Strange Fruit

Release song: https://youtu.be/649wWWkW_1o?si=rSKbGFqR8irz0OOG

Passbolt API version v4.10.1 fixes a critical issue introduced in v4.10.0 where mobile applications were not showing any passwords after the passbolt API update.

We would like to express our appreciation to the community for raising the issue. Thank you for your support & understanding.

[4.10.1] - 2024-11-26

Fixed

• PB-37010 Fix v5 resource types should not be returned if v5 flag is disabled
• PB-37011 Fix session keys creation modified date validation to match ISO 8601 format

Baianá

Release song: https://www.youtube.com/watch?v=2YdC0GshApE

Passbolt v4.10.0 is a maintenance update that prepares for the upcoming v5 release, introducing beta support for the v5 resource type format within the v4 user interface and addressing reported issues.

This release is particularly valuable for maintainers of clients or integrations, offering an early preview of the v5 resource type format to aid in planning for future adaptations. While previous content types will remain supported until version 6, the new content types expand functionality, empowering technical teams to manage a broader range of credentials. Stay tuned—a blog article will be released soon to explain how to enable v5 support and begin testing your integrations.

Thank you to our community for your continued support.

[4.10.0] - 2024-11-20

Added

• PB-34458 Add v5 config flag PASSBOLT_V5_ENABLED
• PB-34459 Add metadata plugin
• PB-34450 Update resources table with metadata fields
• PB-34455 Update comments table with data field
• PB-34452 Update folders table with metadata fields
• PB-34454 Create metadata_private_keys table
• PB-34453 Create metadata_session_keys table
• PB-34456 Create metadata_keys table
• PB-34446 Add new resource_types entries for v5 resource types
• PB-34448 Update resource_types table to add deleted field
• PB-34472 Add GET/POST /metadata/settings.json endpoints
• PB-34465 Add MetadataPrivateKey entity
• PB-34466 Add MetadataPrivateKeysTable table
• PB-34460 Add MetadataKey entity
• PB-34462 Add MetadataKeysTable table
• PB-34461 As a logged-in user the settings.json provides information on the metadata plugin
• PB-34464 Cache key info in public key validation service for a single request
• PB-34467 Add POST /metadata/keys.json endpoint
• PB-34471 Add GET /metadata/keys endpoint
• PB-35259 Update support for created_by and modified_by for metadata keys
• PB-35163 Update DELETE /groups/.json to support v5 resource format
• PB-35162 Update DELETE /users/.json endpoint to clean up metadata private & session keys
• PB-35119 Add setup complete controller test (v5 key sharing)
• PB-35119 Start integration of user setup complete with v5 requirements
• PB-35122 Add support for v5 create, update resource entities
• PB-35152 Add DELETE /metadata/session-keys/.json endpoint
• PB-35151 Add POST /metadata/session-keys.json endpoint
• PB-35150 Add GET /metadata/session-keys.json endpoint
• PB-34611 Add DELETE/PUT /resource-types/.json endpoint
• PB-35365 Update POST /share/folders/.json to support v5 logic
• PB-35363 Update GET /folders/.json to support v5 format
• PB-35363 Update GET /folders.json to support v5 format
• PB-35921 Add API endpoint PUT /metadata/session-keys/.json
• PB-35368 As a developer I can run a command to create metadata private key & share it with all users
• PB-35362 Update PUT /folders/.json to support v5 format
• PB-35361 Update POST /folders.json to support v5 format
• PB-35120 Add healthcheck to try to decrypt the server metadata private key entry for the shared key
• PB-35165 Update POST /share/resources/.json to support v5 logic
• PB-35166 Update email notification template to not include metadata (name, uri, etc.)
• PB-35166 Update POST /share/simulate/resources/.json to support v5 logic
• PB-35157 Email changes for resources changes for V5
• PB-35157 Add validation for metadata fields
• PB-35160 Update GET /resources.json endpoint to support v5 format
• PB-35275 Add edit and create individual metadata private key endpoints
• PB-35171 Create a Service and CLI task to migrate v4 to v5 resources
• PB-35272 Add server settings to prevent edition of metadata settings and key
• PB-35260 Add signature verification for metadata private key sharing service
• PB-35277 As an administrator I must receive an email notification when a metadata key is added
• PB-35276 As an administrator I must receive an email notification when the metadata settings are updated
• PB-35751 As an administrators I can update the metadata settings using command line
• PB-35748 As an administrator I can run a command to migrate all the items to v5 format
• PB-35747 As an administrator I can run a command to migrate the folders to v5 format
• PB-35756 Update resource create endpoint to throw an error if allow_usage_of_personal_keys is set to false and personal key is used
• PB-35758 Update folders create/update endpoints to throw an error if allow_usage_of_personal_keys is set to false and personal key is used
• PB-35928 Add allow_v5_v4_downgrade to metadata types settings
• PB-35945 Add static method to cache and reuse MetadataTypesSettingsGetService results
• PB-35946 Add static method to cache and reuse MetadataKeysSettingsGetService results
• PB-35930 Update edit resource to support allow_v5_v4_downgrade settings
• PB-35931 Update edit folders to support allow_v5_v4_downgrade settings
• PB-35937 Add allow_v5_v4_downgrade settings to passbolt update_metadata_types_settings command
• PB-35084 Add the distribution/gpg information in the health-check
• PB-35866 Add OperatingSystemHealthcheck for 32 vs 64 bit
• PB-36228 ResourceCreateController should populate empty metadata_key_id if key type is user_key
• PB-36280 Add created_by and modified_by to metadata keys index service
• PB-34080 As an admin running the passbolt cleanup, I should delete duplicate resources_tags entries
• PB-36516 Add populatedMetadataUserKeyId request data massaging to folder create and update
• PB-36515 Add populatedMetadataUserKeyId request data massaging to resource edit
• PB-36558 Add baseline support for metadata key expiry
• PB-35085 Add TimeSyncHealthcheck for system clock sync status
• PB-36574 As a user I can delete a metadata key that is expired and not in use

