All Versions
65
Latest Version
Avg Release Cycle
66 days
Latest Release
584 days ago

Changelog History
Page 2

  • v2.13.5 Changes

    July 30, 2019

    πŸ›  Fixed

    • πŸ›  Fix allow overriding rememberMe options in passbolt.php configuration file
    • πŸ›  Fix all target blank link should contain rel noopener noreferrer
    • πŸ›  Fix email sender, email subject should not exceed 255 characters.
    • πŸ›  Fix secret access log on resource view with contain secret
    • GITHUB-376 Fix missing route prefix on the recovery button
    • GITHUB-373 Fix API format for create group (previously v1 instead of v2 format)
    • GITHUB-372 Fix after modifying passwd, the modification time should be changed
    • πŸ“‡ GITHUB-370 Fix metadata should be deleted for deleted resources
    • GITHUB-369 Fix Notification Emails Have Wrong Tense In Subject/Body
    • GITHUB-368 Clarify PHP extension requirements
    • GITHUB-362 Fix wrong filename on healthcheck HELP message for assertConfigFiles
    • πŸ”Œ GITHUB-356 As a user I shouldn't be able to export folders if export plugin is disabled
    • GITHUB-350 Fix no mails are sent when providers offer AUTH PLAIN authentication only
    • 🌐 GITHUB-339 Fix web installer urls do not work when passbolt is installed in a directory
    • πŸ›  Fix performance issues on resource / folder activity log
  • v2.13.1 Changes

    July 06, 2019

    Song: https://youtu.be/tPBDMihPRJA

    πŸš€ This is a small maintenance release. It fixes a bug introduced with the latest release.

    βœ… Thank you to everyone who helped us test and iron out the last kinks!

    In other news, we just published an article on the blog to explain why passbolt requires an extension.

    πŸ”„ Changelog

    API

    πŸ›  Fixed

    • PB-1372 Fix user setup completed admin email notification
  • v2.13.0 Changes

    June 23, 2019

    Song: https://www.youtube.com/watch?v=JU5LMG3WFBw

    πŸš€ The team is pleased to announce the availability of Passbolt CE v2.13. This release includes new functionalities,
    most notably the email digest functionality.

    Email digest

    The email digest functionality will help you combine email notifications of the same
    kind into one single message. So, it will group similar emails for a given user, for a given time period
    πŸ‘· (the frequency of passbolt email cronjob) or when a volume limit is reached. This will help reduce the
    email notifications, especially when you import/share a lot of passwords at once.

    You can enable this feature by switching the following line in your server crontab:.
    /var/www/passbolt/bin/cake EmailQueue.sender

    To
    /var/www/passbolt/bin/cake Passbolt/emailDigest.sender

    βœ… You can also test the feature by calling it directly in the command line on your server.

    Server key rotation

    It is now possible to extend an expired server key and have the user accept the new server key without
    performing an account recovery. When the key change, the user will be prompted to accept the new one.

    Migration to react

    πŸš€ Part of the work done with this release includes some major refactoring of the front end code
    πŸ‘€ as part of the migration process to React. So, you will see some other visual changes for example,
    when loading the share dialog.

    πŸš€ You can expect more visual changes in the upcoming releases.

    πŸ’₯ Breaking changes

    πŸš€ Another notable change: as part of this release we upgraded the OpenPGP.js. This may be a breaking
    πŸ”„ change if you are using old OpenPGP keys with unsecure 2-byte hash. If you use such a key we advise
    you to try to re-export your private key from Gnupg to produce a more secure hash and perform an account recovery.

