Pydio Core / Pydio Enterprise 8.2.2 - Security Release

Created on 2018/10/11
Builds reference: 
Pydio Core 8.2.2 - Zip Archive
Pydio Core 8.2.2 - Tgz Archive
[auth] Pydio Enterprise 8.2.2 - Zip Archive
[auth] Pydio Enterprise 8.2.2 - Tar.gz Archive
Pydio / Pydio Enterprise 6.4.2 Patch - Zip Archive
Pydio / Pydio Enterprise 7.0.4 Patch - Zip Archive
Component: 
License: 
Release Type: 

Download

  • Pydio Core 8.2.2 - Zip Archive - No Arch : Download
  • Pydio Core 8.2.2 - Tgz Archive - No Arch : Download
  • [auth] Pydio Enterprise 8.2.2 - Zip Archive - No Arch : Download
  • [auth] Pydio Enterprise 8.2.2 - Tar.gz Archive - No Arch : Download
  • Pydio / Pydio Enterprise 6.4.2 Patch - Zip Archive - No Arch : Download
  • Pydio / Pydio Enterprise 7.0.4 Patch - Zip Archive - No Arch : Download

This release provides security fixes and upgrade is highly recommended.

For more details about the vulnerabilities, see existing CVE 2018-1999018 and other CVE's publications are on their way (CVE-2018-14772). See also the credits below to the security researchers that reported them. 

This release also brings fixes for the mp3 player that was a bit buggy, and prepares the way for migrating Pydio to Pydio Cells. 

Upgrade

Patches are provided for all last stable for the major versions:  

Pydio 8.2.1

Upgrade to 8.2.2 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel. 

Pydio 7.0.4 - Pydio 6.4.2

Please download the attached security patch for this version and simply unzip its content inside your pydio installation. Use for example :

`$ cp -r --verbose -i unzipped-security-patch /path/to/pydio/installation`

Please note that Pydio 6 and 7 will be End-Of-Life at the end of 2018. There will not be anymore security patches, and basically you should urgently consider upgrading to a newer version. Maybe a good time to give Pydio Cells a test ?

Credits

Many thanks to Spencer Dodd, Simon Scannell (RIPS Technologies), Robin Peraglie (RIPS Technologies), and Mike Gultieri for reporting these vulnerabilities in a responsible and cooperative manner.

Display Share Block: