Pydio Core / Pydio Enterprise 8.2.3 - Security Release

This release provides bugfixes and security fixes for Pydio 8, upgrade is highly recommended.

CVE IDS:  CVE-2019-10049, CVE-2019-10048, CVE-2019-10045, CVE-2019-10047, CVE-2019-10046, CVE-2019-10046, CVE-2019-9642

• Fix zoho display in IE11
• Fix download multiple files on windows env
• Fix download all on smb workspace
• Fix php72 compatibility
• Remove unused variables
• Replace deprecated function
• Bypass writing error in text log
• Fix permission merging with mask
• Let video player add its own cookie
• Remove support for legacyShares
• Seed the version number with server uuid
• Prevent opening html content-types in external window
• Set WebDAV force basic auth to true by default
• Move some more configs in inc file

Upgrade

Patches are provided for all last stable for the major versions:  

Pydio 8.2.2

Upgrade to 8.2.3 can be done using the in-app engine or via the Linux Package Manager. Make sure to be on the "Stable" channel. 

Older versions

Please note that Pydio 6 and 7 are End-Of-Life since end 2018. There are no more patches provided, urgently consider upgrading to a new version of Pydio. Maybe a good time to give Pydio Cells a try?

Credits

Many thanks to Etienne Gervais, and Ramiro Molina from SecureAuth who reported the vulnerabilities.