Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN719
_____________________________________________________________________

DATE                : 20/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Zimbra versions prior to 10.1.12.

=====================================================================
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.12
https://blog.zimbra.com/2025/10/patch-release-update-zimbra-10-1-12/
_____________________________________________________________________

Zimbra Daffodil (v10.1.12) Patch Release

Release Date: Oct 16, 2025

Check out the Things to know before you upgrade sections for this
version of Zimbra.


Things to know before you upgrade


Changes to Licensing System

To upgrade to version 10.1.12 from 10.1.3 or before, it is important
to ensure that you are using the latest version of the
zimbra-lds-patch package. After upgrading to 10.1.12, you must
reactivate the license to maintain synchronization. Please refer to
patch installation for LDS patch update steps.

To reactivate the license, execute the following command as zimbra
user:

zmlicense -a <license_key>


Security Fixes


Summary 	CVE-ID 	CVSS Score
Addressed a Server-Side Request Forgery (SSRF) vulnerability in the
chat proxy configuration.

 		
Packages

The package lineup for this release is:

zimbra-proxy-patch                                ->  10.1.12.1760086549-1


Patch Installation

Please refer to below link to install 10.1.12 (Oct 16 2025):

    If you are upgrading from any older version other than ZCS 10.1.11
(like 10.1.5, 10.1.6, etc.), please follow the steps mentioned here for
cumulative patch upgrade - Patch Installation

    If you are upgrading from 10.1.11, only applicable packages are proxy
nodes packages.

    Please note that after this upgrade, in a multi server environment,
proxy node server will display 10.1.12 version tag whereas other nodes
will continue to display 10.1.11 version tag.


Quick note: Open Source repo

The steps to download, build, and see our code via Github can be found
here: https://github.com/Zimbra/zm-build 

_____________________________________________________________________


Emergency Patch Release: Zimbra 10.1.12
By marilyn lee on October 16, 2025 in Uncategorized

EMERGENCY SECURITY PATCH
Patch Security Severity: High
Deployment Risk: Low


This patch fixes a critical security vulnerability related to a
Server-Side Request Forgery (SSFR) in the chat proxy configuration. 

We recommend all users and administrators, especially those on Zimbra
versions 10.1.5 to 10.1.11 to apply this update immediately. It will
strengthen your system’s stability and ensures uninterrupted service
performance:

    Zimbra 10.1.12 (Release Notes)


Customer Feedback Portal

Vote on suggested features, propose your own and stay updated with
our product roadmap. Join us at pm.zimbra.com, our dedicated customer
portal, for product feedback. Contribute to Zimbra’s evolution!


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================