<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><style style="display:none">/*<![CDATA[*/P {
margin-top: 0;
margin-bottom: 0;
}
/*]]>*/</style></div><div>Fabio,<br></div><div><br data-mce-bogus="1"></div><div>In the Zeta Call Summary for June 2nd that I sent out last night, take a look at the section titled "<!--StartFragment-->Advance Patch Release Notes For Zimbra Partners". I think it will be of help as it relates to advance Zimbra partner notifications for security fixes.<br data-mce-bogus="1"></div><div><br></div><div data-marker="__SIG_PRE__"><div><div><div><span style="color:rgb( 255 , 102 , 0 );font-weight:bold"><br>Randy Leiker (</span><span style="font-weight:bold"> <span style="color:rgb( 51 , 51 , 255 );background-color:rgb( 255 , 255 , 255 )">randy@skywaynetworks.com</span> <span style="color:rgb( 255 , 102 , 0 )">)</span></span><br><span style="color:rgb( 0 , 0 , 153 )">Skyway Networks, LLC</span><br><span style="color:rgb( 0 , 0 , 153 )"></span></div><div><span style="color:rgb( 0 , 0 , 153 )"><br data-mce-bogus="1"></span></div></div></div></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From: </b>"Fabio S. Schmidt" <fabio@bktech.com.br><br><b>To: </b>"users" <users@lists.zetalliance.org><br><b>Sent: </b>Thursday, June 4, 2020 11:56:56 AM<br><b>Subject: </b>Re: [Users] Zimbra vulnerability fix in the new patches released today<br></div><div><br></div><div data-marker="__QUOTED_TEXT__"><div style="font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000"><div></div><div><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">Hello Mark,</p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt"><br></p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">Thank you for the reply.</p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt"><br></p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">I agree that we partners should receive a warning about security fixes before Zimbra releasing a patch. I will discuss this with our Zimbra country manager for Brazil as well.</p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt"><br></p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">Best regards.</p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">Fabio S. Schmidt</p></div><hr id="zwchr"><div><b>De: </b>"L Mark Stone" <lmstone@lmstone.com><br><b>Para: </b>"Fabio Soares Schmidt" <fabio@bktech.com.br>, "users" <users@lists.zetalliance.org><br><b>Enviadas: </b>Quinta-feira, 4 de junho de 2020 11:03:46<br><b>Assunto: </b>Re: Zimbra vulnerability fix in the new patches released today<br></div><br><div><div>
<div style="font-family:'calibri' , 'arial' , 'helvetica' , sans-serif;font-size:12pt;color:rgb( 0 , 0 , 0 )">
We did not get any advance notice Fabio. I can't speak for other Partners.<br>
</div>
<div style="font-family:'calibri' , 'arial' , 'helvetica' , sans-serif;font-size:12pt;color:rgb( 0 , 0 , 0 )">
<br>
</div>
<div style="font-family:'calibri' , 'arial' , 'helvetica' , sans-serif;font-size:12pt;color:rgb( 0 , 0 , 0 )">
I have spoken several times with senior Zimbra execs that failing to disclose exploitable security exploits to partners in advance invites bad actors to attempt to perform the exploits.</div>
<div style="font-family:'calibri' , 'arial' , 'helvetica' , sans-serif;font-size:12pt;color:rgb( 0 , 0 , 0 )">
<br>
</div>
<div style="font-family:'calibri' , 'arial' , 'helvetica' , sans-serif;font-size:12pt;color:rgb( 0 , 0 , 0 )">
As a BSP, I was particularly disappointed about the cross-domain GAL search exploit that was fixed in a recent patch.</div>
<div style="font-family:'calibri' , 'arial' , 'helvetica' , sans-serif;font-size:12pt;color:rgb( 0 , 0 , 0 )">
<br>
</div>
<div style="font-family:'calibri' , 'arial' , 'helvetica' , sans-serif;font-size:12pt;color:rgb( 0 , 0 , 0 )">
Usually, we like to test patches before deploying them, but in that case we felt we had no choice but to apply the patch immediately.</div>
<br>
<div>
<div style="font-family:'calibri' , 'arial' , 'helvetica' , sans-serif;font-size:12pt;color:rgb( 0 , 0 , 0 )">
Mark<br>
</div>
<div>
<div dir="ltr" style="font-size:12pt;color:rgb( 0 , 0 , 0 );background-color:rgb( 255 , 255 , 255 );font-family:'calibri' , 'arial' , 'helvetica' , sans-serif">
<p style="margin-top:0px;margin-bottom:0px"><strong>_________________________________________________</strong></p>
<div style="margin-top:0px;margin-bottom:0px">
<div><span style="font-size:10pt"><strong>L. Mark Stone, Founder</strong></span></div>
<div><span style="font-size:10pt"><strong></strong></span><br>
</div>
<div><img src="https://s3.amazonaws.com/public.missioncriticalemail.com/MissionCriticalEmail+Logo-Horizontal-01-Cropped-300x45.png"></div>
<div><em><span style="font-size:10pt"><strong>North America's Leading Zimbra VAR/BSP/Training Partner</strong></span></em></div>
<div><em><span style="font-size:10pt"><strong>For Companies With Mission-Critical Email Needs</strong></span></em></div>
<div><em><span style="font-size:10pt"><strong>Need more email security & compliance? Ask me about Mimecast!</strong></span></em></div>
<br>
</div>
</div>
</div>
</div>
<hr style="display:inline-block;width:98%">
<div dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> Users <users-bounces@lists.zetalliance.org> on behalf of Fabio S. Schmidt <fabio@bktech.com.br><br>
<b>Sent:</b></font></div></div></div></div><br></div></div></body></html>