[Users] Is there a fix yet for : 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Manuel Garbin
manuel at studiostorti.com
Thu Jun 27 14:46:13 CEST 2019
Disable owasp isn't a great idea, as Mark suggested you may open your zimbra to all the XSS exploit ( example email with javascript code inside can hide a popup that is equal to login screen... etc etc )
If you are in a rush apply the patch as suggested by Toslan ( forum link bottom ) otherwise wait for a patch ;)
https://forums.zimbra.org/viewtopic.php?f=13&t=66409&start=50
----- Messaggio originale -----
Da: "L Mark Stone" <lmstone at lmstone.com>
A: "David Touitou" <david at network-studio.com>
Cc: "users at lists.zetalliance.org" <users at lists.zetalliance.org>
Inviato: Giovedì, 27 giugno 2019 14:34:53
Oggetto: Re: [Users] Is there a fix yet for : 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
I am not a programmer, but as I understand it the owasp sanitizer protects against cross site scripting attacks.
The inline attachment problem is incredibly annoying it is true, but if my understanding is correct I’d rather deal with the inline attachment problem rather than expose my Zimbra servers to an XSS exploit.
Perhaps someone who understands this better can provide greater clarity?
___________________________
L. Mark Stone
Sent from my iPhone
> On Jun 27, 2019, at 8:14 AM, David Touitou <david at network-studio.com> wrote:
>
> Hi,
>
> just seen that on the US forum, disabling the new HTML sanitizer "fixes" the problem (until a better resolution).
>
> "As a workaround please do the following on all mailbox servers
> zmlocalconfig -e zimbra_use_owasp_html_sanitizer=FALSE
> zmmailboxdctl restart"
>
> David
More information about the Users
mailing list