Pydio 6.0.7 - Security Release

Created on 2015/05/06
Component: 
License: 
Release Type: 

We are releasing today a security patch for v6. Vulnerabilities were reported by Lane Thames and are registered under CVE-2015-3431 and CVE-2015-3432. Upgrade is of course highly recommanded.

If you have not yet updated to v6, please take the complete product tour here.

  • Date: May, 6th 2015
  • License: Affero GPL v3
  • DownloadSourceforge Project
  • Source CodeGithub Project
  • Copyright: Abstrium SAS / Charles du Jeu 2015
  • Contributors: Cdujeu, DepaMarco, C12simple, Lane Thames
  • Upgrading from 6.0.6:
    • In-app upgrade for Zip archives installations
    • RPM/DEB update: using apt-get or YUM commands.

A number of other small bugs are fixed as well, listed below.

  • Add new parameter in ShareCenter to force password on public links. (details)
  • Massive refactoring of ElasticSearch plugin. Keyword search and indexed fields is working. (details)
  • Fix text logger: was broken due to the clone call on object: refresh the fileHandle resource on clone. (details)
  • Limit API connection "Login" logs to one per hour, otherwise it fills the log table, and makes the analytics quite slow. (details)
  • SMB Auth: include domain name to user name (details)
  • Get list of repository automatically (details)
  • AuthService test userExist and create new (details)
  • InfoPanel: catch modifier evaluation error - CSS: hack transparent backgrounds for IE8 using \9 symbol. (details)
  • Correct smb path string (details)
  • ShareCenter : fix link pointing to a non-existing repository (details)
  • ShareCenter.js: forgotten console calls (details)
  • ShareCenter: Catch exceptions when forwarding changes, otherwise it stops the loop. (details)
  • AjxpUtils::convertBytes : handle comma - Ajxp_VarsFilter::filter : pass an object or an id as resolve user (details)
  • Major update of ElasticSearch implementation / Refactor some method to common parent with Lucene. (details)
  • Check userExist to create new user for new sharing (details)
  • Add a new dependency type phpExtension to avoid loading plugin that have a strong dependency to one or more php extensions. (details)
  • Remove (beta) from sync clients buttons (details)
  • ShareCenter: Fix "Preview" checkbox being automagically rechecked. Check template is not ajxp_unique_dl. (details)
  • Start refactoring major JS resources. Split into subfolders. (details)
  • Display admin Search Results with USER_DISPLAY_NAME (details)
  • webdav error on smb workspace (details)
  • Shared user watch is not correctly removed when user is removed from "Share with..." list. (details)
  • Fix group listing for shared users when inside a group (cherry picked from commit a9fdc8c) (details)
  • Ability to use multiple secure_token in one session, to avoid force reload on new tab. Notify existing windows with <require_registry_reload>. (details)
  • IE8 Fixes - Fix #899 : remove tooltip when refreshing templates. (details)
  • Make Etherpad more simple: support only .pad extensions, disable hideExtension() hook. (details)
  • Refix c0205642045e943c086eb054f3947d5311d9997e : case is different if group listing is allowed on all groups or sub groups only. (details)
  • Pass AJXP_VALUE_CLEAR as metadata value to force clearing key after array_merge() (details)
  • Fix un-removed notification by checking ACL when listing the watches and updating metadata accordingly. (details)
  • Fix Zip options tweaking, by properly separating zipBrowsingEnabled vs. zipCreationEnabled. (details)
  • Use Dibi syntax for cross-db limit (details)
  • Fix Jumploader not correctly sending node.change event (thus missing indexation) (details)
  • Fix PLUploader : new way to get secure_token (details)

Téléchargement

Need to Balance Ease-of-Use with Security? Pydio Cells Can Help.

If your organization is serious about secure document sharing and collaboration you need to check out Pydio Cells. Cells was developed specifically to help enterprises balance the need to collaborate effectively with the need to keep data secure.

With robust admin controls, advanced automation capabilities, and a seamless, intuitive end-user experience Pydio is the right choice for organizations looking to balance performance and security without compromising on either. Try Cells live for yourself. Or click on the button below to talk to a Pydio document sharing specialist.

Talk to an expert