Releases: passbolt/passbolt-windows
v1.4.0
release song: https://www.youtube.com/watch?v=VmtU-bLyReU
Passbolt Windows Desktop application v1.4.0 is a maintenance update that prepares for the upcoming v5 release of the API, introducing beta support for the v5 resource type format within the existing user interface and addressing reported issues.
This release is particularly valuable for maintainers of clients or integrations, offering an early preview of the v5 resource type format to aid in planning for future adaptations. While previous content types will remain supported until version 6, the new content types expand functionality, empowering technical teams to manage a broader range of credentials. Stay tuned—a blog article will be released soon to explain how to enable v5 support and begin testing your integrations.
This release also addresses multiple bugs reported by the community, including a blank screen issue that occurred when administrators customized RBAC settings. Additionally, the session timeout issue has been resolved. Users will now enjoy extended sessions while actively using the application, aligning the behavior with what they are accustomed to in the browser application.
Thank you to our community for your continued support and your reports.
[1.4.0] - 2024-11-12
Added
- PB-16113 As LU I should be able to drag and drop a resource I own on a shared tag
- PB-35412 WP3-2.1 Implement MetadataPrivateKey entity to support metadata private key
- PB-35419 WP3-2.3 Implement MetadataPrivateKeys collection to support collection of metadata private keys
- PB-35420 WP3-2.5 Implement MetadataKey entity to support metadata key
- PB-35421 WP3-2.6 Implement MetadataKeys collection to support collection of metadata keys
- PB-35422 WP3-2.2 Implement decryptOne on DecryptMetadataPrivateKeys service to decrypt a metadata private key
- PB-35424 WP3-2.4 Implement decryptAll on DecryptMetadataPrivateKeys service to decrypt a metadata private keys collection
- PB-35425 WP3-2.7 Implement decryptAllFromMetdataKeysCollection on DecryptMetadataPrivateKeys service to decrypt metadata private keys on MetadataKeys collection
- PB-35426 WP3-2.8 Implement the function findAll on the FindMetadataKeys service to retrieve metadata keys from the API and decrypt any metadata private keys found if any
- PB-35427 WP3-2.9 Implement the function findAllForSessionStorage on the FindMetadataKeys service to retrieve metadata keys for the Session storage
- PB-35428 WP3-2.10 Adapt resource entity to support both encrypted metadata and non encrypted metadata
- PB-35429 WP3-2.11 Implement decryptAllFromForeignModels on DecryptMetadata service to decrypt metadata on a resource collection
- PB-35430 WP3-2.12 Decrypt metadata of v5 resources types when retrieving resources from the API
- PB-35684 WP3-3.4 Implement encryptOneForForeignModel on EncryptMetadata service to encrypt metadata on a resource
- PB-35686 WP3-3.5 Encrypt metadata of v5 resource types when editing new resource types
- PB-35688 WP3-3.1 Add necessary capabilities to resource types collection and entity to support v5 types in the UI
- PB-35692 WP3-4.1 implement metadata types settings entity to support metadata types settings
- PB-35693 WP3-4.2 Implement findSettings on MetadataTypesSettingsApiService to retrieve metadata types settings
- PB-35694 WP3-4.3 Implement findTypesSettings on FindMetadataSettingsService to retrieve metadata types settings entity
- PB-35695 WP3-4.4 IImplement MetadataTypesSettingsLocalStorage to store and retrieve metadata types settings from local storage
- PB-35696 WP3-4.5 Implement findAndUpdateTypesSettings on FindAndUpdateMetadataSettingsService to retrieve metadata types settings from the API and store them in the local storage
- PB-35698 WP3-4.7 Implement GetOrFindMetadataTypesSettingsController to provide capability to retrieve the metadata types settings from the UI
- PB-35700 WP3-4.6 Implement getOrFindMetadataTypesSettings on GetOrFindMetadataSettingsService to retrieve metadata types settings from store or from the API and store them in the local storage
- PB-36225 WP3-4.10 Create resource service should determine personal resource only with permissions of the destination folder
- PB-35701 WP3-4.8 WebApp/QuickApp lazy loads metadata types settings and provide it to components that need them
- PB-35703 WP3-4.10 WebApp CreateResource component creates resources of type v5
- PB-35704 WP3-4.11 Webapp CreateStandaloneTotp component creates resources of type v5
- PB-35705 WP3-3.6 Webapp EditResource component updates resources of type v5
- PB-35707 WP3-4.12 Encrypt metadata of v5 resource types when creating new resources
- PB-35710 WP3-5.1 Migrate import resources controller logic into a dedicated service
- PB-35718 WP3-5.2 Resources import parsers should determine imported resource type based on imported data and configuration
- PB-35721 WP3-5.3 import resources of type v5
- PB-35755 WP3-6.2 Share resources of type v5
