Pydio Core / Pydio Enterprise 8.2.2 - Security Release
- Pydio Core 8.2.2 - Zip Archive - No Arch : Download
- Pydio Core 8.2.2 - Tgz Archive - No Arch : Download
- [auth] Pydio Enterprise 8.2.2 - Zip Archive - No Arch : Download
- [auth] Pydio Enterprise 8.2.2 - Tar.gz Archive - No Arch : Download
- Pydio / Pydio Enterprise 6.4.2 Patch - Zip Archive - No Arch : Download
- Pydio / Pydio Enterprise 7.0.4 Patch - Zip Archive - No Arch : Download
This release provides security fixes and upgrade is highly recommended.
For more details about the vulnerabilities, see existing CVE 2018-1999018 and other CVE's publications are on their way (CVE-2018-14772). See also the credits below to the security researchers that reported them.
This release also brings fixes for the mp3 player that was a bit buggy, and prepares the way for migrating Pydio to Pydio Cells.
Patches are provided for all last stable for the major versions:
Upgrade to 8.2.2 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel.
Pydio 7.0.4 - Pydio 6.4.2
Please download the attached security patch for this version and simply unzip its content inside your pydio installation. Use for example :
`$ cp -r --verbose -i unzipped-security-patch /path/to/pydio/installation`
Please note that Pydio 6 and 7 will be End-Of-Life at the end of 2018. There will not be anymore security patches, and basically you should urgently consider upgrading to a newer version. Maybe a good time to give Pydio Cells a test ?
Many thanks to Spencer Dodd, Simon Scannell (RIPS Technologies), Robin Peraglie (RIPS Technologies), and Mike Gultieri for reporting these vulnerabilities in a responsible and cooperative manner.