v3.11.0 ~ Regular (pro)
Release date: March 1st, 2023.
With the release of 3.11, passbolt is pleased to deliver new features and fixes for issues discovered in the alpha version of SSO.
A significant addition to v3.11 is the ability to start the account recovery or browser extension reconfiguration using SSO. This release also includes more helpful error messages, additional server-side logs, and additional fixes found during the SSO alpha (such as handling instances where the email addresses do not have the same case sensitivity in passbolt and Azure). A week-long code audit by Cure53 is currently underway for both the API and the browser extension. Alongside these SSO improvements, version 3.11 adds support for Duo v4, an upgrade from the previously supported v2. The API also now features a new endpoint that allows administrators to get paginated action logs, to make it easier to browse and find specific events or actions programmatically.
Support for PHP 7.3 and passbolt API v2 has also been deprecated. While you will not be able to install a new instance on PHP 7.3, existing instances will still work until the next version. We encourage users to upgrade to PHP 7.4 or higher and use the latest version of the passbolt’s API.
The browser extension has been updated with new languages in beta: Italian, Portuguese, Korean, and Romanian.
Passbolt looks forward to continuing to deliver improvements and as always, appreciates your continued support.
API
Added
- PB-22435 As a user using SSO Azure I can recover my account using SSO Azure
- PB-22741 As an administrator I should see an error in the healthcheck if I use php 7.3 or less
- PB-22747 As an administrator I can define a regular expression to customise email validation
- PB-22748 As an administrator I can access to the paginated list of action logs on the browser
- PB-22866 As a user I want to use passbolt in Italian
- PB-22866 As a user I want to use passbolt in Portuguese (Brazil)
- PB-22866 As a user I want to use passbolt in Korean
- PB-22866 As a user I want to use passbolt in Romanian
Fixed
- PB-21489 As a user I should not see double headers in emails sent by the email digest
Improved
- PB-22725 As an administrator I want to manage Duo v4 settings
- PB-21763 As a user I want to see a clean SSO error feedback in the popup after failing to sign-up with SSO
- PB-21764 As a user I want to see a clean SSO feedback in the popup after signing-in with SSO
- PB-21906 As a user I don’t want to receive email by default when I create a resource or a folder as well as I don’t want to see any details for this content by default
- PB-22512 As an SSO administrator I want to see the access_token details when it is missing or has invalid claims
- PB-22610 As a user I want the SSO Azure authentication to support nonce
Maintenance
- PB-22416 As a developer I can safely deactivate plugins between solutions
- PB-22756 Fixes a range of failing pagination tests
- PB-22760 SSO State Type refactoring
- PB-22495 Refactors the SmtpTransport to enhance the code coverage of emails
- PB-22430 Refactoring of SSO state to use separate table
Browser extension
Added
- PB-22081 As a signed-in user I can import my passwords from a Mozilla web browsers csv export
- PB-22082 As a signed-in user I can import my passwords from Safari web browser csv export
- PB-22116 As a signed-in user I can import my passwords from a Dashlane csv export
- PB-22117 As a signed-in user I can import my passwords from a Nordpass csv export
- PB-22510 As a signed-in user I can import my passwords from a LogMeOnce csv export
- PB-22866 As a user I want to use passbolt in Italian
- PB-22866 As a user I want to use passbolt in Portuguese (Brazil)
- PB-22866 As a user I want to use passbolt in Korean
- PB-22866 As a user I want to use passbolt in Romanian
- PB-22882 As a user I can use the SSO feature to speed up the extension configuration process
Improved
- PB-21408 As a logged-in user navigating to the account recovery user settings from the MFA user settings I should not see the screen blinking
- PB-21548 As a signed-in user I can access my MFA settings for a given provider following a dedicated route
- PB-22647 As a signed-in user I want to use my personal google email server as SMTP server
- PB-22699 A a user I want a unified experience using pwned password feature
- PB-22725 As a signed-in user I want to see an introduction screen prior setting up Duo v4
- PB-22835 As an administrator I can define the optional SMTP Settings “client” setting
- PB-22861 As an administrator I want to manage Duo v4 settings
Fixed
- PB-22387 As an administrator generating an account recovery organization key, I should see the warning banner after submitting the form
- PB-22587 Fix the CSV exports columns presence and order
- PB-22588 As a signed-in user I want to import resources in Lastpass csv export following their conventions
- PB-22701 As a signed-in user I should not see the MFA mandatory dialog if there are no MFA providers enabled for my organization
- PB-22704 As a user with a configured account and SSO, I should be able to recover/setup another account
- PB-23277 As a signed-in user I should not have a 404 error with the flag mfa policy disable
Security
- PB-21645 As content code application I should be restricted to open ports only for applications I am allowed to open
- PB-21754 As a user I should not see any trace of previously downloaded content in my history
- PB-23279 As a user completing a setup I should not have access to the background page decryption secret capabilities
Maintenance
PB-19641 Handle the setup and recover runtime object
- PB-19675 As a signed-in user I want to perform a recover using the browser extension with MV3
- PB-19676 As a signed-in user I want to perform a setup using the browser extension with mv3
- PB-19677 As a signed-in user I want to perform a sign-in using the browser extension with MV3
- PB-19678 As a signed-in user I want to start the application using the browser extension with mv3
- PB-21750 As service worker I should be able to wake up a disconnected application port
- PB-21822 As a signed-in user I want to open quickaccess using the browser extension with MV3
- PB-21823 As a signed-in user I want to see the web integration using the browser extension with MV3
- PB-21824 As a signed-in user I want to see the web public sign in using the browser extension with MV3
- PB-21829 Clean port after a web navigation on the main frame
- PB-21996 As a signed-in user I want to see the in form call to action using the browser extension with MV3
- PB-21997 As a signed-in user I want to see the in form menu using the browser extension with MV3
- PB-22009 Create a service to parse the webIntegration in url
- PB-22076 Handle flush local storage on browser runtime onStartUp for MV3
- PB-22077 Handle config init and post logout on service worker startup
- PB-22078 Create a polyfill to handle browser.action on MV2
- PB-22113 As a signed-in user I should be able to open the quickaccess popup from inform menu with MV3
- PB-22412 As a signed-in user I want to use account recovery process using the browser extension with MV3
- PB-22648 Adapt payload when back return duo settings
- PB-22896 Update styles to adapt to Duo forms updates
- PB-22898 Update login form design styles
"Regular"
Listen to the release song!