diff --git a/CHANGELOG.md b/CHANGELOG.md index ed6881d8..6068c42e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,25 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] -## [4.6.0] - 2024-03-14 +## [4.6.2] - 2024-03-29 +### Fixed +- PB-32394 As a user defining my passphrase while activating my account I want to know if my passphrase is part of a dictionary on form submission +- PB-32396 As a user defining my new passphrase while changing it I want to know if my new passphrase is part of a dictionary on form submission +- PB-32401 As an administrator defining the passphrase of the generated organization account recovery key I want to know if the passphrase is part of a dictionary on form submission +- PB-32407 As a user editing a password I am invited to confirm its edition when this one very weak in a separate dialog on form submission +- PB-32395 As a user defining my passphrase while requesting an account recovery I want to know if my new passphrase is part of a dictionary on form submission +- PB-32397 As a user verifying my private key passphrase while activation my account I do not want to know if my passphrase is part of a dictionary at this stage +- PB-32399 As a user confirming my passphrase while completing an account recovery (Admin approved) I do not want to know if my passphrase is part of a dictionary on form submission +- PB-32398 As a user confirming my passphrase while importing my private key during an account recover I do not want to know if my passphrase is part of a dictionary on form submission +- PB-32404 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission +- PB-32403 As a user updating a password I am invited to confirm its edition when this one is part of a dictionary in a separate dialog on form submission +- PB-32405 As a user auto-saving a password from the quickaccess I should not be notified if the password is part of an exposed dictionary +- PB-32402 As a user creating a password I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission +- PB-32400 As a user confirming my passphrase while importing an account kit on the desktop app I do not want to know if my passphrase is part of a dictionary on form submission +- PB-32406 As a user creating a password I am invited to confirm its creation when this one very weak in a separate dialog on form submission +- PB-32427 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is VERY WEAK in a separate page on form submission +## [4.6.0] - 2024-03-14 ### Added - PB-24485 As signed-in administrator I can see the healthcheck in the UI - PB-29051 As a user I can use ADFS as SSO provider @@ -93,7 +110,6 @@ This project adheres to [Semantic Versioning](http://semver.org/). - PB-29159 As a signed-in user I want the Mfa screen to be available when using the bext 4.4 and API 4.5 - PB-29263 Replace the mechanism to have CSRF token from the cookie - ### Security - PB-29194 Upgrade vulnerable library web-ext - PB-28658 Mitigate browser extension supply chain attack @@ -121,7 +137,6 @@ This project adheres to [Semantic Versioning](http://semver.org/). - PB-28592 Fix minimum gecko version in firefox manifest.json - PB-29020 Fix detection pagemod duplicate - ## [4.4.2] - 2023-11-06 ### Fixed - PB-28880 Fix resource with TOTP when description is updated from information panel diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index a986b791..e169da32 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,52 +1,23 @@ -The Passbolt Pro 4.6.0 release "Purple Haze", brings a new SSO provider and improves administrative aspects and overall system health. +Song: https://youtu.be/3WOZwwRH6XU?si=jvTiezg7eEEpEh-S -A major addition in this release is the Beta implementation of SSO AD FS (Active Directory Federation Services), enabling streamlined single sign-on capabilities for improved user access management. +Version 4.6.2 is a targeted maintenance release of the browser extension, focusing on refining passwords strength verification process. This update ensures a balance between adhering to security best practices and maintaining user-friendliness. -Furthermore, this version incorporates the Health Check feature within the Admin workspace, offering administrators a comprehensive tool for system health assessment, thereby