Passbolt changelog

Changelog History

Page 1

• v3.7.3 Changes

  September 27, 2022

  🔒 Security

  • PB-19090 Protect forms from spell-jacking attack

• v3.7.2 Changes

  September 20, 2022

  🛠 Fixed

  • 🔧 PB-18380 Let passbolt-configure script setup certbot for RHEL9 support
  • PB-16983 Handles the lack of permissions on image directory when deleting
  • 💻 PB-16898 Redesign download a supported browser to get started

  👌 Improved

  • ✅ PB-18650 Add a check on mysql status in order to run mysql commands only when it's ready in unit tests
  • 👷 PB-18664 Add retry logic to Gitlab CI jobs

• v3.7.1 Changes

  August 10, 2022

  • PB-18381 Fix source language typos
  • PB-18397 Fix as an admin I can generate a server key with the webinstaller within an instance over http
  • PB-17096 Fix resouce_types name and slug postgresql compatibility
  • PB-18372 Bump styleguide version to 3.7.1

• v3.7.0 Changes

  July 28, 2022

  ➕ Added

  • PB-17098 Add rockylinux 9 support
  • PB-16751 Add Redhat 9 support
  • PB-16749 Add Ubuntu 22.04 support
  • PB-16950 Add Spanish and Lithuanian support
  • PB-14514 Add PHP8.0 support
  • PB-14514 Fix PHP8.1 compatibility issues
  • PB-16161 Create action log endpoint for user CRUD
  • PB-16844 Common part of the user recovery and setup audit log

  🔒 Security

  • PB-17068 PBL-07-002 Fix key algorithm validation should be set to strict on setup
  • PB-17068 Fix OpenPGP unarmor should use base64_decode in strict mode
  • PB-17068 SEC-1292 Fix unsafe default recipient email address (Credit: Ashley Primo)

  🛠 Fixed

  • PB-16705 As group manager updating group memberships I should not get a timeout
  • PB-16949 As group manager deleting a group user the operation should not be slowed down by the folders plugin
  • PB-16705 As a group manager updating group memberships I should not get a timeout due to a plugin integration
  • PB-17068 Fix GroupsUsersValidatorTest psr-4 autoloading warning
  • PB-17007 As AD performing a cleanup of the missing folders relations I should not get a timeout
  • PB-16749 Fix jobs to reuse last job artifact instead of rebuilding it everytime
  • PB-16877 Fixes ClearMfaCookieOnSetupAndRecover for controllers without User component
  • PB-16666 GITHUB-432 Fix healthcheck style

  🚧 Maintenance

  • PB-17009 Replace createrepo by createrepo_c
  • PB-16956 Misc Fixture Factories refactoring
  • PB-16956 Modernize folders plugin bootstrap, add src/Plugin.php file
  • PB-16806 UacAwareMiddleware trait now return UAC exclusively. More typing in UAC object.
  • PB-16161 Renames ambiguous testing traits
  • PB-16161Add and enhance log related factories
  • PB-16791 Upgrade webinstaller openpgpjs to v5
  • PB-14514 Update to composer v2.2 + Fix CI jobs
  • PB-16657 Remove mariadb dependency
  • PB-16161 Refactor to split folder, resource and user related logic in respective classes

• v3.6.0 Changes

  👌 Improved

  • 🔨 PB-9739 OpenPGP key and message validation refactoring
  • PB-14141 Enhanced public/private key validation rules
  • PB-13685 Enhanced secret validation rules
  • 🔨 PB-14138 Refactor setup and recover related controllers with dependency injection
  • PB-14510 Three trivial endpoints, such as GET on login are not logged anymore

  🔒 Security

  • ⬆️ PB-14400 Upgrade firebase/php-jwt to 6.1

  🛠 Fixed

  • ✅ PB-14369 Fixes email settings issues in the test suite
  • PB-15046 Handle user lost-passphrase scenarios with API <= v3.5

  🚧 Maintenance

  • ⬆️ PB-14812 Upgrade cakephp/cakephp to 4.3

• v3.5.0 Changes

  January 12, 2021

  ➕ Added

  • PB-13161 As LU I should be able to use passbolt with my Android mobile
  • PB-13161 As LU I should be able to use passbolt with my IOS mobile
  • PB-5967 As AD I can use passbolt with a PostgreSQL database provider [experimental]
  • 💻 PB-5967 As AD I can migrate an existing instance to PostgreSQL with the help of the command line [experimental] and MySQL to Postgres migration tools, e.g. as described here: https://pgloader.readthedocs.io and here: https://pgloader.io/.
  • PB-8513 As LU I can request gpg keys using pagination
  • PB-13321 As a user I can use passbolt in Dutch
  • PB-13321 As a user I can use passbolt in Japanese
  • 💅 PB-13321 As a user I can use passbolt in Polish

  👌 Improved

  • PB-12817 As LU I can import avatars having a jpeg extension
  • 👀 PB-12943 As AD I should be able to see log when a user tries to sign-in with an invalid bearer token
  • 🐎 PB-12888 Improve performances of the operations requiring permissions accesses by replacing the single index on type by a combined index involving the requested columns
  • 👀 PB-13177 As AD I should be able to see any gpg keys errors from the healthcheck
  • PB-13183 As LU I should be able create resource having a name or a username of 255 characters long
  • PB-13265 As AD I can create a JWT key pair even if the database is not set
  • PB-13164 As AD I can cleanup duplicate entries in the favorites tables, groups_users and permissions