- PB-35853 WP3-4.14 Add resource types v5 to the list of supported resource types
- PB-35893 WP3-7.1 Implement MetadataKeysSettingsEntity to support metadata keys settings
- PB-35895 WP3-7.2 Implement findSettings on MetadataKeysSettingsApiService to retrieve metadata keys settings
- PB-35896 WP3-7.3 Implement findKeysSettings on FindMetadataSettingsService to retrieve metadata keys settings as entity
- PB-35897 WP3-7.4 Implement MetadataKeysSettingsLocalStorageService to store and retrieve metadata keys settings from local storage
- PB-35898 WP3-7.5 Implement findAndUpdateKeysSettings on FindAndUpdateMetadataSettingsService to retrieve metadata keys settings from the API and store them in the local storage
- PB-35899 WP3-7.6 Implement getOrFindMetadataKeysSettings on GetOrFindMetadataSettingsService to retrieve metadata keys settings from storage or from the API and store them in the local storage
- PB-35900 WP3-7.7 Enforce metadata encryption using the metadata key as dictated by the metadata key settings
- PB-35901 WP3-5.6 Implement encryptAllFromForeignModels on EncryptMetadata service to encrypt metadata on a collection of resources
- PB-35902 WP3-9.1 Implement MetadataKeysSessionStorageService to store and retrieve metadata keys from session storage
- PB-35903 WP3-9.2 Implement findAndUpdateAll on FindAndUpdateKeysSessionStorageService to retrieve metadata keys from the API and store them in the local storage
- PB-35904 WP3-9.3 Implement getOrFindAll on GetOrFindMetadataKeysService to retrieve metadata keys from storage or from the API and store them in the local storage
- PB-35907 WP3-9.5 decrypt metadata service should retrieve keys from session storage
- PB-35912 WP3-2.16 Implement MetadataPrivateKeyData entity to support decrypted metadata private key data
- PB-35914 WP3-2.19 Update metadata_key_type to be aligned with the API value for the shared_key
- PB-35915 WP3-2.18 update the resource metadata object_type to be aligned with the API
- PB-35947 WP3-2.17 Update MetadataPrivateKey entity to support MetadataPrivateKeyData
- PB-35982 WP3-2.20 allow a metadata_key_id to be set when metadata_key_type is set to 'user_key'
- PB-35989 WP3-4.13 QuickApp components creates resource of type v5 accordingly to metadata settings
- PB-36187 WP3-9.5.1 Refactor decryptMetadataService to welcome keys coming from getOrFindMetadataKeys
- PB-36226 Create an event to get the account of the user
- PB-36230 WP3-5.3.2 Encrypt EncryptMetadataService.encryptAllFromForeignModels should not crash if v4 resource type are sent for encryption
- PB-36231 WP3-5.3.3 ImportResourceService should encrypt a v5 resource type metadata
- PB-35706 WP3-3.7 Webapp EditStandaloneTotp component updates resources of type v5
- PB-35741 WP3-5.5 Export resources of type v5
- PB-35743 WP3-5.4 Migrate export resources controller logic into a dedicated service
- PB-35753 WP3-6.3 Migrate update group controller logic into a dedicated service
- PB-35771 WP3-8.1 Implement SessionKeyEntity entity to support session key
- PB-35772 WP3-8.2 Implement SessionKeysCollection collection to support collection of session keys
- PB-35773 WP3-8.3 Implement SessionKeysBundleEntity entity to support persisted collection session keys as stored on the API or local storage
- PB-35857 WP3-8.9 Implement SessionKeysBundlesSessionStorageService to store and retrieve session keys bundles from session storage
- PB-35858 WP3-8.4 Implement SessionKeysBundlesCollection collection to support collection of session keys bundle entity
- PB-35862 WP3-8.5 Implement decryptOne on DecryptSessionKeysBundles service to decrypt a session key bundle
- PB-35863 WP3-8.6 Implement decryptAll on DecryptSessionKeysBundlesService service to decrypt a sessions keys bundles collection
- PB-35864 WP3-8.7 Implement findAll on SessionKeysBundlesApiService to retrieve session keys bundles from the API
- PB-35867 WP3-8.8 Implement findAllBundles on FindSessionKeysService to retrieve sessions keys bundles from the API
- PB-35869 WP3-8.10 Implement findAndUpdateAllBundles on FindAndUpdateSessionKeysSessionStorageService to retrieve session keys bundles from the API and store them in the session storage
- PB-35876 WP3-8.11 Implement getOrFindAllBundles on GetOrFindSessionKeysService to retrieve session keys from store or from the API and store them in the session storage
- PB-35877 WP3-8.12 Implement getOrFindAllByForeignModelAndForeignIds on GetOrFindSessionKeysService to retrieve session keys from storage or from the API and store them in the session storage
- PB-35878 WP3-8.20 DecryptMetadataService should use the session keys when decrypting metadata of a collection of resources
- PB-35879 WP3-8.13 Implement decryptWithSessionKey on DecryptMessageService
- PB-35881 WP3-8.14 Implement GetSessionKeyService crypto service
- PB-35886 WP3-8.15 Implement create on SessionKeysBundlesApiService to create a session keys bundle on the API
- PB-35887 WP3-8.16 Implement d...
