Skip to content

Releases: passbolt/passbolt_api

Rebelion

14 Aug 09:53
v4.9.1
Compare
Choose a tag to compare

Release song: https://www.youtube.com/watch?v=W8PTWqE2SVw

Passbolt is pleased to announce the immediate availability of version v4.9.1.

Passbolt v4.9.1 is a maintenance update that fixes issues reported by the community.
Among other fixes, this version addresses a compatibility issue with the PostgreSQL database, where users encountered
difficulties sharing passwords with users or groups when different cases were involved in their names.

Additionally, system administrator tools have been improved to better handle the purge of action logs on large datasets.

We would like to express our appreciation to the community for their assistance in improving Passbolt!

[4.9.1] - 2024-08-13

Fixed

  • PB-34220 As a user I can search by users and groups case insensitively on PostgreSQL

Improved

  • PB-34246 As an administrator purging the action logs table, I can set a limit option (100k per default)
  • PB-34247 Adds a set of actions to be purged by the passbolt action_logs_purge command
  • PB-33939 As an administrator when running bin/cake passbolt -h, I should see all the passbolt commands listed

Maintenance

  • PB-32991 Optimizes CI pipeline run time on api repositories
  • PB-34219 Adds validation to retention days option in the action_logs_purge command
  • PB-33333 Refactor various tests to use fixture factories

B.Y.O.B.

23 Jul 11:23
v4.9.0
Compare
Choose a tag to compare

Release song: https://youtu.be/zUzd9KyIDrM?si=bPS9Qu1t351eZEHH

Passbolt v4.9.0 is a significant update that addresses long-standing user requests and enhances performance. In this release, a highly requested feature was introduced where the passwords workspace now displays the location of resources. This addition provides extra meta information to help users efficiently identify passwords and where they are located. Additionally, the search functionality has been improved to use resource locations as meta information. Users can now retrieve a resource by using the names of its parent folders, which can greatly simplify the process of finding passwords depending on your organisation's classification system.

The team has also focused on various performance improvements to meet the growing needs of organisations managing an increasing number of passwords. These enhancements also prepare the way for the upcoming v5.0.0, which will support more content types and include an additional encryption layer. Both the API and the browser extension have been optimised, resulting in a 50% improvement in retrieving and treating collections of resources, according to our benchmarks.

[4.9.0] - 2024-07-23

Added

  • PB-33690 Improves response times by adding an index to gpgkeys.user_id column
  • PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
  • PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
  • PB-33813 Adds a fixed limit to the search-aros.json endpoint

Fixed

  • PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array
  • PB-33664 Fix missing "is" in the database schema up to date sentence (GITHUB #517)

Improved

  • PB-33429 As a user I should retrieve resources and folders parent folders in a single query
  • PB-33826 Improves the performance of resources.json by improving the datetime fields processing
  • PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
  • PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
  • PB-33702 Improves has-access filter performance on users.json
  • PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
  • PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump

Maintenance

  • PB-33692 Bump enygma/yubikey to v3.8

Security

  • PB-33747 Fix command injections vulnerabilities in composer/composer package

B.Y.O.B.

18 Jul 13:50
v4.9.0-rc.1
Compare
Choose a tag to compare
B.Y.O.B. Pre-release
Pre-release

Release song: https://youtu.be/zUzd9KyIDrM?si=bPS9Qu1t351eZEHH

Passbolt is pleased to announce that the v4.9.0 Release Candidate is officially available for testing.
This maintenance release aims to improve performance, notably 40% improvements of the resources & users endpoints. On the browser extension side, the grid now shows the folder location and a much-awaited feature on the ability to search folders.
As always, your feedback is invaluable, so please share and report any issues you come across.

[4.9.0-rc.1] - 2024-07-18

Added

  • PB-33690 Improves response times by adding an index to gpgkeys.user_id column
  • PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
  • PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
  • PB-33813 Adds a fixed limit to the search-aros.json endpoint

Improved

  • PB-33429 As a user I should retrieve resources and folders parent folders in a single query
  • PB-33826 Improves the performance of resources.json by improving the datetime fields processing
  • PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
  • PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
  • PB-33702 Improves has-access filter performance on users.json
  • PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
  • PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump

Security

  • PB-33747 Fix command injections vulnerabilities in composer/composer package

Fixed

  • PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array

Maintenance

  • PB-33692 Bump enygma/yubikey to v3.8

Angel

21 May 11:19
v4.8.0
Compare
Choose a tag to compare

Release song: https://youtu.be/hbe3CQamF8k

Passbolt v4.8.0 is a maintenance release focusing on the migration of the browser extension to the latest MV3
architecture and adding tools for administrators to help them manage their instance.

This release marks the introduction of the first version of the MV3 extension for Chrome. The transition to MV3 has been
in progress since last year, with changes rolled out progressively until now. The base code between MV2 and MV3 is
nearly identical, and both extensions will continue to be maintained in parallel. A detailed blog post explaining our
migration process will be coming soon.

A new feature allowing administrators to purge audit logs from the command line was added. This will help reclaim database
space for logs that are no longer relevant, improving the performance of long-running instances while keeping necessary
logs for forensic and audit activities.

A new command has also been added to help administrators debug issues with their SMTP server. Email functionality is
crucial for Passbolt, and diagnosing connection problems is not always straightforward. This new command aims to simplify
the process when connecting to a new SMTP server as well as understand errors that could occur on existing integration.

As passbolt moves towards supporting more content types this year, significant work has been done to enhance performance
across the entire stack, from the database to the API and the browser extension. This release includes some of these
improvements, with more enhancements on the way in the next coming release v4.9.0.

We hope these updates enhance your experience with Passbolt. Your feedback is always valuable to us.

[4.8.0] - 2024-05-21

Added

  • PB-33071 As an administrator I can purge the action logs table with a dedicated command
  • PB-33231 As an administrator I want to know if a custom certificate is in use for SMTP
  • PB-32579 As an administrator I can view email_queue records via passbolt command

Improved

  • PB-32888 As an admin I should not get a time-out on health checks on air-gapped network
  • PB-32983 Access email settings only when emails are sent

Fixed

  • PB-33451 Fix 500 error on authentication when nonce is not a string
  • PB-33073 As a user logging in, invalid login operation should not be logged as success in the audit logs
  • PB-33234 The application should not throw an error if the JWT public key is not parsable

Maintenance

  • PB-30314 Bump passbolt/passbolt-test-data to v4.8

Angel

17 May 12:47
v4.8.0-rc.1
Compare
Choose a tag to compare
Angel Pre-release
Pre-release

Release song: https://youtu.be/hbe3CQamF8k

Passbolt is pleased to announce that the v4.8.0 Release Candidate is officially available for testing.
This maintenance release aims to publish the first version of the Manifest v3 browser extension for Chrome and adds tools for administrators to help them maintain their instances.
As always, your feedback is invaluable, so please share and report any issues you come across.

[4.8.0-rc.1] - 2024-05-17

Added

  • PB-33071 As an administrator I can purge the action logs table with a dedicated command
  • PB-33231 As an administrator I want to know if a custom certificate is in use for SMTP
  • PB-32579 As an administrator I can view email_queue records via passbolt command

Improved

  • PB-32888 As an admin I should not get a time-out on health checks on air-gapped network
  • PB-32983 Access email settings only when emails are sent

Fixed

  • PB-33451 Fix 500 error on authentication when nonce is not a string
  • PB-33073 As a user logging in, invalid login operation should not be logged as success in the audit logs
  • PB-33234 The application should not throw an error if the JWT public key is not parsable

Maintenance

  • PB-30314 Bump passbolt/passbolt-test-data to v4.8

Bulls On Parade

30 Apr 11:42
v4.7.0
Compare
Choose a tag to compare

Release song: https://youtu.be/3L4YrGaR8E4

Passbolt Community Edition v4.7 is a maintenance release that resolves multiple issues identified by the community. Furthermore, this release supports the commitment to improving customization options and integration features, making it easier for organizations to tailor the system to their specific needs.

A key enhancement in this release is the ability to use custom SSL certificates for SMTP server connections. This long-awaited feature is particularly beneficial for organizations operating in air-gapped environments or those using their own root CAs, enabling passbolt to more securely integrate with internal tools.

[4.7.0] - 2024-04-30

Added

  • PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
  • PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)

Security

  • PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on

Fixed

  • PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
  • PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
  • PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
  • PB-32566 As a user setting up my account I should not get an unexpected 500
  • PB-32903 Fix deprecation error on password expiry settings validation

Maintenance

  • PB-29983 Refactor health check code domain for better maintenance
  • PB-30394 Moves code in ActionLogsModelListener into a dedicated service
  • PB-32881 Disable by default all plugins in integration tests
  • PB-32978 Use dependency proxy to reduce docker pull limit
  • PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
  • PB-32594 Add tests for SecretCreateService

Bulls On Parade

26 Apr 10:41
v4.7.0-rc.1
Compare
Choose a tag to compare
Bulls On Parade Pre-release
Pre-release

Release song: https://youtu.be/3L4YrGaR8E4

Hey community members,

Prepare for an exciting update! 🥁

Passbolt is thrilled to announce that the v4.7.0 Release Candidate is officially available for testing.

