Skip to content

Latest commit

 

History

History
877 lines (760 loc) · 46.3 KB

CHANGELOG.md

File metadata and controls

877 lines (760 loc) · 46.3 KB

Change Log

All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.

3.2.1 - 2021-06-04

Fixed

  • GITHUB-402 Fix API v3 regression, login must accept JSON data

3.2.0 - 2021-05-31

Added

  • PB-5054 French internationalization
  • PB-5171 As logged-in user I can paginate the result of the users and resources index controllers
  • PB-5854 As logged-in user I can save the locale of a user as account setting
  • PB-5854 As admin I can save the locale the organization as organization setting

Fixed

  • PB-5523 Fix as system administrator I should see the healthcheck errors colored in red
  • PB-5860 Fix password max length should be set to 4096 in resource type definitions
  • PB-6031 Fix as LU I shouldn't get a fatal error when using a scalar instead of an array for some filters values
  • PB-6131 Fix healthcheck error messages display

Improved

  • PB-5975 Test code with PHPStan - level 4
  • Avatar table should use created and modified for timestamp and not created_at and modified_at
  • Move avatar in database

Maintenance

  • PB-5527 Migration to CakePHP4

Security

  • Remove X-XSS-Protection as per Cure53 audit recommendations

3.1.0 - 2021-03-17

Added

  • Add preview password plugin feature flag

3.0.2 - 2021-03-09

Fixed

  • GITHUB-378 Fix healthcheck ssl fullBaseUrl check
  • Fix email digest email preview should accept empty (null) template
  • Fix send test email command should accept undefined username and password

3.0.1 - 2021-02-24

Fixed

  • Fix resources population of resource_type_id field migration

3.0.0 - 2021-02-18

Deprecated

  • Drop support for API format v1, api-version parameter is deprecated
  • Remove title from API response envelope format
  • Drop support for PHP < v7.3, application require PHP v7.3 by default
  • Drop support for Composer < v2, application requires Composer v2 by default

Added

  • Add dark theme to the community edition
  • Add new system check utilities in ./bin, for example ./bin/status-report
  • Add web installer automatically populates mysql credentials (VM / Debian Package)
  • Add support for multiple resource types
  • Add resource with encrypted description as resource type
  • Add generic cron job task in ./bin/cron
  • Add support for untracked personal shell scripts under ./bin/my
  • Add support for configurable footer link in config
  • Add permissions filters on resource view and index
  • Add permissions contain options on resource view

Chores

  • Update OpenPGP-PHP dependencies to provide PHP 7.4 compatibility
  • Remove unmaintained user agent parser library
  • Fix PHP 7.4 warnings

Improvements

  • Improve testsuite execution times
  • Refactor testsuite to not install data model from fixtures but use migrations instead
  • Refactor testsuite to remove unused fixtures
  • Migrate administration and mfa settings screen to React
  • Add placeholder application skeleton when webextension is still loading
  • Redesign of login and recover screens
  • Add Mysql 8 support

2.13.5 2020-07-30

Fixed

  • Fix allow overriding rememberMe options in passbolt.php configuration file
  • Fix all target blank link should contain rel noopener noreferrer
  • Fix email sender, email subject should not exceed 255 characters.
  • Fix secret access log on resource view with contain secret
  • GITHUB-376 Fix missing route prefix on the recovery button
  • GITHUB-373 Fix API format for create group (previously v1 instead of v2 format)
  • GITHUB-372 Fix after modifying passwd, the modification time should be changed
  • GITHUB-370 Fix metadata should be deleted for deleted resources
  • GITHUB-369 Fix Notification Emails Have Wrong Tense In Subject/Body
  • GITHUB-368 Clarify PHP extension requirements
  • GITHUB-362 Fix wrong filename on healthcheck HELP message for assertConfigFiles
  • GITHUB-356 As a user I shouldn't be able to export folders if export plugin is disabled
  • GITHUB-350 Fix no mails are sent when providers offer AUTH PLAIN authentication only
  • GITHUB-339 Fix web installer urls do not work when passbolt is installed in a directory
  • Fix performance issues on resource / folder activity log

2.13.5 2019-07-29

Fixed

  • Fix display a validation error when db password contains a quote or db name contain a dash
  • Fix email notification settings bootstrap messes up non persistent database connection in wizard
  • Bump dependencies versions

2.13.1 2020-07-06

Fixed

  • PB-1372 Fix user setup completed admin email notification

2.13.0 2020-06-23

Added

  • PB-1168 Add baseline code and tests for Debian package build
  • PB-1067 As a user I can receive digest emails when creating a lot of resources
  • PB-1067 As a user I can receive digest emails when added/removed from a lot of groups
  • PB-1284 Add tasks and services to re-validate existing data

Improved

  • Pro Styleguide version bump v2.13.13
  • Appjs version bump v2.13.7
  • PB-1046 Adapt Cleanup test runner to take in account cleanup that are adding records
  • PB-1046 Adapt Cleanup shell task to allow external sources to add cleanup tasks
  • PB-1046 Remove empty EmailTraits files
  • Delete unused default keys (cleanup)
  • Update to latest passbolt_test_data version.
  • Misc refactoring for email notifications
  • Misc refactoring to split model logic into services
  • Clear plugins in tearDown of application test cases

