Teampass v2.1.27.27 Release Notes

Release Date: 2018-11-02 // almost 4 years ago
  • πŸš€ Refer to changelog file to know main changes in Release 2.1.27.

    πŸ†• New during upgrade

    ⬆️ When upgrading, you need to indicate a valid administrator name/password, and you will also need to copy the saltkey into a password filed. It will be saved inside your database.
    ⚑️ No database data are shown anymore. If the database information are changing, you need to update the file /includes/config/settings.php before starting upgrade.
    IMPORTANT NOTE for users that have migrated to 2.1.27.0 and that have file encryption option enabled

    ⬆️ Files encryption process have completely being reworked. Before upgrading, please do the next:

    • open upload folder
    • copy existing files in a temporary folder
    • βͺ restore the files from a backup of a previous version (for example 2.1.26)
    • ⬆️ start upgrade

    πŸ†• Newly introduced since 2.1.27.27

    #2456 Postpone treatment to get user location (ipapi.co usage)
    #2431 Correct item creation/edit tab label

    πŸ†• Newly introduced since 2.1.27.26

    #2453 account creation... password sent in email is "undefined"
    ⬆️ #2455 Unable to login after upgrade from 2.1.27.23 => 2.1.27.25

    πŸ†• Newly introduced since 2.1.27.25

    ⚑️ #2454 Update from 2.1.27.23 to 2.1.27.24 doesn't work

    πŸ†• Newly introduced since 2.1.27.24

    #2452 Fix API URL
    0️⃣ #2438 Add new user fails due to missing default for not null fields
    #2436 Undefined variable: user_id in api/functions.php
    #2432 Empty item URL automatically fills with 'https://'
    #2426 New option to force admin user to get connect using 2 factor code
    #2416 Backslash in user's password
    🌲 #2401 New LDAP account has full access when they log in for the first time

    πŸ›  /!\This new version fixes a very old design choice regarding the encoding of user names. It may impacts your users in some specific cases. The fix consists in authenticating twice.

    πŸ†• Newly introduced since 2.1.27.23

    #2419 Cannot show password by using item menu bars entry
    #2418 Generatinga new password for a user fails with error
    #2403 Cannot Login using LDAP user

    πŸ†• Newly introduced since 2.1.27.22

    #2408 Password complexity not enforced
    #2326 link copy doesn't work corectly

    πŸ†• Newly introduced since 2.1.27.21

    #2398 User unable to change their own password from profile window
    πŸ”Š #2395 php warning in logs
    #2376 fix link in readme

    πŸ†• Newly introduced since 2.1.27.20

    #2394 knowledge base page characters appear with "?"
    #2393 After Deleting User, KB Is Blank
    #2380 Increase fields size to prevent errors
    #2372 Upload a file with dash in file name wil be renamed with underscore
    πŸ›  Fix: loading folder information is wrong when using 'max'
    πŸ›  Fix: error message item already exits culd appear on item edition
    πŸ”’ Security fix - Sanitized GET values in case of user password recovery (credit for Adam Roberts from http://www.nccgroup.trust/)

    πŸ†• Newly introduced since 2.1.27.19

    #2379 Setting "Number of items to retrieve per query" to Max

    πŸ†• Newly introduced since 2.1.27.18

    #2378 Personal sub-subfolders do not appear
    #2373 Internal Server Error 500 Profile Window