Improved

• PB-34609 Adds is-deleted filter and resources_count contain to ResourceTypesIndexController.php

Security

• PB-35882 Bump cakephp/twig-view to 1.3.1 to get rid of twig security vulnerability warning
• PB-36609 Bump twig/twig composer package to v3.11.2
• PB-36609 Bump symfony/process composer package to v5.4.46

Fixed

• PB-34189 Fix 500 on GET resources.json when passing 1 as parameter to some filters
• PB-35173 As a logged-in user I should not get a 500 if the folder does not exist
• PB-34481 Fix 500 error on /mfa/verify/{provider}.json on account with no 2FA set up
• PB-35669 Fix GenerateOpenPGPKeyService should default to GNUPGHOME environment variable if set
• PB-35724 Fix GenerateOpenPGPKeyService should generate key with empty passphrase
• PB-35709 Fix theme back to default randomly after refresh or navigation
• PB-35849 Fix API app does not update "Last logged in" time
• PB-35980 Fix has-parent filter returning duplicate resources (GITHUB #523)
• PB-36208 Fix LogFolderWritableHealthcheck help text paths

Maintenance

• PB-34399 Bump singpolyma/openpgp-php package to v0.7
• PB-34305 Upgrade lockfile-lint library on passbolt_api package-lock.json
• PB-34306 Upgrade openpgp library on passbolt_api package-lock.json
• PB-33333 Refactor GroupUpdateControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesDeleteControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesUpdateControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesViewControllerTest to use Fixture Factories
• PB-33332 Refactor resource index controller test
• PB-22603 Refactor resources share service test with factories
• PB-33331 Add missing test cases for RecoverCompleteService
• PB-35433 Fix phpcs config to allow per file fixing in IDE
• PB-33330 Add missing test cases for SetupCompleteService
• PB-33329 Add missing test cases for RecoverAbortService
• PB-35777 Remove cloaking !empty() around method calls
• PB-35856 Fix up editorconfig for composer.json editing
• PB-35918 Bump composer/composer package to 2.8.1
• PB-34234 CI changes to use downstream repo
• PB-36605 Fix testVersionCommand_Compare_With_ChangeLogs failing test
• PB-35763 Refactor resource tags add controller
• PB-36607 Bump cakephp/cakephp composer package version to 4.5.7

Baianá

Release song: https://www.youtube.com/watch?v=2YdC0GshApE

Passbolt v4.10.0 Release Candidate is a maintenance update of preparatory work for the incoming v5 and addresses reported issues. Specifically, it brings the codebase to ease the later encryption of the resource metadata.

Thank you to the community for reporting the issues.

[4.10.0-rc.1] - 2024-11-14

Added

• PB-34458 Add v5 config flag PASSBOLT_V5_ENABLED
• PB-34459 Add metadata plugin
• PB-34450 Update resources table with metadata fields
• PB-34455 Update comments table with data field
• PB-34452 Update folders table with metadata fields
• PB-34454 Create metadata_private_keys table
• PB-34453 Create metadata_session_keys table
• PB-34456 Create metadata_keys table
• PB-34446 Add new resource_types entries for v5 resource types
• PB-34448 Update resource_types table to add deleted field
• PB-34472 Add GET/POST /metadata/settings.json endpoints
• PB-34465 Add MetadataPrivateKey entity
• PB-34466 Add MetadataPrivateKeysTable table
• PB-34460 Add MetadataKey entity
• PB-34462 Add MetadataKeysTable table
• PB-34461 As a logged-in user the settings.json provides information on the metadata plugin
• PB-34464 Cache key info in public key validation service for a single request
• PB-34467 Add POST /metadata/keys.json endpoint
• PB-34471 Add GET /metadata/keys endpoint
• PB-35259 Update support for created_by and modified_by for metadata keys
• PB-35163 Update DELETE /groups/.json to support v5 resource format
• PB-35162 Update DELETE /users/.json endpoint to clean up metadata private & session keys
• PB-35119 Add setup complete controller test (v5 key sharing)
• PB-35119 Start integration of user setup complete with v5 requirements
• PB-35122 Add support for v5 create, update resource entities
• PB-35152 Add DELETE /metadata/session-keys/.json endpoint
• PB-35151 Add POST /metadata/session-keys.json endpoint
• PB-35150 Add GET /metadata/session-keys.json endpoint
• PB-34611 Add DELETE/PUT /resource-types/.json endpoint
• PB-35365 Update POST /share/folders/.json to support v5 logic
• PB-35363 Update GET /folders/.json to support v5 format
• PB-35363 Update GET /folders.json to support v5 format
• PB-35921 Add API endpoint PUT /metadata/session-keys/.json
• PB-35368 As a developer I can run a command to create metadata private key & share it with all users
• PB-35362 Update PUT /folders/.json to support v5 format
• PB-35361 Update POST /folders.json to support v5 format
• PB-35120 Add healthcheck to try to decrypt the server metadata private key entry for the shared key
• PB-35165 Update POST /share/resources/.json to support v5 logic
• PB-35166 Update email notification template to not include metadata (name, uri, etc.)
• PB-35166 Update POST /share/simulate/resources/.json to support v5 logic
• PB-35157 Email changes for resources changes for V5
• PB-35157 Add validation for metadata fields
• PB-35160 Update GET /resources.json endpoint to support v5 format
• PB-35275 Add edit and create individual metadata private key endpoints
• PB-35171 Create a Service and CLI task to migrate v4 to v5 resources
• PB-35272 Add server settings to prevent edition of metadata settings and key
• PB-35260 Add signature verification for metadata private key sharing service
• PB-35277 As an administrator I must receive an email notification when a metadata key is added
• PB-35276 As an administrator I must receive an email notification when the metadata settings are updated
• PB-35751 As an administrators I can update the metadata settings using command line
• PB-35748 As an administrator I can run a command to migrate all the items to v5 format
• PB-35747 As an administrator I can run a command to migrate the folders to v5 format
• PB-35756 Update resource create endpoint to throw an error if allow_usage_of_personal_keys is set to false and personal key is used
• PB-35758 Update folders create/update endpoints to throw an error if allow_usage_of_personal_keys is set to false and personal key is used
• PB-35928 Add allow_v5_v4_downgrade to metadata types settings
• PB-35945 Add static method to cache and reuse MetadataTypesSettingsGetService results
• PB-35946 Add static method to cache and reuse MetadataKeysSettingsGetService results
• PB-35930 Update edit resource to support allow_v5_v4_downgrade settings
• PB-35931 Update edit folders to support allow_v5_v4_downgrade settings
• PB-35937 Add allow_v5_v4_downgrade settings to passbolt update_metadata_types_settings command
• PB-35084 Add the distribution/gpg information in the health-check
• PB-35866 Add OperatingSystemHealthcheck for 32 vs 64 bit
• PB-36228 ResourceCreateController should populate empty metadata_key_id if key type is user_key
• PB-36280 Add created_by and modified_by to metadata keys index service
• PB-34080 As an admin running the passbolt cleanup, I should delete duplicate resources_tags entries
• PB-36516 Add populatedMetadataUserKeyId request data massaging to folder create and update
• PB-36515 Add populatedMetadataUserKeyId request data massaging to resource edit
• PB-36558 Add baseline support for metadata key expiry
• PB-35085 Add TimeSyncHealthcheck for system clock sync status
• PB-36574 As a user I can delete a metadata key that is expired and not in use

