One Nation Under A Groove

Release song: https://youtu.be/3WOZwwRH6XU?si=jvTiezg7eEEpEh-S

Passbolt is pleased to announce the immediate availability of version v4.6.2. This version is a targeted security release of both the API and the browser extension focusing on fixing security issues reported by security researchers.

We would like to express our appreciation to the community for their assistance in making Passbolt more secure. Further details about the issues will be shared in a separate communication.

[4.6.2] - 2024-04-11

Security

• PB-32932 Fix error template title

Reptillia

Release song: https://www.youtube.com/watch?v=b8-tXG8KrWs

Passbolt is pleased to announce the immediate availability of version 4.6.1. This is a maintenance update that contains an important fix for the API, addressing the issue reported by the community since version 4.6.0.

Most notably this update fixes a problem when an administrator is not able to re-enable a suspended user.

We would like to express our sincere thanks to the community members who brought issues to our attention and helped the team to make passbolt better.

[4.6.1] - 2024-03-27

Fixed

• PB-32354 As an admin, I can re-enable a suspended user (GITHUB #512)

Purple Haze

Release song: https://youtu.be/Ub0NtPOj7es?si=3IL4HKS4-g17uPal

The Passbolt Community Edition 4.6.0 release "Purple Haze", brings enhancements that focus primarily on the administrative aspect and overall system health.

This update introduces the Health Check feature within the Admin workspace, designed to offer administrators a comprehensive tool for system assessment and upkeep.
In addition, this version addresses a range of minor bugs and delivers the awaited PHP 8.3 support.

This version furthermore lays the foundations for successive performance gains by refining data verification processes and reducing memory usage, particularly when browsing. Expect more significant improvements with the next releases.

[4.6.0] - 2024-03-14

Added

• PB-24485 As an administrator I can view the API healthcheck in the administration section
• PB-29396 As an administrator I can hide the share folder capability with a RBAC
• PB-25463 As an administrator I can disable the healthcheck index endpoint with a flag
• PB-29397 As an administrator I can disable the healthcheck administration panel with a flag

Improved

• PB-29009 As an administrator completing my setup I should not receive a notification that I completed my setup
• PB-26152 The API should identify openpgpjs v5.10 revoked key as revoked
• PB-29437 As an administrator I can log internal errors with the complete trace in Json format

Security

• PB-30155 Update phpseclib/phpseclib to fix composer security vulnerability

Fixed

• PB-30019 As a user I should not get a 500 when editing a user with payload containing integers as fields
• PB-29964 As an administrator disabling a user I should not get a 500 if the disabled date is not valid
• PB-29970 As a group manager I should receive an accurate summary in my notifications on group permission changes
• PB-29054 As an administrator I should not get an error when running the cleanup command and the users table does not exist
• PB-28719 As an administrator sending emails the timezone displayed in the emails should be in the correct time zone
• PB-30266 As an administrator sending emails with the email digest the message ID should be defined
• PB-30182 Build the styleguide on version 4.6.1

Maintenance

• PB-28247 Update cakephp/cakephp to version 4.5

Purple Haze

Release song: https://youtu.be/Ub0NtPOj7es?si=3IL4HKS4-g17uPal

Hey community members,

Prepare for an exciting update! 🥁

Passbolt is thrilled to announce that the v4.6.0 Release Candidate is officially available for testing.

The best part? All you have to do is head to GitHub and dive in! Of course, you have to make sure to follow the steps here. As always, your feedback is invaluable, please share and report any issues you come across.