    πŸ†• Newly introduced since 2.1.27.17

    #2367 Incorrect import into personal folder
    #2364 Using another protocol than HTTP for the URL is not possible
    🚚 #2362 Removed excess item id from API url add/item
    πŸ”Š #2360 Show logs without any auth
    #2355 Return the parent folder ids on API call read/userfolders
    #2353 Generate Password not working - wrong POST field
    #2349 Folder with flag "allow empty password" says "Insufficient password strenght" on item edition
    #2347 Disable "Forgot Password?" link feature not working
    #2346 [CSV-Import] convert field to string bevore using replace()
    βͺ #2345 restore, enter decrypt key then system logs out
    ⚑️ #2341 API - Incorrect update item parameters decoding
    #2334 error adding entry with the same name then another entry in a different folder
    #2314 SQL error in API near user name
    #2312 API Issue adding folder on root
    #2290 Protection of OTV page errors
    πŸ‘ #2298 support for login through http header
    #2265 API - Add item - comma separated base64 encoded string
    πŸ›  Fix - in bug report, the email password is visible
    πŸ›  Fix - 'Hide inaccessible password folder' doesn't work in all cases
    πŸ”’ Security fix - DUO codes are sanitized (credit for Adam Roberts from http://www.nccgroup.trust/)
    πŸ”’ Security fix - Through URL some operations were possible with no user rights check (credit for Adam Roberts from http://www.nccgroup.trust/)
    πŸ”’ Security fix - Backup key is generated by default (credit for Adam Roberts from http://www.nccgroup.trust/)

    πŸ†• Newly introduced since 2.1.27.16

    πŸ†• New - Added folders filter in Manage Roles page
    πŸ†• New - Added folders alphabet filter in Manage Folders page
    #2279 Google Authentication no link
    #2277 Import fails when Login: / Account: has a backslash inside of it
    #2274 Import from csv-list includes items that are marked as already imported
    #2263 New upload settings to permit empty files and/or any extensions to be uploaded

    πŸ†• Newly introduced since 2.1.27.15

    #2266 Google 2FA mail for temporary code is blank

    πŸ†• Newly introduced since 2.1.27.14

    πŸ›  Fix for missing install/upgrade instructions

    πŸ†• Newly introduced since 2.1.27.13

    πŸ†• New - Templating system based upon Custom Fields
    #2256 User can select his 2FA methods if several selected
    #2253 Google Authenticator not working
    #2248 Item suggestion is not available from Regular User
    #2246 Copy folder does not copy rights structure
    #2245 TeamPass 2FA QR Code won't show after providing activiation code
    #2244 html entities get interpreted inside passwords

    πŸ†• Newly introduced since 2.1.27.12

    βž• Added new option permitting to enable secure image preview
    βž• Added warning to user if login attempts identified since last successful connection
    βž• Added Yubico support for 2FA authentication
    βž• Added restriction access to Custom Fields
    βž• Added textarea format for custom field
    πŸ‘Œ Improved the possibility to move files folder outside of Teampass Domain
    πŸ‘Œ Improved user creation with LDAP and Google and DUO 2FA
    πŸ‘Œ Improved log in case of failed authentication - used login is shown
    πŸ‘Œ Improved syslog message format
    ⚑️ Updated library PHPMailer to 5.5
    #2223 Error while using php v5.6
    #2206 New ldap user and ad password change
    🌲 #2204 Password copy - cryptic log entry using syslog
    🌲 #2202 Search functionality - no log entry upon display
    #2201 Search functionality - password shown in plaintext
    #2198 Hang when changing second folder password strength and required password strength
    #2196 API create item fails when Base64 encoding contains "/"
    #2192 Encrypted Files Are Stored (Temporary) in Plaintext And Can Be Downloaded Without Authorization
    #2191 Bad redirection to login form on password recovery process
    🏁 #2189 (Google) 2FA Does Not Work With LDAP (Windows / Active Directory)

