Regular

Song: https://youtu.be/yR1u-v66iT4

Community Edition v3.11 introduces new features and enhancements to your passbolt experience.

Duo v4 MFA support is now available in the browser, an update from the previously supported v2. The API also now features a new endpoint that allows administrators to get paginated action logs, to make it easier to browse and find specific events or actions programmatically. In addition, the browser extension is now available in Italian, Portuguese, Korean, and Romanian (these languages are in beta, let passbolt know if you find anything that needs updating).

As part of ongoing efforts to improve passbolt, v3.11 also deprecates PHP 7.3 support and passbolt API v2 support. While you will not be able to install a new instance on PHP 7.3, existing instances will still work until the next version. We encourage users to upgrade to PHP 7.4 or higher and use the latest version of the passbolt’s API.

Passbolt appreciates the support of the community and the contributions we receive. Thank you for choosing passbolt, users play an integral role in growth and development.

[3.11.0] - 2023-03-01

Added

PB-22435 As a user using SSO Azure I can recover my account using SSO Azure
PB-22741 As an administrator I should see an error in the healthcheck if I use php 7.3 or less
PB-22747 As an administrator I can define a regular expression to customise email validation
PB-22748 As an administrator I can access to the paginated list of action logs on the browser
PB-22866 As a user I want to use passbolt in Italian
PB-22866 As a user I want to use passbolt in Portuguese (Brazil)
PB-22866 As a user I want to use passbolt in Korean
PB-22866 As a user I want to use passbolt in Romanian

Fixed

PB-21489 As a user I should not see double headers in emails sent by the email digest

Improved

PB-22725 As an administrator I want to manage Duo v4 settings
PB-21763 As a user I want to see a clean SSO error feedback in the popup after failing to sign-up with SSO
PB-21764 As a user I want to see a clean SSO feedback in the popup after signing-in with SSO
PB-21906 As a user I don’t want to receive email by default when I create a resource or a folder as well as I don’t want to see any details for this content by default
PB-22512 As an SSO administrator I want to see the access_token details when it is missing or has invalid claims
PB-22610 As a user I want the SSO Azure authentication to support nonce

Maintenance

PB-22416 As a developer I can safely deactivate plugins between solutions
PB-22756 Fixes a range of failing pagination tests
PB-22760 SSO State Type refactoring
PB-22495 Refactors the SmtpTransport to enhance the code coverage of emails
PB-22430 Refactoring of SSO state to use separate table

Glue

Song: https://open.spotify.com/track/2aJDlirz6v2a4HREki98cP?si=51e34d30904b4459

The passbolt team is excited to share the latest improvements in release 3.10. With the help of our contributors and the community's input, passbolt is proud to present the release of self-registration.

Users can now self-register if their email domain matches the administrator-defined policy. This will make the registration process more efficient and move smoother, especially with larger teams.

Thanks to everyone who contributed to this release, we look forward to continuing to enhance passbolt with your support.

[3.10.0] - 2023-02-14

Added

• PB-19784 As a user I can self register if my email domain matches the policy defined by the administrators

Improved

• PB-21485 As a server administrator I want to configure the list of active proxies the instance
  is behind in order to get client IP when necessary
• PB-21682 As an administrator I want to configure the client option of the SMTP settings
• PB-22019 As a server administrator I want to configure TOTP MFA secret length

Maintenance

• PB-22327 env variable PASSBOLT_PLUGINS_SMTP_SETTINGS renamed in PASSBOLT_PLUGINS_SMTP_SETTINGS_ENABLED (backward compatible)
• PB-22406 curl and openssl extensions requirements added
• PB-22413 bump CakePHP to ^4.3.11

Bunny

Song: https://youtu.be/U_i895w7CfM

The team at passbolt is thrilled to announce the release of v3.9 for immediate availability!

Passbolt CE v3.9 ships with Multi Factor Authentication (MFA) for all community edition users! Users can now set up MFA using various methods, including Duo, TOTP (Google Authenticator, Authy), and YubiKey (with Yubico Cloud).

Additionally, v3.9 also includes support for PHP 8.2.

The team is glad to make MFA, a former passbolt Pro feature, more widely available, as it’s been a highly requested feature within our community (even though one could argue that the existing authentication protocol already combined 2 factors of authentication: the private key and the master passphrase). The goal at passbolt is to provide the best security possible first while constantly improving user experience. It wouldn’t be possible without the incredible community that surrounds passbolt. Thank you to everyone who contributed ideas, reported bugs, and provided input.