enhancing the platform's maintainability and reliability. - -This release also focuses on refining the platform's infrastructure for enhanced performance. It lays the groundwork for future updates by optimizing data verification processes and reducing memory usage during web activities. - -The update paves the way for a series of successive enhancements with the next releases. - -## [4.6.0] - 2024-03-14 -### Added -- PB-24485 As signed-in administrator I can see the healthcheck in the UI -- PB-29051 As a user I can use ADFS as SSO provider -- PB-29162 As signed-in administrator I can authorize only group managers to see the users workspace -- PB-29396 As signed-in administrator I can hide the share folder capability with a RBAC - -### Security -- PB-29384 As signed-in administrator I should see a 404 when accessing a non existing administration page -- PB-29384 As signed-in user I should see a 403 when attempting to access an administration page +We extend our gratitude to the community for their insights to help us build passbolt. +## [4.6.2] - 2024-03-29 ### Fixed -- PB-25865 As a signed-in user I want to autofill form which listen to change events -- PB-27709 As signed-in administrator I can reconfigure the LDAP integration after a server key rotation -- PB-29258 A signed-in users with a large data set I should have a direct feedback when selecting a resource with the checkbox -- PB-29506 As signed-in user, when loading the application, I should scroll to the resource detected in the url -- PB-29548 As a signed-in administrator, editing the password expiry policy, I want to be sure that I’m editing the latest version of the settings -- PB-29606 As signed-in user I should be able to export TOTP to keepass for Windows -- PB-29860 As signed-in user I should see the columns header translated to my language -- PB-29861 As signed-in user I should see the filter “Expiry” named “Expired” instead -- PB-29895 As user importing an account to the Windows application I should be able to access the getting started help page -- PB-29961 As signed-in user I want to see the import dialog information banner below the form and before the action buttons -- PB-30033 As a signed-in user I should be able to sign in with the quickaccess right after launching my browser - -### Maintenance -- PB-25555 Upgrade outdated dev library webpack and associated -- PB-25556 Upgrade outdated library i18next and associated -- PB-25689 Upgrade outdated library ip-regex and associated -- PB-25692 Upgrade openpgpjs to v5.11 -- PB-25696 Upgrade outdated library webextension-polyfill -- PB-25699 Upgrade outdated library xregexp -- PB-25701 Upgrade outdated library luxon -- PB-29162 MFA user settings screens should be served by the browser extension -- PB-30015 Homogeneize collection constructor signature -- PB-30017 Remove collection and entity inheritance dependency -- PB-30021 Make collection and entity DTO optionally cloneable -- PB-30022 Reduce the number of resources collection instantiations while displaying the number of suggested resources -- PB-30023 Reduce the number of resources collection instantiations while displaying the suggested resources in the inform menu -- PB-30142 Homogenize collection and entity call parameters -- PB-30143 Ensure entities DTOs are not cloned when the data is retrieved from the API or the local storage -- PB-30156 Ensure the tags collection is not validating multiple times the entities while getting instantiated -- PB-30324 Reduce garbage collector usage while validating large amount of data +- PB-32394 As a user defining my passphrase while activating my account I want to know if my passphrase is part of a dictionary on form submission +- PB-32396 As a user defining my new passphrase while changing it I want to know if my new passphrase is part of a dictionary on form submission +- PB-32401 As an administrator defining the passphrase of the generated organization account recovery key I want to know if the passphrase is part of a dictionary on form submission +- PB-32407 As a user editing a password I am invited to confirm its edition when this one very weak in a separate dialog on form submission +- PB-32395 As a user defining my passphrase while requesting an account recovery