[Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers
David Touitou
david at network-studio.com
Tue Apr 17 12:24:30 CEST 2018
>> Look at the IMAP issue in 8.8.6 (bug #108414).
>> Do you seriously want your system to upgrade automatically to such a version?
>
> We're talking about security updates, not version upgrades.
They have not released any "security updates" yet.
They release a mix of "security updates and bug fixes" through patches or new versions.
8.8.8-P1 is such a patch, it's a mix.
So let them first prove us they're able to release QA'ed security updates.
On time.
For all supported versions (*).
And we'll have the talk about "automatic upgrades".
David
(*) As you might guess, I'm thinking of 8.6.
It's supported but not patched against known vulnerabilities.
8.6's last patch was released _one_month_ after they knew about CVE-2018-6882.
It was done on purpose, they chosed not to provide a fix within previous patch.
I got a mail yesterday they eventually backported the fix but still don't know when they'll release it (next patch)
More information about the Users
mailing list