The Zimbra Team at Synacor have recently posted the following message explaining the cause and fix of issue from their side.
Our Response
From our side we had successfully tested the update on other Zimbra systems but as mentioned, not all responded in the same way. We are trying to understand what made the difference between a successful or an unsuccessful application of the fix but that is not yet conclusive and likely to be technical and beyond the scope of this post.
Not applying the fixes to a system with a Zero Day high rated access vulnerability would in our policy approach be unsupportable and not possible to safely do. On behalf of our customers, we do not refer to this as ‘Panic’.
Returning service from a backup or recovered version of a still dangerously vulnerable system is not an option either. Losing email integrity or arriving at a more unknown chaotic state of data is not a desireable outcome.
Policy
We will almost always aim to balance preserving data and access for customers rather than run open and risky services that can be compromised.
We have in some cases tried to help with short term mitigation for an insecure system for a customer but only after their direct request to do so and their full knowledge of the risks. We will not expose other customers to risks in order to do so.
We would rather protect your data than risk running a failing system into more complex disaster.
We regret that the Zimbra event happened, we hate downtime unless it is absolutely necessary and we are sorry so many were so inconvenienced by this failure
Future
We are looking at ways to prevent this particular sort of event happening again with longer technical processes to test on all or more system scenarious we host so long as this can be done quick enough to protect them in good time.
However, we stand by our approach to this failure and warn customers that as things stand, should something else threaten data like this, we would likely follow a similar path of data preservation. We may, in fact, be more pre-emptive and possibly suspend a service until the fix is proven to work.