Improved

• PB-34609 Adds is-deleted filter and resources_count contain to ResourceTypesIndexController.php

Security

• PB-35882 Bump cakephp/twig-view to 1.3.1 to get rid of twig security vulnerability warning
• PB-36609 Bump twig/twig composer package to v3.11.2
• PB-36609 Bump symfony/process composer package to v5.4.46

Fixed

• PB-34189 Fix 500 on GET resources.json when passing 1 as parameter to some filters
• PB-35173 As a logged-in user I should not get a 500 if the folder does not exist
• PB-34481 Fix 500 error on /mfa/verify/{provider}.json on account with no 2FA set up
• PB-35669 Fix GenerateOpenPGPKeyService should default to GNUPGHOME environment variable if set
• PB-35724 Fix GenerateOpenPGPKeyService should generate key with empty passphrase
• PB-35709 Fix theme back to default randomly after refresh or navigation
• PB-35849 Fix API app does not update "Last logged in" time
• PB-35980 Fix has-parent filter returning duplicate resources (GITHUB #523)
• PB-36208 Fix LogFolderWritableHealthcheck help text paths

Maintenance

• PB-34399 Bump singpolyma/openpgp-php package to v0.7
• PB-34305 Upgrade lockfile-lint library on passbolt_api package-lock.json
• PB-34306 Upgrade openpgp library on passbolt_api package-lock.json
• PB-33333 Refactor GroupUpdateControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesDeleteControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesUpdateControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesViewControllerTest to use Fixture Factories
• PB-33332 Refactor resource index controller test
• PB-22603 Refactor resources share service test with factories
• PB-33331 Add missing test cases for RecoverCompleteService
• PB-35433 Fix phpcs config to allow per file fixing in IDE
• PB-33330 Add missing test cases for SetupCompleteService
• PB-33329 Add missing test cases for RecoverAbortService
• PB-35777 Remove cloaking !empty() around method calls
• PB-35856 Fix up editorconfig for composer.json editing
• PB-35918 Bump composer/composer package to 2.8.1
• PB-34234 CI changes to use downstream repo
• PB-36605 Fix testVersionCommand_Compare_With_ChangeLogs failing test
• PB-35763 Refactor resource tags add controller
• PB-36607 Bump cakephp/cakephp composer package version to 4.5.7

Rebelion

Release song: https://www.youtube.com/watch?v=W8PTWqE2SVw

Passbolt is pleased to announce the immediate availability of version v4.9.1.

Passbolt v4.9.1 is a maintenance update that fixes issues reported by the community.
Among other fixes, this version addresses a compatibility issue with the PostgreSQL database, where users encountered
difficulties sharing passwords with users or groups when different cases were involved in their names.

Additionally, system administrator tools have been improved to better handle the purge of action logs on large datasets.

We would like to express our appreciation to the community for their assistance in improving Passbolt!

