Pydio Cells & Enterprise 2.1.11

Created on 2020/12/16
Component: 
License: 
Release Type: 

This release is a security fix for 2.1 branch.

It fixes a vulnerability discovered in one GO standard library that only affects users of the SAML SSO connector (Enterprise Edition). This release also rolls out a couple of minor fixes and improvements. 

  • Fix vulnerability linked to xml encoding/decoding affecting the SAML connector. Upgrade is highly recommended if you are using this connector.
  • Fix logging overflow that could create a lock on some circumstances.
  • Additional failsafe mechanisms on datasource sync to avoid false-deletes detection.
  • Lower down "tasks pruning limit" in scheduler, to prevent on-file logs from growing too fast.
  • For backward-compatibility with some existing Pydio 8 installation being migrated to Cells, we introduced a new "loginCI" flag in the pydio.grpc.user service, to make login management case-insentive.
    Please beware that it could slow down some queries.

Credits

A big thanks to the Mattermost security team (@Juho Nurminem)  who alerted us on the possibility of being affected by the xml encoding issue in the go standard library.

Downloads

Téléchargement

Display Share Block: