<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><style style="display:none">/*<![CDATA[*/P {
margin-top: 0;
margin-bottom: 0;
}
/*]]>*/</style></div><div data-marker="__SIG_PRE__"><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">Hello Mark,</p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt"><br data-mce-bogus="1"></p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">Thank you for the reply.</p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt"><br data-mce-bogus="1"></p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">I agree that we partners should receive a warning about security fixes before Zimbra releasing a patch. I will discuss this with our Zimbra country manager for Brazil as well.</p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt"><br data-mce-bogus="1"></p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">Best regards.</p><p style="margin:3px;color:rgb( 128 , 128 , 128 );font-size:10pt">Fabio S. Schmidt</p></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>De: </b>"L Mark Stone" <lmstone@lmstone.com><br><b>Para: </b>"Fabio Soares Schmidt" <fabio@bktech.com.br>, "users" <users@lists.zetalliance.org><br><b>Enviadas: </b>Quinta-feira, 4 de junho de 2020 11:03:46<br><b>Assunto: </b>Re: Zimbra vulnerability fix in the new patches released today<br></div><div><br></div><div data-marker="__QUOTED_TEXT__"><div>
<div style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
We did not get any advance notice Fabio. I can't speak for other Partners.<br>
</div>
<div style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I have spoken several times with senior Zimbra execs that failing to disclose exploitable security exploits to partners in advance invites bad actors to attempt to perform the exploits.</div>
<div style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
As a BSP, I was particularly disappointed about the cross-domain GAL search exploit that was fixed in a recent patch.</div>
<div style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Usually, we like to test patches before deploying them, but in that case we felt we had no choice but to apply the patch immediately.</div>
<br>
<div>
<div style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Mark<br>
</div>
<div>
<div dir="ltr" style="font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); font-family: calibri, arial, helvetica, sans-serif;">
<p style="margin-top: 0px; margin-bottom: 0px;"><strong>_________________________________________________</strong></p>
<div style="margin-top: 0px; margin-bottom: 0px;">
<div><span style="font-size: 10pt;"><strong>L. Mark Stone, Founder</strong></span></div>
<div><span style="font-size: 10pt;"><strong></strong></span><br>
</div>
<div><img src="https://s3.amazonaws.com/public.missioncriticalemail.com/MissionCriticalEmail+Logo-Horizontal-01-Cropped-300x45.png" saveddisplaymode="" style=""></div>
<div><em><span style="font-size: 10pt;"><strong>North America's Leading Zimbra VAR/BSP/Training Partner</strong></span></em></div>
<div><em><span style="font-size: 10pt;"><strong>For Companies With Mission-Critical Email Needs</strong></span></em></div>
<div><em><span style="font-size: 10pt;"><strong>Need more email security & compliance? Ask me about Mimecast!</strong></span></em></div>
<br>
</div>
</div>
</div>
</div>
<hr style="display: inline-block; width: 98%;">
<div dir="ltr"><font face="Calibri, sans-serif" style="font-size: 11pt;" color="#000000"><b>From:</b> Users <users-bounces@lists.zetalliance.org> on behalf of Fabio S. Schmidt <fabio@bktech.com.br><br>
<b>Sent:</b></font></div></div><br></div></div></body></html>