Hi jered,Digging in further, I see that the 10.1.4 release referenced CVE-2024-45516 (one digit different, so I suspect just a typo).
So the question is if this is "just" the 10.1.4 fix with the zimbraLowestSupportedAuthVersion upgrade removed, or is there a new post-10.1.4 vulnerability?
Yes, the XSS vulnerability in 10.1.5 appears to be a new issue, separate from the postjournal CVE-2024-45519 and not previously fixed in 10.1.4.
Statistics: Posted by CarlosAlcaraz — Sat Mar 15, 2025 2:10 am
