sysPass 2.1.13

• [FIX] Force logout when copying password to clipboard and session has expired. Closes #700. Thanks to @jrfx85 for the feedback!
• [FIX] Related #693. Use referrals for LDAP searches on non-ADS servers. Thanks to @W4rlock34 for testing!
• [FIX] Closes #706. Fixed sysPass XML export/import. Account tags weren't exported/imported. Thanks to @joerg for the feedback!
• [MOD] Strictly typecast https port to int. Thanks to @DanielRuf for contributing.
• [MOD] IMPORTANT: Plugins are no longer shipped within sysPass, please download from their own repository.
• [MOD] Improved JS actions for plugins
• [MOD] Improved plugins management and check for plugin updates
• [MOD] Updated translations. Thanks to all contributors!
• [ADD] Related #699. Added 2FA recovery codes (sent by email) in Authenticator plugin.

sysPass 2.1.12

• [FIX] Fixed error while restoring account from history.
• [FIX] Skip backup directory from backups. Thanks to @radkokeves for contribution. Solves #657
• [FIX] Fixed LDAP filtering by escaping special chars. Thanks to @pirrimanson2000 for the feedback. Fixes #667
• [FIX] Fixed wrong behavior on IIS-PHP (Windows). Thanks to @davidpsc for the feedback. Related #276
• [FIX] Fixed issue when searching on user's notifications.
• [MOD] Updated Brazilian and Russian translations. Thanks to contributors!!
• [MOD] Force request for master pass when user performs a password change.
• [MOD] Improved check for tmp folder
• [ADD] Added Portuguese/Brazilian translation. Thanks to @fizard for contribution. Related #662.

sysPass 2.1.11

• [FIX] Related #618. Try to fix wrong behavior when retrieving customers list for the current user. Thanks to @alexanderbuhler for the feedback.
• [FIX] Related #641. Removed non-existing table field while refreshing an API token. Thanks to @ cbrassel  for the feedback.
• [FIX] Related #640. Set required auth for addAccount action because the auth wasn't being triggered. Thanks to @cbrassel for the feedback.
• [FIX] Fixes #640. Remove unnecessary auth check when running API method.Thanks to @cbrassel  for the feedback.
• [FIX] Fixes #638. Aggressive replacement when URL params are being used in HTML markup.Thanks to @LeSuisse for the feedback.
• [FIX] Fixes #636. Improved search string filtering by removing special chars used in regular expressions. Thanks to @LeSuisse for the feedback.
• [MOD] Related #637. Improved random bytes generation to prevent cache-timing attacks (this does not affect to cryptographic functions, which were already safe). Thanks to @LeSuisse for the feedback.
• [MOD] Temporary master password will never be saved in the event log.

sysPass 2.1.10

Please, upgrade your sysPass instance as soon as possible.

• [FIX] Fixes XSS on login page. Related #615. Thanks to @Xyntax for the feedback.
• [MOD] Avoid master key change when there isn't any account. Fix #602. Thanks to @Berni69 for the feedback.
• [MOD] Allow longer execution time on import feature. Related #610. Thanks to @MagicFab for the feedback.
• [FIX] Related #579. Fixed wrong method calling. Thanks to @madcoda9000 for the feedback.
• [FIX] Related #561. Added some LDAP attributes for importing.

sysPass 2.1.9

• [FIX] Fixes #521. Accounts actions were not displayed if the request button was displayed. Thanks to @johnnyhotpants for the feedback and testing
• [MOD] Fixes #553. Dialog boxes now are being fitted to its content width. Thanks to @finalbeta for the feedback.
• [FIX] Solves #561. Fixed LDAP import issue. The name attribute was not passed through the request, so no users were imported. Thanks to @ReeceYoung98 for the feedback

sysPass 2.1.8 - Critical Fix

This fix solves a vulnerability when getting files through URL. Thanks to Artem for the notice

Please update sysPass as soon as possible (No DB upgrade is required)

• [FIX] Critical Fix. Local file inclusion through URL. Thanks to Artem for the notice
• [FIX] Wrong config behavior while saving "LDAP enabled" attribute. Thanks to @finalbeta for the feedback

sysPass 2.1.7

• [FIX] Enforced readonly user login for LDAP users
• [FIX] Fixes #543. Fix missing accounts Id when upgrading in group accesses table. Thanks to @Goatmaster for the feedback.
• [FIX] Solves #533. Fixed capitalized multibyte characters that weren't encoded properly. Thanks to @NickWoo33 for the feedback.
• [FIX] Related #540. Set the LDAP server port when it's set within the hostname. Thanks to @bitking for the feedback.
• [MOD] Improved ldap import process by adding the username attribute to get from the LDAP server. Solves #544. Thanks to @jdanielcano for the feedback
• [MOD] Updated translations.
• [MOD] Improve item actions filtering. Actions can be filtered out by several source values.
• [MOD] Improve elapsed time calc and code refactoring.
• [MOD] UI&Code tweaks
• [MOD] UI tweaks and set user preferences precedence over global settings. Closes #528
• [MOD] Try to fix search form behavior when submitting. A listener has been added to catch the "enter" key. Related #525, #502, #493

sysPass 2.1.6

• [FIX] Fixed wrong key length when submitted from login form, it was cut down to 80 characters. #519 Thanks to @derStephan for feedback and testing
• [FIX] Fixed "Invalid action" when an exception is thrown and the security token is not refreshed. Related #519
• [FIX] Fixed untranslated notice string when master key is changed
• [MOD] Passwords string that need hashing (not related to accounts password) and its length greater than 72 characters, are now hashed using SHA256 and then BCRYPT. A message is shown in syspass.log file. Related #519
• [MOD] Set default user's preferences on demo mode
• [MOD] UI tweaks. Box border is removed, it uses a shadow instead.

sysPass 2.1.5

• [FIX] Update preferences when upgrading.
• [FIX] Some fixes for Internet Explorer
• [MOD] Code refactoring
• [ADD] Added new feature to allow users added in secondary groups to access to the accounts where the secondary group is granted. Solves #521. Thanks to @johnnyhotpants for the feedback.
• [ADD] Added the ability to enable/disable PHP session encryption. This would increase the app overall performance and prevent some issues when copying to clipboard. Related #524, #523, #500, #486

sysPass 2.1.4

• [FIX] Fixed wrong behavior when saving custom fields of password type.
• [FIX] Fixed expiry date on Authenticator plugin
• [FIX] Color type custom field couldn't be modified.
• [FIX] Fixes #504. Wrong user pass when importing from LDAP
• [MOD] Updated French translation
• [MOD] Updated German translation. Thanks to @alexanderbuhler
• [MOD] Minor Javascript refactoring
• [MOD] Migrating to jQuery 3
• [MOD] Using promises to perform initialization
• [MOD] UI tweaks
• [MOD] Changed copy to clipboard plugin.
• [MOD] Improved initialization for detecting wrong PHP version.
• [ADD] A message will be shown when the browser does not support clipboard actions.
• [MOD] Added checking to detect if clipboard is available. Logs a warning in Javascript console.