Pydio 6.0.8 - Security & bugfix release

Created on 2015/06/29
Component: 
License: 
Release Type: 

We are releasing today another security patch for v6. Vulnerabilities were reported by Lane Thames and William Söderberg, as well as the HP Fortifiy security team. Although they are involving quite complicated reflective XSS scenaris, upgrade is of course highly recommanded. This version also fixes many other issues, and improves translations, see complete change log below.

If you have not yet updated to v6, please take the complete product tour here.

  • Date: June, 29th 2015
  • License: Affero GPL v3
  • DownloadSourceforge Project
  • Source CodeGithub Project
  • Copyright: Abstrium SAS / Charles du Jeu 2015
  • Contributors: cdujeu, Lane Thames, William Sörderberg, c12simple, DepaMarco, FireFoxIXI, Sandoracs
  • Upgrading from 6.0.7:
    • In-app upgrade for Zip archives installations
    • RPM/DEB update: using apt-get or YUM commands.

Detailed Changelog

  • Minor update of german translation (mainly to unify the strings) (details)
  • Small fixes for the german translation of access.ajxp_conf (details)
  • Docker : add php-ldap dependency. (details)
  • Italian translation for plugin 'meta.monitor_fs' (details)
  • Italian translation for plugin 'mq.serial' (details)
  • Italian translation for plugin 'mq.sql' and FIXED English one (details)
  • Italian translation for plugin 'shorten.bitly' (details)
  • Italian translation for plugin 'shorten.multi' (details)
  • Italian translation for plugin 'uploader.flex' (details)
  • Italian translation for plugin 'uploader.html' (details)
  • Italian translation for plugin 'uploader.http' (details)
  • Add delete button on minisite (details)
  • Fix meta.mount fs on 6.0.7 (details)
  • Fix wording error (details)
  • Reload_registry message: make sure to trigger only if required. This can end up in a loop. (details)
  • Mysql: Tablename may create an error when getting size and count (details)
  • Added minor tweaks for getting the S3 driver working with EMC ViPR (details)
  • Add new DIRNAME mode for sanitization, same as filenames except that it lets the / pass through. Use strpos() instead of deprecated ereg() function. (details)
  • Should fix #912 (alert on watch broken in some cases) (details)
  • Fix #919 - Disable right click in FetchedResultPane (details)
  • Tweaks to support "dot" character in custom links handle - Fix #905 (details)
  • ShareCenter: Fix authorization checking for various share types. Make sure to register the REQUIRES_INDEXATION flag on syncable shared workspaces to trigger indexation at first changes API call (should fix #913) (details)
  • UserMetaManager: check metadata is not empty. (cherry picked from commit ac99bf4) (details)
  • Add a MAIL_ENCODING parameter in the phpmailer plugin to eventually switch to 7bit for old Exchange+Outlook configs. (cherry picked from commit 98eebeb) (details)
  • Perf: load repositories with a unique query instead of many small queries (cherry picked from commit c955991) (details)
  • Slight doc issue (details)
  • Italian translation for plugin 'uploader.jumploader' (details)
  • Italian translation for plugin 'uploader.plupload' (details)
  • Updated Italian translation for plugin 'core.ajaxplorer' (details)
  • Hide Native App download panel on Windows Phone (details)
  • Fix minisite login background by loading configs via JS. (details)
  • Clean listing code for sorting, get page_position on demand when listing unique file, fixes search results not going to correct page when pagination is on. (details)
  • Antivirus: make sure to do nothing when node is a folder, do not scan it! (details)
  • Repository Creation Time was overriden by parent repo when created for sharing. (details)
  • Fix 2G limitation on windows in many places ( do not use filesize directly ) (details)
  • Repository securityScope() : check the CONTAINER option if it exists for object-based drivers. (details)
  • Fix auto update via proxy (details)
  • revert cef1688f1e38830badefa1d147b48400cd09d7f2 (details)
  • Add a default sorting field and direction for server sorting. Set this params via the filesystem mixin instead of access.fs only. (details)
  • Fix SearchEngine template configuration issue on various remote drivers. (details)
  • Catch an OpenLayer error. (details)
  • Fix and improve various sorting aspects. Deselect everything on blur in search engine and fetchedresultpane, otherwise further click on the same item does nothing. (details)
  • Catch Zip decompression errors. (details)
  • Fix workspaces securityScope() for templates that predefine a Path (or Container) value. (details)
  • Make sure to not propagate a share event to a workspace parent if it's a template. (details)
  • Make sure to use ConfService::listRepositoriesWithCriteria() instead of directly conf storage implementation, otherwise the hardcode workspaces/templates may be missing. (details)
  • Follow-up for filename encoding for attachment headers and IE. (details)
  • Make sure to never call getRepositoriesList() on "user" scope before the user is actually logged, otherwise it caches an incomplete list (e.g. in updateDefaultRights). Fixes incomplete list in sync client sometime, and make fix some issues with default rights as well. (details)
  • Reorder attributes (details)
  • Detect if Download URL contains a full URL or just an URI. In latter case, concatenate current server host (without URI) and URI. (details)
  • RPM: set PUBLIC_DOWNLOAD_URL to /pydio_public by default (details)
  • Make sure to use (details)

Download

  • Pydio core 6.0.8 ZIP Archive - No Arch : Download
  • Pydio core 6.0.8 TAR.GZ Archive - No Arch : Download
  • Pydio core 6.0.8 RPM File - No Arch : Download
  • Pydio core 6.0.8 DEB Archive - No Arch : Download