v2.7.0 ~ Jump (pro)

Release date: February 11th, 2019.

The main focus of this release was to improve the performance and reactivity of the application, as well as address some minor security issues.

The only feature that was added is a better support for url sharing, e.g. if you look at the sidebar when clicking on a resource you will be presented with a link. You can use it to send the url to a given resource to a colleague: if they have access to this resource they will be able to navigate directly to it. Similarly links in emails pointing to a resource will take you directly to the corresponding record.

fig. Application urls are now more usable

The team also worked hard to speed up the performances of the application, most notably by starting to load OpenPGP secrets asynchronously (instead of within the resource index calls). This strategy allows to reduce the loading time of the homepage from 12 to 2 seconds, in our tests with a database containing 2000 passwords shared over 400 users. This ground work was also necessary in order to be able to trace accesses to secrets and provide a more granular audit log coming up in the next release.

This release also includes fixes for the LDAP synchronization tools. Namely a fixe for the user and group filter for OpenLDAP, as well as a fix a bug triggered during group synchronization when a user was deleted in passbolt but still present in LDAP.

This release also includes 3 fixes found during an independent security audit conducted by french security researcher Jose-Alexandre Mayan. You can learn more about these fixes on the dedicated security incident page.

The team also wanted to thank everyone who reported issues and helped us investigate them further, especially Ricardo Marinho, Marc-Daniell Hess, Christoph Grabmer and Eric Wright.

Passbolt Web Extension

Improvement

• PASSBOLT-3347: When the extension requires the users to enter their master password, the popup should be displayed with no delay
• PASSBOLT-3313: As GM adding a user to a group I should see the loading popup when the extension is processing/requesting the API
• PASSBOLT-3312: As GM adding a user to a group I should see a relevant feedback in case of network/proxy errors
• PASSBOLT-3316: As LU Sharing a password I should see a loading feedback when the extension is requesting the API
• PASSBOLT-3318: As LU I should retrieve a secret when I’m copying it
• PASSBOLT-3319: As LU I should retrieve a secret when I’m editing it
• PASSBOLT-3403: As LU I should retrieve secrets when I’m exporting the associated passwords

Passbolt API

Added

• PASSBOLT-2995: As LU I should be able to copy the permalink of a password

Improved

• PASSBOLT-3403: As LU I should export only selected passwords
• PASSBOLT-3397: Remove the list of secrets from the API request while loading the list of passwords
• PASSBOLT-3319: As LU I should retrieve a secret when I’m editing it
• PASSBOLT-3318: As LU I should retrieve a secret when I’m copying it
• PASSBOLT-3317: Display significant information as soon as possible while opening the application
• PASSBOLT-3312: As GM adding a user to a group I should see a relevant feedback in case of network/proxy errors
• PASSBOLT-3314: Improve the performance of the application by adding missing indexes
• PASSBOLT-2974: As LU I should be able to follow links targeting passwords from my emails

Fixed

• PASSBOLT-3363: Fix the web installer should not use the exec php primitive to create/import the gpg server key
• PASSBOLT-3370: Fix auth verify error should not leak data

• PASSBOLT-3368: Fix html injection in email

• PASSBOLT-3406: LDAP: Fix bug user_id is null when a user that is associated to a group is deleted