    πŸ”„ Changelog

    API

    βž• Added

    • πŸ— PB-1168 Add baseline code and tests for Debian package build
    • PB-1067 As a user I can receive digest emails when creating a lot of resources
    • 🚚 PB-1067 As a user I can receive digest emails when added/removed from a lot of groups
    • PB-1284 Add tasks and services to re-validate existing data

    πŸ‘Œ Improved

    • πŸ’… Pro Styleguide version bump v2.13.13
    • Appjs version bump v2.13.7
    • βœ… PB-1046 Adapt Cleanup test runner to take in account cleanup that are adding records
    • PB-1046 Adapt Cleanup shell task to allow external sources to add cleanup tasks
    • 🚚 PB-1046 Remove empty EmailTraits files
    • βœ‚ Delete unused default keys (cleanup)
    • βœ… Update to latest passbolt_test_data version.
    • πŸ”¨ Misc refactoring for email notifications
    • πŸ”¨ Misc refactoring to split model logic into services
    • βœ… Clear plugins in tearDown of application test cases

    πŸ›  Fixed

    • GITHUB-350 No mails are sent when providers offer AUTH PLAIN authentication only
    • πŸ›  Fix appjs plugin requestUntilSuccess bug
    • πŸ›  Fix load webinstaller plugin manually in plugin tests
    • πŸ›  Fix composer php version.
    • πŸ›  Fix misc checkstyle issues
    • 🌲 PB-980: Fix "secret access logging in password activity log should not display other resources secret access after a multiple share"
  • v2.12.1 Changes

    April 14, 2020

    πŸš€ Release song
    πŸš€ Full release notes

    πŸ“š This release contains a security fix, please update your server as soon as possible. Make sure you follow the minor update documentation to roll out this new version.

    πŸš€ This is a small maintenance release in order to update to jQuery v3.5. The library released an important security fix that could potentially result to an XSS in certain Passbolt setups where Content Security Policy (CSP) was disabled by the user. You can learn more about the issue here.

    πŸš€ Passbolt team is currently busy finalizing a release candidate with some new major features. You can learn more about it in our last blog post.

    We hope you are safe.

    πŸ›  Fixed

    • ⚑️ PB-1209: Update client dependencies
  • v2.12.0 Changes

    December 06, 2019

    πŸš€ Release song
    πŸš€ Full release notes

    πŸš€ This release is mainly a maintenance release. It ships with several fixes, mainly regarding the web extension.
    πŸ”’ The previously published extension version contained some security fix for an issue in the quick access suggestion system reported by security researcher Rene Kroka.
    You can learn more about it on the incident page.

    It also ships with a much demanded improvement: the possibility to resend a new invitation to a user.

    Resend invitation menu screen

    ⚑️ We hope you’ll enjoy this update!

    What next? The team focus is currently on the upcoming folders feature.
    It is taking a substantial amount of energy to implement but the result should be matching your expectations.
    It is now a matter of weeks before the feature is available. If you are interested to know how it will work, you can have a look at the specifications (feedback is welcome).
    The screenshot below will give you a glimpse of its look and feel:

    Folders feature overview screen

    The team wishes you great end-of-year celebrations, merry christmas & happy new year in advance, and good holidays if you are lucky enough to take some!

    API

    βž• Added

    • PB-687: As an admin I can resend an invitation for a user that didn't complete the setup

    πŸ‘Œ Improved

    • ⚑️ PB-893: Update CakePHP to v3.8.6

    πŸ›  Fixed

    • PB-771: Added purify subject for the email subscribers
    • 🚚 PB-856: Added migration fix to remove unused tables
    • ⏱ GITHUB-84: Fix gc_maxlifetime versus Session.timeout units

    🌐 Web extension

    πŸ‘Œ Improved

    • ⚑️ PB-878: Update OpenPGP.js to v4.7
    • 0️⃣ PB-649: The quickaccess passphrase field text and background colors should remain as default when the field is not focused.

    πŸ›  Fixed

    • PB-883: The quickaccess should filter passwords by uri protocol and port if provided.
    • PB-766: Fix 414 server issues for features that work with batch of resources. Reduce the size of the batches.
  • v2.11.0 Changes

    August 08, 2019

    πŸš€ Passbolt v2.11 is maintenance release containing security fixes. Extension update will be rolled out
    ⚑️ automatically to your users like usual, but as an administrator you will need to update your server.

