github passbolt/passbolt_api v5.6.0
Big Jet Plane
on GitHub

17 hours ago

Release song: https://www.youtube.com/watch?v=bu50DtPF1Ac

Passbolt 5.6.0 introduces standalone notes to store sensitive secrets beyond passwords and shared metadata key rotation to give organisations stronger control over their encrypted data. This release also delivers several long-awaited usability improvements on the main workspaces that make the day-to-day experience smoother.

Standalone notes

It is now possible to create notes as standalone resources, no longer tied to a password or TOTP entry. This offers a dedicated resource type for text-based secrets that don’t fit into existing supported types such as passwords, TOTPs, or custom fields.

Standalone notes benefit from the same permissions, encryption, and audit trail as passwords, ensuring they remain just as secure and shareable. Each note supports up to 50 KB of text, leaving ample room for certificates, SSH keys, or other long-form secrets that Passbolt plans to support natively in the future. Import and export flows have been updated accordingly and any imported resources that contain only a description will now be recognised and created as standalone notes.

Resizable sidebars: more space where it matters

Both the main workspace and the Users & Groups workspace now feature sidebars that can be resized, giving users more control over how they view their data. This improvement makes it easier to read long folder names and navigate deeply nested folder structures.

The ability to resize sidebars adds to the overall customisation of the interface, complementing existing options such as adjusting the width of the main workspace grid columns or choosing which information to display. Once adjusted, the sidebar adapts smoothly to the preferred width, and a quick double-click on the handle resets it to the default size.

Shared metadata key rotation

Administrators can now rotate the shared metadata key directly from the organisation settings without disrupting the availability of the instance. This capability gives organisations greater control over their encrypted metadata and is another milestone in completing the encrypted metadata roadmap.

Rotating the shared key enhances security in several important ways. It supports compliance with internal security policies or industry standards that require periodic key rotation. It also strengthens forward secrecy: when a collaborator leaves the organisation, administrators can generate and distribute a new shared metadata key to ensure that former members cannot access metadata encrypted after their departure.

Miscellaneous Improvements

This release is also packed with minor bug fixes and performance improvements, notably in group management where large updates are now split into smaller requests. This change reduces the load on the API and resolves timeout issues that could occur when many changes were applied to the same group at once. For the full list of changes, check out the changelog.

Many thanks to everyone who shared feedback, reported issues, and helped refine these features.

[5.6.0] - 2025-10-08

Added

  • PB-45058 Add datacheck to check for existing metadata key with no metadata private keys
  • PB-44187 As an admin I cannot delete a metadata key associated with a deleted resource
  • PB-44183 As a user that is sole owner of v4 resources when v4 resources types are disabled, v4 resources should be ignored on an ownership transfer request
  • PB-44770 As a user I want to configure the trusted_proxies list as an environment variable
  • PB-45471 Add new database migration to add standalone notes resource type
  • PB-45472 Update resource types endpoints tests to assert enable/disable is working for new standalone notes resource type
  • PB-45473 Update resources endpoints tests to accommodate new standalone notes resource type

Fixed

  • PB-45222 Fix EmailDigest not working for v5 resources
  • PB-45447 Fix PUT /metadata/keys/.json endpoint returning 500 error with trailing data
  • PB-45436 As an administrator I can define the default cache engine with an environment variable
  • PB-45454 Fix 500 error due to MySQL deadlock on create resource endpoint
  • PB-45456 Allow editing of v4 resources even when v4 resource type creation is disabled
  • PB-45258 Fix grammatical errors in the resource update email content
  • PB-45057 Reduce memory consumption on the action logs endpoints
  • PB-45057 Reduce memory consumption on resources and folders index endpoints

Maintenance

  • PB-44813 Bring back DDEV ldap related services for development environment
  • PB-44593 Bump i18next version
  • PB-45161 Fix regularly failing UsersIndexControllerPaginationTest.php test
  • PB-45270 Add custom exception message with client IP in /healthcheck/error.json
  • PB-45062 Fix user_setup_complete.php template in LU folder instead of AD
Check out latest releases or
releases around passbolt/passbolt_api v5.6.0

Don't miss a new passbolt_api release

NewReleases is sending notifications on new releases.

Get notifications