v4.7.3-rc.0

Song: https://www.youtube.com/watch?v=3L4YrGaR8E4

Passbolt v4.7.3 is a test release focused on addressing problems identified with MV3.

[4.7.3] - 2024-05-07

Maintenance

• PB-33235 Convert formData file into a json serializable in offscreen
• PB-33297 Extension update available should store the state if user signed in

v4.7.1-rc.0

Song: https://www.youtube.com/watch?v=3L4YrGaR8E4

Passbolt v4.7.1 is a testing release aiming to rollout the MV3 chrome extension on the beta channels.

[4.7.1] - 2024-05-02

Maintenance

• PB-33225 MV3 beta rollout

v4.7.0

Song: https://www.youtube.com/watch?v=3L4YrGaR8E4

Passbolt v4.7 is a maintenance release that resolves multiple issues identified by the community.
Furthermore, this release supports the commitment to improving customization options and integration features, making it easier for organizations to tailor the system to their specific needs.

A key enhancement in this release is the ability for administrators to use custom SSL certificates for SMTP and Users directory server connections (PRO only).
These long-awaited features are particularly beneficial for organizations operating in air-gapped environments or those using their own root CAs, enabling passbolt to more securely integrate with internal communication tools.
All of these customizations are visible in the API status report of the administration workspace, providing a clear and manageable overview for administrators.

Moreover, the integration with user directories has been enhanced, now enabling the synchronization of user accounts using multiple fields as email identifiers.
This allows organizations with heterogeneous data environments to synchronize more seamlessly with Passbolt.
This improvement is part of a broader initiative aimed at modernizing the integration with your user directories.
Stay tuned, more enhancements are planned for future releases.

[4.7.0] - 2024-04-26

Added

• PB-32931 As administrator, I see SSO and Directory Sync health checks in Passbolt API Status page
• PB-33065 As an administrator I can add a fallback property to map my organisation AD user username
• PB-33070 Request passphrase when exporting account kit

Fixed

• PB-32420 Fix double calls to PwnedPassword API service
• PB-32631 Fix healthCheck Entity to support air gapped instances
• PB-33066 As AD, I should not see directorySync and SSO checks if they are disabled
• PB-33067 After an unexpected error during setup, recover or account recovery, only the iframe reload and the port cannot reconnect

Maintenance

• PB-22623 Start service worker in an insecure environment
• PB-22640 As a signed-in user the inform call to action should remain after the port is disconnected only for MV3
• PB-22644 The passbolt icon should detect if the user is still connected after the service worker awake
• PB-23928 Handle when the extension is updated, the webIntegration should be destroy and injected again
• PB-29622 Simulate user keyboard input for autofill event
• PB-29946 When the service worker is shutdown and a navigation is detected the service worker do not reconnect port and stay in error mode
• PB-29965 Use a dedicated service to verify the server
• PB-29966 Update apiClient to support form data body and custom header
• PB-29967 Use a dedicated service to do the step challenge with the server
• PB-29968 use a dedicated service to check the user authentication status
• PB-29969 Use a dedicated service to logout the user
• PB-29988 Update the alarm in the class StartLoopAuthSessionCheckService to use the property periodInMinutes
• PB-29989 Put the alarm listener at the top level for the StartLoopAuthSessionCheckService to check the authentication status
• PB-29990 Move PassphraseStorageService keep alive alarm listener in top level
• PB-30272 Add message service in the app content script in order to reconnect the port from a message sent by the service worker
• PB-30273 On the post logout event the service worker should reconnect port that needs to receive the post logout message
• PB-30274 Add message service in the browser integration content script in order to reconnect the port from a message sent by the service worker
• PB-30310 Improve invalid groups users sanitization strategy
• PB-30335 Use timeout instead alarms for service worker
• PB-30336 Use timeout instead alarms for promise timeout service
• PB-30337 Put the alarm listener at the top level for the passphraseStorageService to flush passphrase after a time duration
• PB-30341 Remove alarms for toolbar controller
• PB-30342 Use timeout instead of alarm for the resource in progress cache service to flush the resource not consumed
• PB-30374 Check if AuthService from styleguide is still used in the Bext otherwise remove it
• PB-30375 Improve CI unit test performance by running them in band
• PB-32291 Cleanup legacy code and unused passbolt.auth.is-authenticated related elements
• PB-32335 Split PassphraseStorageService to put the KeepSessionAlive feature on its own service
• PB-32345 Ensures on the desktop app during import account that the file to import is taken into account
• PB-32597 Ensure ToolbarController are set on index.js
• PB-32598 Ensure add listener from authentication event controller are set on index.js
• PB-32599 Ensure add listener from StartLoopAuthSessionCheckService are set on index.js
• PB-32604 Ensure add listener from on extension update available controller are set on index.js
• PB-32602 Ensure add listener from user.js are set on index.js
• PB-32603 Ensure add listener from ResourceInProgressCacheService are set on index.js
• PB-32915 Update code to remove the destruction of the public web sign-in on port disconnected
• PB-32916 Update code to remove the destruction of the setup on port disconnected
• PB-32917 Update code to remove the destruction of the recover on port disconnected
• PB-33018 Automate browser extension npm publication
• PB-33024 Ensure only stable tags of the styleguide are published to npm
• PB-33024 Ensure only stable tag of the browser extension are sent for review or publish to the store
• PB-33061 Create account temporary storage
• PB-33062 Use temporary account storage for setup process
• PB-33063 Use temporary account storage for recover process
• PB-33064 Use temporary account storage for account recovery process
• PB-33068 Remove beta information for the windows app

