I received email apparently from
support@zimbra.com indicating that all current versions of Zimbra have a security vulnerability. The email had instructions and a download link for a patch. Problem is, the email was sent through a mailing list company and I can't verify that Zimbra sent it. Second, there is no reference (that I can find) in the forums or web site about this.
There is no way I'm installing this without something on the web site.
Is this a forgery or does Zimbra not have a clue how to alert their users?