    πŸ†• Newly introduced since 2.1.27.11

    πŸ”„ Changed licensing to GNU GPL-3.0
    πŸ†• New - User must provide a reason to access a restricted item
    πŸ†• New - Add option to have local and remote accounts when LDAP is enabled
    πŸ‘Œ Improved security of password generator with php7
    πŸ‘Œ Improved cannot edit user without email
    πŸ‘Œ Improved read-only user limitation to copy folder and import action
    πŸ‘Œ Improved tree rebuild with API on folders change
    πŸ‘Œ Improved tables primary and index usage
    πŸ‘Œ Improved LDAP new user by default role
    πŸ‘Œ Improved visibility of path in items list result
    πŸ‘Œ Improved email body with item path
    Introduced an API key by user
    πŸ›  Fix for API keys truncated
    πŸ›  Fix offline password dispay in case of html tags similar in password
    πŸ›  Fix failed folder creation in case of password complexity not reached
    πŸ›  Fix missing quick icons in search results
    #2175 Apostrophes are not handled correctly in usernames
    #2174 Offline mode file bypass read right restrictions
    #2172 2FA Reset Link Can Be Abused
    #2168 API for adding users is not working
    #2167 Info tab is not working if behind a proxy
    #2161 Missing backslash in acount name
    βœ… #2160 Added a test for preventing Folders list not shown
    #2154 Personal saltkey is not stored when option enabled
    #2153 [{"error":"no_key_provided"} when running backup script on teampass container
    #2152 No search result and empty popup appear
    #2151 Error in knowledge base that does not show option to swap pages
    #2140 Moving subfolder to root level not possible
    #2127 Grant access with simple folder copy
    #2118 Empty user at Keepass file is not empty after import
    #2116 Insufficient password strength when creating Offline Mode
    #2115 Fix script backup issue with encryption key
    πŸ‘ #2111 Add support for login through http header
    #2109 restrict login to Group Ldap don't work
    #2102 Changed field renewal_period size
    #2096 Offline mode decryption fails if too much items exported
    ⚑️ #2095 Can't upload files on items - Plupload update
    #2094 PHP 7.2: Call to undefined function mcrypt_encrypt()
    #2093 role human resources doesn't access expected pages
    #2090 On folder copy, an empty message box is shown
    #2087 Custom fields displayed if empty
    #2085 CSV import error if URL too long
    #2082 API: new folder is allocated to same roles as its parent
    #2081 LDAP bug, can't check connection
    #2080 Email sent on password copy in the clipboard
    πŸ”Š #2078 Purge Logs not selection not working properly
    #2077 API: Deleting non existing folder deletes all folders
    #2075 Button "delete selected Items" doesn't work
    #2074 Backup by script not working
    🚚 #2073 Move selected Items button
    #2071 Search not working for items with multiple "Restricted to:" roles selected
    #2069 Copy a read-only folder to a read-only folder
    #2066 Read Only Users can Drag and drop items to there personal folder
    #2065 send GAUTH-code on login form doesn't warn user if no email is set
    #2064 LDAP and DUO users with administrator role taken to items page then logged out
    #2063 Setting "Hide forgot password link on Home page" not correctly displayed
    #2059 Fix for Custom LDAP port and adLDAP
    #2035 After first time login as user Personal Folder is not correctly shown (100000)
    #2015 Double click to edit not working for items created by a different user

    πŸ†• Newly introduced since 2.1.27.10

    Copy password/login button are correctly hidden and shown
    πŸ‘ Cursor is hidden on password display to permit a better visualization
    πŸ›  Fixed error while coping an item
    πŸ›  Fixed last 10 items seen list not display on page load
    πŸ›  Fixed display strings with quotes issue
    πŸ›  Fixed page About in Administration page
    πŸ›  Fixed issue when sending email on visualization
    πŸ›  Fixed issue while CSV import in personal sub-folder
    πŸ›  Fixed potential error on item creation without password
    πŸ›  Fixed "show description" option was not taken into consideration
    πŸ›  Fixed an issue in auto-generating csrfp.config file
    πŸ›  Fixed a potential error while generating tp.config file
    πŸ›  Fixed issue in Duo Security log
    πŸ›  Fixed no item details shown on Find page
    πŸ›  Fixed issue related to item edition on doubleclick
    πŸ›  Fixed issue no items shown on tag search
    πŸ›  Fixed issue special characters bad display in search results
    βž• Added SMTPAutoTLS for sendMail
    πŸ‘Œ Improved offline file with full encryption
    πŸ‘Œ Improved session validity check
    πŸ‘Œ Improved items draggability sometime broken
    πŸ‘Œ Improved personal item edition by enabling the folder edition
    Ensure session extension is always positive
    βž• Added user group allowed for LDAP Windows AD
    βž• Added option to remove the forgot password link on home page if LDAP enabled
    #2054 Alter table statement is run only once
    #2053 Custom Fields - folders unchecked at second call up
    #2043 LDAP Authentication is not working
    #2029 Fix on install step3
    #2028 Fix on install step3
    #2025 LDAP allowed user group doesn't work
    #2027, #2023 Fatal Error after installation and setting change
    #2016 Not all roles visible
    ⬆️ #2013 Bad condition in upgrade script
    0️⃣ #2010 Default Administrated by for user created via LDAP authentication
    #2004 Administrator has no access to Items
    #1997 Error on folder creation of no Parent is selected
    0️⃣ #1996 Some settings resets to defaults
    #1993 Policy for personal saltkey
    #1990 Improving mysql indexes
    #1989 Authentication problem
    #1980 personal item is not deleted
    #1974 Changing saltkey operation
    #1970 ip-api.com use is not compatible with https
    #1960 Access Denied for personal folder
    #1840 add "download" attribute to export file

