[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6.0.11 critical bugs



Rich,

Thanks for the heads up on these.  We installed 6.0.11 and verified 57478 (All Folders in Web Client Expanded by Default).  I think the possibility of 57551 (Access to shared Map in FileUploadServlet is not synchronized) happening is enough to deter us from going to 6.0.11 in production.

Thanks,

Doug

----- Original Message -----
> From: "Rich Graves" <rgraves@carleton.edu>
> To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
> Sent: Friday, March 4, 2011 10:21:40 PM
> Subject: 6.0.11 critical bugs
> I'd like to think that y'all would do this anyway, but take a close
> look at pm.zimbra.com for 6.0.12 before installing 6.0.11. There are
> several showstoppers.
> 
> Most have easy workarounds, but 57468 and 57551 are beyond my comfort
> level.
> 
> Pity -- in my mind, the application-level security issues addressed in
> 6.0.11 are more serious than the OpenSSL bugs in the last two point
> revs, and I'd have liked to upgrade immediately.
> 
> So, is anyone considering 7.0 before July? Not me.
> --
> Rich Graves http://claimid.com/rcgraves
> Carleton.edu Sr UNIX and Security Admin
> CMC135: 507-222-7079 Cell: 952-292-6529

-- 
Doug Curtis
doug.curtis@oit.gatech.edu
Georgia Tech OIT/A&I
404.385.0390