Big things are on their way! Keep an eye out for how passbolt continues to grow and evolve in the coming months with additional pro edition features becoming available in the CE such as folders! To show your support please write a review on the app / extension webstore (chrome, firefox, edge, ios, android).

[3.9.0] - 2023-01-19

Added

• PB-20539 As a user I can protect the authentication to passbolt with a second factor method

Fixed

• PB-19601 As an admin running the healthcheck I should not see an unmanaged error if DB connection fails
• PB-21497 GITHUB-437 As an administrator I should see default user avatar in the email I receive when a user complete the setup
• PB-21501 GITHUB-411 As an administrator I should see the correct path relative to config tips in the health check report
• PB-21756 As an anonymous user switching MFA provider I should be redirected to the original target

Improved

• PB-19653 Rename Google authenticator into Totp authenticator
• PB-19807 As an administrator I want to know if email hostname availability is enabled in the health check report
• PB-20985 As an administrator I shouldn't be able to send a test email in command line without defining the recipient
• PB-21502 As an administrator I want to know if I run a passbolt command without using the webserver user
• PB-21635 As an administrator I want to the cron events to be logged
• PB-21751 As anonymous user I don't want to see the TOTP field auto-completed when I verify my second factor authentication
• PB-19715 As an administrator I want to lock the SMTP settings entry points

Maintenance

• PB-19212 Improve PHPUNIT performances
• PB-19541 Add composer audit job on development pipelines
• PB-19594 Avoid duplicated pipelines
• PB-19583 Remove deprecated usage of dummy auth token generation in tests
• PB-19594 Improve phpunit pipelines environment matrix
• PB-19706 Refactor favorites add controller into service
• PB-19707 Refactor favorites delete controller into service
• PB-20512 Ease debug by attaching original exception to InternalErrorException when missing
• PB-20541 Replace usage of Cake core Exception with CakeException when not done yet
• PB-21361 Remove deprecated usage of authenticateAs in tests
• PB-21658 Add support to PHP 8.2

Up Down Jumper

Song: https://youtu.be/BNe7OrleTlg

This release is a small maintenance release of the API only fixing issues reported by the community relative to the latest introduced SMTP settings feature. It also adds additional information to try to improve the debug process when dealing with Gnupg integration issues.

A big thank you to the community members who are reporting issues and help us investigate them.

[3.8.3] - 2022-12-01

Fixed

• PB-21631 Ensure the OpenPGP server key is in the keyring prior to sending any emails

Nana

Song: https://youtu.be/SEJz7PthmAw

This release is a small maintenance release fixing issues reported by the community relative to the just introduced SMTP settings feature. This version should support more authentication use cases and be more flexible while editing an existing configuration.

Thanks to the community members who reported issues and helped us fix them.

[3.8.1] - 2022-11-17

Fixed

• PB-21478 As an administrator, I should be able to edit SMTP settings having a sender email not being a valid email
• PB-21438 As an administrator using docker, I should be able to access the SMTP settings of my organization
• PB-21486 As an administrator, I can define the SMTP authentication method via the SMTP admin workspace
• PB-21481 As an administrator, I want emails to be sent with the sender settings defined in database, if defined in the database

Syria

Song: https://youtu.be/37JidTgav2g

The team is pleased to announce the v3.8 immediate availability.

This release ships with two new themes, a light and dark Solarized themes. Along with the redesign that occurred earlier this year, these themes served as a foundation to propose additional look and feel, but also welcome your contributions. If you wish to build a new theme, checkout the blog article: How to create a custom passbolt theme with the UI Kit.

In a continuous effort to make passbolt more customizable, administrators will be pleased to find a new administration settings screen that will allow them to update the SMTP settings of their organization. More administration screens are in the works and will be released very soon. Spoiler alert, Multi Factor Authentication is on its way to be released in the community edition.

We wish to thank all the community members for:

• The help with the internationalization;
• The bugs reports and the pull requests on github;
• The help provided to other members on the community forum.

