All Versions
70
Latest Version
Avg Release Cycle
73 days
Latest Release
903 days ago

Changelog History
Page 3

  • v2.11.0 Changes

    August 08, 2019

    πŸš€ Passbolt v2.11 is maintenance release containing security fixes. Extension update will be rolled out
    ⚑️ automatically to your users like usual, but as an administrator you will need to update your server.

    πŸ”’ The security issues were discovered by security researcher RenΓ© Kroka as part of the Bug Bounty program
    organized in collaboration with YesWeHack. You can find more information about
    the vulnerabilities found during this audit, on the dedicated incident page. You can also learn more about passbolt security in our recently published Security White Paper.

    πŸš€ This release also includes some requested fixes by the community. The autofill functionality is now a
    bit more robust and will work on more websites, including for example when the login form is located
    πŸ†“ in an iframe (on the same domain than the current page). Feel free to report any issues you encounter
    πŸ’» with the autofill on websites you use via github issues. Another long awaited fix relates to the passphrase remember me and the auto logout functionalities.

    πŸ‘ The installation script now also supports the new Debian 10 (stable). Because of this we will soon
    ⬆️ deprecate support for 7.0 (which was still the default on Debian 9). Make sure you upgrade your web
    server to use at least 7.2 in the coming weeks.

    πŸ†“ If you want to receive an invitation for Passbolt Cloud, feel free to complete this form or send us an
    email at [email protected]. Or you can wait for the public launch in September!

    The team wish you happy holidays, if you are lucky enough to take some!

    API

    πŸ”’ Security fixes

    • PB-661: Fix tab nabbing when clicking on "open in a new tab" in password grid
    • PB-607: Fix XSS on first name or last name during setup

    πŸ‘Œ Improvements

    • πŸ‘ PB-587: Add baseline support for multiple openpgp backends
    • PB-391: Display the name and email of the user an admin is going to delete in the delete dialog
    • PB-396: Display the label of the password a user is going to delete in the delete dialog
    • PB-397: Display a relevant feedback in the user details group section if the user is not member of any group
    • PB-533: Add a new session check endpoint that does not extend the session expiry
    • πŸ”§ PB-607: Add option for an administrator to configure CSP using environment variable
    • PB-242: Improve the passwords grid (passwords fetch peformance, search reactivity, selectbox area enlarged)

    πŸ›  Fixes

    • PB-349: Fix health check fails if using custom GNUPGHOME env set by application
    • PB-330: Fix migration issue from CE to PRO in v2.10
    • PB-567: Fix appjs auto logout
    • βœ… PB-601: Fix some incomplete unit tests
    • PB-427: Fix email sender shell task and organization settings table unnecessary coupling
    • PB-349: Fix OpenPGP results health checks

    🚧 Maintenance

    • ⬆️ PB-505: Upgrade cake 3.8
    • ⬆️ PB-504: Upgrade Javascript dependencies
    • βœ… PB-472: Cleanup test dependencies

    🌐 Web extension

    πŸ‘Œ Improved

    • ⚑️ PB-242: Add local storage resources capabilities to manipulate the resources (add, delete, update)
    • GITHUB-79: Improve autofill compatibility, trigger an input event instead of a change event while filling forms
    • 🐳 GITHUB-61: Improve autofill compatibility, support Docker and AWS forms
    • πŸ‘ PB-432: Improve autofill compatibility, support reddit.com
    • πŸ‘ PB-433: Improve autofill compatibility, support Zoho CRM
    • GITHUB-78: Improve autofill compatibility, fill only username if no password field present
    • PB-494: Improve autofill compatibility, ignore hidden fields
    • PB-514: Improve autofill compatibility, fill iframe forms fields
    • ⚑️ PB-609: Update library used for CSV export

    πŸ›  Fixed

    • PB-544: Fix login passphrase remember me and quickaccess
    • PB-533: Fix session expired management
    • PB-515: Autofill should not fill if the url in the tab have changed between the time the user clicked on the button to fill and the data is sent to the page.
    • πŸ”’ PB-503: Fix math.random() when generating first security token/color

  • v2.10.0 Changes

    May 15, 2019

    Release song
    πŸš€ Full release notes

    πŸš€ This release ships with some nice improvements, notably the apparition of the administration dashboard for the Community Edition. This dashboard only contains one section for now: email notification settings. However, some more sections will appear in the next releases as the idea is to remove completely the pain point of configuration through files.

    πŸ”§ Email notifications configuration screen

    πŸ’» Another improvement is the possibility to browse passwords using filters in the browser extension β€œquick access”. The filters that were already accessible through the web UI are now available in the β€œquick access”: Favorites, Items I own, Recently modified, Shared with me or even Groups. Check it out.

    Quick access with filters

    ⚑️ We hope you’ll enjoy this update!

    What next? Our current focus for Passbolt Community Edition is the implementation of more administration sections, forms auto-save (to save passwords directly from a web form) and improvements on the setup and login screen. Stay tuned!

    Passbolt API

    βž• Added

    • PB-165: As AD I should be able to change my organization email notification settings via an administration screen.

    πŸ›  Fixed

    • πŸ”€ PB-276: Merge organization settings code into CE. Ground work for administration features.