v1.3.1
release song: https://www.youtube.com/watch?v=VmtU-bLyReU
This release candidate addresses several bugs reported by the community. Additionally, it includes numerous maintenance updates as part of our ongoing efforts to ensure a smooth transition and support for the upcoming v5.
Thank you to the community for reporting these issues.
[1.3.1] - 2024-08-26
Fixed
- PB-33861: Resources with personal field set to null should be considered as personal resources
- PB-34314: Fix shadow-dom autofill fields
- PB-34236: Fix Retrieving folder activities displaying no data
Maintenance
- PB-34313: Add resources type retrieval requirements documentation
- PB-34259: E2EE WP1 - Transform dtos from v4 to v5
- PB-34260: E2EE WP1 - Display resource sidebar information section in v5
- PB-34261: E2EE WP1 - Display resource sidebar activity section in v5
- PB-34262: E2EE WP1 - Display resource sidebar description section in v5
- PB-34263: E2EE WP1 - Display copy username to clipboard from more menu using v5
- PB-34264: E2EE WP1 - Display resource grid using v5
- PB-34265: E2EE WP1 - Display resource grid contextual menu using v5
- PB-34266: E2EE WP1 - Display quickaccess resource view page in v5
- PB-34267: E2EE WP1 - Display quickaccess home page in v5
- PB-34268: E2EE WP1 - Display inform menu in v5
- PB-34269: E2EE WP1 - Autofill resources from Quickaccess in v5 format
- PB-34270: E2EE WP1 - Make resource entity compatible with v4 and v5
- PB-34271: E2EE WP1 - Display inform and toolbar suggested resources badge CTA in v5
- PB-34272: E2EE WP1 - Search resource in webapp using v5
- PB-34287: E2EE WP1 - Create password resource from webapp in v5 format
- PB-34288: E2EE WP1 - Create standalone TOTP resource in v5 format
- PB-34289: E2EE WP1 - Edit password resource in v5 format
- PB-34290: E2EE WP1 - Edit standalone TOTP resource in v5 format
- PB-34291: E2EE WP1 - Edit resource description from sidebar in v5 format
- PB-34292: E2EE WP1 - Delete resource(s) in v5 format
- PB-34293: E2EE WP1 - Share resource(s) in v5 format
- PB-34294: E2EE WP1 - Import resource(s) in v5 format
- PB-34295: E2EE WP1 - Export resource(s) in v5 format
- PB-34296: E2EE WP1 - Move resource(s) in v5 format
- PB-34297: E2EE WP1 - Create password resource from quickaccess in v5 format
- PB-34298: E2EE WP1 - Auto-save password resource from quickaccess in v5 format
- PB-34299: E2EE WP1 - Make resource entity compatible only with v5
- PB-34311: E2EE WP1 - Make resource V4 and V5 compatible in both ways
- PB-34315: E2EE WP1 - Transform DTO to V4 for API and adapt resource validation to v5
- PB-34391: E2EE WP1 - Enforce resource type id should be required and not null
- PB-34392: E2EE WP1 - Validate Metadata.uris as array of string, and maxLength
Security
- PB-34237: Upgrade vulnerable library i18next-parser
- PB-34305: Upgrade lockfile-lint library on passbolt_api package-lock.json
- PB-34422: Remove grunt-browserify dev dependency from browser extension
v1.3.0
Passbolt Windows application 1.3.0 is a significant update that addresses long-standing user requests, enhances performance, and fixes bugs reported by the community.