Fixed

  • GITHUB-350 No mails are sent when providers offer AUTH PLAIN authentication only
  • Fix appjs plugin requestUntilSuccess bug
  • Fix load webinstaller plugin manually in plugin tests
  • Fix composer php version.
  • Fix misc checkstyle issues
  • PB-980: Fix "secret access logging in password activity log should not display other resources secret access after a multiple share"

2.12.1 - 2020-04-14

Security fixes

  • PB-1209: Update javascript client dependencies

2.12.0 - 2019-12-06

Added

  • PB-687: As an admin I can resend an invitation for a user that didn't complete the setup

Improved

  • PB-878: Update Openpgp.js to v4.7
  • PB-893: Update CakePHP to v3.8.6

Fixed

  • PB-771: Added purify subject for the email subscribers
  • PB-856: Added migration fix to remove unused tables
  • GITHUB-84: Fix gc_maxlifetime versus Session.timeout units

2.11.0 - 2019-08-08

Security fixes

  • PB-661: Fix tab nabbing when clicking on "open in a new tab" in password grid
  • PB-607: Fix XSS on first name or last name during setup

Improvements

  • PB-587: Add baseline support for multiple openpgp backends
  • PB-391: Display the name and email of the user an admin is going to delete in the delete dialog
  • PB-396: Display the label of the password a user is going to delete in the delete dialog
  • PB-397: Display a relevant feedback in the user details group section if the user is not member of any group
  • PB-533: Add a new session check endpoint that does not extend the session expiry
  • PB-607: Add option for an administrator to configure CSP using environment variable
  • PB-242: Improve the passwords grid (passwords fetch peformance, search reactivity, selectbox area enlarged)

Fixes

  • PB-349: Fix health check fails if using custom GNUPGHOME env set by application
  • PB-330: Fix migration issue from CE to PRO in v2.10
  • PB-567: Fix appjs auto logout
  • PB-601: Fix some incomplete unit tests
  • PB-427: Fix email sender shell task and organization settings table unnecessary coupling
  • PB-349: Fix OpenPGP results health checks

Maintenance

  • PB-505: Upgrade cake 3.8
  • PB-504: Upgrade Javascript dependencies
  • PB-472: Cleanup test dependencies

2.10.0 - 2019-05-15

Added

  • PB-165: As AD I should be able to change my organization email notification settings via an administration screen

Improved

  • PB-276: Merge organization settings code into CE. Ground work for administration features.

2.9.0 - 2019-04-24

Fixed

  • PB-220: Upgrade to CakePHP 3.7.7

2.8.4 - 2019-04-17

Improved

  • PB-48: Improve the performance by removing the creator/modifier from the passwords workspace grid query
  • PB-159: Remove the usage of canjs connect-hydrate module

Fixed

  • GITHUB-315: The permalink of password don't work anymore
  • PB-147: Update appjs steal dependencies
  • PB-152: The webinstaller should work with Firefox ESR
  • GITHUB-299: The passwords are shown twice in passwords workspace grid
  • GITHUB-10: Selecting a group on the users workspace should not reset the grid "Last Logged In" column to "Never"
  • GITHUB-62: Sorting the users on the users workspace should not break the infinite scroll
  • PB-160: Update appjs jquery dependencies
  • PB-163: Update jquery dependency
  • PB-171: Fix entities history trait should not trigger internal error if user action is undefined
  • PB-102: Fix install process should not create shema dump lock file
  • PB-204: Escape shell variables of the passbolt mysql export shell command

2.8.3 - 2019-04-02

Fixed

  • PB-101: Fix version number
  • PB-104: Implement enable / disable config switch for import export in default config

2.8.2 - 2019-04-01

Fixed

  • Fix - Disable Auditlog when passbolt is not configured

2.8.1 - 2019-04-01

Fixed

  • Remove PassboltTestData dev tool call from PassboltShell

2.8.0 - 2019-04-01

Added

  • Import your passwords from other password managers
  • Export your passwords to other password managers
  • PB-3: Quickaccess: Simplified app to access passwords from the browser extension

Improved

  • PB-2: Upgrade to CakePHP 3.7
  • PB-95: Implement Import / Export enable switch

Fixed

  • PASSBOLT-2121: Fix passbolt should run in a subdirectory
  • Fix short tag use in the webinstaller server gpg key import screen
  • Username and password should not be compulsory in email settings, in web installer

2.7.1 - 2019-02-13

Fixed

  • PASSBOLT-3416: Fix the uses of php shortags in the webinstaller template files

2.7.0 - 2019-02-12

Added

  • PASSBOLT-2995: As LU I should be able to copy the permalink of a password

Improved

  • PASSBOLT-3403: As LU I should export only selected passwords
  • PASSBOLT-3397: Remove the list of secrets from the API request while loading the list of passwords
  • PASSBOLT-3319: As LU I should retrieve a secret when I'm editing it
  • PASSBOLT-3318: As LU I should retrieve a secret when I'm copying it
  • PASSBOLT-3317: Display significant information as soon as possible while opening the application
  • PASSBOLT-3312: As GM adding a user to a group I should see a relevant feedback in case of network/proxy errors
  • PASSBOLT-3314: Improve the performance of the application by adding missing indexes
  • PASSBOLT-2974: As LU I should be able to follow links targeting passwords from my emails

Fixed

  • PASSBOLT-3363: The webinstaller should not use the exec php primitive to create/import the gpg server key
  • PASSBOLT-3370: Auth verify error should not leak data
  • PASSBOLT-3368 Fix html injection in email

2.5.0 - 2018-11-14

Added

  • PASSBOLT-2694: Implement the Web Installer feature
  • PASSBOLT-3093: As LU I can select all passwords to perform a bulk operation

