Zimbra Community & Heartbleed

You have probably heard a lot about the Heartbleed Vulnerability (a.k.a. "The OpenSSL Bug") which exists in implementations of OpenSSL.

Zimbra Community is not affected by this vulnerability. Even the non-native versions of Tomcat that are required to utilize Solr search are not affected by this bug. 

Please note, however, that your servers may still be at risk if additional software or services are utilized that are affected by Heartbleed. Zimbra recommends that you conduct an audit on these systems to verify their integrity and make updates where necessary.


If you are hosted by Zimbra, rest assured, the SSL encryption utilized by our systems is not affected by this vulnerability. We've also made certain that all networking infrastructure supporting your websites is secure. If you happen to use SAML (for Single Sign-On) exposure to this vulnerability would be dependent on the SAML provider in use and any use of affected versions of OpenSSL.


As always, the integrity and safety of your data is paramount. If you have any questions please contact our Support Team at http://telligent.com/support