    πŸ†• Newly introduced since 2.1.27.9

    πŸ›  Fixed a possible XSS (credit to ADLab of Venustech)
    πŸ‘Œ Improved security related to User Management
    > a manager could potentially act on users not related to him
    πŸ‘Œ Improved security related to Items Management
    > a user could potentially act on Items he should not have access to
    πŸ”’ Securized script.backup.php by adding a security key
    πŸ›  Fixed some other security failures (credit to ​security at Amossys)
    πŸ‘Œ Improved security regarding uploading files
    πŸ›  Fixed issue while restoring DB from administration page
    πŸ›  Fixed "PW copy to clipboard" log unconsistency in specific case
    πŸ‘Œ Improved / Fixed administration task for encrypting/decrypting files
    πŸ‘Œ Improved security regarding item history display
    πŸ‘Œ Improved the possibility to define the access level on Roles when creating new folder
    βž• Added filter in Roles
    πŸ†• New: confirm deletion of attachment
    #1965 Login credentials do not correspond (json_decode issue)
    #1964 Make email field in new LDAP user insertion null safe
    #1961 After fresh installation the index.php shows random string
    ⚠ #1956 Warning appears on Category and API pages in admin mode
    ⚑️ #1947 Dependency & array update in install checks
    #1945 Cannot delete items
    #1944 File upload results in error
    #1941 Visualisation problems