In this release, a highly requested feature was introduced where the grid now displays the location of resources. This addition provides extra meta information to help users efficiently identify passwords and where they are located. Additionally, the search functionality has been improved to use resource locations as meta information. Users can now retrieve a resource by using the names of its parent folders, which can greatly simplify the process of finding passwords depending on your organisation's classification system.
The team has also focused on various performance improvements to meet the growing needs of organisations managing an increasing number of passwords. These enhancements also prepare the way for the upcoming v5.0.0, which will support more content types and include an additional encryption layer. Both the API and the browser extension have been optimised, resulting in a 50% improvement in retrieving and treating collections of resources, according to our benchmarks.
We extend our gratitude to the community for their feedback and assistance in testing this release. We hope these updates enhance your experience with Passbolt and we look forward to hearing from you.
Changelog
Added
- PB-33439 As a user I want to hide entropy on passphrases passwords
- PB-33441 As a signed-in user I can search on folder metadata
- PB-33853 As a signed-in user I should see location in grid
- PB-33857 Get folder hierarchy from resourceWorkspaceContext
Improved
- PB-14173 As Logged out user, I shouldn't be able to view a previously viewed password
- PB-33824 As a user I should not see other dialog open except the session expired
- PB-33880 As a user I should see tooltip always visible in any position
- PB-33919 As a user searching for users to share a resource/folder with I can see the user full name and username of proposed users
- PB-33920 As a user searching for users to share a resource/folder with I can see information icon next to a very long user full name
Security
- PB-33746 Update NPM dependency Braces
- PB-33825 Upgrade vulnerable library ws
Fixed
- PB-33915 When a an unexpected error is displayed, the 'try again' button seems to have no effect
- PB-3409 Fix the import account kit button after the webview refreshing
- PB-33916 On import/auth screen the heart icons tooltip displays "Server 1.2.0" instead of "Client 1.2.0”
- PB-23294 As LU I should not see a comment overlapping
- PB-25246 As signed-in user I should not see a blank page when I delete the parent folder of the folder I view the details
- PB-33436 As a user when an error happen during authentication the button try again should reload the tab
- PB-33638 Fix hiding entropy behind tooltip in the quickaccess
- PB-33743 Fix padding icon on account recovery sidebar in the user workspace
- PB-33750 Fix passphrase entropy computation
- PB-33751 Fix avatar in activity section
- PB-33802 Fix icon attention required in the resource grid
- PB-33803 Fix button size and alignment for small screen on the resource workspace
- PB-33833 As a user I should not see a grid size issue after a browser update
- PB-33922 Fix broken documentation links and unnecessary redirections
Maintenance
- PB-32891 Entities validating null in anyOf should use nullable schema property
- PB-33179 Reuse testing pgpkeys assets served by styleguide and remove browser extension duplicate
- PB-33188 Reuse testing account recovery assets served by styleguide and remove browser extension duplicate
- PB-33191 Cover GroupUser entity with test and ensure non regression on validation changes
- PB-33215 Add optional ignoreInvalid parameter to group entity in order to ignore associated groups users which could be invalid
- PB-33216 Add optional ignoreInvalid parameter to user entity in order to ignore associated groups users which could be invalid
- PB-33221 Migrate GroupsCollections to v2 and cover group model sanitization with tests
- PB-33222 Ensure groups users are sanitized from groups users collection associated to a group using ignore strategy from collection v2
- PB-33226 Ensure groups users are sanitized from groups users collection associated to a users using ignore strategy from collection v2
- PB-33227 Migrate UsersCollection to v2 and cover user model sanitization with tests
- PB-33230 Ensure performance creating groups collection with large dataset remains effective
- PB-33236 Ensure performance creating users collection with large dataset remains effective
- PB-33264 Validate entities schemas with anyOf null option
- PB-33267 Validate PermissionEntity schema
- PB-33300 Validate SecretEntity schema
- PB-33302 Cover FavoriteEntity schema
- PB-33303 Cover TagEntity schema
- PB-33306 Switch ResourcesSecretsCollection to EntityV2Collection
- PB-33319 Switch TagsCollection to EntityV2Collection
- PB-33320 Switch PermissionsCollection to EntityV2Collection
- PB-33327 Switch ResourcesCollection to EntityV2Collection
- PB-33447 Ensure EntityV2Collection is treating items at the abstract constructor level
- PB-33454 Ensure collection v2 schema is validated at the abstract class level
- PB-33459 Ensure resource entity and associated entities schemas are validated at an abstract class level - EntityV2 migration
- PB-33533 Collections and entities schemas of folders and associated should be cached, migrate to v2
- PB-33606 As an administrator, when the error is not related, I should not see "Could not verify the server key"
- PB-33615 As a user browsing the application, I should not refresh users and groups local storages when I do not need these information
- PB-33640 Performance: filter users.json by is-my-buddy to get only users I know
- PB-33648 Performance: filter group.json by is-my-buddy to get only groups I know
- PB-33796 As a signed in user when I navigate to the resource workspace, my browser extension does not load the users and the groups data
- PB-33797 As a signed in user when I navigate to the resource workspace, my browser extension only loads the groups data I am member of
- PB-33798 As a signed in user when I open the information section of the sidebar, I can see all the information
- PB-33799 As a signed in user when I display the share dialog, the autocomplete research is performed on the API instead of the local storage
- PB-33815 Selecting a group should not trigger a refresh of the local storage of the folders and resources
- PB-33816 - fix lint
- PB-33816 As a signed-in user I should see in the information section the location icon folder shared if relevant
- PB-33843 As a user I should retrieve the GPG keys of other users only when required and necessary
- PB-33921 Avoid gpgkeys sync when loading the autocomplete component
v1.1.0
We're pleased to announce the release of the Passbolt Windows Desktop Application Version 1.1. This version aligns with Passbolt v4.7 feature set and allows users to use the drag and drop feature to move their folders and resources.
