Pydio Core / Pydio Enterprise 8.2.3 - Security Release
This release provides bugfixes and security fixes for Pydio 8, upgrade is highly recommended.
CVE IDS: CVE-2019-10049, CVE-2019-10048, CVE-2019-10045, CVE-2019-10047, CVE-2019-10046, CVE-2019-10046, CVE-2019-9642
- Fix zoho display in IE11
- Fix download multiple files on windows env
- Fix download all on smb workspace
- Fix php72 compatibility
- Remove unused variables
- Replace deprecated function
- Bypass writing error in text log
- Fix permission merging with mask
- Let video player add its own cookie
- Remove support for legacyShares
- Seed the version number with server uuid
- Prevent opening html content-types in external window
- Set WebDAV force basic auth to true by default
- Move some more configs in inc file
Patches are provided for all last stable for the major versions:
Upgrade to 8.2.3 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel.
Please note that Pydio 6 and 7 are End-Of-Life since end 2018. There are no more patches provided, urgently consider upgrading to a new version of Pydio. Maybe a good time to give Pydio Cells a try?
Many thanks to Etienne Gervais, and Ramiro Molina from SecureAuth who reported the vulnerabilities.