Improved

  • PASSBOLT-3166: Add PHP 7.3 job on travis
  • PASSBOLT-3119: The Web Installer should control the route with a middleware
  • PASSBOLT-3153: The Web Installer healtchecks should ensure the config files can be written before continuing
  • PASSBOLT-3120: Improve the Web Installer code coverage
  • PASSBOLT-3127: The Web Installer should change the config folder permissions after the installation is completed
  • PASSBOLT-3152: As AN completing the registration process, if I'm following the link to download the browser extension I cannot go back easily to the registration process
  • PASSBOLT-3189: As AD migrating passbolt to the latest version I would like the CakePHP cache to be cleared with the same operation

Fixed

  • PASSBOLT-3150: I should not see duplicates rows when I filter my passwords by keywords
  • GITHUB-290: A user who have not completed the setup should be allowed to request a new token using recover
  • PASSBOLT-3188: As LU the UI shouldn't crash if the uri of a password cannot be parsed

2.4.0 - 2018-10-12

Added

  • PASSBOLT-2709: Implement the remember me feature
  • PASSBOLT-2951: Merge the remember me on CE
  • PASSBOLT-2972: As LU I should be able to delete multiple passwords in bulk
  • PASSBOLT-2329: As an administrator deleting a group which is sole owner of one or several passwords, I should be requested to select a new owner for these passwords
  • PASSBOLT-2983: As LU I should be able to share multiple passwords in bulk

Improved

  • PASSBOLT-3009: Add types to authentication tokens
  • GITHUB#275: Adding SSL configuration environment variables for cake mysql driver
  • PASSBOLT-2534: As LU I should not be able to copy to clipboard empty login/url
  • PASSBOLT-2017: As LU when I save a password (create/edit) the dialog shouldn't persist until the request is processed by the API
  • PASSBOLT-3073: As LU I should get a visual feedback directly after filtering the passwords or the users workspace
  • PASSBOLT-2972: As LU I should be able to select multiple passwords with classic keyboard interactions (command and shift keys)
  • PASSBOLT-3090: Extend the CSRF protection

Fixed

  • PASSBOLT-2966: As LU I can't see passwords shared with me clicking on the "shared with me" shortcut filter
  • GITHUB#246: Fix healthcheck tips relative to tmp folder
  • Fix Email notifications being sent several times when an AppShell is instantiated inside an AppShell
  • PASSBOLT-3063: Fix appjs base url and subfolder
  • PASSBOLT-3074: As a logged in user selecting a "remember me" duration the checkbox should be selected automatically
  • PASSBOLT-2976: Fix API requests issues when the user is going to another workspace
  • PASSBOLT-3082: ezyang/htmlpurifier cache should be stored in the application cache directory
  • PASSBOLT-2982: Fix session expired check
  • PASSBOLT-3086: As LU when I have 100+ passwords I cannot see the passwords after the 100th more than once

2.3.0 - 2018-08-30

Fixed

  • PASSBOLT-2965: Group filter link stays active after switching to a non group filter
  • Route rewriting of the appjs should take in account passbolt installed in a subdirectory
  • Fix the loading bar stuck in the initialization state in some cases
  • PASSBOLT-2969: Enforce steal to load the latest version of the appjs

Improved

  • PASSBOLT-2950: Display empty feedbacks content
  • PASSBOLT-2971: Reset the workspaces filters when a resource or a user is created
  • PASSBOLT-2267: As an admin deleting a user I can transfer ownership of this user shared passwords to another user or a group that have read access.

2.2.0 - 2018-08-13

Added

  • PASSBOLT-2906: Enable CSRF protection
  • PASSBOLT-2940: Implement app-js primary routes

Fixed

  • PASSBOLT-2805: Sort by date fix and sort by user first_name by default
  • PASSBOLT-2896: Fix filter by tag from the password details sidebar
  • PASSBOLT-2903: Fix logout link. It should target a full based url link
  • PASSBOLT-2926: Fix session timeout check
  • PASSBOLT-2927: Fix appjs ajax error handler
  • PASSBOLT-2941: Grid performance fix

Improved

  • PASSBOLT-2933: Upgrade to canjs 4

2.1.0 - 2018-06-14

Added

  • PASSBOLT-2878: Integrate dark theme
  • PASSBOLT-2861: Make username clickable for copy to clipboard

Fixed

  • GITHUB-101: Fix the readme should point to the documentation for how to upgrade passbolt
  • PASSBOLT-2682: Fix healthcheck entry point when logged in as admin and debug is false
  • PASSBOLT-2869: Fix GPG wrapper should recognize the correct type and bit length
  • PASSBOLT-1917: Migrate to canjs 3.x
  • PASSBOLT-2883: Fix logout link should not prevent event propagation
  • PASSBOLT-2886: Fix fingerprint tooltips in user group management dialog
  • PASSBOLT-2894: Fix missing div breaking elipsis on long url in password workspace
  • PASSBOLT-2891: Fix group edit users tooltips
  • PASSBOLT-2884: Update header left menu. Remove home and add help.
  • PASSBOLT-2885: Update user settings menus
  • PASSBOLT-2895: Fix notifications homogeneity
  • PASSBOLT-1337: Fix a logged in user should not be allowed to login or recover
  • PASSBOLT-1337: Remove gpg json sign middleware
  • PASSBOLT-1337: Wordsmithing healthcheck GPG feedback

