[Users] Zimbra vulnerability fix in the new patches released today

Fabio S. Schmidt fabio at bktech.com.br
Thu Jun 4 18:56:56 CEST 2020



Hello Mark, 




Thank you for the reply. 




I agree that we partners should receive a warning about security fixes before Zimbra releasing a patch. I will discuss this with our Zimbra country manager for Brazil as well. 




Best regards. 

Fabio S. Schmidt 

De: "L Mark Stone" <lmstone at lmstone.com> 
Para: "Fabio Soares Schmidt" <fabio at bktech.com.br>, "users" <users at lists.zetalliance.org> 
Enviadas: Quinta-feira, 4 de junho de 2020 11:03:46 
Assunto: Re: Zimbra vulnerability fix in the new patches released today 

We did not get any advance notice Fabio. I can't speak for other Partners. 

I have spoken several times with senior Zimbra execs that failing to disclose exploitable security exploits to partners in advance invites bad actors to attempt to perform the exploits. 

As a BSP, I was particularly disappointed about the cross-domain GAL search exploit that was fixed in a recent patch. 

Usually, we like to test patches before deploying them, but in that case we felt we had no choice but to apply the patch immediately. 

Mark 


_________________________________________________ 
L. Mark Stone, Founder 

North America's Leading Zimbra VAR/BSP/Training Partner 
For Companies With Mission-Critical Email Needs 
Need more email security & compliance? Ask me about Mimecast! 


From: Users <users-bounces at lists.zetalliance.org> on behalf of Fabio S. Schmidt <fabio at bktech.com.br> 
Sent: 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20200604/d9bc9264/attachment.html>


More information about the Users mailing list