Song: https://youtu.be/SWMaa6qvX5U
The team is pleased to announce the much awaited v3.3 which includes new features as well as some fixes requested by the community. It’s been a while since the last release, but as you’ll see, we’ve been busy!
While browsing the internet, passbolt users don’t always know how to use the quick access menu in the toolbar to create or use credentials on a given page. The anticipated autofill and autosave improvements, which we call “in-form integration”, has finally arrived. You’ll be able to perform actions faster within web forms, and be able to quickly generate passwords and save credentials.
We’ve also optimized the original quick access flow to provide better accessibility, with more complete contextual feedback and a reduced number of steps (for example, when inserting a password in a page).
This release also contains a revamped password generator, which allows for the customization of the password parameters and introduces support for passphrase generation. The new passphrase generator produces 9 words using the diceware method. By default, the words aren’t separated, but the user has the option to define a set of characters (e.g. “ ” or “_”) that’ll be used to separate them. The password generator has also been improved, and now generates passwords of 18 characters in length. Also, it’s now possible to exclude look alike characters, like Homoglyphs, and even include emojis 😏.
In our continuous effort to make the application accessible by all, in their mother tongue, this release ships with German and Swedish translations. Other languages, such as Dutch, Polish and Spanish, are in the works and scheduled for the end of the year.
Both the password generator and in-form quick access functionalities have been reviewed as part of an independent security audit by Cure53. So, they should be safe for everyone to use! We also completed another series of audits for the API code and cloud infrastructure. We’ll share the results with you soon in a dedicated blog post (spoiler alert: no critical issue found).
We’ve also successfully completed our SOC2 Type I audit. Our SOC 2 Type II is also well underway and will be available by Q1 2022. These audits are just another step in our on-going compliance and security efforts.
Ok, now for the final reveal. It's been almost a year that we’ve been working on the passbolt mobile application (Android and IOS). This v3.3 release is shipping with its experimental support, which you can optionally enable to test! We’re currently waiting for the app’s reviews on the different web stores and we'll publish a blog article to explain how to test the mobile app. The app will be available for general use and enabled by default once an independent security audit is completed by the end of November. Stay tuned!
A big thank you to the people who reported and documented bugs on github and the community forum, provided your feedback on the account recovery specifications. Thank you for your continued support.
[3.3.0] - 2021-10-25
Added
- PB-7815 As a server administrator I should be able to enable / disable the in-form menu feature, enabled by default
- PB-6072 As a server administrator I should be able to enable / disable the password generator feature, enabled by default
- PB-8189 As a user I should be able to use the application in German or Swedish
- PB-7847 As AN I should be able to authenticate to passbolt via JWT access and refresh tokens [experimental][disabled by default]
- PB-6034 As LU I should be able to configure my mobile app [experimental][disabled by default]
Improvement
- PB-8908 As a user I should see the footer of the passbolt emails translated with my locale
- PB-8364 As a user I should see the subject of the passbolt emails translated with my locale
- PB-6032 As API user I shouldn’t see the _joinData properties in the resource entry points responses
- PB-8281 Add Debian 11 bullseye support
- PB-7750 As AD I should be notified by the healthcheck when a tmp files is executable
- PB-7760 Increase PHPStan level to 6
- PB-8081 As AD I should be able to configure passbolt over IPv6 while installing a passbolt package
- PB-5866 As AD I should be able to detect avatar data discrepancies using the passbolt cleanup command
- PB-7605 As a developer I should be able to enable/disable a plugin easily
Fixed
- PB-5457 Fix as LU importing a batch of passwords I should not get an internal errors because of database deadlock
- PB-7840 Fix as AD I can install/reconfigure the passbolt package if ssl certificates are already present
Security
- PB-8047 Fix PBL-02-002 As LU I should logout by posting to the API and the entry point should should be protected by CSRF
- PB-7751 Updates FlySystem dependency to v2.1.1
- SEC-181 Fix information disclosure: recover endpoint should not return user role and name.
Maintenance
- PB-8488 Remove user agent unnecessary check associated with MFA token
- PB-8336 Clean phpunit.xml file
- PB-8448 Hashes the session ID prior to passord_hash
- PB-8210 Replaces PHPSESSID with session_name()