v4.0.0 ~ Get Up, Stand Up (pro)

Release date: May 17th, 2023.

Introducing the latest update of passbolt Pro, release v4. This update includes some significant enhancements to the platform’s functionality and overall user experience.

Passbolt now requires a minimum of PHP 7.4 to run, but also supports PHP 8.2, which means faster performance and security. The browser extension is also getting a bit of love with some much needed maintenance to Manifest v3 and it requires at least a Passbolt API v3 to run.

Please also note the LDAP file configuration format has changed due to a LDAP library migration. The LDAP plugin will be automatically disabled on the Passbolt upgrade to the new version.

While this is a breaking change, the LDAP updates provide greater flexibility and customisation. This version of the LDAP plugin gives you control over user directory synchronisation with refined search requests and the ability to synchronise more data (group names, user first and last names). Refined LDAP search requests allow admins to sync more information and manage data easier. These new features give admins the ability to sync group names, users first names, and users last names.

Passbolt also now supports Google as a SSO provider integration. You can now setup passbolt to allow your users to login with their Google credentials. And you also can streamline onboarding by allowing new users to take advantage of self-registration using SSO.

This release also focuses on accessibility improvements to ensure an inclusive experience for all users across all versions. Alongside these feature updates, v4 includes numerous bug fixes and security enhancements to further improve system reliability. It’s recommended that all users update to this latest version to get the most out of passbolt.

Finally, this release includes numerous bug fixes and security improvements, addressing various issues reported by our users.

Thank you for your continued support, and we hope you enjoy the enhanced features and improvements in this release. Please don’t hesitate to reach out to our support team if you have any questions or feedback.

API

Added

• PB-21580 As a user I can use Google as single sign on provider
• PB-24245 As LU using the API I can manage standalone TOTP and TOTP associated with passwords resources types
• PB-24086 As an admin I can create a user recovery link from the command line
• PB-22926 As a new user I can self-register using SSO with email-self registration

Improved

• PB-21570 As an administrator I receive an email when SSO configuration changes
• PB-24052 As an administrator I can configure the user directory settings to authenticate with Kerberos/SASL
• PB-23961 Adds SASL support for DirectorySync
• PB-23927 As a system administration I can disable certain SSO providers from environment variable
• PB-23598 Add LDAP filter / search to the API endpoint for configuration
• PB-23289 Add new setting to allow updating user first and last name from LDAP
• PB-23290 As an administrator synchronizing the users directory it should also synchronize the groups names

Maintenance

• PB-23321 Upgrade CakePHP to 4.4
• PB-22720 Refactor LDAP feature to use directorytree/ldaprecord
• PB-24296 As a developer I can retrieve in integration tests the body of json requests in array
• PB-24083 Removes the usage of the Paginator deprecated in CakePHP 4.4
• PB-24055 LDAP add support multi server to settings API endpoint
• PB-23926 Bump PHPUnit to ~9.5.2 to avoid warning messages of 9.6
• PB-22758 Introduce JWT key injection to enable parallel tests
• PB-22622 Add CS rule to disallow space after NOT operator
• PB-23786 Remove PHP 7.3 from the testing pipes
• PB-24561 Upgrades cakephp/migrations library
• PB-24073 As a developer I should ensure that the CHANGELOG.md file is in the right format
• PB-24071 As a developer I can enable feature plugins with the plugins class name
• PB-24272 Adds contribution link in CONTRIBUTING.md

Fixed

• PB-24078 As a user I should receive the correct email avatar text after folder manipulation
• PB-24039 Action log event listener should not throw error on missing connection
• PB-23558 Remove PHP 8.2 deprecation warnings
• PB-23557 Remove PHP 8.1 deprecation warnings

Security

• PB-24056 As an admin I can view log stack traces when debug mode is enabled
• PB-23599 As an admin I can obfuscate sensitive fields in LDAP get settings API responses
• PB-24297 Update guzzlehttp/psr7 to fix composer audit security vulnerability

Browser extension

Added

• PB-23531 As an administrator I can setup google as SSO provider
• PB-23532 As a user I can sign-in with SSO
• PB-23535 As a user I want to self register with SSO enabled
• PB-23952 As an administrator I want to synchronize only groups belonging to a given parent group
• PB-24168 As a user I want to use an accessible version of the UI

Improvements

• PB-21564 Application should be aware of authentication status as soon as the user is getting signed out

Fix

• PB-21488 Fix the loading of pagemods when user data is not set in the local storage
• PB-23547 As a signed-in user I should auto-filling credentials in iframe even if there is an empty iframe src ahead
• PB-24076 Fix ApiClient BaseUrl generation to avoid double slashes in the final URL
• PB-24100 As a developer I want to use a fix working version of storybook
• PB-24145 As a signed-in user the inform integration should not freeze the browser if there is a lots of dom changes
• PB-24260 As a signed-in user I should not see a resource stays selected after moves in a folder

Security

• PB-22858 As a user the session storage should have a limit of port by tab
• PB-22859 As a user the web integration pagemod should be attached only on top frame
• PB-23556 PBL-08-002 WP2: Passphrase Retained In Memory Post-Logout
• PB-23942 PBL-08-008 WP2: Lack of explicit CSP on extension manifest
• PB-23797 Backport MV3 port manager on MV2 without using the webNavigation permission

Maintenance

• PB-18667 Migrate gpgAuth session check loop into a dedicated service startLoopAuthSessionCheckService
• PB-22641 As a user the browser extension should handle when the version is updated
• PB-22642 As a developer, when inform call to action and inform menu are destroyed, I should remove the port reference in the session storage and portManager
• PB-24105 As a user I want to trigger file download on firefox with file pagemod
• PB-24131 As a developer I should have class files in the correct folder
• PB-24134 As a developer I should be able to run the CI pipeline even if the audit job is failing
• PB-24147 Remove legacy entry point to check if the user is authenticated