Help Search

v4.7.0 ~ Bulls On Parade (pro)

Release date: April 30th, 2024.

Release song:

Passbolt Pro v4.7 is a maintenance release that resolves multiple issues identified by the community. Furthermore, this release supports the commitment to improving customization options and integration features, making it easier for organizations to tailor the system to their specific needs.

A key enhancement in this release is the ability for administrators to use custom SSL certificates for SMTP and Users Directory server connections. These long-awaited features are particularly beneficial for organizations operating in air-gapped environments or those using their own root CAs, enabling passbolt to more securely integrate with internal tools.

All of these customizations are visible in the API status report of the administration workspace, providing a clear and manageable overview for administrators.

Passbolt API Status fig. Passbolt API Status

As usual this information is also available for administrators via the health check command line.

Directory Sync fig. Directory Sync

Moreover, the integration with user directories has been improved, now enabling the synchronization of user accounts using multiple fields as email identifiers. This allows organizations with heterogeneous data environments to synchronize more seamlessly with passbolt. This improvement is part of a broader initiative aimed at modernizing the integration with your user directories. Stay tuned, more enhancements are planned for future releases.



  • PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
  • PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)


  • PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on


  • PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
  • PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
  • PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
  • PB-32566 As a user setting up my account I should not get an unexpected 500
  • PB-32903 Fix deprecation error on password expiry settings validation


  • PB-29983 Refactor health check code domain for better maintenance
  • PB-30394 Moves code in ActionLogsModelListener into a dedicated service
  • PB-32881 Disable by default all plugins in integration tests
  • PB-32978 Use dependency proxy to reduce docker pull limit
  • PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
  • PB-32594 Add tests for SecretCreateService

Browser extension


  • PB-32931 As administrator, I see SSO and Directory Sync health checks in Passbolt API Status page
  • PB-33065 As an administrator I can add a fallback property to map my organisation AD user username
  • PB-33070 Request passphrase when exporting account kit


  • PB-32420 Fix double calls to PwnedPassword API service
  • PB-32631 Fix healthCheck Entity to support air gapped instances
  • PB-33066 As AD, I should not see directorySync and SSO checks if they are disabled
  • PB-33067 After an unexpected error during setup, recover or account recovery, only the iframe reload and the port cannot reconnect


  • PB-22623 Start service worker in an insecure environment
  • PB-22640 As a signed-in user the inform call to action should remain after the port is disconnected only for MV3
  • PB-22644 The passbolt icon should detect if the user is still connected after the service worker awake
  • PB-23928 Handle when the extension is updated, the webIntegration should be destroy and injected again
  • PB-29622 Simulate user keyboard input for autofill event
  • PB-29946 When the service worker is shutdown and a navigation is detected the service worker do not reconnect port and stay in error mode
  • PB-29965 Use a dedicated service to verify the server
  • PB-29966 Update apiClient to support form data body and custom header
  • PB-29967 Use a dedicated service to do the step challenge with the server
  • PB-29968 use a dedicated service to check the user authentication status
  • PB-29969 Use a dedicated service to logout the user
  • PB-29988 Update the alarm in the class StartLoopAuthSessionCheckService to use the property periodInMinutes
  • PB-29989 Put the alarm listener at the top level for the StartLoopAuthSessionCheckService to check the authentication status
  • PB-29990 Move PassphraseStorageService keep alive alarm listener in top level
  • PB-30272 Add message service in the app content script in order to reconnect the port from a message sent by the service worker
  • PB-30273 On the post logout event the service worker should reconnect port that needs to receive the post logout message
  • PB-30274 Add message service in the browser integration content script in order to reconnect the port from a message sent by the service worker
  • PB-30310 Improve invalid groups users sanitization strategy
  • PB-30335 Use timeout instead alarms for service worker
  • PB-30336 Use timeout instead alarms for promise timeout service
  • PB-30337 Put the alarm listener at the top level for the passphraseStorageService to flush passphrase after a time duration
  • PB-30341 Remove alarms for toolbar controller
  • PB-30342 Use timeout instead of alarm for the resource in progress cache service to flush the resource not consumed
  • PB-30374 Check if AuthService from styleguide is still used in the Bext otherwise remove it
  • PB-30375 Improve CI unit test performance by running them in band
  • PB-32291 Cleanup legacy code and unused related elements
  • PB-32335 Split PassphraseStorageService to put the KeepSessionAlive feature on its own service
  • PB-32345 Ensures on the desktop app during import account that the file to import is taken into account
  • PB-32597 Ensure ToolbarController are set on index.js
  • PB-32598 Ensure add listener from authentication event controller are set on index.js
  • PB-32599 Ensure add listener from StartLoopAuthSessionCheckService are set on index.js
  • PB-32604 Ensure add listener from on extension update available controller are set on index.js
  • PB-32602 Ensure add listener from user.js are set on index.js
  • PB-32603 Ensure add listener from ResourceInProgressCacheService are set on index.js
  • PB-32915 Update code to remove the destruction of the public web sign-in on port disconnected
  • PB-32916 Update code to remove the destruction of the setup on port disconnected
  • PB-32917 Update code to remove the destruction of the recover on port disconnected
  • PB-33018 Automate browser extension npm publication
  • PB-33024 Ensure only stable tags of the styleguide are published to npm
  • PB-33024 Ensure only stable tag of the browser extension are sent for review or publish to the store
  • PB-33061 Create account temporary storage
  • PB-33062 Use temporary account storage for setup process
  • PB-33063 Use temporary account storage for recover process
  • PB-33064 Use temporary account storage for account recovery process
  • PB-33068 Remove beta information for the windows app
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!