Solved: Zimbra PDF Preview Not Working After Patching (10.1.13)

After updating to Zimbra 10.1.13, some users (including myself) noticed unexpected changes in how PDF attachments behave in the Zimbra webmail Classic interface.

Before the update, users could easily preview PDF files directly in the browser without having to download them. However, after applying the update, clicking on a PDF attachment causes the file to be downloaded automatically instead of opening in a new tab.

Here’s how I solved the problem

Create backup folder

mkdir /srv/backup-js/

Go to jetty folder and backup files

cd /opt/zimbra/jetty/webapps/zimbra/js
cp MailCore_all.js MailCore_all.js.zgz /srv/backup-js/

Open file MailCore_all.js and remove these lines (row 11552 until 11557)

vi MailCore_all.js

Remove these lines

if (params.att.ct === ZmMimeTable.APP_ADOBE_PDF) {
    params1.href = params.att.url + "&disp=a";
    params1.download = true;
    } else {
    params1.href = params.att.url;
    }

and change with these lines

	params1.href = params.att.url;
 	params1.blankTarget = true;

Zip js file that has been modified

gzip -c MailCore_all.js > MailCore_all.js.zgz

Restart Zimbra Mailbox

su - zimbra -c 'zmmailboxdctl restart'

Please re-login to Zimbra Webmail. If the problem exist, please clear cache or test on the new browser (or private window)

Good Luck 🙂

6 comments

Rufijo says:

November 13, 2025 at 8:42 pm

Perfect solution 🙂 works for me! thx!

Bruno says:

November 19, 2025 at 8:09 am

Thank you! This helped a lot!

BG says:

November 26, 2025 at 10:54 pm

hello,
i change also MailCore_all.js with:

// convert to HTML
//if (att.links.html && !appCtxt.get(ZmSetting.ATTACHMENTS_BLOCKED) && att.ct !== ZmMimeTable.APP_ADOBE_PDF) {
if (att.links.html && !appCtxt.get(ZmSetting.ATTACHMENTS_BLOCKED)) {

1. Imanudin Ahmad says:
  
  December 2, 2025 at 8:57 am
  
  Thanks for sharing, BG
  
mocha says:

December 8, 2025 at 11:27 am

The PDF preview option in Classic Web App has been removed to safeguard users from a stored XSS vulnerability associated with PDF attachments. As part of this security enhancement, clicking a PDF file will now directly download it instead of opening it in a new browser tab for preview. This change is intentional and was implemented to ensure a more secure user experience.

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.13

1. Imanudin Ahmad says:
  
  December 10, 2025 at 4:42 am
  
  Hi Mocha,
  Thanks for your additional information

Share this:

Leave a Reply Cancel reply