    πŸ†• Newly introduced since 2.1.27.8

    βœ‚ Delete install folders and files during installation process
    Custom Field value can be masked
    Database password is encrypted in settings.php file
    ⚑️ PHPMailer library updated to 5.2.23
    ⚑️ TwoFactorAuth library was updated
    πŸ”§ Configuration variables are not set in SESSION anymore. Now read from tp.config.php file.
    πŸ›  Fix: issue on offline export
    πŸ›  Fix: error on deleting a folder at root
    #1939 Unable to change page (role management)
    #1937 Error while using script.backup.php in standalone
    πŸ“œ #1935 Add folder results in Requested JSON parse failed
    🚚 #1933 Trying to move folder results in error message
    #1932 Keepass upload fails
    #1927 Changing language is not possible for users
    πŸ“œ #1924 Moving items give error: Requested JSON parse failed
    #1923 Red wheel keeps turning, blocks display of new items
    πŸš€ #1919 Upgrade to release 2.1.27.8 converts encrypted database password back to clear-text
    #1915 Cannot Edit or Delete items in the Personal folder
    #1909 Roles Management - Problem with acess rights "Edit" "Delete"
    #1903 SSH Password Change does not work
    #1900 Forgot your password --> Page reload automatic
    πŸ‘» #1891 Install error - Uncaught Defuse\Crypto\Exception\BadFormatException: Encoded data is shorter than expected
    #1899 Active Directory authentication not working on fresh installed Cent OS 7
    #1890 access rights in manage roles
    #1888 Export to CVS --> empty file (0 kb)
    #1886 JSON Error when importing with an apostrophe (β€˜)
    #1885 Undefined index: SSL_SERVER_CERT
    πŸ“Œ #1884 Cannot delete custom fields - hangs indefinitely after confirm with spinning gear
    πŸ‘€ #1882 Can't see any entry on any folder, using any account
    #1881 Doesn't auto-delete install/ folder after installation completed
    #1880 Custom Fields, Not encrypted/decrypted when toggled in Custom-Field Settings Screen
    πŸ“œ #1872 New Admin User login not working -JSON Parse file failure
    #1870 Logic issue in headers sending
    #1866 CSV import with empty url leads to value 0
    #1862 Import from Keepass.xml to Personalfolder no access to Item
    #1857 API: Folders created at level 0 instead of correct level
    ⬆️ #1856 Robustified tp.config.php creation in case of upgrade
    #1851 Fix ldap suffix
    🐳 #1850 Missing iconv in Docker
    #1840 Added the "download" attribute
    #1837 JSON error in Find page when user has no folders to browse
    #1834 Typo in sources/main.functions.php
    #1833 Opening a one time view page give a notice: A session had already been started...
    #1830 Salt key field has already a character filled in.
    ⬆️ #1829 Attachments is broken after upgrade from 2.1.27.0. Fix in progress
    #1828 No error message when duplicate item names at personal keys
    🐳 #1826 New dockerfile and docker-compose.yml
    #1820 group vertical scroll bar not work correctly
    #1819 Fix for QR sending from login page

    Main changes in 2.1.27

    πŸ†• New: Custom Fields are only visible if defined
    πŸ›  Fix issue in tree if subfolder is visible while parent is not
    πŸ›  Fix issues regarding DUOSecurity
    πŸ›  Fix upgrade doesn't start in case that sk.php file has moved
    πŸ›  Fix for Custom Fields not displayed as defined by order field
    πŸ›  Secure fixes
    Session increase time feature is now increasing with the expected user session duration
    0️⃣ Default language cannot be changed fix
    πŸ›  Fix for "hide not accessible folders" option
    πŸ†• New Defuse Encryption implemented in place of phpCrypt
    πŸ†• NEW AGSES authentication implemented
    πŸ†• NEW Custom Fields data can be encrytped or not in database
    πŸ†• NEW Folder copy feature
    πŸ†• NEW Mass move or delete operation on Items
    πŸ†• NEW Item change proposal
    IMP Implemented new session encryption library SecureHandler (getting rid of mcrypt extension)
    0️⃣ IMP Language selection is now in User Profile (Default language is used on authentication page)
    IMP User creation dialogbox improved with all user properties
    IMP New user login availability is checked "live"
    IMP Filtering counters in datatables
    IMP Users Management dialogbox improved
    πŸ”’ IMP 2FA authentication change to improve security (no call to external QR generator)
    ⚑️ UPD AES library updated
    πŸ›  FIX "Find" feature: copy from public to personal folder, and list of folders is refreshed when copying an Item
    πŸ›  Fix: Prevent moving a folder to one of its child folder
    πŸ†• New: Multiselection in Roles vs Folders matrix
    πŸ†• New: LDAP configuration test mode (in progress)
    πŸ›  Fix: Global saltkey change
    πŸ›  Fix: Copy folder does'nt copy included items
    πŸ›  Fix: Encrypt/Decrypt attachments feature from admin page

