Pydio Core / Pydio Enterprise 8.2.3 - Security Release

Created on 2019/03/21
Release Type: 

This release provides bugfixes and security fixes for Pydio 8, upgrade is highly recommended.

CVE IDS:  CVE-2019-10049, CVE-2019-10048, CVE-2019-10045, CVE-2019-10047, CVE-2019-10046, CVE-2019-10046, CVE-2019-9642

  • Fix zoho display in IE11
  • Fix download multiple files on windows env
  • Fix download all on smb workspace
  • Fix php72 compatibility
  • Remove unused variables
  • Replace deprecated function
  • Bypass writing error in text log
  • Fix permission merging with mask
  • Let video player add its own cookie
  • Remove support for legacyShares
  • Seed the version number with server uuid
  • Prevent opening html content-types in external window
  • Set WebDAV force basic auth to true by default
  • Move some more configs in inc file


Patches are provided for all last stable for the major versions:  

Pydio 8.2.2

Upgrade to 8.2.3 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel. 

Older versions

Please note that Pydio 6 and 7 are End-Of-Life since end 2018. There are no more patches provided, urgently consider upgrading to a new version of Pydio. Maybe a good time to give Pydio Cells a try?


Many thanks to Etienne Gervais, and Ramiro Molina from SecureAuth who reported the vulnerabilities. 


  • Pydio Core 8.2.3 - Zip Archive - No Arch : Download
  • Pydio Core 8.2.3 - Tgz Archive - No Arch : Download
  • [auth] Pydio Enterprise 8.2.3 - Zip Archive - No Arch : Download
  • [auth] Pydio Enterprise 8.2.3 - Tar.gz Archive - No Arch : Download
  • Pydio Enterprise 8.2.3 - OVF - No Arch : Download
Display Share Block: