Passbolt v5.1.1 is a security release that upgrades the OpenPGP.js library to address a recently discovered vulnerability. While the impact of this issue is minimal, OpenPGP.js is a cornerstone of the extension, so the update is essential.
The release also includes fixes for several bugs reported by the community after the major v5 redesign.
For the API, this release fix reported issues from Pro customers where directory synchronization was returning various type errors. It also includes a security fix to only include user’s IP & browser agent information if enabled via configuration.
As always, thank you to everyone who provided bug reports and feedback, and a special thanks to the OpenPGP.js team for the timely heads-up and patch.
API
Fixed
- [PRO] PB-42594 Fix directory_sync ignore-create CLI command shared from help message is not working
- [PRO] PB-42691 Make created & modified dates from AD/LDAP server optional
- [PRO] PB-42592 Fix missing attribute in ldap default configuration file
- [PRO] PB-42689 Fix type errors in directory_sync users & groups commands
- PB-42701 Fix the contain of missing metadata key on view user endpoint
Security
- PB-42687 Security alert emails should display user IP and user agent only if configured
Browser extension
Added
- PB-41365 Support options for ECC Key generation
Fixed
- PB-41760 On some conditions, scrollbars can appear and break the design
- PB-42561 The folder tree caret when scrolling appeared in the wrong orientation
Security
- PB-42613 Upgrade browser extension OpenPGP.js to the latest version
