Zimbra just posted a blog post (https://blog.zimbra.com/2025/01/new-pat ... -updating/) announcing 10.1.5 as a high priority XSS fix, however the subject references CVE-2024-45519 which was the postjournal vulnerability last year.
The post also discusses removing enforcement of zimbraLowestSupportedAuthVersion >= 2 (which landed in 10.1.4) to simplify upgrades.
Is there a new XSS not previously addressed in 10.1.4? It's not very clear what's going on here.
The post also discusses removing enforcement of zimbraLowestSupportedAuthVersion >= 2 (which landed in 10.1.4) to simplify upgrades.
Is there a new XSS not previously addressed in 10.1.4? It's not very clear what's going on here.
Statistics: Posted by jered — Tue Jan 28, 2025 6:45 pm