ZCS 9.0.0 Patch 28 Released
ZCS 9.0.0 Patch 28 was released on November 21, 2022. The release includes security fixes for:
RCE through ClientUploader from authenticated admin user.
XSS can occur via one of attribute in webmail urls, leading to information disclosure.
The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerabilities. CVE-2022-26377 CVE-2022-20770.
The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities. https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771]
YUI dependency is removed from WebClient and Admin Console.