    πŸ’» Passbolt Browser extension

    βž• Added

    • PB-189: Quickaccess: As LU I can browse my passwords with the quickaccess using filters

    πŸ›  Fixed

    • PB-40: Quickaccess: Don't hide not sanitized uri in the resource view screen

  • v2.9.0 Changes

    April 24, 2019

    πŸ›  Fixed

    • ⬆️ PB-220: Upgrade to CakePHP 3.7.7 fix for CVE-2019-11458.

  • v2.8.4 Changes

    April 17, 2019

    [2.8.4] - 2019-04-17

    πŸ‘Œ Improved

    • 🐎 PB-48: Improve the performance by removing the creator/modifier from the passwords workspace grid query
    • 🚚 PB-159: Remove the usage of canjs connect-hydrate module

    πŸ›  Fixed

    • GITHUB-315: The permalink of password don't work anymore
    • ⚑️ PB-147: Update appjs steal dependencies
    • PB-152: The webinstaller should work with Firefox ESR
    • GITHUB-299: The passwords are shown twice in passwords workspace grid
    • GITHUB-10: Selecting a group on the users workspace should not reset the grid "Last Logged In" column to "Never"
    • GITHUB-62: Sorting the users on the users workspace should not break the infinite scroll
    • ⚑️ PB-160: Update appjs jquery dependencies
    • ⚑️ PB-163: Update jquery dependency
    • PB-171: Fix entities history trait should not trigger internal error if user action is undefined
    • πŸ”’ PB-102: Fix install process should not create shema dump lock file
    • PB-204: Escape shell variables of the passbolt mysql export shell command

  • v2.8.3 Changes

    April 02, 2019

    πŸš€ Release song
    πŸš€ Full release notes

    πŸ“š This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version.

    πŸš€ This release ships with the much awaited β€œquick access” and β€œauto-fill” features. It is now possible to access your passwords directly from the browser extension, and have your forms auto-filled in a click.

    Passbolt Quick access screenshot

    β€œQuick access” will keep evolving in the coming weeks with some improvements on the β€œauto-fill” part, or the possibility to add / edit a password directly from it.

    πŸ‘€ You will also be pleased to see that both Import and Export functionalities, previously Pro Edition exclusives, are now available in the Community Edition. All major password managers templates are supported, such as the Keepass or 1Password file format.

    πŸ“š Beware: after this update, the import and export functionality will be available to all the users (not only admins). To disable, follow the documentation.

    This release also includes an upgrade to the latest cakephp version : 3.7, which means that passbolt is now compatible for most parts with PHP 7.3. We will keep supporting 7.0 until the next Debian stable release, but we invite you to switch to 7.2 as soon as possible.

    Finally the Passbolt OpenAPI specification is also available. You can find the API specifications in a swagger compatible format on this new repository. It will be updated soon with a more detailed documentation, including code examples, to ease the learning curve.

    🌐 Passbolt Web Extension

    βž• Added

    • πŸ’» PB-3: Quickaccess: Simplified app to access passwords from the browser extension

    Passbolt API

    πŸ‘Œ Improved

    • ⬆️ PB-2: Upgrade to CakePHP 3.7
    • 🐎 PB-60: Performance - Add index on tags table
    • PB-95: Implement Import / Export enable switch

    πŸ›  Fixed

    • PASSBOLT-2121: Fix passbolt should run in a subdirectory

  • v2.8.2 Changes

    April 01, 2019

    πŸ›  Fixed

    • πŸ›  Fix - Disable Auditlog when passbolt is not configured

  • v2.8.1 Changes

    April 01, 2019

    πŸ›  Fixed

    • βœ‚ Remove PassboltTestData dev tool call from PassboltShell

  • v2.8.0 Changes

    April 01, 2019

    βž• Added

    • Import your passwords from other password managers
    • Export your passwords to other password managers
    • πŸ’» PB-3: Quickaccess: Simplified app to access passwords from the browser extension

    πŸ‘Œ Improved

    • ⬆️ PB-2: Upgrade to CakePHP 3.7
    • PB-95: Implement Import / Export enable switch

    πŸ›  Fixed

    • PASSBOLT-2121: Fix passbolt should run in a subdirectory
    • πŸ›  Fix short tag use in the webinstaller server gpg key import screen
    • 🌐 Username and password should not be compulsory in email settings, in web installer

  • v2.7.1 Changes

    February 13, 2019

    πŸ›  Fixed

    • PASSBOLT-3416: Fix the uses of php shortags in the webinstaller template files

  • v2.7.0 Changes

    February 12, 2019

    βž• Added

    • PASSBOLT-2995: As LU I should be able to copy the permalink of a password

    πŸ‘Œ Improved

    • PASSBOLT-3403: As LU I should export only selected passwords
    • 🚚 PASSBOLT-3397: Remove the list of secrets from the API request while loading the list of passwords
    • PASSBOLT-3319: As LU I should retrieve a secret when I'm editing it
    • PASSBOLT-3318: As LU I should retrieve a secret when I'm copying it
    • PASSBOLT-3317: Display significant information as soon as possible while opening the application
    • πŸ‘€ PASSBOLT-3312: As GM adding a user to a group I should see a relevant feedback in case of network/proxy errors
    • 🐎 PASSBOLT-3314: Improve the performance of the application by adding missing indexes
    • PASSBOLT-2974: As LU I should be able to follow links targeting passwords from my emails

    πŸ›  Fixed

    • PASSBOLT-3363: The webinstaller should not use the exec php primitive to create/import the gpg server key
    • PASSBOLT-3370: Auth verify error should not leak data
    • PASSBOLT-3368 Fix html injection in email