Pydio Core / Pydio Enterprise 8.2.3 - Security Release

Created on 2019/03/21
Builds reference: 
Pydio Core 8.2.3 - Zip Archive
Pydio Core 8.2.3 - Tgz Archive
[auth] Pydio Enterprise 8.2.3 - Zip Archive
[auth] Pydio Enterprise 8.2.3 - Tar.gz Archive
Pydio Enterprise 8.2.3 - OVF
Component: 
License: 
Release Type: 

Téléchargement

This release provides bugfixes and security fixes for Pydio 8, upgrade is highly recommended.

CVE IDS:  CVE-2019-10049, CVE-2019-10048, CVE-2019-10045, CVE-2019-10047, CVE-2019-10046, CVE-2019-10046, CVE-2019-9642

  • Fix zoho display in IE11
  • Fix download multiple files on windows env
  • Fix download all on smb workspace
  • Fix php72 compatibility
  • Remove unused variables
  • Replace deprecated function
  • Bypass writing error in text log
  • Fix permission merging with mask
  • Let video player add its own cookie
  • Remove support for legacyShares
  • Seed the version number with server uuid
  • Prevent opening html content-types in external window
  • Set WebDAV force basic auth to true by default
  • Move some more configs in inc file

Upgrade

Patches are provided for all last stable for the major versions:  

Pydio 8.2.2

Upgrade to 8.2.3 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel. 

Older versions

Please note that Pydio 6 and 7 are End-Of-Life since end 2018. There are no more patches provided, urgently consider upgrading to a new version of Pydio. Maybe a good time to give Pydio Cells a try?

Credits

Many thanks to Etienne Gervais, and Ramiro Molina from SecureAuth who reported the vulnerabilities. 

Display Share Block: