Patch 8 and below

Bonus: Slide deck

We have released a slide deck about What’s New in Zimbra Collaboration 8.7.x, and we hope you like it. Follow us on Twitter and LinkedIn to keep up-to-date about upcoming webinars about Zimbra Collaboration, Zimbra Talk and Zimbra Suite Plus.

Click here if the slide deck is not working for you.

Quick note about our git repository and our Open Source Code

Downloading and building our Zimbra code? Keep reading… Starting ZCS 8.7.2 and above we have a new steps to download and see our code:

Note: Code is just published as it is. Objective is people should able to see the code changes. There are some tweaks required to get it build. We are working on restructuring.


  • Read the Release Notes for Zimbra Collaboration 8.7.2 here
  • Read the Release Notes for Zimbra Collaboration 8.6 Patch 8 here
  • Download Zimbra Collaboration 8.7.2 and 8.6 Patch 8 here
  • Forum about Installation and Upgrade here
Jorge de la Cruz

About Jorge de la Cruz

Hi everyone, my name is Jorge de la Cruz and I’m a passionate Zimbra fan. VMware vExpert ’14-’16 and Veeam Vanguard ’15-16, writing about Zimbra in a Technical manner since 2011, now leading the Product Marketing team for OEM, thrilled to be part of the Synacor Team.

Comments are closed.