The best part? All you have to do is head to GitHub and dive in! Of course, you have to make sure to follow the steps here. As always, your feedback is invaluable, please share and report any issues you come across.

Enjoy the testing journey! ♥️

[4.7.0-rc.1] - 2024-04-26

Added

  • PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
  • PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)

Security

  • PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on

Fixed

  • PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
  • PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
  • PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
  • PB-32566 As a user setting up my account I should not get an unexpected 500
  • PB-32903 Fix deprecation error on password expiry settings validation

Maintenance

  • PB-29983 Refactor health check code domain for better maintenance
  • PB-30394 Moves code in ActionLogsModelListener into a dedicated service
  • PB-32881 Disable by default all plugins in integration tests
  • PB-32978 Use dependency proxy to reduce docker pull limit
  • PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
  • PB-32594 Add tests for SecretCreateService

One Nation Under A Groove

11 Apr 15:49
v4.6.2
Compare
Choose a tag to compare

Release song: https://youtu.be/3WOZwwRH6XU?si=jvTiezg7eEEpEh-S

Passbolt is pleased to announce the immediate availability of version v4.6.2. This version is a targeted security release of both the API and the browser extension focusing on fixing security issues reported by security researchers.

We would like to express our appreciation to the community for their assistance in making Passbolt more secure. Further details about the issues will be shared in a separate communication.

[4.6.2] - 2024-04-11

Security

  • PB-32932 Fix error template title

Reptillia

27 Mar 11:04
v4.6.1
Compare
Choose a tag to compare

Release song: https://www.youtube.com/watch?v=b8-tXG8KrWs

Passbolt is pleased to announce the immediate availability of version 4.6.1. This is a maintenance update that contains an important fix for the API, addressing the issue reported by the community since version 4.6.0.

Most notably this update fixes a problem when an administrator is not able to re-enable a suspended user.

We would like to express our sincere thanks to the community members who brought issues to our attention and helped the team to make passbolt better.

[4.6.1] - 2024-03-27

Fixed

  • PB-32354 As an admin, I can re-enable a suspended user (GITHUB #512)

Purple Haze

14 Mar 11:30
v4.6.0
Compare
Choose a tag to compare

Release song: https://youtu.be/Ub0NtPOj7es?si=3IL4HKS4-g17uPal

The Passbolt Community Edition 4.6.0 release "Purple Haze", brings enhancements that focus primarily on the administrative aspect and overall system health.

This update introduces the Health Check feature within the Admin workspace, designed to offer administrators a comprehensive tool for system assessment and upkeep.
In addition, this version addresses a range of minor bugs and delivers the awaited PHP 8.3 support.

This version furthermore lays the foundations for successive performance gains by refining data verification processes and reducing memory usage, particularly when browsing. Expect more significant improvements with the next releases.

[4.6.0] - 2024-03-14

Added

  • PB-24485 As an administrator I can view the API healthcheck in the administration section
  • PB-29396 As an administrator I can hide the share folder capability with a RBAC
  • PB-25463 As an administrator I can disable the healthcheck index endpoint with a flag
  • PB-29397 As an administrator I can disable the healthcheck administration panel with a flag

Improved

  • PB-29009 As an administrator completing my setup I should not receive a notification that I completed my setup
  • PB-26152 The API should identify openpgpjs v5.10 revoked key as revoked
  • PB-29437 As an administrator I can log internal errors with the complete trace in Json format

Security

  • PB-30155 Update phpseclib/phpseclib to fix composer security vulnerability

Fixed

  • PB-30019 As a user I should not get a 500 when editing a user with payload containing integers as fields
  • PB-29964 As an administrator disabling a user I should not get a 500 if the disabled date is not valid
  • PB-29970 As a group manager I should receive an accurate summary in my notifications on group permission changes
  • PB-29054 As an administrator I should not get an error when running the cleanup command and the users table does not exist
  • PB-28719 As an administrator sending emails the timezone displayed in the emails should be in the correct time zone
  • PB-30266 As an administrator sending emails with the email digest the message ID should be defined
  • PB-30182 Build the styleguide on version 4.6.1

Maintenance

  • PB-28247 Update cakephp/cakephp to version 4.5