nilsteampassnet/TeamPass 3.1.6.2 on GitHub

What's Changed

Security:
- XSS Protection: Centralized output sanitization across the codebase:
  - Added secureStringWithAntiXss(): Recursively cleans strings, arrays, and objects using the AntiXSS library
  - Added secureOutput(): Applies htmlspecialchars() with UTF-8 encoding to specified fields
  - Secured user login and email data in users list
  - Secured activity log data and search results
  - Added input sanitization for imported CSV data
LDAP/OpenLDAP:
- Fixed LDAP group synchronization for OpenLDAP servers without memberof attribute
  - Fetch groups separately and build reverse user→groups mapping
  - Support for posixGroup (memberUid), groupOfNames, and groupOfUniqueNames
  - Display user's LDAP groups with status icons in sync interface (exists in Teampass, user has role, add role)
  - Fixed role assignment using users_roles table instead of obsolete fonction_id column
Background Tasks:
- Tasks are now processed in parallel (max 2 concurrent tasks)
- Tasks are treated until the pool is empty
Import:
- Fixed: A single item inside a folder has its password encryption corrupted
- Force cache_tree rebuild for user after import
Items
- Improved management of item sharekey creation

Full Changelog: 3.1.6.1...3.1.6.2

3.1.6.0 - Migration is forced when user is login. If you want to migrate progressively, set FORCE_PHPSECLIBV3_MIGRATION to FALSE (in file ./includes/config/include.php).
3.1.5.10 - Refactor: Remove user password sanitization (see documentation)
3.1.5.2 - New: Personal items migration phase implemented with improved management (see documentation)
3.1.5.0 - New: transparent user password recovery in case of password change in external AD (please read documentation)

Please join Teampass v3 translation project on Poeditor and translate it for your language.