2.0.7 - 2018-05-09

Fixed

  • Fix missing css on error pages and add version numbers to CSS and JS files calls to prevent caching
  • Fix do not enable debugKit when debug is set to true

2.0.5 - 2018-05-08

Fixed

  • PASSBOLT-2764: Fix Groups autocomplete doesn't work with less than 3 characters
  • PASSBOLT-2826: Upgrade styleguide to v2.1.0
  • PASSBOLT-2812: Rebuild fixtures with updated public keys

2.0.4 - 2018-04-25

Fixed

  • COMMUNITY-599: Make email MX validation optional and not enabled by default
  • GITHUB-247: Fix secrets are not deleted when deleting a group or a user

2.0.3 - 2018-04-20

Fixed

  • PASSBOLT-2849: Fix issue ResourcesTable::_filterByPermissionType and MariaDB 5.5
  • PASSBOLT-2848: Fix unsafe mode and ssl offloading

2.0.2 - 2018-04-16

Improved

  • GITHUB-242: Add Auto-Submitted header to the email notifications

Fixed

  • PASSBOLT-2806: Force database columns charset and collation
  • PASSBOLT-2781: Increase length of resource uri field in model validation
  • PASSBOLT-2696: Fix regression: placeholders in registration form are missing
  • PASSBOLT-2791: Fix providing a string instead of an array in Email. From configuration generates a warning in SendTestEmailTask.php

2.0.1 - 2018-04-09

Fixed

  • GITHUB-239: Fix unsafe mode logic
  • GITHUB-240: Make sure unconfigured 'passbolt.plugins' doesn't break the extension
  • PASSBOLT-2511: Improve healthcheck tables list so that tables are listed per major version number

2.0.0 - 2018-04-09

Added

  • PASSBOLT-2725: Implement start page when passbolt is not configured
  • PASSBOLT-2740: Update <3 link and add unsafe mode warning
  • PASSBOLT-2697: Add passbolt migrate shell with backup option prior migration
  • PASSBOLT-2803: Make the privacy policy footer link configurable in the settings
  • PASSBOLT-2720 Move dev dependencies out of the passbolt_api repo
  • PASSBOLT-2511: passbolt pro bootstrap is moved in a separate folder

Fixed

  • GITHUB-229: Fix passbolt can not run in a subdirectory
  • COMMUNITY-533: Fix plaintext should be initialized prior verification
  • PASSBOLT-2776: Fix: As AN, settings entry point should be able to have plugins settings whitelisted
  • PASSBOLT-2762: Fix unexpected error on resource share
  • PASSBOLT-2754: Change the way to define if passbolt is installed while running the unit tests
  • PASSBOLT-2571: Delete secrets when a password is soft deleted
  • PASSBOLT-2688: Fix healtcheck warning if the development plugin passbolt_test_data is not loaded
  • PASSBOLT-2711: Delete orphans secrets
  • PASSBOLT-2678: Edit Appjs API calls to use version number
  • PASSBOLT-2694: Improve GPG lib to handle private keys validation
  • PASSBOLT-2744: Favorites delete on group user delete
  • PASSBOLT-2743: Favorites delete on permissions update
  • PASSBOLT-2705: Increase coverage, ensure all users who lost access to a resource have no a secret in db for this resource
  • PASSBOLT-2735: Display a specific message if a sidebar section has not content to display
  • PASSBOLT-2664: Change cakephpConfig into settings entry point and adjusted app-js to work with it

2.0.0-rc2 - 2018-02-20

Added

  • PASSBOLT-2638: Added command to test email configuration and SMTP communication
  • PASSBOLT-2608: Implement Sidebar v2 in the Appjs
  • PASSBOLT-2660: Add codacy badge
  • PASSBOLT-1741: Add more GPG healthchecks
  • PASSBOLT-1741: Add PHP extension checks to the healthcheck
  • PASSBOLT-2597: Add check before upgrade to ensure passbolt is already in latest 1.x
  • PASSBOLT-2631: Add an env var to control which email transport to use and defaults to Smtp
  • PASSBOLT-2601: Add Travis v2: phpunit, coverage, phpcs

Fixed

  • PASSBOLT-2618: Fixes for PHP 7.2 compatibility
  • PASSBOLT-2624: PR#219 Fixed use CONFIG instead of "ROOT . DS . 'config'"
  • PASSBOLT-2631: Fixed default class for EmailTransport to Smtp in configuration
  • PASSBOLT-2640: Fixed incomplete urls in email templates
  • PASSBOLT-2640: Fixed escaping of non safe characters in emails
  • PASSBOLT-2667: Fixed regression: create a user that has been deleted previously returns an error
  • PASSBOLT-2673: Fixed regression: as AD I cannot create a group with the name of previously deleted group
  • PASSBOLT-2545: Fixed regression: As AD deleting a group I should be notified that all members of the group gonna lose access to the passwords shared with the group
  • PASSBOLT-2139: Fixed check sessions calls are logged as error
  • PASSBOLT-2139: Fixed not found image on password workspace
  • PASSBOLT-1741: Fixed set license to AGPL-3.0-or-later for composer compatibility
  • PASSBOLT-2589: Fixed App-js should check request response code from the http response header and not from the body header
  • PASSBOLT-2533: Fixed resource name, username, uri, description min length should be 1 char not 3
  • PASSBOLT-2660: Fixed remove flash message from login layout

2.0.0-rc1 - 2018-01-12

Security

  • XSS protection improvements, with a new test suite dedicated for XSS.
  • HTTP security headers are enabled by default and can be disabled using configuration options.
  • Json responses server signature (experimental).

Improved

  • An expired setup link can be re-sent through the recovery procedure.
  • Dropped SQL views (will allow supporting additional database backends).
  • Simplified configuration system. The entire configuration will be done in one dedicated file with safer defaults.
  • Most configuration items are now available as environment variables.
  • Install commands perform additional health checks prior to running.
  • CakePHP and other dependencies have been removed from the repository and are now installed with composer.
  • More flexible validation rules for inputs in most fields.
  • Emojis support where it make sense (comments, descriptions, etc).
  • Some notifications will not be sent if the user is the one doing the action (ex. delete password).
  • The App-JS code is now available on a dedicated repository.
  • Misc javascript foundation code refactoring.
  • Added missing tables index to speed up some database queries.
  • “Owner” has been replaced by “Created by” in the password sidebar to be more relevant.
  • API supports a more standard response format (documentation coming soon).
  • Additional settings for controlling what is displayed in email notifications.
  • Added created date information in password sidebar.

Changed

  • Passbolt api migration to CakePHP 3.
  • PHP 7.0 is now the minimum supported version.
  • Dropped table “controller_logs”. It will be soon replaced by the Audit Logs feature.
  • Dropped table “schema_migrations”.
  • Dropped table “cake_sessions”.
  • Dropped “anonymous statistics” feature (nobody opted in…).

Fixed

  • “Passwords I own” filter displays all the passwords for which I have “is owner” permission.
  • An admin can delete a user if the user is the sole group member of a group owning passwords that are not shared.
  • An admin can delete a user if the user is the sole owner of a password that is not shared.

1.6.9 - 2018-01-12

Fixed

  • PASSBOLT-2599: PR#209: Expose the 'client' variable in the default email conf
  • PASSBOLT-2599: PR#211: Remove stray apostrophe in the filter by group component
  • PASSBOLT-2599: PR#214: Remove html purifier submodule
  • PASSBOLT-2599: PR#208: Fix typos in emails
  • PASSBOLT-2599: PR#159: Rename license file
  • PASSBOLT-2599 Fixed Travis
  • PASSBOLT-1453: Add optional predictable UUID for auth token in selenium testing
  • PASSBOLT-2474 New contributing guidelines for community forum

1.6.5 - 2017-09-12

Added

  • PASSBOLT-2383: Add + and \ to the list of allowed characters for the Resource fields: name, username and description

Fixed

  • PASSBOLT-2371: Force the charset of the cake_sessions table in utf8
  • PASSBOLT-2325: As system administrator I shouldn't be able to execute passbolt CLI commands as root
  • PASSBOLT-2397: As system administrator I should see in the healthcheck if app/tmp content and app/webroot/img/public content are writable
  • PASSBOLT-1991: As system administrator I should see in the healthcheck if the server key can be used for encrypting/decrypting

Security

  • PASSBOLT-2409: Noopener on resource url in password workspace
  • PASSBOLT-2402: XSS on resource url in password workspace

1.6.4 - 2017-08-31

Fixed

  • PASSBOLT-2358: As a user registering on the demo instance I must understand the disclaimer

1.6.3 - 2017-08-21

Fixed

  • PASSBOLT-2316: Merge the selenium & phpunit dummy data sets
  • PASSBOLT-2317: Speed up dummy secret creation task
  • PASSBOLT-2327: Add a large set of dummy data for performance testing
  • PASSBOLT-2282: As admin on the user workspace, I should be able to distinguish visually the users who haven't activated their account yet

1.6.2 - 2017-08-12

Added

  • PASSBOLT-2284: As an administrator I can set which notifications are enabled for my organization #98
  • PASSBOLT-2284: As an administrator I can prevent encrypted secret or username to be sent in email notification #114

Fixed

  • PASSBOLT-2301: Remove additional slashes in passbolt.js urls such as model/users::find #142
  • PASSBOLT-2270: Fix modified_by not set on resource edit regression
  • PASSBOLT-2271: Fix no wrap issue on resource description
  • PASSBOLT-1943: As an administrator I should not be able to install passbolt on a hostname that is not RFC3986 compliant
  • PASSBOLT-1937: As an administrator I should not be be able to install passbolt with a server key without an email id
  • PASSBOLT-2002: Refactor install script to reuse healthcheck library

1.6.1 - 2017-07-26

Added

  • PASSBOLT-2147: As a group member I should receive a notification when my role in the group has changed
  • PASSBOLT-2148: As a group manager I should receive a notification when a user who is part of one (or more) groups I manage is deleted
  • PASSBOLT-2225: As a demo user it should be explicit that I need to use a throway email account
  • PASSBOLT-2133: As LU I should be able to filter passwords by group on the passwords workspace
  • PASSBOLT-2012: As a user I can see which groups a user is a member of from the sidebar

