One Nation Under A Groove

One Nation Under A Groove

Release date: April 11th, 2024.

Release song: https://youtu.be/3WOZwwRH6XU?si=jvTiezg7eEEpEh-S

Passbolt is pleased to announce the immediate availability of version v4.6.2. This version is a targeted security release of both the API and the browser extension focusing on fixing security issues reported by security researchers.

We would like to express our appreciation to the community for their assistance in making Passbolt more secure. Further details about the issues will be shared in a separate communication.

API

Security

  • PB-32932 Fix error template title

Browser extension

Fixed

  • PB-32394 As a user defining my passphrase while activating my account I want to know if my passphrase is part of a dictionary on form submission
  • PB-32396 As a user defining my new passphrase while changing it I want to know if my new passphrase is part of a dictionary on form submission
  • PB-32401 As an administrator defining the passphrase of the generated organization account recovery key I want to know if the passphrase is part of a dictionary on form submission
  • PB-32407 As a user editing a password I am invited to confirm its edition when this one very weak in a separate dialog on form submission
  • PB-32395 As a user defining my passphrase while requesting an account recovery I want to know if my new passphrase is part of a dictionary on form submission
  • PB-32397 As a user verifying my private key passphrase while activation my account I do not want to know if my passphrase is part of a dictionary at this stage
  • PB-32399 As a user confirming my passphrase while completing an account recovery (Admin approved) I do not want to know if my passphrase is part of a dictionary on form submission
  • PB-32398 As a user confirming my passphrase while importing my private key during an account recover I do not want to know if my passphrase is part of a dictionary on form submission
  • PB-32404 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission
  • PB-32403 As a user updating a password I am invited to confirm its edition when this one is part of a dictionary in a separate dialog on form submission
  • PB-32405 As a user auto-saving a password from the quickaccess I should not be notified if the password is part of an exposed dictionary
  • PB-32402 As a user creating a password I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission
  • PB-32400 As a user confirming my passphrase while importing an account kit on the desktop app I do not want to know if my passphrase is part of a dictionary on form submission
  • PB-32406 As a user creating a password I am invited to confirm its creation when this one very weak in a separate dialog on form submission
  • PB-32427 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is VERY WEAK in a separate page on form submission