Thank you for your support and for trusting Passbolt.
[1.1.0] - 2024-05-17
Changelog
Added
- PB-32931 As administrator, I see SSO and Directory Sync health checks in Passbolt API Status page
- PB-33065 As an administrator I can add a fallback property to map my organisation AD user username
- PB-33070 Request passphrase when exporting account kit
- PB-33176 Desktop app adapt code to work with 4.7.0
- PB-33074 As a desktop app user I should be able to add a resource to a folder by drag and drop
Fixed
- PB-32420 Fix double calls to PwnedPassword API service
- PB-32631 Fix healthCheck Entity to support air gapped instances
- PB-33066 As AD, I should not see directorySync and SSO checks if they are disabled
- PB-33067 After an unexpected error during setup, recover or account recovery, only the iframe reload and the port cannot reconnect
- PB-33410 Fix Chrome Extension frozen and unusable after some period of inactivity
- PB-33444 When dragging resources on folders, the folders keep the "hover" state visually
- PB-33442 The keepSessionAlive seems not to trigger
- PB-33323 Dragging a private folder to a shared folder seems to be blocked in "computing changes" state
- PB-33445 Sometimes the drag and drop is broken and the "info" tooltip stays static on the UI
Maintain
- PB-22623 Start service worker in an insecure environment
- PB-22640 As a signed-in user the inform call to action should remain after the port is disconnected only for MV3
- PB-22644 The passbolt icon should detect if the user is still connected after the service worker awake
- PB-23928 Handle when the extension is updated, the webIntegration should be destroy and injected again
- PB-29622 Simulate user keyboard input for autofill event
- PB-29946 When the service worker is shutdown and a navigation is detected the service worker do not reconnect port and stay in error mode
- PB-29965 Use a dedicated service to verify the server
- PB-29966 Update apiClient to support form data body and custom header
- PB-29967 Use a dedicated service to do the step challenge with the server
- PB-29968 use a dedicated service to check the user authentication status
- PB-29969 Use a dedicated service to logout the user
- PB-29988 Update the alarm in the class StartLoopAuthSessionCheckService to use the property periodInMinutes
- PB-29989 Put the alarm listener at the top level for the StartLoopAuthSessionCheckService to check the authentication status
- PB-29990 Move PassphraseStorageService keep alive alarm listener in top level
- PB-30272 Add message service in the app content script in order to reconnect the port from a message sent by the service worker
- PB-30273 On the post logout event the service worker should reconnect port that needs to receive the post logout message
- PB-30274 Add message service in the browser integration content script in order to reconnect the port from a message sent by the service worker
- PB-30310 Improve invalid groups users sanitization strategy
- PB-30335 Use timeout instead alarms for service worker
- PB-30336 Use timeout instead alarms for promise timeout service
- PB-30337 Put the alarm listener at the top level for the passphraseStorageService to flush passphrase after a time duration
- PB-30341 Remove alarms for toolbar controller
- PB-30342 Use timeout instead of alarm for the resource in progress cache service to flush the resource not consumed
- PB-30374 Check if AuthService from styleguide is still used in the Bext otherwise remove it
- PB-30375 Improve CI unit test performance by running them in band
- PB-32291 Cleanup legacy code and unused passbolt.auth.is-authenticated related elements
- PB-32335 Split PassphraseStorageService to put the KeepSessionAlive feature on its own service
- PB-32345 Ensures on the desktop app during import account that the file to import is taken into account
- PB-32597 Ensure ToolbarController are set on index.js
- PB-32598 Ensure add listener from authentication event controller are set on index.js
- PB-32599 Ensure add listener from StartLoopAuthSessionCheckService are set on index.js
- PB-32604 Ensure add listener from on extension update available controller are set on index.js
- PB-32602 Ensure add listener from user.js are set on index.js
- PB-32603 Ensure add listener from ResourceInProgressCacheService are set on index.js
- PB-32915 Update code to remove the destruction of the public web sign-in on port disconnected
- PB-32916 Update code to remove the destruction of the setup on port disconnected
- PB-32917 Update code to remove the destruction of the recover on port disconnected
- PB-33018 Automate browser extension npm publication
- PB-33024 Ensure only stable tags of the styleguide are published to npm
