ZCS just released version 6.0.3. Contrary to normal minor releases like this, we strongly urge you to update to this release, as it includes a fix against the recently discovered SSL vulnerability. In addition to this SSL fix, there’s also a security update for Nginx and Jetty.
Here’s the full changelog from the announcement:
Security Fixes:
42422 – upgrade OpenSSL
42570 – upgrade Jetty
42508 & 42509 – upgrade NginxZimbra Fixes:
42761 – Enable upgrade path from 5.0.20 to 6.0.3
42074 – Mail view scrolls to top
41920 – Duplicates returned in contact search
41753 – forwarded invitations get stuck in the queue
42012 – Jetty Acceptor1 misbehaving channels
42127 – Message showed a blank page when opened
42477 – jetty cancels server socket key in busy key workaround