Fixed

  • PASSBOLT-2171: The group list component should be marked as ready once the API request is completed
  • PASSBOLT-2172: Newly added group manager shouldn't receive the group update summary notification
  • PASSBOLT-2174: Edit group dialog should be marked as ready if an admin edit a group the admin is not group manager
  • PASSBOLT-2155: As AD I shouldn't be able to delete as user if the user is the sole group manager of a group
  • PASSBOLT-2075: Users should be removed from the groups they are member of after a soft delete operation
  • PASSBOLT-1934: GITHUB-40, GITHUB-120: As a user I should be allowed to add the a ldap path as username
  • PASSBOLT-2156: GITHUB-94: As a user I should be allowed to add text in JSON format in the description
  • PASSBOLT-2122: GITHUB-85: Username should be Minimum 1 characters in length (and not 3)
  • PASSBOLT-2180: GITHUB-85: As a user I should be allowed to add a space in a resource username
  • PASSBOLT-2125: GITHUB-86: As a logged in user creating/editing a password I should be able to use new line characters in the description
  • PASSBOLT-2188: Regression: As LU when I search for a user it shouldn't make an API request
  • PASSBOLT-2234: Regression: As newly added GM I shouldn't receive the group update summary when I'm just added as GM
  • PASSBOLT-2235: As AD editing a group the dialog shouldn't be marked as ready until the members list is loaded
  • PASSBOLT-2105: Anonymous statistics: fix "Warning Error: file_put_contents" issue at installation
  • PASSBOLT-2005: PR#44: Update allowed characters in a uri

1.6.0 - 2017-06-21

Added

  • PASSBOLT-2099: As a user I should receive a notification when I am added to a group
  • PASSBOLT-2100: As a user I should receive a notification when I am deleted of a group
  • PASSBOLT-2102: As a group manager I should receive a notification when another group manager added a user to a group I manage
  • PASSBOLT-2103: As a group manager I should receive a notification when another group manager removed a user from a group I manage
  • PASSBOLT-2140: As a group manager I should receive a notification when another group manager changed the role of a user of a group I manage
  • PASSBOLT-2138: The TLS parameter should be part of the default email configuration

Fixed

  • PASSBOLT-2044: As an admin I shouldn’t be able to delete a user who is the sole owner of passwords shared with others
  • PASSBOLT-2078: As GM/AD I shouldn't be able to add a user who didn't complete the registration process to a group I edit/create
  • PASSBOLT-2111: As an admin I should be able to install passbolt under mydomain.tld/passbolt
  • PASSBOLT-2142: As an admin I should not see multiple ASCII banner when running the install script
  • PASSBOLT-1959: As LU when I unshare a password with a user or a group, associated secrets should be destroyed
  • PASSBOLT-1954: Security: Trackable behavior should override created_by and deleted_by when provided

1.5.1 - 2017-05-23

Fixed

  • PASSBOLT-2070: Delete unused code / exclude external libs from coverage
  • PASSBOLT-2071: Drop exec bits from files which don't need them (@OdyX GITHUB PR #67)
  • PASSBOLT-2073: As AP I should see a warning on the login page if the plugin and the api are not compatible
  • PASSBOLT-2029: PHP7 compatibility, fix deprecated cakePHP String class calls (@leomazzo GITHUB-64)
  • PASSBOLT-2074: Delete confirmation dialogs should fit the latest styleguide

1.5.0 - 2017-05-16

Added

  • PASSBOLT-1950: As a user I can see which groups a password is shared with from the sidebar
  • PASSBOLT-1953: As a user I can share a password with a group
  • PASSBOLT-1940: As a user when editing a password for a group, the secret should be encrypted for all the members
  • PASSBOLT-1639: As a user editing a password description in the right sidebar should not get duplicated items in shared with section
  • PASSBOLT-1938: As a user I can browse the list of groups in the groups section of the user workspace
  • PASSBOLT-2000: As a user I can see which users are part of a given group from the sidebar and the users section
  • PASSBOLT-1960: As a user I can see the list of users that are part of the group in the users grid by using the group filter
  • PASSBOLT-1838: As a group manager I can edit the membership roles
  • PASSBOLT-1838: As a group manager I can add a user to a group
  • PASSBOLT-1838: As a group manager I can remove a user from a group using the edit group dialog
  • PASSBOLT-1969: As a group manager I can edit a group from the contextual menu and from the groups sidebar
  • PASSBOLT-1969: As a group manager I can see which users are part of a given group from the group edit dialog
  • PASSBOLT-2000: As a group manager I can see which users are part of a given group from the sidebar and the users section
  • PASSBOLT-2006: As an administrator I can delete a group from the group contextual menu
  • PASSBOLT-1969: As an administrator I can edit a group
  • PASSBOLT-2006: As an administrator I can delete a group
  • PASSBOLT-1955: As an administrator I can create a group using the new button in the users workspace
  • PASSBOLT-1939: As an administrator the healthcheck should be accessible in command line
  • PASSBOLT-1943: As an administrator the healthcheck should tell if not using a proper domain name as base url
  • PASSBOLT-1943: As an administrator the healthcheck should tell if SSL certificate is invalid
  • PASSBOLT-1885: As an administrator the healthcheck should tell if the full base url is not reachable
  • PASSBOLT-1838: Add v1.5.0 migration script
  • PASSBOLT-1881: Add support for groups in the permission system
  • PASSBOLT-1952: Add support for groups in the fixtures
  • PASSBOLT-1928: Deploy styleguide with groups support

Fixed

  • PASSBOLT-1614: Abstract user/password grid functions into the mad framework grid library
  • PASSBOLT-1571: API query string filters: better naming conventions and implementation
  • PASSBOLT-1915: Remove legacy references related to old user passwords
  • PASSBOLT-1761: Remove legacy references to throttle login
  • PASSBOLT-1268: Remove legacy dictionary controller
  • PASSBOLT-1268: Use exceptions instead of message component errors and misc refactoring
  • PASSBOLT-2036: Fix travis database configuration issue
  • PASSBOLT-2037: Schema should allow resources fields username and uri to be null
  • PASSBOLT-2038: Travis and php54

