v2.2.0 ~ I want to break free (ce)

Release date: August 13th, 2018.

Please note that Passbolt API V1.x will be officially unmaintained from 1st of September 2018. If you haven’t upgraded to V2.x yet, it is strongly advised to do it now since the next versions of the browser extension will not be compatible anymore with V1.x branch.

This release is mainly a maintenance release that also prepares the groundwork for the upcoming ldap feature.

This release also includes a long awaited fix regarding performance issues. You can now manage thousands of passwords inside passbolt pretty smoothly.

The security has been improved even more with the implementation of CSRF protection. Now each request made by the client contains a token that is verified server side, hence protecting against CSRF attack types.

We have also upgraded canjs to version 4: It is the framework behind our javascript UI. This upgrade was long due and took quite a bit of efforts. After CakePHP 3.x, the upgrade of canjs is part of these invisible and painful but necessary upgrades that contribute to keep passbolt secure and maintainable.

Passbolt API

Added

• PASSBOLT-2906: Enable CSRF protection
• PASSBOLT-2940: Implement app-js primary routes

Fixed

• PASSBOLT-2805: Fix sort by date and sort by user first_name by default
• PASSBOLT-2896: Fix filter by tag from the password details sidebar
• PASSBOLT-2903: Fix logout link. It should target a full based url link
• PASSBOLT-2926: Fix session timeout check
• PASSBOLT-2927: Fix appjs ajax error handler
• PASSBOLT-2941: Fix grid performance issues

Improved

• PASSBOLT-2933: Upgrade to canjs 4

Passbolt Docker

Added

• Added wait-for-it script instead of wait-for to eliminate netcat dependency

Changed

• Merged: hide nginx and php version #107
• Merged: restrict MySQL port access #109
• Supervisor config files split into conf.d/{php.conf,nginx.conf,cron.conf}
• Default stdout logging is more verbose now allowing users to see more details on the requests