- PB-33024 Ensure only stable tag of the browser extension are sent for review or publish to the store
- PB-33061 Create account temporary storage
- PB-33062 Use temporary account storage for setup process
- PB-33063 Use temporary account storage for recover process
- PB-33064 Use temporary account storage for account recovery process
- PB-33068 Remove beta information for the windows app
- PB-33235 Convert formData file into a json serializable in offscreen
- PB-33225 MV3 beta rollout
- PB-33297 Extension update available should store the state if user signed in
- PB-33304 Fix extension update available service
- PB-33307 Browser extension version bump to v4.7.5-rc.0
- PB-33307 Add debug to capture onInstall reason details
- PB-33321 Fix local storage loading on extension update
v1.0.0
We're pleased to announce the release of the Passbolt Windows Desktop Application Version 1.0, marking the first stable iteration of the application. This version follows a detailed security audit conducted by Cure53, reflecting our focus on maintaining high security standards. As usual, the audit's findings are available publicly on the passbolt website.
This version also aligns with Passbolt v4.6 feature set, ensuring that users transitioning between the web and the desktop environment have a consistent experience. If you want to know more about the current and future status of the application, checkout this blog article: https://www.passbolt.com/blog/stable-release-of-passbolt-windows-desktop-application
Thank you for your support and for trusting Passbolt. Stay tuned for more updates and the detailed security report.
[1.0.0] - 2024-04-10
Added
- PB-29559 - Support v4.6 in desktop app
Fixed
- PB-32394 As a user defining my passphrase while activating my account I want to know if my passphrase is part of a dictionary on form submission
- PB-32396 As a user defining my new passphrase while changing it I want to know if my new passphrase is part of a dictionary on form submission
- PB-32401 As an administrator defining the passphrase of the generated organisation account recovery key I want to know if the passphrase is part of a dictionary on form submission
- PB-32407 As a user editing a password I am invited to confirm its edition when this one very weak in a separate dialog on form submission
- PB-32395 As a user defining my passphrase while requesting an account recovery I want to know if my new passphrase is part of a dictionary on form submission
- PB-32397 As a user verifying my private key passphrase while activation my account I do not want to know if my passphrase is part of a dictionary at this stage
- PB-32399 As a user confirming my passphrase while completing an account recovery (Admin approved) I do not want to know if my passphrase is part of a dictionary on form submission
- PB-32398 As a user confirming my passphrase while importing my private key during an account recover I do not want to know if my passphrase is part of a dictionary on form submission
- PB-32404 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission
- PB-32403 As a user updating a password I am invited to confirm its edition when this one is part of a dictionary in a separate dialog on form submission
- PB-32405 As a user auto-saving a password from the quickaccess I should not be notified if the password is part of an exposed dictionary
- PB-32402 As a user creating a password I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission
- PB-32400 As a user confirming my passphrase while importing an account kit on the desktop app I do not want to know if my passphrase is part of a dictionary on form submission
- PB-32406 As a user creating a password I am invited to confirm its creation when this one very weak in a separate dialog on form submission
- PB-32427 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is VERY WEAK in a separate page on form submission
- PB-32351 As a desktop app user I should be able to change my current locale
Improved
- PB-29289 Make pipelines fail when test jobs output an error
- PB-29106 Merge desktop bext into develop
Security
- PB-32286 - PBL-11-001 WP1: Insecure Regex pattern allows canNavigate bypass (Medium)
- PB-32290 - PBL-11-005 WP1: Insecure CSP Configuration in renderers (Low)
- PB-32289 - PBL-11-004 WP1: Arbitrary requestId used as topic in background IPC (Medium)
v0.6.0
Release song: https://www.youtube.com/watch?v=HR1KH4zElcY
Passbolt v0.6.0, named "Summer is Ending", introduces exclusive features for Pro users, alongside enhancements available to everyone. These updates are geared towards empowering teams with even more control and flexibility over their password management practices.
At the heart of this release is the introduction of the Password Expiry feature, a much-anticipated functionality that allows administrators to enable the automatic expiry policy, enhancing security by ensuring that potentially passwords are rotated when someone loses access to resources, for example by leaving a group or the organization.
A standout feature of this release for Passbolt Pro Edition is the advanced Password Expiry settings. Administrators now have the ability to define comprehensive password expiry policies, ensuring that your team's password hygiene is not just compliant with industry standards but also customized to fit your organization's specific needs. This feature is complemented by the ability for users to mark passwords as expired and adjust expiry dates directly, providing both oversight and flexibility in managing sensitive information.
In addition to the Pro-exclusive features, this release brings shared enhancements with Passbolt CE, such as the inclusion of Russian language support, integration with Microsoft 365 and Outlook for SMTP settings, and the activation of the desktop application feature by default for an improved user experience.
Thank you for your ongoing support. Your feedback and contributions continue to shape Passbolt, enhancing our collective security and usability. Together, we're making password management better for everyone.
[0.6.0] - 2024-02-15
Added
- PB-28672 As a user exporting resources I should also export TOTPs
- PB-29626 As a user I should retrieve the csrf token if the instance is running from a sub-folder
- PB-28679 As an administrator I can set advanced password expiry settings
- PB-28681 As a user importing a resources from a file I should also import expiry date from keepass files
- PB-28682 As a user I can quickly mark resources as expired
- PB-28687 As a resource owner, I can change the resource expiration date manually
- PB-28692 As a user I can change the expiry date of a resource automatically based on the password expiry configuration
- PB-28850 As a signed-in user creating a resource from the app I should set the expired date if default expiry period has been defined in the organisation policies
- PB-28851 As a signed-in user creating a resource from the quickaccess I should set the expired date if default expiry period has been defined in the organisation policies
- PB-28852 As a signed-in user creating a resource from the auto-save I should set the expired date if default expiry period has been defined in the organisation policies
- PB-29045 As a user I want to open the quickaccess using a keyboard shortcut
- PB-29125 As an administrator I should not see the control function AllowIfGroupManagerInOneGroup on the UI
- PB-29862 - Desktop app - I should not see the desktop app export
- PB-29110 As a desktop application I should be logout when the session has expired
Fixed
- PB-25865 As a signed-in user I can autofill credentials using input and change events
- PB-29258 As a signed-in user with a large dataset I can select a resource quickly
- PB-29548 As a signed-in administrator I should refresh password expiry cache when navigating to the password expiry administration page
- PB-29560 As a user importing a resources from a Windows keepass kdbx I should also import TOTPs
- PB-29606 As a user exporting a resources to a Windows keepass kdbx I should also export TOTPs
- PB-22864 As a signed-in user, I should see a relevant error if I use special characters as security token
- PB-24496 As a user I should be able to use a passphrase with emoji
- PB-28283 As a user when I preview a secret I should see the activity sidebar updated
- PB-28540 As a user I should scroll automatically to the resource selected from the route
- PB-28625 As a user I can open resource url from the resource sidebar on Firefox
- PB-28632 As a user Fix design TOTP button disabled on create and edit resource
- PB-28696 As a user I should fill secret for TOTP with spaces
- PB-28721 As a user I can see the beta chip next to the desktop app menu item in the users settings menu
- PB-28753 As a user I should be able to edit a standalone TOTP from contextual menu
- PB-28880 As a user I should not see an error when I update the description of a resource with TOTP from the information panel
- PB-28842 As a user I can reach the Windows store passbolt app from the Desktop app setup screen
- PB-28282 As a user deleting a TOTP I should see the relevant dialog title mentioning Resource and not password
- PB-28873 As a signed-in user when I autofill input fields I should trigger a change event
- PB-29006 As a user I should not have my browser extension crashing when it receives an unsupported RBAC control_function value
- PB-29865 - PB-29103 As a desktop application I should be able to import KDBX files without external library
- PB-27634 - Windows app get started help page
Improved
- PB-15269 As a user I do not want my browser extension to make multiple calls on resources.json in a row
- PB-21484 As an administrator I can use Microsoft 365 or Outlook as SMTP providers
- PB-22071 As an administrator I want the SSO messages to be in correct english
- PB-25503 As an admin I should be able to enable/disable emails that request group managers to add users to groups (LDAP/AD)
- PB-25860 As signed-in user I want to see the full name of the user at the origin of any account recovery action
- PB-27783 As a user opening the quickaccess I should have a clear feedback if the API service is unreachable
- PB-27961 As a signed-in user I cannot skip the administrator request to join the account recovery program
- PB-28507 As signed-in user importing resources I should know what is supported
- PB-28612 As a signed-in user I should see TOTP in uppercase
- PB-28646 As an administrator in the account recovery settings I should see “Prompt” instead of “Mandatory"
- PB-28709 Mark SASL option in Users Directory as Enterprise Edition
- PB-28727 As an administrator in the SSO settings I should see a combobox instead of a text input for the Azure’s URL
- PB-28923 As a user I want to be able to use passbolt in Russian
- PB-29008 As an administrator in RBAC administration page I should not see the role to setup the desktop or mobile app if the plugin is not enabled
- PB-29159 As a signed-in user I want the Mfa screen to be available when using the bext 4.4 and API 4.5
- PB-29263 Replace the mechanism to have CSRF token from the cookie
Security
- PB-29194 Upgrade vulnerable library web-ext
- PB-28658 Mitigate browser extension supply chain attack
- PB-28659 Mitigate browser styleguide supply chain attack
- PB-28660 Mitigate browser windows app supply chain attack
Maintenance
- PB-27972 Refactor code of SSO settings
- PB-28592 Fix minimum gecko version in firefox manifest.json
- PB-29020 Fix detection pagemod duplicate
- PB-29264 - Get the CSRF token from the cookie for the desktop app
- PB-29336 Desktop app - Account kit should be encoded in cleartext format instead of binary
v0.5.0
Version 0.4.0 (Release Candidate) of the desktop app from Passbolt is now available, packed full of improvements and new functionalities.
With this release, users can now configure MFA directly from the desktop application with Yubikey and TOTP, just like you would in the browser edition (Duo support is in the works for a future update). Please note that this feature is currently available for user-level settings only; admin-level settings are coming soon. Once MFA is set up using Yubikey or TOTP, you can use them for authentication within the desktop app. The experience even mirrors the web version, making the transition even smoother.
Another highlight of this release, to bolster security and safeguard against potential threats, your account kit is now signed with your private key. This ensures that the account is authenticated and it’s verified during the import process. It confirms that no changes have been made to your exported Account Kit data and verifies that it comes from a trusted source.
Upgrade to version 0.4.0 to take advantage of these improvements. Thank you for using and supporting passbolt!
[0.4.0] - 2024-11-06
Windows application
Added
- PB-28378 - MFA screen should be display depending on the application
- PB-28304 - CSRF token not working when not using MFA
- PB-27605 - As a sign-in user I can setup Yubikey as 2FA on the desktop application
- PB-27606 - As a sign-in user I can setup TOTP as 2FA on the desktop application
- PB-27608 - As a user I can sign-in with TOTP and Yubikey as 2FA on the desktop application
Security
- PB-25688 - As a desktop app exporting the account kit I should sign it with openpgp
v0.4.0
Version 0.4.0 (Release Candidate) of the desktop app from Passbolt is now available, packed full of improvements and new functionalities.
With this release, users can now configure MFA directly from the desktop application with Yubikey and TOTP, just like you would in the browser edition (Duo support is in the works for a future update). Please note that this feature is currently available for user-level settings only; admin-level settings are coming soon. Once MFA is set up using Yubikey or TOTP, you can use them for authentication within the desktop app. The experience even mirrors the web version, making the transition even smoother.
Another highlight of this release, to bolster security and safeguard against potential threats, your account kit is now signed with your private key. This ensures that the account is authenticated and it’s verified during the import process. It confirms that no changes have been made to your exported Account Kit data and verifies that it comes from a trusted source.
Upgrade to version 0.4.0 to take advantage of these improvements. Thank you for using and supporting passbolt!
[0.4.0] - 2024-11-06
Windows application
Added
- PB-28378 - MFA screen should be display depending on the application
- PB-28304 - CSRF token not working when not using MFA
- PB-27605 - As a sign-in user I can setup Yubikey as 2FA on the desktop application
- PB-27606 - As a sign-in user I can setup TOTP as 2FA on the desktop application
- PB-27608 - As a user I can sign-in with TOTP and Yubikey as 2FA on the desktop application
Security
- PB-25688 - As a desktop app exporting the account kit I should sign it with openpgp