Pydio Core / Pydio Enterprise 8.2.2 - Security Release

Created on 2018/10/11
Release Type: 

This release provides security fixes and upgrade is highly recommended.

For more details about the vulnerabilities, see existing CVE 2018-1999018 and other CVE's publications are on their way (CVE-2018-14772). See also the credits below to the security researchers that reported them. 

This release also brings fixes for the mp3 player that was a bit buggy, and prepares the way for migrating Pydio to Pydio Cells. 


Patches are provided for all last stable for the major versions:  

Pydio 8.2.1

Upgrade to 8.2.2 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel. 

Pydio 7.0.4 - Pydio 6.4.2

Please download the attached security patch for this version and simply unzip its content inside your pydio installation. Use for example :

`$ cp -r --verbose -i unzipped-security-patch /path/to/pydio/installation`

Please note that Pydio 6 and 7 will be End-Of-Life at the end of 2018. There will not be anymore security patches, and basically you should urgently consider upgrading to a newer version. Maybe a good time to give Pydio Cells a test ?


Many thanks to Spencer Dodd, Simon Scannell (RIPS Technologies), Robin Peraglie (RIPS Technologies), and Mike Gultieri for reporting these vulnerabilities in a responsible and cooperative manner.


Display Share Block: