What's Changed

New feature

When a browser extension licence key is configured, the admin dashboard now displays the licence status asynchronously:

Licence server online/offline indicator with version
Licence validity (VALID / EXPIRED) and user consumption (consumed / max)
Expiration date
Graceful fallback to the promo text when the licence server is unreachable (no hard dependency on network availability)

The check is performed in the background after page load and never blocks rendering.

WebSocket tokens invalidated across tabs — generating a new WS token on page load no longer disconnects other open tabs; only expired or already-used tokens are now deleted (generateWebSocketToken()).
session_decode() crash in daemon — the WebSocket daemon now skips the session-cookie auth path entirely when no active PHP session exists, preventing a session_decode() call on encrypted session data.
Reverse-proxy auth rate limiting — 127.0.0.1 and ::1 are now exempt from IP-based auth rate limiting, preventing the reverse proxy from being treated as a single suspicious client and blocking all users.
Silent socket error on WS close — fwrite() when sending the close frame is now suppressed (@fwrite) to avoid a PHP warning when the server has already closed the connection.
Reconnect failed notification — replaced the plain error toast with a clickable "Click to reload" link so users can restore the connection without having to find the browser refresh button.
Unused API permission columns removed from WS token query — the validateFromToken() query no longer fetches api_allowed_to_* columns that are irrelevant for WebSocket authentication.

Please join Teampass v3 translation project on Poeditor and translate it for your language.