[Users] Security Patch for for Zimbra Collaboration Suite 8.8.15 in /opt/zimbra/jetty/webapps/zimbra/m/momoveto
Andreas Wolske
andreas.wolske at managedhosting.de
Thu Jul 13 08:03:00 CEST 2023
Hello all,
Synacor recommended via E-Mail to fix a security vulnerability by
manually changing line 40 of /opt/zimbra/jetty/webapps/zimbra/m/momoveto
This would be cumbersome to roll out via Ansible or SSH. So I just
wanted to share the script I used:
# as root
sudo su -
# make backup of /opt/zimbra/jetty/webapps/zimbra/m/momoveto
cp /opt/zimbra/jetty/webapps/zimbra/m/momoveto /tmp/momoveto.backup
# check "param.st"
grep param.st /opt/zimbra/jetty/webapps/zimbra/m/momoveto
# apply fix
sed -i 's/param.st/fn:escapeXml(param.st)/'
/opt/zimbra/jetty/webapps/zimbra/m/momoveto
# check "param.st"
grep param.st /opt/zimbra/jetty/webapps/zimbra/m/momoveto
# remove backup
rm -f /tmp/momoveto.backup
HTH
Best regards
Andreas Wolske
More information about the Users
mailing list