All Versions
70
Latest Version
Avg Release Cycle
73 days
Latest Release
174 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v3.7.3 Changes
September 27, 2022🔒 Security
- PB-19090 Protect forms from spell-jacking attack
-
v3.7.2 Changes
September 20, 2022🛠 Fixed
- 🔧 PB-18380 Let passbolt-configure script setup certbot for RHEL9 support
- PB-16983 Handles the lack of permissions on image directory when deleting
- 💻 PB-16898 Redesign download a supported browser to get started
👌 Improved
- ✅ PB-18650 Add a check on mysql status in order to run mysql commands only when it's ready in unit tests
- 👷 PB-18664 Add retry logic to Gitlab CI jobs
-
v3.7.1 Changes
August 10, 2022- PB-18381 Fix source language typos
- PB-18397 Fix as an admin I can generate a server key with the webinstaller within an instance over http
- PB-17096 Fix resouce_types name and slug postgresql compatibility
- PB-18372 Bump styleguide version to 3.7.1
-
v3.7.0 Changes
July 28, 2022➕ Added
- PB-17098 Add rockylinux 9 support
- PB-16751 Add Redhat 9 support
- PB-16749 Add Ubuntu 22.04 support
- PB-16950 Add Spanish and Lithuanian support
- PB-14514 Add PHP8.0 support
- PB-14514 Fix PHP8.1 compatibility issues
- PB-16161 Create action log endpoint for user CRUD
- PB-16844 Common part of the user recovery and setup audit log
🔒 Security
- PB-17068 PBL-07-002 Fix key algorithm validation should be set to strict on setup
- PB-17068 Fix OpenPGP unarmor should use base64_decode in strict mode
- PB-17068 SEC-1292 Fix unsafe default recipient email address (Credit: Ashley Primo)
🛠 Fixed
- PB-16705 As group manager updating group memberships I should not get a timeout
- PB-16949 As group manager deleting a group user the operation should not be slowed down by the folders plugin
- PB-16705 As a group manager updating group memberships I should not get a timeout due to a plugin integration
- PB-17068 Fix GroupsUsersValidatorTest psr-4 autoloading warning
- PB-17007 As AD performing a cleanup of the missing folders relations I should not get a timeout
- PB-16749 Fix jobs to reuse last job artifact instead of rebuilding it everytime
- PB-16877 Fixes ClearMfaCookieOnSetupAndRecover for controllers without User component
- PB-16666 GITHUB-432 Fix healthcheck style
🚧 Maintenance
- PB-17009 Replace createrepo by createrepo_c
- PB-16956 Misc Fixture Factories refactoring
- PB-16956 Modernize folders plugin bootstrap, add src/Plugin.php file
- PB-16806 UacAwareMiddleware trait now return UAC exclusively. More typing in UAC object.
- PB-16161 Renames ambiguous testing traits
- PB-16161Add and enhance log related factories
- PB-16791 Upgrade webinstaller openpgpjs to v5
- PB-14514 Update to composer v2.2 + Fix CI jobs
- PB-16657 Remove mariadb dependency
- PB-16161 Refactor to split folder, resource and user related logic in respective classes
-
v3.6.0 Changes
👌 Improved
- 🔨 PB-9739 OpenPGP key and message validation refactoring
- PB-14141 Enhanced public/private key validation rules
- PB-13685 Enhanced secret validation rules
- 🔨 PB-14138 Refactor setup and recover related controllers with dependency injection
- PB-14510 Three trivial endpoints, such as GET on login are not logged anymore
🔒 Security
- ⬆️ PB-14400 Upgrade firebase/php-jwt to 6.1
🛠 Fixed
- ✅ PB-14369 Fixes email settings issues in the test suite
- PB-15046 Handle user lost-passphrase scenarios with API <= v3.5
🚧 Maintenance
- ⬆️ PB-14812 Upgrade cakephp/cakephp to 4.3
-
v3.5.0 Changes
January 12, 2021➕ Added
- PB-13161 As LU I should be able to use passbolt with my Android mobile
- PB-13161 As LU I should be able to use passbolt with my IOS mobile
- PB-5967 As AD I can use passbolt with a PostgreSQL database provider [experimental]
- 💻 PB-5967 As AD I can migrate an existing instance to PostgreSQL with the help of the command line [experimental] and MySQL to Postgres migration tools, e.g. as described here: https://pgloader.readthedocs.io and here: https://pgloader.io/.