Enjoy the testing journey! ♥️

[4.6.0-rc.2] - 2024-03-13

Added

• PB-24485 As an administrator I can view the API healthcheck in the administration section
• PB-29396 As an administrator I can hide the share folder capability with a RBAC
• PB-25463 As an administrator I can disable the healthcheck index endpoint with a flag
• PB-29397 As an administrator I can disable the healthcheck administration panel with a flag

Improved

• PB-29009 As an administrator completing my setup I should not receive a notification that I completed my setup
• PB-26152 The API should identify openpgpjs v5.10 revoked key as revoked
• PB-29437 As an administrator I can log internal errors with the complete trace in Json format

Security

• PB-30155 Update phpseclib/phpseclib to fix composer security vulnerability

Fixed

• PB-30019 As a user I should not get a 500 when editing a user with payload containing integers as fields
• PB-29964 As an administrator disabling a user I should not get a 500 if the disabled date is not valid
• PB-29970 As a group manager I should receive an accurate summary in my notifications on group permission changes
• PB-29054 As an administrator I should not get an error when running the cleanup command and the users table does not exist
• PB-28719 As an administrator sending emails the timezone displayed in the emails should be in the correct time zone
• PB-30266 As an administrator sending emails with the email digest the message ID should be defined
• PB-30182 Build the styleguide on version 4.6.1

Maintenance

• PB-28247 Update cakephp/cakephp to version 4.5

Purple Haze

Release song: https://youtu.be/Ub0NtPOj7es?si=3IL4HKS4-g17uPal

Hey community members,

Prepare for an exciting update! 🥁

Passbolt is thrilled to announce that the v4.6.0 Release Candidate is officially available for testing.

The best part? All you have to do is head to GitHub and dive in! Of course, you have to make sure to follow the steps here. As always, your feedback is invaluable, please share and report any issues you come across.

Enjoy the testing journey! ♥️

[4.6.0-rc.1] - 2024-03-11

Added

• PB-24485 As an administrator I can view the API healthcheck in the administration section
• PB-29396 As an administrator I can hide the share folder capability with a RBAC
• PB-25463 As an administrator I can disable the healthcheck index endpoint with a flag
• PB-29397 As an administrator I can disable the healthcheck administration panel with a flag

Improved

• PB-29009 As an administrator completing my setup I should not receive a notification that I completed my setup
• PB-26152 The API should identify openpgpjs v5.10 revoked key as revoked
• PB-29437 As an administrator I can log internal errors with the complete trace in Json format

Security

• PB-30155 Update phpseclib/phpseclib to fix composer security vulnerability

Fixed

• PB-30019 As a user I should not get a 500 when editing a user with payload containing integers as fields
• PB-29964 As an administrator disabling a user I should not get a 500 if the disabled date is not valid
• PB-29970 As a group manager I should receive an accurate summary in my notifications on group permission changes
• PB-29054 As an administrator I should not get an error when running the cleanup command and the users table does not exist
• PB-28719 As an administrator sending emails the timezone displayed in the emails should be in the correct time zone
• PB-30266 As an administrator sending emails with the email digest the message ID should be defined

Maintenance

• PB-28247 Update cakephp/cakephp to version 4.5

Marching The Hate Machines

Release song: https://youtu.be/53YYph6Edd0

Passbolt is pleased to announce the immediate availability of version 4.5.2. This is a maintenance update that contains important fixes for both the API and browser extension, addressing issues reported by the community since version 4.5.0.

Most notably this update fixes a problem that previously prevented the autofill feature from working with certain web applications.

Additionally, the release improves the process for importing TOTPs from kdbx files on Windows, ensuring better support for TOTPs across various Keepass clients, including Keepass, KeepassXC, and Macpass.

Administrators would also be pleased to be able to host the API using PHP 8.3. While PHP 7.4 and PHP 8.0 are still supported on some distributions such as Debian, they will be discontinued soon and administrators are encouraged to upgrade to PHP 8.1 or higher and use the latest version of the passbolt API.

We would like to express our sincere thanks to the community members who brought issues to our attention and helped the team to make passbolt better.

