Pydio Core / Pydio Enterprise 8.2.4 - Security Release
This release provides bugfixes and security fixes for Pydio 8 and Pydio Enterprise 8, upgrade is highly recommended. CVE are being submitted.
Migrate to Cells today!
Please note that this is the last update provided for Pydio 8 community edition, that is considered End-of-life at the end of 2019. But Pydio is far from being dead : since two years now, we have been releasing Pydio Cells, a full rewrite of the PHP product in Golang. It has been running in production since then, and provides improved performances, stability and features compared to Pydio 8.
Cells 2.0 provides an embedded migration tool for importing data from an existing Pydio 8 installation (users, workspaces, shares, metadata). Time to upgrade!
Upgrade Pydio 8
Patches are provided for all last stable for the major versions:
Archive Installations & Debian/APT Packages
Upgrade to 8.2.4 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel.
YUM / RPM Packages
Upgrade of the PHP version implies additional modifications if you are using the RPM packages (RHEL/CentOS). As all PHP5.6 dependencies are now removed from SCL repository, PHP version now changes from 5.6 to 7.2.
First, make sure you have a backup of your installation. The most important data is located under /usr/share/pydio and /var/lib/pydio/plugins
A - Release Packages
Update two pydio release packages for new repositories files
yum update pydio-release yum update pydio-enterprise-release
Notes: If you are using enterprise version, please re-edit API_KEY and API_SECRET in /etc/yum.repos.d/pydio-enterprise.repo
You should see that the content of /etc/yum.repos.d/pydio.repo was changed. There are no new package inside the [pydio] repo, thus you must disable [pydio] and enable [pydio-php72] instead to continue the upgrade.
Note: they may be stored in a new file name with .rpmnew extension
[pydio] name=Pydio official packages for community version baseurl=https://download.pydio.com/pub/linux/centos/7 enabled=0 gpgcheck=1 protect=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PYDIO [pydio-php72] name=Pydio official packages for community version baseurl=https://download.pydio.com/pub/linux/centos/php72/7/ enabled=1 gpgcheck=1 protect=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PYDIO
For Pydio Enterprise, please apply the same changes inside the pydio-enterprise.repo file.
B - Update Packages
Execute the following command to clean yum cache and update new database :
yum clean all yum update pydio
If there is no error, you can press 'y' to launch pydio update process.
C - Post upgrade
Because php 72 uses mysqli by default, you should reconfigure the pydio bootstrap.json file: /var/lib/pydio/plugins/boot.conf/bootstrap.json
Php configuration php.ini
Older php version use /etc/opt/rh/rh-php56/php.ini, but php72 now uses /etc/opt/rh/rh-php72/php.ini. You should reconfigure this new php.ini as you did in 5.6 version. The most important parameters are listed below:
output_buffering = Off upload_max_filesize = 1024M post_max_size = 1024M max_execution max_execution_time = 1200 memory_limit = 1224M
Remove pydio plugin cache
rm -rf /var/cache/pydio/plugins_*
systemctl restart httpd24-httpd
Many thanks to Sammy Forgit (Certilience) for reporting the vulnerabilities.