v4.7.0-rc.0

Song: https://www.youtube.com/watch?v=3L4YrGaR8E4

Passbolt is pleased to announce that the v4.7.0 Release Candidate is officially available for testing. This is a maintenance release containing bug fixes for issues reported by the community and preparing the browser extension migration to the manifest version 3. As always, your feedback is invaluable, please share and report any issues you come across.

Thank you for your support! ♥️

[4.7.0] - 2024-04-26

Added

• PB-32931 As administrator, I see SSO and Directory Sync health checks in Passbolt API Status page
• PB-33065 As an administrator I can add a fallback property to map my organisation AD user username
• PB-33070 Request passphrase when exporting account kit

Fixed

• PB-32420 Fix double calls to PwnedPassword API service
• PB-32631 Fix healthCheck Entity to support air gapped instances
• PB-33066 As AD, I should not see directorySync and SSO checks if they are disabled
• PB-33067 After an unexpected error during setup, recover or account recovery, only the iframe reload and the port cannot reconnect

Maintenance

• PB-22623 Start service worker in an insecure environment
• PB-22640 As a signed-in user the inform call to action should remain after the port is disconnected only for MV3
• PB-22644 The passbolt icon should detect if the user is still connected after the service worker awake
• PB-23928 Handle when the extension is updated, the webIntegration should be destroy and injected again
• PB-29622 Simulate user keyboard input for autofill event
• PB-29946 When the service worker is shutdown and a navigation is detected the service worker do not reconnect port and stay in error mode
• PB-29965 Use a dedicated service to verify the server
• PB-29966 Update apiClient to support form data body and custom header
• PB-29967 Use a dedicated service to do the step challenge with the server
• PB-29968 use a dedicated service to check the user authentication status
• PB-29969 Use a dedicated service to logout the user
• PB-29988 Update the alarm in the class StartLoopAuthSessionCheckService to use the property periodInMinutes
• PB-29989 Put the alarm listener at the top level for the StartLoopAuthSessionCheckService to check the authentication status
• PB-29990 Move PassphraseStorageService keep alive alarm listener in top level
• PB-30272 Add message service in the app content script in order to reconnect the port from a message sent by the service worker
• PB-30273 On the post logout event the service worker should reconnect port that needs to receive the post logout message
• PB-30274 Add message service in the browser integration content script in order to reconnect the port from a message sent by the service worker
• PB-30310 Improve invalid groups users sanitization strategy
• PB-30335 Use timeout instead alarms for service worker
• PB-30336 Use timeout instead alarms for promise timeout service
• PB-30337 Put the alarm listener at the top level for the passphraseStorageService to flush passphrase after a time duration
• PB-30341 Remove alarms for toolbar controller
• PB-30342 Use timeout instead of alarm for the resource in progress cache service to flush the resource not consumed
• PB-30374 Check if AuthService from styleguide is still used in the Bext otherwise remove it
• PB-30375 Improve CI unit test performance by running them in band
• PB-32291 Cleanup legacy code and unused passbolt.auth.is-authenticated related elements
• PB-32335 Split PassphraseStorageService to put the KeepSessionAlive feature on its own service
• PB-32345 Ensures on the desktop app during import account that the file to import is taken into account
• PB-32597 Ensure ToolbarController are set on index.js
• PB-32598 Ensure add listener from authentication event controller are set on index.js
• PB-32599 Ensure add listener from StartLoopAuthSessionCheckService are set on index.js
• PB-32604 Ensure add listener from on extension update available controller are set on index.js
• PB-32602 Ensure add listener from user.js are set on index.js
• PB-32603 Ensure add listener from ResourceInProgressCacheService are set on index.js
• PB-32915 Update code to remove the destruction of the public web sign-in on port disconnected
• PB-32916 Update code to remove the destruction of the setup on port disconnected
• PB-32917 Update code to remove the destruction of the recover on port disconnected
• PB-33018 Automate browser extension npm publication
• PB-33024 Ensure only stable tags of the styleguide are published to npm
• PB-33024 Ensure only stable tag of the browser extension are sent for review or publish to the store
• PB-33061 Create account temporary storage
• PB-33062 Use temporary account storage for setup process
• PB-33063 Use temporary account storage for recover process
• PB-33064 Use temporary account storage for account recovery process
• PB-33068 Remove beta information for the windows app