    πŸ”’ The security issues were discovered by security researcher RenΓ© Kroka as part of the Bug Bounty program
    organized in collaboration with YesWeHack. You can find more information about
    the vulnerabilities found during this audit, on the dedicated incident page. You can also learn more about passbolt security in our recently published Security White Paper.

    πŸš€ This release also includes some requested fixes by the community. The autofill functionality is now a
    bit more robust and will work on more websites, including for example when the login form is located
    πŸ†“ in an iframe (on the same domain than the current page). Feel free to report any issues you encounter
    πŸ’» with the autofill on websites you use via github issues. Another long awaited fix relates to the passphrase remember me and the auto logout functionalities.

    πŸ‘ The installation script now also supports the new Debian 10 (stable). Because of this we will soon
    ⬆️ deprecate support for 7.0 (which was still the default on Debian 9). Make sure you upgrade your web
    server to use at least 7.2 in the coming weeks.

    πŸ†“ If you want to receive an invitation for Passbolt Cloud, feel free to complete this form or send us an
    email at [email protected]. Or you can wait for the public launch in September!

    The team wish you happy holidays, if you are lucky enough to take some!

    API

    πŸ”’ Security fixes

    • PB-661: Fix tab nabbing when clicking on "open in a new tab" in password grid
    • PB-607: Fix XSS on first name or last name during setup

    πŸ‘Œ Improvements

    • πŸ‘ PB-587: Add baseline support for multiple openpgp backends
    • PB-391: Display the name and email of the user an admin is going to delete in the delete dialog
    • PB-396: Display the label of the password a user is going to delete in the delete dialog
    • PB-397: Display a relevant feedback in the user details group section if the user is not member of any group
    • PB-533: Add a new session check endpoint that does not extend the session expiry
    • πŸ”§ PB-607: Add option for an administrator to configure CSP using environment variable
    • PB-242: Improve the passwords grid (passwords fetch peformance, search reactivity, selectbox area enlarged)

    πŸ›  Fixes

    • PB-349: Fix health check fails if using custom GNUPGHOME env set by application
    • PB-330: Fix migration issue from CE to PRO in v2.10
    • PB-567: Fix appjs auto logout
    • βœ… PB-601: Fix some incomplete unit tests
    • PB-427: Fix email sender shell task and organization settings table unnecessary coupling
    • PB-349: Fix OpenPGP results health checks

    🚧 Maintenance

    • ⬆️ PB-505: Upgrade cake 3.8
    • ⬆️ PB-504: Upgrade Javascript dependencies
    • βœ… PB-472: Cleanup test dependencies

    🌐 Web extension

    πŸ‘Œ Improved

    • ⚑️ PB-242: Add local storage resources capabilities to manipulate the resources (add, delete, update)
    • GITHUB-79: Improve autofill compatibility, trigger an input event instead of a change event while filling forms
    • 🐳 GITHUB-61: Improve autofill compatibility, support Docker and AWS forms
    • πŸ‘ PB-432: Improve autofill compatibility, support reddit.com
    • πŸ‘ PB-433: Improve autofill compatibility, support Zoho CRM
    • GITHUB-78: Improve autofill compatibility, fill only username if no password field present
    • PB-494: Improve autofill compatibility, ignore hidden fields
    • PB-514: Improve autofill compatibility, fill iframe forms fields
    • ⚑️ PB-609: Update library used for CSV export

    πŸ›  Fixed

    • PB-544: Fix login passphrase remember me and quickaccess
    • PB-533: Fix session expired management
    • PB-515: Autofill should not fill if the url in the tab have changed between the time the user clicked on the button to fill and the data is sent to the page.
    • πŸ”’ PB-503: Fix math.random() when generating first security token/color
  • v2.10.0 Changes

    May 15, 2019

    Release song
    πŸš€ Full release notes

    πŸš€ This release ships with some nice improvements, notably the apparition of the administration dashboard for the Community Edition. This dashboard only contains one section for now: email notification settings. However, some more sections will appear in the next releases as the idea is to remove completely the pain point of configuration through files.

