Song: https://open.spotify.com/track/3LU41qIkh4lND6PM4W8jHw?si=44039421ff734292
Release 3.12 includes a number of new features and enhancements, including the much-anticipated addition of folders in the Community Edition, which allows users to better organise resources.
Another notable new feature is the ability to customise passbolt to output the action logs in syslog or a file, giving administrators more control and visibility on what is happening on their instance and leverage other tools for threat and unusual activity detection. Administrators can also implement their own handler for action logs to further customise their passbolt instance reporting. A blog to demonstrate this new feature will be available soon.
Version 3.12 also includes important fixes, such as a fix to ensure that only administrators can see which users have MFA enabled. This regression was spotted during the Cure53 march security audit. The full report will be available shortly. Spoiler alert: no critical vulnerability was found.
Lastly, more file formats for export are included in release 3.12. This provides more options for migrating data between applications.
Overall, the release of version 3.12 provides several useful improvements. Thank you to the members of the community who’ve reported issues and helped us fix them.
[3.12.0] - 2023-03-15
Added
- PB-20535 As a community user I want to use folders
- PB-22749 As an administrator I can customise passbolt to output the action logs in syslog
- PB-22749 As an administrator I can customise passbolt to output the action logs in a file
- PB-22749 As an administrator I can implement my own action logs handler
Fixed
- PB-23717 As a user using the json API I should get a bad request error instead of an internal error if using api-version=v1
- PB-21826 Fix emails entries should not be locked when threshold limit is exceeded
- PB-23519 As an administrator running the DUO v4 migration I should not see a warning message if DUO was not configured
- PB-23721 As an administrator I want to be sure the server key is in the keyring before decrypting users directory settings
Security
- PB-23311 As an administrator I should be the only one to know which users have enabled MFA
Improved
- PB-23333 As an administrator I should see a notice instead of a warning if I enabled the self registration plugin
- PB-23722 As a developer running the unit tests I want to be sure the version from the config matches the one from the changelog
- PB-22892 As a user recovering my account I want to see the success and error pages feedback
Maintenance
- PB-23287 Duo multi-factor authentication redirection refactoring
- PB-23702 Update phpseclib/phpseclib dependency