    #1806
    #1796 Can't add folder from API
    #1787 email notifications are not sent if there are any admins with empty email address
    #1776 Allow restricting items to users and roles - Wrong Item Owner
    #1775 Can not decrypt a created crypted Backup - Improved encryption with Defuse
    #1774 Announce this Item by email
    #1769 Installation issue - no admin account is created
    #1762 Share user rights works backwards
    #1761 Reset of my Personal Saltkey
    #1743 Enable anonymous LDAP queries
    #1690 Unable to set/save personal salt key with LDAP user
    #1742 Fix for issue #1539 verifying LDAP groups properly
    #1740 Missing buttons on Users page
    #1737 Cannot import files
    🐳 #1735 Dockerfile - PHP extension "curl" is loaded Extension curl is not loaded
    #1733 Copy Item doesn't work if copy from public to public folders
    #1731 Cannot login in after fresh install
    #1729 Protection against bigger data than database field size
    #1727 Cannot edit or delete entry in the Personal folder
    πŸ›  #1725 Some fixes
    🚚 #1723 Fix spin not removed while reseting user saltkey
    🐧 #1722 SELinux issue leads to upload impossible
    #1718 Moving a folder to itself
    #1717 After deleting a folder, items are still visible in search page
    #1713 Doubleclick on directory shows items twice
    #1710 Error on psk change
    #1709 Missing field in table on fresh install
    #1707 "Restricted To" not working correctly when creating new items
    #1706 User can edit & delete items without rights
    🌲 #1696 Fix for no log for OTV
    #1695 Manager can create folder at root from Items pas
    #1686 Fix for item History dialogbox
    #1685 Fix in Portuguese file
    #1684 Estonian language still missing
    πŸ”Š #1679 Sort by don't work in Utilities/logs
    #1676 Pre-auth XSS in index.php
    #1674 name and lastname are changed on other user edit
    #1672 Anonymous settings not stored
    ⬆️ #1670 Incremental upgrade not active
    #1669 Logout - Errors
    ⬆️ #1668 File encryption is not correct in case of upgrade
    #1666 Can`t set avatar
    #1662 Can not delete folders
    πŸ‘€ #1659 Third level of sub folders in the Personal folder are not seen
    #1654 User management page - no "next" button
    #1635 New folder inheritance of parent specific settings
    ⬆️ #1631 Error could be appear on upgrade when checking folders and files
    #1628 URL link to specific item does not work
    #1627 Improved label preview length
    #1625 Request to add/change password
    #1624 Error 500 while importing item with API (with PHP < 7)
    #1621 New option: OTV can be disabled
    #1620 Direct copy password from seach results and large folders
    #1616 Cannot show password with IE11
    #1614 Generate personal folders sets regular root folders also as personal
    #1608 All folders are deleted
    #1603 Attached files disappears
    #1601 Time zone can't be saved in My Profile
    #1593 Insert duplicate label with API
    #1592 Show Client IP in mail to admin about logged on users
    #1588 Fix for OTV links
    #1587 fix for e-mail to administrator on logon does not work
    #1581 Fix for new folder Custom Fields inheritance
    #1579 Fix for preventing a php fatal error
    #1575 Fix for tree not loaded when user has no access to a folder with children
    #1571 Drag and drop from PF to public folder makes item password corrupted
    #1571 Create an item inside another folder than the one selected
    #1561 Personal folder deletion deletes all
    #1559 API IP Whitelist check does not consider XFF
    ⬆️ #1556 Fix bug for upgrading old passwords
    πŸ‘ #1553 LDAP support - Add LDAP port - Add support multi LDAP server
    #1551 Authentication through LDAP posix-search
    🌲 #1550 2 Factor enabled but can still log in without code
    #1549 Read Only users can use Personal Folders
    #1543 Wrong Saltkey message after setting
    #1533 The change of the main SALT Key doesn't work
    #1532 Added error message in install.js if db-pw contains double quotes
    #1531 Database otv table originator field should be int instead of tinyint
    #1514 User language selection is done in Profile dialogbox
    #1474 New option: create an item without password
    #1472 "folder access" and "role" settings when adding new user + propage rights from one user
    #1464 CSV files broken, html entities not decoded, newlines not stripped
    #1422 Folders deletion protocol has been securized to prevent unconsistencies in folders tree
    🚚 #1412 New option: Manager can move items they can view
    #1408 Display folders visible by a user
    #1299 Export to pdf or csv shows htmlencoded