[3.8.0] - 2022-11-09

Added

• PB-19192: As an administrator, I want to manage SMTP settings in the administration workspace
• PB-19151: As a user, I want to use passbolt with the Solarized light theme
• PB-19151: As a user, I want to use passbolt with the Solarized dark theme

Improved

• PB-16948: As group manager, I should be able to add users to groups without getting timeout errors
• PB-19035: TOTP is now deactivated by default and should be activated by an administrator
• PB-19200: GpgAuthenticator now asserts the message is a valid OpenPGP message prior to decryption on stage 0

Fixed

• PB-19312: As a logged-in user, I want to see my first name and last name correctly displayed in email headers
• PB-18718: As a logged-in user, I want my locale not to be overwritten by the server config on pages served by the server
• PB-19261: As a logged-in user, I should not get an internal error if no filter is passed to the get resource.json entry point
• PB-19035: As a logged-in user, I should not get a not found error on MFA authentication if an administrator deactivated MFA
• PB-18515: As a user, I want to see User Agent and IP in account recovery emails

Security

• PB-19204: Sanitize MFA redirection by forbidding redirection to external URI
• PB-19090: Protect forms from spell-jacking attack

Maintenance

• PB-19235: Migrate comments controllers logic into services
• PB-19603: Cover additional “add user to group” case: As group manager I can add a user to a group which have no resources shared with
• PB-6081: Move enterprise plugins into plugins/PassboltEe
• PB-6081: Move community plugins into plugins/PassboltCe
• PB-19621: Stop changing folders permissions in installation tests
• PB-19255 As an administrator I can trigger 500 errors on demand to test my logs

Breathing

Song: https://youtu.be/xF5PzY4b3eQ

This release is a security release fixing a spell-jacking security flaw discovered by otto-js.

You can learn more about this flaw on the dedicated security incident page.

[3.7.3] - 2022-09-27

Security

• PB-19090 Protect forms from spell-jacking attack

Knight Of The Jaguar

Song: https://youtu.be/ZcC3vVh3cOE

This is a small maintenance release which ships with a bug fix reported by the community and few changes that aim to improve the continuous integration pipelines.

[3.7.2] - 2022-09-21

Fixed

• PB-18380 Let passbolt-configure script setup certbot for RHEL9 support
• PB-16983 Handles the lack of permissions on image directory when deleting
• PB-16898 Redesign download a supported browser to get started

Improved

• PB-18650 Add a check on mysql status in order to run mysql commands only when it's ready in unit tests
• PB-18664 Add retry logic to Gitlab CI jobs

Last day

Song: https://youtu.be/Gm4ElZUzLOo

[3.7.1] - 2022-08-10

• PB-18381 Fix source language typos
• PB-18397 Fix as an admin I can generate a server key with the webinstaller within an instance over http
• PB-17096 Fix resouce_types name and slug postgresql compatibility
• PB-18372 Bump styleguide version to 3.7.1

New Morning

Song: https://youtu.be/FvR9HAKNdic

The team is pleased to announce the v3.6 immediate availability which, as you may already have seen, includes a design refresh of the application.

On top of that, this release ships with some more improvements and fixes.

• Performance boost on the client cryptographic operations;
• Additional key validations on setup for better error reporting;
• Experimental support for ECC keys.
• More performance fixes.

We wish to thank the contributors who participated:

• Alpha testers who helped us test the pre-release;
• All the community members who helped with the internationalization;

Next up? We’ll go through a maintenance cycle where we’ll be fixing issues reported in terms of performance (e.g. adding users to a group), as well as preparing for the migration to Manifest v3, and support for PHP 8.1.

[3.6.0] - 2022-05-26

Added

• PB-15026 As a user I should see the new design on the administration workspace
• PB-14675 As a user I should see the new design on the authentication screens
• PB-9739 As AN performing a setup, I can import ECC keys [experimental]

Improved

• PB-9739 OpenPGP key and message validation refactoring
• PB-14141 Enhanced public/private key validation rules
• PB-13685 Enhanced secret validation rules
• PB-14138 Refactor setup and recover related controllers with dependency injection
• PB-14510 Three trivial endpoints, such as GET on login are not logged anymore

Security

• PB-14400 Upgrade firebase/php-jwt to 6.1

Fixed

• PB-14369 Fixes email settings issues in the test suite
• PB-15046 Handle user lost-passphrase scenarios with API <= v3.5

Maintenance

• PB-14812 Upgrade cakephp/cakephp to 4.3