This thread will study ZCS NE 10.1.12 (released on October 06, 2025) security fixes and their ZCS FOSS 10.1.12 counterpart commits.
Security fixes (From 10.1.12 NE)
- Addressed a Server-Side Request Forgery (SSRF) vulnerability in the chat proxy configuration.
In order to recreate ZCS FOSS 10.1.12 as similar to ZCS NE 10.1.12 in a timely manner we need to figure out ways to either recreate these security fixes counterpart commits or find them in the repos (I might have overlooked them after all):
- Addressed a Server-Side Request Forgery (SSRF) vulnerability in the chat proxy configuration.
Actually, help is not needed.
I am so late on this post that we already have the Fix Chat Proxy vulnerability from 10.1.12. commit from Maldua Pimbra.
So I'm posting this here just as a reference. ( Thanks to all the contributors regarding the patch. )
Extra resources
- You can check/update: Zimbra FOSS CVE commits wiki page where these commits can be tracked.