[4.9.1] - 2024-08-13

Fixed

• PB-34220 As a user I can search by users and groups case insensitively on PostgreSQL

Improved

• PB-34246 As an administrator purging the action logs table, I can set a limit option (100k per default)
• PB-34247 Adds a set of actions to be purged by the passbolt action_logs_purge command
• PB-33939 As an administrator when running bin/cake passbolt -h, I should see all the passbolt commands listed

Maintenance

• PB-32991 Optimizes CI pipeline run time on api repositories
• PB-34219 Adds validation to retention days option in the action_logs_purge command
• PB-33333 Refactor various tests to use fixture factories

B.Y.O.B.

Release song: https://youtu.be/zUzd9KyIDrM?si=bPS9Qu1t351eZEHH

Passbolt v4.9.0 is a significant update that addresses long-standing user requests and enhances performance. In this release, a highly requested feature was introduced where the passwords workspace now displays the location of resources. This addition provides extra meta information to help users efficiently identify passwords and where they are located. Additionally, the search functionality has been improved to use resource locations as meta information. Users can now retrieve a resource by using the names of its parent folders, which can greatly simplify the process of finding passwords depending on your organisation's classification system.

The team has also focused on various performance improvements to meet the growing needs of organisations managing an increasing number of passwords. These enhancements also prepare the way for the upcoming v5.0.0, which will support more content types and include an additional encryption layer. Both the API and the browser extension have been optimised, resulting in a 50% improvement in retrieving and treating collections of resources, according to our benchmarks.

[4.9.0] - 2024-07-23

Added

• PB-33690 Improves response times by adding an index to gpgkeys.user_id column
• PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
• PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
• PB-33813 Adds a fixed limit to the search-aros.json endpoint

Fixed

• PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array
• PB-33664 Fix missing "is" in the database schema up to date sentence (GITHUB #517)

Improved

• PB-33429 As a user I should retrieve resources and folders parent folders in a single query
• PB-33826 Improves the performance of resources.json by improving the datetime fields processing
• PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
• PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
• PB-33702 Improves has-access filter performance on users.json
• PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
• PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump

Maintenance

• PB-33692 Bump enygma/yubikey to v3.8

Security

• PB-33747 Fix command injections vulnerabilities in composer/composer package

B.Y.O.B.

Release song: https://youtu.be/zUzd9KyIDrM?si=bPS9Qu1t351eZEHH

Passbolt is pleased to announce that the v4.9.0 Release Candidate is officially available for testing.
This maintenance release aims to improve performance, notably 40% improvements of the resources & users endpoints. On the browser extension side, the grid now shows the folder location and a much-awaited feature on the ability to search folders.
As always, your feedback is invaluable, so please share and report any issues you come across.

[4.9.0-rc.1] - 2024-07-18

Added

• PB-33690 Improves response times by adding an index to gpgkeys.user_id column
• PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
• PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
• PB-33813 Adds a fixed limit to the search-aros.json endpoint

Improved

• PB-33429 As a user I should retrieve resources and folders parent folders in a single query
• PB-33826 Improves the performance of resources.json by improving the datetime fields processing
• PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
• PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
• PB-33702 Improves has-access filter performance on users.json
• PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
• PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump

Security

• PB-33747 Fix command injections vulnerabilities in composer/composer package

Fixed

• PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array

Maintenance

• PB-33692 Bump enygma/yubikey to v3.8

Angel

Release song: https://youtu.be/hbe3CQamF8k

Passbolt v4.8.0 is a maintenance release focusing on the migration of the browser extension to the latest MV3
architecture and adding tools for administrators to help them manage their instance.

This release marks the introduction of the first version of the MV3 extension for Chrome. The transition to MV3 has been
in progress since last year, with changes rolled out progressively until now. The base code between MV2 and MV3 is
nearly identical, and both extensions will continue to be maintained in parallel. A detailed blog post explaining our
migration process will be coming soon.

A new feature allowing administrators to purge audit logs from the command line was added. This will help reclaim database
space for logs that are no longer relevant, improving the performance of long-running instances while keeping necessary
logs for forensic and audit activities.

A new command has also been added to help administrators debug issues with their SMTP server. Email functionality is
crucial for Passbolt, and diagnosing connection problems is not always straightforward. This new command aims to simplify
the process when connecting to a new SMTP server as well as understand errors that could occur on existing integration.

As passbolt moves towards supporting more content types this year, significant work has been done to enhance performance
across the entire stack, from the database to the API and the browser extension. This release includes some of these
improvements, with more enhancements on the way in the next coming release v4.9.0.