v4.6.2

Song: https://youtu.be/3WOZwwRH6XU?si=jvTiezg7eEEpEh-S

Version 4.6.2 is a targeted maintenance release of the browser extension, focusing on refining passwords strength verification process. This update ensures a balance between adhering to security best practices and maintaining user-friendliness.

We extend our gratitude to the community for their insights to help us build passbolt.

[4.6.2] - 2024-03-29

Fixed

• PB-32394 As a user defining my passphrase while activating my account I want to know if my passphrase is part of a dictionary on form submission
• PB-32396 As a user defining my new passphrase while changing it I want to know if my new passphrase is part of a dictionary on form submission
• PB-32401 As an administrator defining the passphrase of the generated organization account recovery key I want to know if the passphrase is part of a dictionary on form submission
• PB-32407 As a user editing a password I am invited to confirm its edition when this one very weak in a separate dialog on form submission
• PB-32395 As a user defining my passphrase while requesting an account recovery I want to know if my new passphrase is part of a dictionary on form submission
• PB-32397 As a user verifying my private key passphrase while activation my account I do not want to know if my passphrase is part of a dictionary at this stage
• PB-32399 As a user confirming my passphrase while completing an account recovery (Admin approved) I do not want to know if my passphrase is part of a dictionary on form submission
• PB-32398 As a user confirming my passphrase while importing my private key during an account recover I do not want to know if my passphrase is part of a dictionary on form submission
• PB-32404 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission
• PB-32403 As a user updating a password I am invited to confirm its edition when this one is part of a dictionary in a separate dialog on form submission
• PB-32405 As a user auto-saving a password from the quickaccess I should not be notified if the password is part of an exposed dictionary
• PB-32402 As a user creating a password I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission
• PB-32400 As a user confirming my passphrase while importing an account kit on the desktop app I do not want to know if my passphrase is part of a dictionary on form submission
• PB-32406 As a user creating a password I am invited to confirm its creation when this one very weak in a separate dialog on form submission
• PB-32427 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is VERY WEAK in a separate page on form submission

v4.6.2-rc.0

Passbolt is pleased to announce that the v4.6.2 Release Candidate is officially available for testing. This release contains some bug fixes for issues reported by the community. As always, your feedback is invaluable, please share and report any issues you come across.

Thank you for your support! ♥️

[Unreleased]

[4.6.2-rc0] - 2024-03-28

Fixed

• PB-32394 As a user defining my passphrase while activating my account I want to know if my passphrase is part of a dictionary on form submission
• PB-32396 As a user defining my new passphrase while changing it I want to know if my new passphrase is part of a dictionary on form submission
• PB-32401 As an administrator defining the passphrase of the generated organization account recovery key I want to know if the passphrase is part of a dictionary on form submission
• PB-32407 As a user editing a password I am invited to confirm its edition when this one very weak in a separate dialog on form submission
• PB-32395 As a user defining my passphrase while requesting an account recovery I want to know if my new passphrase is part of a dictionary on form submission
• PB-32397 As a user verifying my private key passphrase while activation my account I do not want to know if my passphrase is part of a dictionary at this stage
• PB-32399 As a user confirming my passphrase while completing an account recovery (Admin approved) I do not want to know if my passphrase is part of a dictionary on form submission
• PB-32398 As a user confirming my passphrase while importing my private key during an account recover I do not want to know if my passphrase is part of a dictionary on form submission
• PB-32404 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission
• PB-32403 As a user updating a password I am invited to confirm its edition when this one is part of a dictionary in a separate dialog on form submission
• PB-32405 As a user auto-saving a password from the quickaccess I should not be notified if the password is part of an exposed dictionary
• PB-32402 As a user creating a password I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission
• PB-32400 As a user confirming my passphrase while importing an account kit on the desktop app I do not want to know if my passphrase is part of a dictionary on form submission
• PB-32406 As a user creating a password I am invited to confirm its creation when this one very weak in a separate dialog on form submission
• PB-32427 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is VERY WEAK in a separate page on form submission

v4.6.0

The Passbolt Pro 4.6.0 release "Purple Haze", brings a new SSO provider and improves administrative aspects and overall system health.