- PB-8513 As LU I can request gpg keys using pagination
- PB-13321 As a user I can use passbolt in Dutch
- PB-13321 As a user I can use passbolt in Japanese
- 💅 PB-13321 As a user I can use passbolt in Polish
👌 Improved
- PB-12817 As LU I can import avatars having a jpeg extension
- 👀 PB-12943 As AD I should be able to see log when a user tries to sign-in with an invalid bearer token
- 🐎 PB-12888 Improve performances of the operations requiring permissions accesses by replacing the single index on type by a combined index involving the requested columns
- 👀 PB-13177 As AD I should be able to see any gpg keys errors from the healthcheck
- PB-13183 As LU I should be able create resource having a name or a username of 255 characters long
- PB-13265 As AD I can create a JWT key pair even if the database is not set
- PB-13164 As AD I can cleanup duplicate entries in the favorites tables, groups_users and permissions
🔒 Security
- PB-13217 PBL-06-011 Fix ACL on mobile transfer view controller
🛠 Fixed
- PB-9887 Fix as AD I can send email digest from the /bin/cron script
- PB-12957 Fix multiple language issues reported by community
- ⚡️ PB-12914 Fix as a group manager I should not get multiple notifications when a group is updated
- 👀 PB-13158 As AD I should see a tip with proper directory permissions when the JWT assets healthcheck fails
🚧 Maintenance
- 🚚 PB-12835 Move users setup/recover/register controllers logic into services to welcome the upcoming account recovery feature
-
v3.4.0 Changes
December 07, 2021➕ Added
- PB-9826 As a user I want to use passbolt natively on Edge
- 👀 PB-8371 As LU I want to see the login/MFA/recover/register screens in dark mode
👌 Improvement
- 👀 PB-8522 As LU I should see the MFA verify field having focus
- PB-9730 As AD I should be able to check avatars read issues from the healthcheck
🛠 Fix
- 👀 PB-8932 Fix as LU I should see an animation when I successfully configured MFA
- 👀 PB-9286 Fix as LU I should see the locale dropdown field of the setup/recover screen well positioned
- 👀 PB-9397 Fix as AD I shouldn't see an error on the healthcheck if the JWT auth is disabled and I never configured it
- PB-9114 Fix as lu I should be able to upload a transparent avatar in .png format.
- PB-9750 Fix spelling mistakes reported by the community
- PB-9762 Fix requesting /auth/login.json should not trigger an unexpected error
- 🚚 PB-9888 Fix MFA & JWT refresh token issue, remove Bearer from the hashed session identifier
- ⚡️ PB-12817 Fix as LU I should be able to update jpeg avatar
🔒 Security
- PB-7374 As soft deleted but logged in user I should be forbidden to request the API
- PB-9340 Fix email queue data should be stored and deserialized as json and not php
🚧 Maintenance
- 🔨 PB-9311 Refactor JWT and MFA plugins for better code maintainability.
- ✅ PB-8320 Implement the tests that are marked as incomplete for cleaner continuous integration test reports
- PB-8211 Psalm set to level 4
- PB-9726 Fix do not load cleanup tasks unless in CLI mode
- ✅ PB-9753 Improve table fields validation tests, do not save entity when testing the validation of properties
- 🚚 PB-9310 Move avatar file_storage logic into AvatarsTable
- ⚡️ PB-9785 Update JWT healthcheck help messages
- PB-9656 Migrate fields from utf8mb4 to a more performant encoding when possible
-
v3.3.1 Changes
November 24, 2021🔒 Security fixes
- 0️⃣ PB-9820 / PBL-06-008 WP3: JWT key confusion leads to authentication bypass (High) [experimental][disabled by default]
-
v3.3.0 Changes
October 25, 2021➕ Added
- 0️⃣ PB-7815 As a server administrator I should be able to enable / disable the in-form menu feature, enabled by default
- 0️⃣ PB-6072 As a server administrator I should be able to enable / disable the password generator feature, enabled by default
- PB-8189 As a user I should be able to use the application in German or Swedish
- 0️⃣ PB-7847 As AN I should be able to authenticate to passbolt via JWT access and refresh tokens [experimental][disabled by default]
- 🔧 PB-6034 As LU I should be able to configure my mobile app [experimental][disabled by default]
👌 Improvement
- 👀 PB-8908 As a user I should see the footer of the passbolt emails translated with my locale
- 👀 PB-8364 As a user I should see the subject of the passbolt emails translated with my locale
- 👀 PB-6032 As API user I shouldn’t see the _joinData properties in the resource entry points responses
- 👍 PB-8281 Add Debian 11 bullseye support
- PB-7750 As AD I should be notified by the healthcheck when a tmp files is executable
- PB-7760 Increase PHPStan level to 6
- 🔧 PB-8081 As AD I should be able to configure passbolt over IPv6 while installing a passbolt package
- PB-5866 As AD I should be able to detect avatar data discrepancies using the passbolt cleanup command
- 🔌 PB-7605 As a developer I should be able to enable/disable a plugin easily
🛠 Fixed
- PB-5457 Fix as LU importing a batch of passwords I should not get an internal errors because of database deadlock
- 📦 PB-7840 Fix as AD I can install/reconfigure the passbolt package if ssl certificates are already present
🔒 Security
- PB-8047 Fix PBL-02-002 As LU I should logout by posting to the API and the entry point should should be protected by CSRF
- ⚡️ PB-7751 Updates FlySystem dependency to v2.1.1
- SEC-181 Fix information disclosure: recover endpoint should not return user role and name.
🚧 Maintenance
- 🚚 PB-8488 Remove user agent unnecessary check associated with MFA token
- PB-8336 Clean phpunit.xml file
- PB-8448 Hashes the session ID prior to passord_hash
- PB-8210 Replaces PHPSESSID with session_name()
-
v3.2.1 Changes
June 04, 2021🛠 Fixed
- GITHUB-402 Fix API v3 regression, login must accept JSON data