v3.12.0 ~ Introspective (ce)

Release date: March 15th, 2023.

Release 3.12 includes a number of new features and enhancements, including the much-anticipated addition of folders in the Community Edition, which allows users to better organise resources.

Another notable new feature is the ability to customise passbolt to output the action logs in syslog or a file, giving administrators more control and visibility on what is happening on their instance and leverage other tools for threat and unusual activity detection. Administrators can also implement their own handler for action logs to further customise their passbolt instance reporting. A blog to demonstrate this new feature will be available soon.

Version 3.12 also includes important fixes, such as a fix to ensure that only administrators can see which users have MFA enabled. This regression was spotted during the Cure53 march security audit. The full report will be available shortly. Spoiler alert: no critical vulnerability was found.

Lastly, more file formats for export are included in release 3.12. This provides more options for migrating data between applications.

Overall, the release of version 3.12 provides several useful improvements. Thank you to the members of the community who’ve reported issues and helped us fix them.

API

Added

• PB-20535 As a community user I want to use folders
• PB-22749 As an administrator I can customise passbolt to output the action logs in syslog
• PB-22749 As an administrator I can customise passbolt to output the action logs in a file
• PB-22749 As an administrator I can implement my own action logs handler

Fixed

• PB-23717 As a user using the json API I should get a bad request error instead of an internal error if using api-version=v1
• PB-21826 Fix emails entries should not be locked when threshold limit is exceeded
• PB-23519 As an administrator running the DUO v4 migration I should not see a warning message if DUO was not configured
• PB-23721 As an administrator I want to be sure the server key is in the keyring before decrypting users directory settings

Security

• PB-23311 As an administrator I should be the only one to know which users have enabled MFA

Improved

• PB-23333 As an administrator I should see a notice instead of a warning if I enabled the self registration plugin
• PB-23722 As a developer running the unit tests I want to be sure the version from the config matches the one from the changelog
• PB-22892 As a user recovering my account I want to see the success and error pages feedback

Maintenance

• PB-23287 Duo multi-factor authentication redirection refactoring
• PB-23702 Update phpseclib/phpseclib dependency

Browser extension

Added

• PB-22521 As a signed-in user, I want to export resources in logmeonce csv
• PB-22520 As a signed-in user, I want to export resources in nordpass csv
• PB-22519 As a signed-in user, I want to export resources in dashlane csv
• PB-22518 As a signed-in user, I want to export resources in safari csv format
• PB-22517 As a signed-in user, I want to export resources in mozilla csv
• PB-22515 As a signed-in user, I want to export resources in bitwarden csv
• PB-22516 As a signed-in user, I want to export resources in chromium based browsers csv
• PB-22838 As an administrator I can customise the application email validation

Improvements

• PB-22896 Improve DUO style

Fix

• PB-23281 Fix as a user I should see an accurate entropy when a password contain words from a dictionary

Security

• PB-23706 As an administrator I should be the only one to know which users have enabled MFA