Pydio Cells & Enterprise 2.1.11

This release is a security fix for 2.1 branch.

It fixes a vulnerability discovered in one GO standard library that only affects users of the SAML SSO connector (Enterprise Edition). This release also rolls out a couple of minor fixes and improvements. 

• Fix vulnerability linked to xml encoding/decoding affecting the SAML connector. Upgrade is highly recommended if you are using this connector.
• Fix logging overflow that could create a lock on some circumstances.
• Additional failsafe mechanisms on datasource sync to avoid false-deletes detection.
• Lower down "tasks pruning limit" in scheduler, to prevent on-file logs from growing too fast.
• For backward-compatibility with some existing Pydio 8 installation being migrated to Cells, we introduced a new "loginCI" flag in the pydio.grpc.user service, to make login management case-insentive.
  Please beware that it could slow down some queries.

Credits

A big thanks to the Mattermost security team (@Juho Nurminem)  who alerted us on the possibility of being affected by the xml encoding issue in the go standard library.

Downloads