1.4.0 - 2017-02-07

Fixed

  • PASSBOLT-1863: Remove references to legacy features Category and Tags
  • PASSBOLT-1883: Fix wrong usage of the permission entry point viewByAco
  • PASSBOLT-1887: Remove the entry point PermissionController::simulateAcoPermissionsAfterChange
  • PASSBOLT-1886: Remove the controller component PermissionHelperComponent
  • PASSBOLT-1888: Remove the model behavior function PermissionableBehavior::getUsersWithAPermissionSet
  • PASSBOLT-1889: Remove references to legacy models and tables (AuthenticationLogs, AuthenticationBlackList, Email, Adress, PhoneNumber)
  • PASSBOLT-1890: Clean the Permission model validation functions & augment coverage
  • PASSBOLT-1894: Reorganize ACL models tests
  • PASSBOLT-1896: Remove references to legacy permission types CREATE and DENY
  • PASSBOLT-1511: removed tracking of config file Config/email.php (@BaumannMisys GITHUB-34)
  • PASSBOLT-1835: As a user I should be able to create an account with the same username as an account that was previously deleted (@bestlibre GITHUB-33)
  • PASSBOLT-1646: GITHUB-20 Permissions views and queries do not work with Mysql57 / only_full_group_by enabled

1.3.2 - 2017-01-16

Fixed

  • PASSBOLT-811: Error message look and feel is not consistent on register / recover

1.3.1 - 2017-01-03

Fixed

  • PASSBOLT-1758: As LU sharing a password I should be able to filter users based on first name and last name
  • PASSBOLT-1779: Remove debug statement
  • PASSBOLT-1585: As AN I should be allowed to register if my lastname or firstname are 2 chars in length
  • PASSBOLT-1783: Form validation and translation: malformed error messages
  • PASSBOLT-1619: As AP I should not be allowed to recover my account if I have not completed the setup first
  • PASSBOLT-1767: As a AD installing passbolt I should be told if webroot/img/public is not writable.
  • PASSBOLT-1793: Upgrade to CakePHP v2.9.4
  • PASSBOLT-1784: GITHUB-29 PHP7 compatibility issue in migration console tasks
  • PASSBOLT-1790: Fixed update context sent by anonymous usage statistics

1.3.0 - 2016-25-11

Fixed

  • PASSBOLT-1721: SSL detection not working in healthcheck
  • PASSBOLT-1708: Accept JSON data content type for HTTP PUT during setup

Added

  • PASSBOLT-1725: Misc changes for Chrome support
  • PASSBOLT-1726: Implement anonymous usage data

1.2.1 - 2016-10-19

Fixed

  • PASSBOLT-1719: GITHUB-14 The "." is not allowed in email address field
  • PASSBOLT-1525: Remove unused controllers and components
  • PASSBOLT-1718: Tidy up readme and contribution guidelines

1.2.0 - 2016-10-17

Added

  • PASSBOLT-1706: GITHUB-18 Resource Description length is too short, should be 10K characters
  • PASSBOLT-1658: GITHUB-18 Resource URI length is too short, should be 1024 characters
  • PASSBOLT-1637: GITHUB-14 The "+" is not allowed in the email address field while adding a new user
  • PASSBOLT-1525: Test coverage for SetupControllerTest & CakeErrorController
  • PASSBOLT-1694: Default config change: debug should be set to 0
  • PASSBOLT-1660: Refactoring to simplify Chrome plugin development
  • PASSBOLT-1649: Adjusted coveralls markup
  • PASSBOLT-1648: Upgrade to Cakephp 2.9.1
  • PASSBOLT-1250: Contribution guidelines

Fixed

  • PASSBOLT-1700: Event names should stay backward compatible
  • PASSBOLT-1668: Remove GPGAuth debug count
  • PASSBOLT-1673: Restore avatars during quick install

1.1.0 - 2016-08-09

Added

  • PASSBOLT-1124: As LU on user workspace I should be able to see the last logged in date of a user.
  • PASSBOLT-1216: As LU I should be able to sort the tableview in passwords workspace
  • PASSBOLT-1217: As LU I should be able to sort the tableview in users workspace.
  • PASSBOLT-1535: Fix mysql 5.7 schema issues and improve compatibility.
  • PASSBOLT-1633: Travis and Coveralls integration.
  • PASSBOLT-1597: Implemented schema versioning and migration tool.

Fixed

  • PASSBOLT-1604: As a AD I should be able to see the healthcheck page when debug is set to 0
  • PASSBOLT-1525: Misc unit test code coverage & phpcs cleanup
  • PASSBOLT-1653: After migration, Gpgkey.uid should be sanitized in DB.
  • PASSBOLT-1634: Authentication logs are moved in each authentication stage.
  • PASSBOLT-1383: Cleanup cakephp config & prevent future regressions like PASSBOLT-1621 with a default.
  • PASSBOLT-1486: After deleting a user, I should be able to recreate a user with the same username.
  • PASSBOLT-1620: Duplicate users in the list when selecting a user and using filters.
  • PASSBOLT-1652: As LU I cannot use passbolt with long public key.

Tests

  • PASSBOLT-1642: Increased selenium tests coverage when browser is restarted.
  • PASSBOLT-1643: Increased selenium tests coverage when passbolt tab is closed and restored.