We hope these updates enhance your experience with Passbolt. Your feedback is always valuable to us.

[4.8.0] - 2024-05-21

Added

• PB-33071 As an administrator I can purge the action logs table with a dedicated command
• PB-33231 As an administrator I want to know if a custom certificate is in use for SMTP
• PB-32579 As an administrator I can view email_queue records via passbolt command

Improved

• PB-32888 As an admin I should not get a time-out on health checks on air-gapped network
• PB-32983 Access email settings only when emails are sent

Fixed

• PB-33451 Fix 500 error on authentication when nonce is not a string
• PB-33073 As a user logging in, invalid login operation should not be logged as success in the audit logs
• PB-33234 The application should not throw an error if the JWT public key is not parsable

Maintenance

• PB-30314 Bump passbolt/passbolt-test-data to v4.8

Angel

Release song: https://youtu.be/hbe3CQamF8k

Passbolt is pleased to announce that the v4.8.0 Release Candidate is officially available for testing.
This maintenance release aims to publish the first version of the Manifest v3 browser extension for Chrome and adds tools for administrators to help them maintain their instances.
As always, your feedback is invaluable, so please share and report any issues you come across.

[4.8.0-rc.1] - 2024-05-17

Added

• PB-33071 As an administrator I can purge the action logs table with a dedicated command
• PB-33231 As an administrator I want to know if a custom certificate is in use for SMTP
• PB-32579 As an administrator I can view email_queue records via passbolt command

Improved

• PB-32888 As an admin I should not get a time-out on health checks on air-gapped network
• PB-32983 Access email settings only when emails are sent

Fixed

• PB-33451 Fix 500 error on authentication when nonce is not a string
• PB-33073 As a user logging in, invalid login operation should not be logged as success in the audit logs
• PB-33234 The application should not throw an error if the JWT public key is not parsable

Maintenance

• PB-30314 Bump passbolt/passbolt-test-data to v4.8

Bulls On Parade

Release song: https://youtu.be/3L4YrGaR8E4

Passbolt Community Edition v4.7 is a maintenance release that resolves multiple issues identified by the community. Furthermore, this release supports the commitment to improving customization options and integration features, making it easier for organizations to tailor the system to their specific needs.

A key enhancement in this release is the ability to use custom SSL certificates for SMTP server connections. This long-awaited feature is particularly beneficial for organizations operating in air-gapped environments or those using their own root CAs, enabling passbolt to more securely integrate with internal tools.

[4.7.0] - 2024-04-30

Added

• PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
• PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)

Security

• PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on

Fixed

• PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
• PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
• PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
• PB-32566 As a user setting up my account I should not get an unexpected 500
• PB-32903 Fix deprecation error on password expiry settings validation

Maintenance

• PB-29983 Refactor health check code domain for better maintenance
• PB-30394 Moves code in ActionLogsModelListener into a dedicated service
• PB-32881 Disable by default all plugins in integration tests
• PB-32978 Use dependency proxy to reduce docker pull limit
• PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
• PB-32594 Add tests for SecretCreateService

Bulls On Parade

Release song: https://youtu.be/3L4YrGaR8E4

Hey community members,

Prepare for an exciting update! 🥁

Passbolt is thrilled to announce that the v4.7.0 Release Candidate is officially available for testing.

The best part? All you have to do is head to GitHub and dive in! Of course, you have to make sure to follow the steps here. As always, your feedback is invaluable, please share and report any issues you come across.

Enjoy the testing journey! ♥️

[4.7.0-rc.1] - 2024-04-26

Added

• PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
• PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)

Security

• PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on

Fixed

• PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
• PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
• PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
• PB-32566 As a user setting up my account I should not get an unexpected 500
• PB-32903 Fix deprecation error on password expiry settings validation

Maintenance

• PB-29983 Refactor health check code domain for better maintenance
• PB-30394 Moves code in ActionLogsModelListener into a dedicated service
• PB-32881 Disable by default all plugins in integration tests
• PB-32978 Use dependency proxy to reduce docker pull limit
• PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
• PB-32594 Add tests for SecretCreateService