[4.5.2] - 2024-02-14

Fixed

• PB-29621 As a user I should get a 400 if the locale passed in the URL is not a string
• PB-29526 As an administrator I should be notified of group removal when the operation is performed by a users directory synchronization
• PB-28867 As a user I should see an improved performance when requesting the folder index endpoint

Improved

• PB-28635 As an administrator I can disable the email digest without having to change the command sending the emails

Security

• PB-29680 Bump dependency composer/composer to v2.7.0

Maintenance

• PB-29109 Support PHP 8.3 for passbolt API
• PB-29376 GITHUB-506 Bump dependency duosecurity/duo_universal_php to 1.0.2 (#506)
• PB-29514 Fix password expiry test which randomly fails
• PB-29625 Fix CI to support latest composer dependency version

Summer is ending

Release song: https://www.youtube.com/watch?v=HR1KH4zElcY

Passbolt v4.5.0 named "Summer is Ending" brings a host of new features and improvements, all designed to make your password management experience more secure, efficient, and user-friendly.

At the heart of this release is the introduction of the Password Expiry feature, a much-anticipated functionality that allows administrators to enable the automatic expiry policy, enhancing security by ensuring that potentially passwords are rotated when someone loses access to resources, for example by leaving a group or the organization.

Alongside, we're excited to introduce the Russian translation, making Passbolt more accessible to a wider audience.

We've also expanded our SMTP settings to include Microsoft 365 and Outlook providers, responding to the community's feedback for more integration options. The section to help users install and configure the Windows desktop application feature is also now enabled by default.

Improvements in the performance of some important API endpoints and other security enhancements and bug fixes are also part of this release.

Thanks to everyone in our community for your ongoing support and contributions that made this release possible. Your feedback and involvement continue to shape Passbolt, enhancing our collective security and usability. Together, we're making password management better for everyone.

[4.5.0] - 2024-02-08

Added

• PB-23913 As a user I can see my passwords marked as expired when users lose permissions on these
• PB-23913 As an administrator I can activate the password expiry feature
• PB-28923 As a user I want to be able to use passbolt in Russian
• PB-21484 As an administrator I can define Microsoft 365 and Outlook providers in SMTP settings
• PB-19652 As an administrator I can cleanup groups with no members with the cleanup command
• PB-27707 As administrator, with RBAC I should be able to set “can see users workspace” to “Allow if group manager”
• PB-28716 Desktop application flag is now enabled by default
• PB-26203 Desktop app define the account kit exportation help page

Improved

• PB-27616 Improve resources serialization performance on GET resources.json

Security

• PB-29148 Bump selenium API plugin version to v4.5
• PB-29005 Upgrades phpseclib/phpseclib to fix composer audit security vulnerability
• PB-22336 As an admin I should be able to enable/disable request group managers to add users to groups emails separately (LDAP/AD)
• PB-28871 Mitigate supply chain attack on PR and lint lock files
• PB-28658 Mitigate supply chain attack on post npm install script

Fixed

• PB-29200 Fixes the recover_user command (GITHUB #504)
• PB-29164 Fix recent InstallCommand changes breaking selenium tests
• PB-29132 Fix composer lock file not up-to-date message when installing dependencies
• PB-29160 Fix failing static analysis job in CI
• PB-29137 Fix failing in UsersEditDisableControllerTest file due to purifier
• PB-29113 Fix a typo in the email sent when admins lose their admin role
• PB-28130 Fix invalid cookie name should not trigger a 500
• PB-29007 Fix constantly failing test in RbacsUpdateControllerTest file
• PB-28991 Fix email queue entries not marked as sent

Maintenance

• PB-28857 Require phpunit-speedtrap to track down slow tests
• PB-25516 Remove --dev from .gitlab test options, it has not effect and will break with composer v3
• PB-28844 Improves the methods testing email content
• PB-28845 Skip unauthenticated exception from logging
• PB-28653 Speed-up tests by mocking the client in healthcheck relevant tests

Summer is ending

Release song: https://www.youtube.com/watch?v=HR1KH4zElcY

Hey community members,

Prepare for an exciting update! 🥁

Passbolt is thrilled to announce that the v4.5.0 Release Candidate is officially available for testing.

The best part? All you have to do is head to GitHub and dive in! Of course, you have to make sure to follow the steps here. As always, your feedback is invaluable, please share and report any issues you come across.