1.0.14 - 2016-07-06

Fixed

  • PASSBOLT-1616: Fixed bad merge during the previous release.
  • PASSBOLT-1599: GITHUB-10 passbolt.js requesting wrong path for config.json.

1.0.13 - 2016-06-30

Fixed

  • PASSBOLT-1605: Set::extract to Hash::extract refactoring regression.
  • PASSBOLT-1601: ControllerLog Model should support IVP6 addresses.
  • PASSBOLT-1366: Worker bug when multiple passbolt instances are open in multiple windows.
  • PASSBOLT-1590: Styleguide bump to v1.0.38.
  • PASSBOLT-1613: As a user losing access to a password I selected, I shouldn't encounter an error.
  • PASSBOLT-1569: Cleanup: remove SetupController::ping.

Added

  • PASSBOLT-1077: As a LU searching for a password (or a user) search results should filter as I type.
  • PASSBOLT-1588: As AN it should be possible to recover a passbolt account on a new device.

1.0.12 - 2016-05-31

Fixed

  • PASSBOLT-1439: Email is sent as anonymous when a user is created from the console.
  • PASSBOLT-1509: As LU, when a password is shared with me in read only, I should not see the delete menu available in more.
  • PASSBOLT-1407: As LU, there is no visual feedback when I upload a picture and that the process is in progress.
  • PASSBOLT-1579: Segfault at the end of setup when trying to display login form.
  • PASSBOLT-1576: Fixed Hash component warning message in EmailQueue.
  • PASSBOLT-1322: Insertion of comments in unittest dataset display an error in the console.
  • PASSBOLT-1234: Authentication token used for account registration expiracy check.

Added

  • PASSBOLT-1572: As LU, I should be able to see which users a password is shared with directly from the sidebar.

1.0.11 - 2016-05-16

Added

  • PASSBOLT-1388: As a user I should receive an email notification when a password is updated.
  • PASSBOLT-1389: As a user I should receive an email notification when a password is created.
  • PASSBOLT-1390: As a user I should receive an email notification when a password is deleted.
  • PASSBOLT-1544: As a user I should receive an email notification when someone comments on a password.
  • PASSBOLT-1221: API documentation with Swagger (Part I: models).

Fixed

  • PASSBOLT-1094: Frontend : Server errors happening during a request should give a visual feedback.
  • PASSBOLT-1438: Retry button is not working at setup first step (when user doesn't have the plugin installed).
  • PASSBOLT-1564: As a sysop, installing passbolt with quiet mode should not output any information.
  • PASSBOLT-1434: Wordsmithing: rename master password to passphrase.

1.0.10 - 2016-05-03

Fixed

  • PASSBOLT-1502: String is depracated in Cakephp since version 2.7 use CakeText instead.
  • PASSBOLT-1466: GET /auth/verify.json Content-Type should not be text/html but JSON.
  • PASSBOLT-1443: Copy to clipboard icon is misleading

Changed

  • PASSBOLT-1419: Cleanup config.json for js client and remove useless config.
  • PASSBOLT-1514: By default passbolt app should not be indexed by search engines.
  • PASSBOLT-1474: API: Upgrade cakephp to 2.8.3.
  • PASSBOLT-1288: As an AD during install I should have status page to help me.

1.0.9 - 2016-04-25

Fixed

  • PASSBOLT-1505: As AP, I should not get an error during setup if my key has been generated on a system that is not exactly on time.
  • PASSBOLT-1457: As LU, I should not be able to create a resource without password.
  • PASSBOLT-1441: Wordsmithing: a parenthesis is missing on set a security token step.
  • PASSBOLT-1158: Remove all errors (plugin/client) from the browser console at passbolt start.

Changed

  • PASSBOLT-1456: When generating a password automatically it only generates a "fair" level password.
  • PASSBOLT-1495: Passbolt: update installation instructions in README file.

1.0.8 - 2016-04-15

Fixed

  • PASSBOLT-1445: As a LU viewing someone else comment I should not see the delete comment button.
  • PASSBOLT-1402: As LU, In the comment thread I should not see a hyperlink on people's name that leads to nowhere.

1.0.7 - 2016-04-04

Added

  • PASSBOLT-1223: Implemented state for empty password workspace.

Changed

  • PASSBOLT-1450: Change information button icon. Eye becomes information.

1.0.6 - 2016-03-28

Added

  • PASSBOLT-1343: Confirmation email link opened in chrome does not explain that passbolt works only in firefox.
  • PASSBOLT-1416: Improved coverage : API / Token should not be disabled when validateAccount fails.
  • PASSBOLT-1444: Slack plugin for passbolt to keep track of demo registrations.

Fixed

  • PASSBOLT-1395: Regression : As LU I should not be able to select two password.
  • PASSBOLT-1396: As LU I should not see a mix of two dashboards if I click quickly on the users and passwords menu links.
  • PASSBOLT-1406: Space missing between first name and last name in registration email.

1.0.5 - 2016-03-21

Added

  • PASSBOLT-1384: Admin user should be registered during installation.
  • PASSBOLT-1310: As user whose account is deleted I should get feedback on login.

Fixed

  • PASSBOLT-1415: Please register links are broken for AP.
  • PASSBOLT-1157: An error page should not include any scripts.
  • PASSBOLT-1243: I should see an error when I try to upload an avatar with a wrong file type / size

Terminology

  • AN: Anonymous user
  • LU: Logged in user
  • AP: User with plugin installed
  • AD: Admin