[FIXED] CVE-2025-68645 fix missing !!! from ZCS FOSS 10.0.18.

[adrian.gibanel.btactic]

According to ZCS 10.0.18 release notes ZCS 10.0.18 should include a fix for CVE-2025-68645 ( Addressed an unauthenticated local file inclusion vulnerability in the RestFilter ).

Given that 10.1.13 commits embargo was lifted and that almost all of the 10.0.18 were lifted I think this is an oversight as it happened in the past.

Here there are the associated commits that I have been able to detect:

- ZBUG-4988: removed RestFilter and jsp-config from zm-admin-console 10.1.13 tag should be in 10.0.18 tag.
- ZBUG-4988: removed RestFilter from zm-admin-ajax 10.1.13 tag should be in 10.0.18 tag.
- ZBUG-4988: added allowlist to RestFilter from zm-ajax 10.1.13 tag should be in 10.0.18 tag.

Thank you for fixing this.

[adrian.gibanel.btactic]

This is a gently bump so that this is not forgotten.

Thank you.

[adrian.gibanel.btactic]

Build Ubuntu 24.04 Beta

Code: Select all

git clone --depth 1 --branch 10.1.16 git@github.com:Zimbra/zm-build.git
cd zm-build
ENV_CACHE_CLEAR_FLAG=true ./build.pl --ant-options -DskipTests=true --git-default-tag=10.1.16,10.1.15,10.1.14,10.1.13,10.1.12,10.1.11,10.1.10,10.1.9,10.1.8,10.1.7,10.1.6,10.1.5,10.1.4,10.1.3,10.1.2,10.1.1,10.1.0 --build-release-no=10.1.0 --build-type=FOSS --build-release=LIBERTY --build-release-candidate=BETA --build-no 4848 --build-thirdparty-server=files.zimbra.com --no-interactive

Thank you @umashankar.avagadda !

BTW... Could you please take care of: CVE-2025-68645 fix missing !!! from ZCS FOSS 10.0.18. in a similar way to what you did with ZCS FOSS 10.1.8?

Thank you.

Done.

I have checked the Git repos and this has been properly fixed.