github passbolt/passbolt_api v4.1.0
War Pig

latest releases: v4.10.0-test.1, v4.9.1, v4.9.1-test.1...
16 months ago

Song: https://www.youtube.com/watch?v=LQUXuQ6Zd9w

Presenting the latest update of passbolt, version 4.1.0.

This release introduces role-based access control user rights, enabling administrators to control the accessibility of passbolt features to their users.

Among various improvements, such as a performance increase in folder sharing, passbolt now remembers your favourite MFA provider, improving the user experience while logging in.

On the security side, a configurable number of wrong attempts at MFA authentication will now automatically log the user out. A feature flag now enables the admins to remove the risk of email enumeration when self-registration is enabled.

A big thank you to the community for the contributions and feedback. Stay tuned for the next release candidate!

[4.1.0] - 2023-06-29

Added

  • PB-24259 As an administrator I can define with role based access control users' rights

Improved

  • PB-24744 As a LU the date time format in the response always display the time zone
  • PB-24929 As a LU with multiple MFA providers setup, the latest provider used is proposed by default
  • PB-24488 Non-JSON request should return a 404 if JSON is required
  • PB-24617 As LU I want improved performance while sharing a folder with a user

Security

  • PB-25030 As an admin I can set a feature flag to prevent user email enumeration
  • PB-24273 As an admin I can disable the GET auth/logout.json endpoint (enabled by default)
  • PB-19510 As a user I should be redirected to HTTPS if SSL FORCE configuration is true
  • PB-24566 As an admin the email settings password should be masked in the test email command log output
  • PB-23591 As a user authenticating I can perform a limited amount of TOTP MFA attempts

Fixed

  • PB-24658 As an admin I should see no false warning in the email notification configuration section
  • PB-25275 As an admin I should see the option page during installation after creating the server GPG keys
  • PB-25276 As an admin on installation SSL force option should be set to true if the installation is launched over https
  • PB-25274 Set force SSL config to false by default

Maintenance

  • PB-24925 Updates the fixture factories to its latest version
  • PB-24913 Removes "type" from required JSON schema definition for TOTP resource types
  • PB-24305 Recovery and register legacy routes are not used in emails and commands outputs
  • PB-21604 Extract composer audit task from checkstyle job and make it non-blocking
  • PB-21641 Rename check-style job to static-analysis and make it blocking

Don't miss a new passbolt_api release

NewReleases is sending notifications on new releases.