Passbolt v2.0.0-rc1 Release Notes
Release Date: 2018-01-12 // over 6 years ago-
🔒 Security
- ✅ XSS protection improvements, with a new test suite dedicated for XSS.
- 🔒 HTTP security headers are enabled by default and can be disabled using configuration options.
- Json responses server signature (experimental).
👌 Improved
- An expired setup link can be re-sent through the recovery procedure.
- ⬇️ Dropped SQL views (will allow supporting additional database backends).
- 🔧 Simplified configuration system. The entire configuration will be done in one dedicated file with safer defaults.
- 🔧 Most configuration items are now available as environment variables.
- Install commands perform additional health checks prior to running.
- 🚚 CakePHP and other dependencies have been removed from the repository and are now installed with composer.
- More flexible validation rules for inputs in most fields.
- 👍 Emojis support where it make sense (comments, descriptions, etc).
- Some notifications will not be sent if the user is the one doing the action (ex. delete password).
- The App-JS code is now available on a dedicated repository.
- 🔨 Misc javascript foundation code refactoring.
- ➕ Added missing tables index to speed up some database queries.
- “Owner” has been replaced by “Created by” in the password sidebar to be more relevant.
- 📚 API supports a more standard response format (documentation coming soon).
- ➕ Additional settings for controlling what is displayed in email notifications.
- ➕ Added created date information in password sidebar.
🔄 Changed
- Passbolt api migration to CakePHP 3.
- 👍 PHP 7.0 is now the minimum supported version.
- ⬇️ Dropped table “controller_logs”. It will be soon replaced by the Audit Logs feature.
- ⬇️ Dropped table “schema_migrations”.
- ⬇️ Dropped table “cake_sessions”.
- ⬇️ Dropped “anonymous statistics” feature (nobody opted in…).
🛠 Fixed
- “Passwords I own” filter displays all the passwords for which I have “is owner” permission.
- An admin can delete a user if the user is the sole group member of a group owning passwords that are not shared.
- An admin can delete a user if the user is the sole owner of a password that is not shared.