Help Search

v4.0.0 ~ Get Up, Stand Up (ce)

Release date: May 17th, 2023.

Introducing the latest update of passbolt Pro, release v4. This update includes some significant enhancements to the platform’s functionality and overall user experience.

Attention: This is a major change, so make sure you check the platform requirements, and do a test upgrade, before you update your live systems to the new version!

Passbolt now requires a minimum of PHP 7.4 to run, but also supports PHP 8.2, which means faster performance and security. The browser extension is also getting a bit of love with some much needed maintenance to Manifest v3 and it requires at least a Passbolt API v3 to run.

This release mainly focuses on platform compatibility and accessibility improvements to ensure an inclusive experience for all users across all versions. Alongside these updates, v4 includes numerous bug fixes and security enhancements to further improve system reliability. It’s recommended that all users update to this latest version to get the most out of passbolt and benefit from the upcoming new features.

We appreciate the continued support and feedback as we strive to provide an exceptional user experience. Reach out on the community forum if you encounter some issues with this new release.



  • PB-24086 As an admin I can create a user recovery link from the command line
  • PB-22926 As a new user I can self-register using SSO with email-self registration


  • PB-23321 Upgrade CakePHP to 4.4

  • PB-24296 As a developer I can retrieve in integration tests the body of json requests in array
  • PB-24083 Removes the usage of the Paginator deprecated in CakePHP 4.4

  • PB-23926 Bump PHPUnit to ~9.5.2 to avoid warning messages of 9.6
  • PB-22758 Introduce JWT key injection to enable parallel tests
  • PB-22622 Add CS rule to disallow space after NOT operator
  • PB-23786 Remove PHP 7.3 from the testing pipes
  • PB-24561 Upgrades cakephp/migrations library
  • PB-24073 As a developer I should ensure that the file is in the right format
  • PB-24071 As a developer I can enable feature plugins with the plugins class name
  • PB-24272 Adds contribution link in


  • PB-24078 As a user I should receive the correct email avatar text after folder manipulation
  • PB-24039 Action log event listener should not throw error on missing connection
  • PB-23558 Remove PHP 8.2 deprecation warnings
  • PB-23557 Remove PHP 8.1 deprecation warnings


  • PB-24056 As an admin I can view log stack traces when debug mode is enabled

  • PB-24297 Update guzzlehttp/psr7 to fix composer audit security vulnerability

Browser extension


  • PB-23952 As an administrator I want to synchronize only groups belonging to a given parent group
  • PB-24168 As a user I want to use an accessible version of the UI


  • PB-21564 Application should be aware of authentication status as soon as the user is getting signed out


  • PB-21488 Fix the loading of pagemods when user data is not set in the local storage
  • PB-23547 As a signed-in user I should auto-filling credentials in iframe even if there is an empty iframe src ahead
  • PB-24076 Fix ApiClient BaseUrl generation to avoid double slashes in the final URL
  • PB-24100 As a developer I want to use a fix working version of storybook
  • PB-24145 As a signed-in user the inform integration should not freeze the browser if there is a lots of dom changes
  • PB-24260 As a signed-in user I should not see a resource stays selected after moves in a folder


  • PB-22858 As a user the session storage should have a limit of port by tab
  • PB-22859 As a user the web integration pagemod should be attached only on top frame
  • PB-23556 PBL-08-002 WP2: Passphrase Retained In Memory Post-Logout
  • PB-23942 PBL-08-008 WP2: Lack of explicit CSP on extension manifest
  • PB-23797 Backport MV3 port manager on MV2 without using the webNavigation permission


  • PB-18667 Migrate gpgAuth session check loop into a dedicated service startLoopAuthSessionCheckService
  • PB-22641 As a user the browser extension should handle when the version is updated
  • PB-22642 As a developer, when inform call to action and inform menu are destroyed, I should remove the port reference in the session storage and portManager
  • PB-24105 As a user I want to trigger file download on firefox with file pagemod
  • PB-24131 As a developer I should have class files in the correct folder
  • PB-24134 As a developer I should be able to run the CI pipeline even if the audit job is failing
  • PB-24147 Remove legacy entry point to check if the user is authenticated
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!