A major addition in this release is the Beta implementation of SSO AD FS (Active Directory Federation Services), enabling streamlined single sign-on capabilities for improved user access management.

Furthermore, this version incorporates the Health Check feature within the Admin workspace, offering administrators a comprehensive tool for system health assessment, thereby enhancing the platform's maintainability and reliability.

This release also focuses on refining the platform's infrastructure for enhanced performance. It lays the groundwork for future updates by optimizing data verification processes and reducing memory usage during web activities.

The update paves the way for a series of successive enhancements with the next releases.

[4.6.0] - 2024-03-14

Added

• PB-24485 As signed-in administrator I can see the healthcheck in the UI
• PB-29051 As a user I can use ADFS as SSO provider
• PB-29162 As signed-in administrator I can authorize only group managers to see the users workspace
• PB-29396 As signed-in administrator I can hide the share folder capability with a RBAC

Security

• PB-29384 As signed-in administrator I should see a 404 when accessing a non existing administration page
• PB-29384 As signed-in user I should see a 403 when attempting to access an administration page

Fixed

• PB-25865 As a signed-in user I want to autofill form which listen to change events
• PB-27709 As signed-in administrator I can reconfigure the LDAP integration after a server key rotation
• PB-29258 A signed-in users with a large data set I should have a direct feedback when selecting a resource with the checkbox
• PB-29506 As signed-in user, when loading the application, I should scroll to the resource detected in the url
• PB-29548 As a signed-in administrator, editing the password expiry policy, I want to be sure that I’m editing the latest version of the settings
• PB-29606 As signed-in user I should be able to export TOTP to keepass for Windows
• PB-29860 As signed-in user I should see the columns header translated to my language
• PB-29861 As signed-in user I should see the filter “Expiry” named “Expired” instead
• PB-29895 As user importing an account to the Windows application I should be able to access the getting started help page
• PB-29961 As signed-in user I want to see the import dialog information banner below the form and before the action buttons
• PB-30033 As a signed-in user I should be able to sign in with the quickaccess right after launching my browser

Maintenance

• PB-25555 Upgrade outdated dev library webpack and associated
• PB-25556 Upgrade outdated library i18next and associated
• PB-25689 Upgrade outdated library ip-regex and associated
• PB-25692 Upgrade openpgpjs to v5.11
• PB-25696 Upgrade outdated library webextension-polyfill
• PB-25699 Upgrade outdated library xregexp
• PB-25701 Upgrade outdated library luxon
• PB-29162 MFA user settings screens should be served by the browser extension
• PB-30015 Homogeneize collection constructor signature
• PB-30017 Remove collection and entity inheritance dependency
• PB-30021 Make collection and entity DTO optionally cloneable
• PB-30022 Reduce the number of resources collection instantiations while displaying the number of suggested resources
• PB-30023 Reduce the number of resources collection instantiations while displaying the suggested resources in the inform menu
• PB-30142 Homogenize collection and entity call parameters
• PB-30143 Ensure entities DTOs are not cloned when the data is retrieved from the API or the local storage
• PB-30156 Ensure the tags collection is not validating multiple times the entities while getting instantiated
• PB-30324 Reduce garbage collector usage while validating large amount of data

v4.6.0-rc.0

Song: https://www.youtube.com/watch?v=Ub0NtPOj7es

Passbolt is thrilled to announce that the v4.6.0 Release Candidate is officially available for testing.

This release introduces the server health check into the administration settings and brings Microsoft ADFS as a new SSO connector. It also contains maintenance updates and some important bug fixes relative to issues reported by the community .

As always, your feedback is invaluable, please share and report any issues you come across.