  🔒 Security

  • PB-13217 PBL-06-011 Fix ACL on mobile transfer view controller

  🛠 Fixed

  • PB-9887 Fix as AD I can send email digest from the /bin/cron script
  • PB-12957 Fix multiple language issues reported by community
  • ⚡️ PB-12914 Fix as a group manager I should not get multiple notifications when a group is updated
  • 👀 PB-13158 As AD I should see a tip with proper directory permissions when the JWT assets healthcheck fails

  🚧 Maintenance

  • 🚚 PB-12835 Move users setup/recover/register controllers logic into services to welcome the upcoming account recovery feature

• v3.4.0 Changes

  December 07, 2021

  ➕ Added

  • PB-9826 As a user I want to use passbolt natively on Edge
  • 👀 PB-8371 As LU I want to see the login/MFA/recover/register screens in dark mode

  👌 Improvement

  • 👀 PB-8522 As LU I should see the MFA verify field having focus
  • PB-9730 As AD I should be able to check avatars read issues from the healthcheck

  🛠 Fix

  • 👀 PB-8932 Fix as LU I should see an animation when I successfully configured MFA
  • 👀 PB-9286 Fix as LU I should see the locale dropdown field of the setup/recover screen well positioned
  • 👀 PB-9397 Fix as AD I shouldn't see an error on the healthcheck if the JWT auth is disabled and I never configured it
  • PB-9114 Fix as lu I should be able to upload a transparent avatar in .png format.
  • PB-9750 Fix spelling mistakes reported by the community
  • PB-9762 Fix requesting /auth/login.json should not trigger an unexpected error
  • 🚚 PB-9888 Fix MFA & JWT refresh token issue, remove Bearer from the hashed session identifier
  • ⚡️ PB-12817 Fix as LU I should be able to update jpeg avatar

  🔒 Security

  • PB-7374 As soft deleted but logged in user I should be forbidden to request the API
  • PB-9340 Fix email queue data should be stored and deserialized as json and not php

  🚧 Maintenance

  • 🔨 PB-9311 Refactor JWT and MFA plugins for better code maintainability.
  • ✅ PB-8320 Implement the tests that are marked as incomplete for cleaner continuous integration test reports
  • PB-8211 Psalm set to level 4
  • PB-9726 Fix do not load cleanup tasks unless in CLI mode
  • ✅ PB-9753 Improve table fields validation tests, do not save entity when testing the validation of properties
  • 🚚 PB-9310 Move avatar file_storage logic into AvatarsTable
  • ⚡️ PB-9785 Update JWT healthcheck help messages
  • PB-9656 Migrate fields from utf8mb4 to a more performant encoding when possible

• v3.3.1 Changes

  November 24, 2021

  🔒 Security fixes

  • 0️⃣ PB-9820 / PBL-06-008 WP3: JWT key confusion leads to authentication bypass (High) [experimental][disabled by default]

• v3.3.0 Changes

  October 25, 2021

  ➕ Added

  • 0️⃣ PB-7815 As a server administrator I should be able to enable / disable the in-form menu feature, enabled by default
  • 0️⃣ PB-6072 As a server administrator I should be able to enable / disable the password generator feature, enabled by default
  • PB-8189 As a user I should be able to use the application in German or Swedish
  • 0️⃣ PB-7847 As AN I should be able to authenticate to passbolt via JWT access and refresh tokens [experimental][disabled by default]
  • 🔧 PB-6034 As LU I should be able to configure my mobile app [experimental][disabled by default]

  👌 Improvement

  • 👀 PB-8908 As a user I should see the footer of the passbolt emails translated with my locale
  • 👀 PB-8364 As a user I should see the subject of the passbolt emails translated with my locale
  • 👀 PB-6032 As API user I shouldn’t see the _joinData properties in the resource entry points responses
  • 👍 PB-8281 Add Debian 11 bullseye support
  • PB-7750 As AD I should be notified by the healthcheck when a tmp files is executable
  • PB-7760 Increase PHPStan level to 6
  • 🔧 PB-8081 As AD I should be able to configure passbolt over IPv6 while installing a passbolt package
  • PB-5866 As AD I should be able to detect avatar data discrepancies using the passbolt cleanup command
  • 🔌 PB-7605 As a developer I should be able to enable/disable a plugin easily

  🛠 Fixed

  • PB-5457 Fix as LU importing a batch of passwords I should not get an internal errors because of database deadlock
  • 📦 PB-7840 Fix as AD I can install/reconfigure the passbolt package if ssl certificates are already present

  🔒 Security

  • PB-8047 Fix PBL-02-002 As LU I should logout by posting to the API and the entry point should should be protected by CSRF
  • ⚡️ PB-7751 Updates FlySystem dependency to v2.1.1
  • SEC-181 Fix information disclosure: recover endpoint should not return user role and name.

  🚧 Maintenance

  • 🚚 PB-8488 Remove user agent unnecessary check associated with MFA token
  • PB-8336 Clean phpunit.xml file
  • PB-8448 Hashes the session ID prior to passord_hash
  • PB-8210 Replaces PHPSESSID with session_name()

• v3.2.1 Changes

  June 04, 2021

  🛠 Fixed

  • GITHUB-402 Fix API v3 regression, login must accept JSON data

• 1
• 2
• 3
• 4
• 5
• Next ›
• Last »