Zimbra Foss CVE Commits - 10.0.18 update (Ask for help)

[adrian.gibanel.btactic]

I have updated Zimbra Foss CVE Commits page to include 10.1.13 CVE commits.

I ask for community help so that the 10.0.18 commits (which should be similar to the 10.1.13 ones) are filled. Otherwise they will left blank.

Thank you.

[zmcontrol]

adrian.gibanel.btactic,

Much thanks for creating and updating this ever more important CVE page.
Unfortunately I have nothing to add to 10.0.18, but the final commit for 10.1.13 that's missing can be found here:

https://github.com/Zimbra/zm-mailbox/co ... d1bbf52d96

Added input validation and null checks in the PreAuthServlet to prevent internal error disclosure on malformed requests

[ghen]

Zimbra 10.0 is EOL now, so maybe focus the effort on 10.1 only, or the latest release in general.

[adrian.gibanel.btactic]

adrian.gibanel.btactic,

Much thanks for creating and updating this ever more important CVE page.
But the final commit for 10.1.13 that's missing can be found here:

https://github.com/Zimbra/zm-mailbox/co ... d1bbf52d96

Added input validation and null checks in the PreAuthServlet to prevent internal error disclosure on malformed requests

Thank you for the catch! I updated the CVE page accordingly.

[adrian.gibanel.btactic]

Zimbra 10.0 is EOL now, so maybe focus the effort on 10.1 only, or the latest release in general.

10.0.18 was supported recently.

After 10.0.18, yes, all the efforts will be centered on 10.1.x or newer versions.

[adrian.gibanel.btactic]

I ask for community help so that the 10.0.18 commits (which should be similar to the 10.1.13 ones) are filled. Otherwise they will left blank.

I have finally updated those CVE commits for 10.0.18.

Unfortunately the CVE-2025-68645 commits for 10.0.18 are missing.