I may be a bit of a broken record, but: I would recommend putting the web interface behind some kind of protection. This could be IP based, a HTTP proxy, a VPN, etc, etc. See my signature. It is basically a necessity, given the vulnerabilities that have come out. And, it allows you the luxury of indeed waiting those 7 days, mostly.If you wait 7 days to apply critical patches to your systems, you should take up a new career. Zimbra in particular has a recent track record of active attacks against vulnerabilities. I've been running Zimbra for 20 years since it first came out in beta and happily patched on day after release as a policy with zero issues.Every zimbra sysadmin on earth waits at least 7 days before apply a zimbra patch. Those who did not follow this rule are dead or are now working in coal mining.Hi, many thanks for your builds. With these, I was finally able to upgrade from 8.8.15 which I had put off for years.
One comment, if you put a 7 day delay on all your builds, they are much less useful as Zimbra has had so many medium/high level security issues of late. If like today Zimbra emails everyone with a 'CRITICAL SECURITY PATCH' with 'APPLY THIS PATCH IMMEDIATELY', it's irresponsible of admins to wait at least a week to apply the update.
Sorry if this is documented somewhere, I must have missed it, but is there a simple way to make your builds ourself faster?
Especially if the warning email comes with the copypasted subject from a previous patch alert...
An example of vulnerabilities that did require immediate attention are the cpio and amavis vulnerabilities, where the mail (virus) scanner was made to execute payload from an e-mailed attachment. But most vulnerabilities are in the SOAP API or other web stuff, which is easily protected.
Statistics: Posted by halfgaar — Mon Feb 17, 2025 3:02 pm