Pydio Core / Pydio Enterprise 8.2.3 - Security Release
This release provides bugfixes and security fixes for Pydio 8, upgrade is highly recommended.
CVE IDS: CVE-2019-10049, CVE-2019-10048, CVE-2019-10045, CVE-2019-10047, CVE-2019-10046, CVE-2019-10046, CVE-2019-9642
- Fix zoho display in IE11
- Fix download multiple files on windows env
- Fix download all on smb workspace
- Fix php72 compatibility
- Remove unused variables
- Replace deprecated function
- Bypass writing error in text log
- Fix permission merging with mask
- Let video player add its own cookie
- Remove support for legacyShares
- Seed the version number with server uuid
- Prevent opening html content-types in external window
- Set WebDAV force basic auth to true by default
- Move some more configs in inc file
Upgrade
Patches are provided for all last stable for the major versions:
Pydio 8.2.2
Upgrade to 8.2.3 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel.
Older versions
Please note that Pydio 6 and 7 are End-Of-Life since end 2018. There are no more patches provided, urgently consider upgrading to a new version of Pydio. Maybe a good time to give Pydio Cells a try?
Credits
Many thanks to Etienne Gervais, and Ramiro Molina from SecureAuth who reported the vulnerabilities.
Need to Balance Ease-of-Use with Security? Pydio Cells Can Help.
If your organization is serious about secure document sharing and collaboration you need to check out Pydio Cells. Cells was developed specifically to help enterprises balance the need to collaborate effectively with the need to keep data secure.
With robust admin controls, advanced automation capabilities, and a seamless, intuitive end-user experience Pydio is the right choice for organizations looking to balance performance and security without compromising on either. Try Cells live for yourself. Or click on the button below to talk to a Pydio document sharing specialist.