    πŸ”§ Email notifications configuration screen

    πŸ’» Another improvement is the possibility to browse passwords using filters in the browser extension β€œquick access”. The filters that were already accessible through the web UI are now available in the β€œquick access”: Favorites, Items I own, Recently modified, Shared with me or even Groups. Check it out.

    Quick access with filters

    ⚑️ We hope you’ll enjoy this update!

    What next? Our current focus for Passbolt Community Edition is the implementation of more administration sections, forms auto-save (to save passwords directly from a web form) and improvements on the setup and login screen. Stay tuned!

    Passbolt API

    βž• Added

    • PB-165: As AD I should be able to change my organization email notification settings via an administration screen.

    πŸ›  Fixed

    • πŸ”€ PB-276: Merge organization settings code into CE. Ground work for administration features.

    πŸ’» Passbolt Browser extension

    βž• Added

    • PB-189: Quickaccess: As LU I can browse my passwords with the quickaccess using filters

    πŸ›  Fixed

    • PB-40: Quickaccess: Don't hide not sanitized uri in the resource view screen
  • v2.9.0 Changes

    April 24, 2019

    πŸ›  Fixed

    • ⬆️ PB-220: Upgrade to CakePHP 3.7.7 fix for CVE-2019-11458.
  • v2.8.4 Changes

    April 17, 2019

    [2.8.4] - 2019-04-17

    πŸ‘Œ Improved

    • 🐎 PB-48: Improve the performance by removing the creator/modifier from the passwords workspace grid query
    • 🚚 PB-159: Remove the usage of canjs connect-hydrate module

    πŸ›  Fixed

    • GITHUB-315: The permalink of password don't work anymore
    • ⚑️ PB-147: Update appjs steal dependencies
    • PB-152: The webinstaller should work with Firefox ESR
    • GITHUB-299: The passwords are shown twice in passwords workspace grid
    • GITHUB-10: Selecting a group on the users workspace should not reset the grid "Last Logged In" column to "Never"
    • GITHUB-62: Sorting the users on the users workspace should not break the infinite scroll
    • ⚑️ PB-160: Update appjs jquery dependencies
    • ⚑️ PB-163: Update jquery dependency
    • PB-171: Fix entities history trait should not trigger internal error if user action is undefined
    • πŸ”’ PB-102: Fix install process should not create shema dump lock file
    • PB-204: Escape shell variables of the passbolt mysql export shell command
  • v2.8.3 Changes

    April 02, 2019

    πŸš€ Release song
    πŸš€ Full release notes

    πŸ“š This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version.

    πŸš€ This release ships with the much awaited β€œquick access” and β€œauto-fill” features. It is now possible to access your passwords directly from the browser extension, and have your forms auto-filled in a click.

    Passbolt Quick access screenshot

    β€œQuick access” will keep evolving in the coming weeks with some improvements on the β€œauto-fill” part, or the possibility to add / edit a password directly from it.

    πŸ‘€ You will also be pleased to see that both Import and Export functionalities, previously Pro Edition exclusives, are now available in the Community Edition. All major password managers templates are supported, such as the Keepass or 1Password file format.

    πŸ“š Beware: after this update, the import and export functionality will be available to all the users (not only admins). To disable, follow the documentation.

    This release also includes an upgrade to the latest cakephp version : 3.7, which means that passbolt is now compatible for most parts with PHP 7.3. We will keep supporting 7.0 until the next Debian stable release, but we invite you to switch to 7.2 as soon as possible.

    Finally the Passbolt OpenAPI specification is also available. You can find the API specifications in a swagger compatible format on this new repository. It will be updated soon with a more detailed documentation, including code examples, to ease the learning curve.

    🌐 Passbolt Web Extension

    βž• Added

    • πŸ’» PB-3: Quickaccess: Simplified app to access passwords from the browser extension

    Passbolt API

    πŸ‘Œ Improved

    • ⬆️ PB-2: Upgrade to CakePHP 3.7
    • 🐎 PB-60: Performance - Add index on tags table
    • PB-95: Implement Import / Export enable switch

    πŸ›  Fixed

    • PASSBOLT-2121: Fix passbolt should run in a subdirectory