Enjoy the testing journey! ♥️

[4.5.0-rc.1] - 2024-02-01

Added

• PB-23913 As a user I can see my passwords marked as expired when users lose permissions on these
• PB-23913 As an administrator I can activate the password expiry feature
• PB-28923 As a user I want to be able to use passbolt in Russian
• PB-21484 As an administrator I can define Microsoft 365 and Outlook providers in SMTP settings
• PB-19652 As an administrator I can cleanup groups with no members with the cleanup command
• PB-27707 As administrator, with RBAC I should be able to set “can see users workspace” to “Allow if group manager”
• PB-28716 Desktop application flag is now enabled by default
• PB-26203 Desktop app define the account kit exportation help page

Improved

• PB-27616 Improve resources serialization performance on GET resources.json

Security

• PB-29148 Bump selenium API plugin version to v4.5
• PB-29005 Upgrades phpseclib/phpseclib to fix composer audit security vulnerability
• PB-22336 As an admin I should be able to enable/disable request group managers to add users to groups emails separately (LDAP/AD)
• PB-28871 Mitigate supply chain attack on PR and lint lock files
• PB-28658 Mitigate supply chain attack on post npm install script

Fixed

• PB-29200 Fixes the recover_user command (GITHUB #504)
• PB-29164 Fix recent InstallCommand changes breaking selenium tests
• PB-29132 Fix composer lock file not up-to-date message when installing dependencies
• PB-29160 Fix failing static analysis job in CI
• PB-29137 Fix failing in UsersEditDisableControllerTest file due to purifier
• PB-29113 Fix a typo in the email sent when admins lose their admin role
• PB-28130 Fix invalid cookie name should not trigger a 500
• PB-29007 Fix constantly failing test in RbacsUpdateControllerTest file
• PB-28991 Fix email queue entries not marked as sent

Maintenance

• PB-28857 Require phpunit-speedtrap to track down slow tests
• PB-25516 Remove --dev from .gitlab test options, it has not effect and will break with composer v3
• PB-28844 Improves the methods testing email content
• PB-28845 Skip unauthenticated exception from logging
• PB-28653 Speed-up tests by mocking the client in healthcheck relevant tests

Is It Because I'm Black?

Release song: https://youtu.be/6JNwqRF32ZI

Passbolt version 4.4.2 has been released, primarily as a maintenance update to address specific issues reported by users. This version includes two main fixes.

The first fix concerns the Time-based One-Time Password (TOTP) feature. In the previous version, there was an issue where users could accidentally delete the TOTP secret for a resource while editing its description from the sidebar. This has been corrected in the latest update.

The second fix improves the performance of the application, specifically when users are retrieving their resources. This update is part of an ongoing effort to enhance the overall performance of the application, with further improvements planned for future releases.

We extend our gratitude to the community member who reported this issue.

[4.4.2] - 2023-11-28

Improved

• PB-27616 As a user I should see improved performances when retrieving resources on the GET resources.json entry point

Fixed

• PB-28991 As a user emails should be resent if the first attempt failed

Gimme Shelter

Release song: https://youtu.be/RbmS3tQJ7Os?si=lp8QM5B-R65C8Jek

Passbolt v4.4.1 is a maintenance release aimed at addressing issues reported by the community, which were introduced in the previous release.

The update addresses an issue concerning user roles in email notifications. Previously, administrators received notifications when another administrator was deleted. However, the deletion of any user, regardless of their administrator status, was incorrectly reported as an administrator deletion. This issue has been resolved.

We extend our gratitude to the community members who reported these issues. Your support and patience are greatly appreciated.

[4.4.1] - 2023-11-20

Improved

• PB-28521 Alter the gpgkeys.uid column length to 769 to enable the synchronisation of user with very long names

Fixed

• PB-27957 As an administrator I should be notified that an administrator was deleted only when an administrator has been deleted, and not a regular user

Maintenance

• PB-27927 Remove unused user_agents table
• PB-28616 Refactor the email digest plugin code for easier usage and maintainability