Enjoy the testing journey! ♥️

[4.6.0] - 2024-03-14

Added

• PB-24485 As signed-in administrator I can see the healthcheck in the UI
• PB-29051 As a user I can use ADFS as SSO provider
• PB-29162 As signed-in administrator I can authorize only group managers to see the users workspace
• PB-29396 As signed-in administrator I can hide the share folder capability with a RBAC

Security

• PB-29384 As signed-in administrator I should see a 404 when accessing a non existing administration page
• PB-29384 As signed-in user I should see a 403 when attempting to access an administration page

Fixed

• PB-25865 As a signed-in user I want to autofill form which listen to change events
• PB-27709 As signed-in administrator I can reconfigure the LDAP integration after a server key rotation
• PB-29258 A signed-in users with a large data set I should have a direct feedback when selecting a resource with the checkbox
• PB-29506 As signed-in user, when loading the application, I should scroll to the resource detected in the url
• PB-29548 As a signed-in administrator, editing the password expiry policy, I want to be sure that I’m editing the latest version of the settings
• PB-29606 As signed-in user I should be able to export TOTP to keepass for Windows
• PB-29860 As signed-in user I should see the columns header translated to my language
• PB-29861 As signed-in user I should see the filter “Expiry” named “Expired” instead
• PB-29895 As user importing an account to the Windows application I should be able to access the getting started help page
• PB-29961 As signed-in user I want to see the import dialog information banner below the form and before the action buttons
• PB-30033 As a signed-in user I should be able to sign in with the quickaccess right after launching my browser

Maintenance

• PB-25555 Upgrade outdated dev library webpack and associated
• PB-25556 Upgrade outdated library i18next and associated
• PB-25689 Upgrade outdated library ip-regex and associated
• PB-25692 Upgrade openpgpjs to v5.11
• PB-25696 Upgrade outdated library webextension-polyfill
• PB-25699 Upgrade outdated library xregexp
• PB-25701 Upgrade outdated library luxon
• PB-29162 MFA user settings screens should be served by the browser extension
• PB-30015 Homogeneize collection constructor signature
• PB-30017 Remove collection and entity inheritance dependency
• PB-30021 Make collection and entity DTO optionally cloneable
• PB-30022 Reduce the number of resources collection instantiations while displaying the number of suggested resources
• PB-30023 Reduce the number of resources collection instantiations while displaying the suggested resources in the inform menu
• PB-30142 Homogenize collection and entity call parameters
• PB-30143 Ensure entities DTOs are not cloned when the data is retrieved from the API or the local storage
• PB-30156 Ensure the tags collection is not validating multiple times the entities while getting instantiated
• PB-30324 Reduce garbage collector usage while validating large amount of data

v4.5.2

Song: https://youtu.be/53YYph6Edd0

Passbolt is pleased to announce the immediate availability of version 4.5.2. This is a maintenance update that contains important fixes for both the API and browser extension, addressing issues reported by the community since version 4.5.0.

Most notably this update fixes a problem that previously prevented the autofill feature from working with certain web applications.

Additionally, the release improves the process for importing TOTPs from kdbx files on Windows, ensuring better support for TOTPs across various Keepass clients, including Keepass, KeepassXC, and Macpass.

Administrators would also be pleased to be able to host the API using PHP 8.3. While PHP 7.4 and PHP 8.0 are still supported on some distributions such as Debian, they will be discontinued soon and administrators are encouraged to upgrade to PHP 8.1 or higher and use the latest version of the passbolt API.

We would like to express our sincere thanks to the community members who brought issues to our attention and helped the team to make passbolt better.

[4.5.2] - 2024-02-12

Added

• PB-28672 As a user exporting resources I should also export TOTPs

Fixed

• PB-25865 As a signed-in user I can autofill credentials using input and change events
• PB-29258 As a signed-in user with a large dataset I can select a resource quickly
• PB-29548 As a signed-in administrator I should refresh password expiry cache when navigating to the password expiry administration page
• PB-29560 As a user importing a resources from a Windows keepass kdbx I should also import TOTPs
• PB-29606 As a user exporting a resources to a Windows keepass kdbx I should also export TOTPs

v4.5.2-rc.0

Passbolt is pleased to announce that the v4.5.2 Release Candidate is officially available for testing. This release contains some important bug fixes for issues reported by the community. As always, your feedback is invaluable, please share and report any issues you come across.

Thank you for your support! ♥️

[4.5.2] - 2024-02-12

Added

• PB-28672 As a user exporting resources I should also export TOTPs

Fixed

• PB-25865 As a signed-in user I can autofill credentials using input and change events
• PB-29258 As a signed-in user with a large dataset I can select a resource quickly
• PB-29548 As a signed-in administrator I should refresh password expiry cache when navigating to the password expiry administration page
• PB-29560 As a user importing a resources from a Windows keepass kdbx I should also import TOTPs
• PB-29606 As a user exporting a resources to a Windows keepass kdbx I should also export TOTPs