Help Search

v3.0.0 ~ Our House (ce)

Release date: March 10th, 2021.

This release introduces some new dependencies and database changes.
Make sure you follow the update documentation to roll out this new version.

Read the doc

The team is pleased to announce the immediate availability of Passbolt version 3. As you may have noticed with the earlier release in January and automatic rollout of the v3 webextension, this version contains a major redesign of the login and setup screens. The goal of this redesign was to simplify the process and improve the usability. This version also concludes our migration to React technology on the front end side, you can learn more about it in the dedicated blog post.

The redesigned login page. fig. The redesigned login page.

Most notably, this release also introduces the concept of resource types. We will write more about it in a dedicated blog post, but long story short, the goal of this change is to allow storing different types of secrets, other than a password. The first example of a new resource type is the “password with encrypted description” which has now become the default. This change is transparent and backward compatible.

Encrypted description is now on by default on create resource dialog. fig. Encrypted description is now on by default on create resource dialog.

As you may know, data in passbolt is divided into two parts: the searchable non encrypted metadata called “resource”, and the encrypted part containing, for example the password called “secret”. With resource types the solution will support the encapsulation of structured data in the “secret” part in the form of a JSON object, following a JSON schema defined as part of the resource type. In the future we want to allow administrators to be able to define their own resource types, on top of the ones that are supported by default. In the meantime if you have suggestions for new default resource types, and the formats you would like to see (for instance credit cards, ssh keys, etc…), please share your ideas on the community forum.

We encountered some issues during the release of the webextension v3, which have been summarized on this dedicated incident page. The most prominent bugs encountered in the last release were related to older installations where some database entries became incompatible with the new stricter validation rules on the front-end side. These issues have now been resolved, but we sincerely apologize for any inconvenience caused, and have learnt a lot during the process.

Server side Passbolt API v3 is also a major release with the deprecation of PHP v7.2 and composer v1. Please make sure you have the right dependencies installed on your server prior to upgrade. You can learn more about the update/upgrade procedures on the dedicated page. Feel free to report bugs on github if you encounter any new issues, or to get in touch using the regular support channels.

On the artifacts side, we have published an ubuntu package and also all of our artifacts (vm, digital ocean, aws ami and docker image) are using debian package. Using debian package introduces new changes on the installation paths of passbolt. Please read the following documents for deprecation notices and changes:

For our next release(s) the team will focus on an upgrade to Cakephp v4, as well as small UX/UI improvements that have been pending for a very long time, including the ability to translate the interface. And yes we also are actively working on the Mobile apps, as well as other much demanded features such as Escrow.

A big thank you for people who have reported and documented bugs on github and the community forum including: @DistrantThunder, @kyxyes, @chyff, @drzraf, @Alien-Richman, @VFS, @wnhre2ur8cxx8 (that’s a mouthful), @rctgamers3, @norbertmm, @runderwo, @AnswerKAS, @raphhaselback, @PeanutStick, @JosephGarrone and many more.

Thank you for your continued support.


[3.0.2] - 2021-03-11


  • PB-5211 The fields Group object class and User object class in user directory have to be sent server side (pro)
  • GITHUB-378 Fix healthcheck ssl fullBaseUrl check
  • Fix email digest email preview should accept empty (null) template
  • Fix send test email command should accept undefined username and password

[3.0.1] - 2021-02-24


  • Fix resources population of resource_type_id field migration

[3.0.0] - 2021-02-10


  • Drop support for API format v1, api-version parameter is deprecated
  • Remove title from API response envelope format
  • Drop support for PHP < v7.3, application require PHP v7.3 by default
  • Drop support for Composer < v2, application requires Composer v2 by default


  • Add dark theme to the community edition
  • Add new system check utilities in ./bin, for example ./bin/status-report
  • Add web installer automatically populates mysql credentials (VM / Debian Package)
  • Add support for multiple resource types
  • Add resource with encrypted description as resource type
  • Add generic cron job task in ./bin/cron
  • Add support for untracked personal shell scripts under ./bin/my
  • Add support for configurable footer link in config
  • Add permissions filters on resource view and index
  • Add permissions contain options on resource view


  • Update OpenPGP-PHP dependencies to provide PHP 7.4 compatibility
  • Remove unmaintained user agent parser library
  • Fix PHP 7.4 warnings


  • Improve testsuite execution times
  • Refactor testsuite to not install data model from fixtures but use migrations instead
  • Refactor testsuite to remove unused fixtures
  • Migrate administration and mfa settings screen to React
  • Add placeholder application skeleton when webextension is still loading
  • Redesign of login and recover screens
  • Add Mysql 8 support


  • Fix allow overriding rememberMe options in passbolt.php configuration file
  • Fix all target blank link should contain rel noopener noreferrer
  • Fix email sender, email subject should not exceed 255 characters.
  • Fix secret access log on resource view with contain secret
  • GITHUB-376 Fix missing route prefix on the recovery button
  • GITHUB-373 Fix API format for create group (previously v1 instead of v2 format)
  • GITHUB-372 Fix after modifying passwd, the modification time should be changed
  • GITHUB-370 Fix metadata should be deleted for deleted resources
  • GITHUB-369 Fix Notification Emails Have Wrong Tense In Subject/Body
  • GITHUB-368 Clarify PHP extension requirements
  • GITHUB-362 Fix wrong filename on healthcheck HELP message for assertConfigFiles
  • GITHUB-356 As a user I shouldn’t be able to export folders if export plugin is disabled
  • GITHUB-350 Fix no mails are sent when providers offer AUTH PLAIN authentication only
  • GITHUB-339 Fix web installer urls do not work when passbolt is installed in a directory
  • Fix performance issues on resource / folder activity log

Browser Extension

[3.0.7] - 2021-03-04


  • GITHUB-156 Fix import/export and legacy API v2

[3.0.6] - 2021-03-02


  • Fix missing chevron image in quickaccess
  • Remove EJS from dependencies
  • Fix import of keepass file containing entries with undefined field
  • Fix import should not throw an error if a resource or a folder cannot be created
  • GITHUB-381 Fix quickaccess and custom fields. Lazy load resource types local storage on demand.
  • PB-5154 Fix autofill and username field without type property defined

[3.0.5] - 2021-02-03


  • Fix keep session alive

[3.0.4] - 2021-02-03


  • Allow decryption with rsa signing key to work around old openpgpjs bug
  • Pre sanitize data prior to collections/entity creation for the following operations: local storage update (resources, groups, users), user and avatar update, group update

[3.0.3] - 2021-01-28


  • Fix do not enforce validation for gpgkey with type property set to null
  • Fix do not enforce validation for gpgkey with bits property set to null

[3.0.2] - 2021-01-27


  • Fix allow favorites with non conforming v1 data

[3.0.1] - 2021-01-27


  • Fix do not enforce validation error for tags with slug duplicates
  • Fix do not enforce validation for avatar with empty user_id

[3.0.0] - 2021-01-27


  • Add a new login page and process redesign
  • Add a new setup pages and process redesign
  • Add a new recovery page and process redesign
  • Add request passphrase prior to downloading the private key in user workspace
  • Add the ability to sort by favorites
  • Add the ability to encrypt description
  • Add baseline support for other resource types


  • Migrate user workspace code previously served by server in the extension
  • Migrate password workspace code previously served by server in the extension
  • Migrate user profile code previously served by server in the extension
  • Migrate the front-end code from CanJS to React
  • Improve import export speed and misc compatibility improvements
  • Improve server data validation in background page
  • Misc update of dependencies

"And this is how we're gonna work it"

Listen to the release song!
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!