v4.2.0 ~ The man who sold the world (pro)

Release date: August 24th, 2023.

Passbolt’s latest release, Pro version 4.2, introduces some new functionalities and fixes.

One of the highlights of this release is the first brick of grid modernization. With it, you’re in control of what’s shown on the password grid. You can decide which columns you want to see, as well as their position and size. This first version is part of a larger improvement project. The aim is to make customization of the grid available and persistent with the next v4.3.0 release, and to later introduce new columns such as OTP, Icon & Tag.

Another new feature is Password Policies, which allows administrators to control a range of password-related settings. They can set defaults for generated passwords to ensure they meet their organisation’s requirements. They can also specify whether passwords can be verified against compromised databases.

Additionally, users will be pleased to see the new resource count chips displayed in the breadcrumb, providing an intuitive way to keep track of filtered resources.

Administrators are not left behind with this release as a few bugs with the command line healthcheck have been fixed and the feature is being prepared to be available in the UI soon.

Thank you for choosing passbolt, these improvements wouldn’t be possible without your continued support.

API

Added

• PB-24987 As an administrator I can define the password policies from the administration UI
• PB-25462 As an administrator I can deactivate RBACs with a feature flag
• PB-25036 As an administrator I can select PostgreSQL as database driver on installation
• PB-21403 As an administrator I can purge the email queue table from the command line

Improved

• PB-24990 Performance optimisation of the cleanup command responsible to delete secrets without permissions
• PB-25263 Performance optimisation of the entry point retrieving the folders activity logs
• PB-25264 Performance optimisation of all the SQL queries retrieving user profiles
• PB-25199 Lower case UUIDs given as requests parameters before marshalling and persisting data
• PB-25389 As an administrator healthcheck/status.json requests should not be logged in the action_logs table
• PB-25734 As a user I do not want the first letters of my first and last names upper-cased when my profile is saved

Security

• PB-25181 CSRF cookie should have secure flag set when site is served under HTTPs
• PB-25798 Fixes laminas/laminas-diactoros vulnerability by using the longwave/laminas-diactoros package

Fixed

• PB-24931 As a user when I rename a tag with the same name, the tag should not be deleted
• PB-25019 As an administrator I can define LDAP filters case sensitivity
• PB-24986 As a user decrypting the SSO organisation settings I should not get a 500 error when the key could not be found in the keyring

• PB-25859 As an administrator notified of an account recovery I should see the first and last name of the acting user in the email

• PB-25472 As a user I can use an SMTP server using NTLM authentication
• PB-25475 As an administrator running the healthcheck, I should be warned for self-signed and wildcard certs instead of having a failure

• PB-25720 As an administrator I should not see a false error in the healthcheck when reading the App.base config

• PB-25800 As an administrator I should be able to migrate from v3 my default LDAP settings

Maintenance

• PB-21412 Upgrade phpstan to v1.10.15
• PB-21413 Upgrade psalm version to v5.12.0
• PB-21414 Upgrade cakephp codesniffer to v4.7
• PB-21672 Bump lorenzo/cakephp-email-queue package to 5.1
• PB-21917 Bump bcrowe/cakephp-api-pagination to v3.0.0
• PB-21918 Bump spomky-labs/otphp to v10.0.3
• PB-21919 Update enygma/yubikey package
• PB-22052 Passbolt test data version bump to v4.1.0
• PB-25379 Update vierge-noire/cakephp-fixture-factories package
• PB-24575 As a developer release notes should be automatically published on Github on new tag release
• PB-25471 As a developer Crowdin should export only a selected subset of languages
• PB-25801 As a developer I can create unpublished test packages

Browser extension

Added

• PB-24268 As a signed-in user I can reorder & show/hide columns of the resource workspace grid

• PB-25189 As a signed-in user I can resize the columns of the resource workspace grid

• PB-25283 As a signed-in administrator I can access the password policies
• PB-25283 As a signed-in administrator I can see the password policies settings
• PB-25283 As a signed-in administrator I can customise the password policies
• PB-25283 As a signed-in user I generate passwords using the password policies of my organisation
• PB-25283 As a signed-in user I am warned about passwords which are part of a dictionary

Improved

• PB-25251 As a sign-in user I want the passwords to be rendered with a monospace font
• PB-25288 As a signed-in user I should see the number or resources or users filtered in the workspace from the breadcrumb

Fixed

• PB-22555 As a German-speaking signed-in user I want to autofill my password and name when the input identifiers are in German
• PB-24612 As a user I should not see “remember until I log out” option in the quickaccess it the option is disabled from the servers
• PB-25259 Fix dropdown profile style
• PB-25260 As a user I should be redirect to the resource workspace when signing in right after a sign out
• PB-25261 Fix box-shadow on more button for folders

• PB-25320 In-form menu icon was moving when scrolling on page

• PB-25504 As a user I want to use SSO with Firefox

• PB-25807 As a signed in user I should see my profile metadata updated after editing my profile

• PB-25816 As a signed-in user, the link in resource activity or user account recovery activity should be valid
• PB-25822 Fix typos in User Directory settings interface

Maintenance

• PB-25390 Upgrade outdated library word-wrap
• PB-25391 Upgrade outdated library tough-cookie
• PB-25704 Upgrade outdated library babel

Experimental

• PB-25185 As LU user on the browser extension, I want to export my account to configure the windows application
• PB-25253 Desktop bootstrapped applications should have CSP rules enforced prior to execute any javascript