4.5.4: Security Update Available
As we posted last week, there is a vulnerability in ZCS 4.5.4 and lower that can allow remote code execution on a unpatched system.
Please see this thread on how to close the vulnerability yourself:
Some users would rather wait for an official update. We originally said that we would introduce it with 4.5.5, however, we felt the need to release a patched update so that new users would download the patched version.
The 4.5.4-20070418 release fixes a security vulnerability within the ZCS. This is the same security vulnerability mentioned in previous e-mails and forum discussions.
The elimination of this vulnerability is the only difference between this release and the 4.5.4 release. Customers may upgrade from 4.5.4 or prior releases to this release, or they can patch their systems as explained previously to eliminate the vulnerability.
We strongly urge all users who have not yet upgraded to 4.5.4 to do so, as this vulnerability is present in all previous version of ZCS.
If you have patched your system there is no additional security benefit to installing 4.5.4-20070418.
Zimbra Forums & Support Teams
Release Notes: http://www.zimbra.com/pdf/Zimbra%20O...es%204.5.4.pdf