I want to know if my new passphrase is part of a dictionary on form submission +- PB-32397 As a user verifying my private key passphrase while activation my account I do not want to know if my passphrase is part of a dictionary at this stage +- PB-32399 As a user confirming my passphrase while completing an account recovery (Admin approved) I do not want to know if my passphrase is part of a dictionary on form submission +- PB-32398 As a user confirming my passphrase while importing my private key during an account recover I do not want to know if my passphrase is part of a dictionary on form submission +- PB-32404 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission +- PB-32403 As a user updating a password I am invited to confirm its edition when this one is part of a dictionary in a separate dialog on form submission +- PB-32405 As a user auto-saving a password from the quickaccess I should not be notified if the password is part of an exposed dictionary +- PB-32402 As a user creating a password I am invited to confirm its creation when this one is part of a dictionary in a separate dialog on form submission +- PB-32400 As a user confirming my passphrase while importing an account kit on the desktop app I do not want to know if my passphrase is part of a dictionary on form submission +- PB-32406 As a user creating a password I am invited to confirm its creation when this one very weak in a separate dialog on form submission +- PB-32427 As a user creating a password from the quickaccess I am invited to confirm its creation when this one is VERY WEAK in a separate page on form submission diff --git a/package-lock.json b/package-lock.json index 612ac090..96b1c5f4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "passbolt-browser-extension", - "version": "4.6.0", + "version": "4.6.2", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "passbolt-browser-extension", - "version": "4.6.0", + "version": "4.6.2", "license": "AGPL-3.0", "dependencies": { "await-lock": "^2.1.0", @@ -19,7 +19,7 @@ "locutus": "~2.0.9", "openpgp": "^5.11.1", "papaparse": "^5.2.0", - "passbolt-styleguide": "^4.6.1", + "passbolt-styleguide": "^4.6.3", "react": "17.0.2", "react-dom": "17.0.2", "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1", @@ -15185,9 +15185,9 @@ } }, "node_modules/passbolt-styleguide": { - "version": "4.6.1", - "resolved": "https://registry.npmjs.org/passbolt-styleguide/-/passbolt-styleguide-4.6.1.tgz", - "integrity": "sha512-bkSrBF1+MyW3luCFsou0AApzhoY93erRPVKEKk1HFTtYzPDRxXYINKJ8U0Rn7Jm+IvQ7HoaryHyhh8qt/iDnWA==", + "version": "4.6.3", + "resolved": "https://registry.npmjs.org/passbolt-styleguide/-/passbolt-styleguide-4.6.3.tgz", + "integrity": "sha512-DSmI3hCv+0SQuESCOyAyIER4/IIK/oqlyiFMUP5wryHvFeJ4p5D0x8sQK2IqT4SIxvGtHpJRwmDd6KtzDtlXAw==", "dependencies": { "@testing-library/dom": "^8.11.3", "debounce-promise": "^3.1.2", @@ -31136,9 +31136,9 @@ } }, "passbolt-styleguide": { - "version": "4.6.1", - "resolved": "https://registry.npmjs.org/passbolt-styleguide/-/passbolt-styleguide-4.6.1.tgz", - "integrity": "sha512-bkSrBF1+MyW3luCFsou0AApzhoY93erRPVKEKk1HFTtYzPDRxXYINKJ8U0Rn7Jm+IvQ7HoaryHyhh8qt/iDnWA==", + "version": "4.6.3", + "resolved": "https://registry.npmjs.org/passbolt-styleguide/-/passbolt-styleguide-4.6.3.tgz", + "integrity": "sha512-DSmI3hCv+0SQuESCOyAyIER4/IIK/oqlyiFMUP5wryHvFeJ4p5D0x8sQK2IqT4SIxvGtHpJRwmDd6KtzDtlXAw==", "requires": { "@testing-library/dom": "^8.11.3", "debounce-promise": "^3.1.2", diff --git a/package.json b/package.json index 7e7b2808..692e196f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "passbolt-browser-extension", - "version": "4.6.0", + "version": "4.6.2", "license": "AGPL-3.0", "copyright": "Copyright 2022 Passbolt SA", "description": "Passbolt web extension for the open source password manager for teams", @@ -21,7 +21,7 @@ "locutus": "~2.0.9", "openpgp": "^5.11.1", "papaparse": "^5.2.0", - "passbolt-styleguide": "^4.6.1", + "passbolt-styleguide": "^4.6.3", "react": "17.0.2", "react-dom": "17.0.2", "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1", diff --git a/src/all/_locales/ko/messages.json b/src/all/_locales/ko/messages.json index 7b7acd8b..217e7505 100644 --- a/src/all/_locales/ko/messages.json +++ b/src/all/_locales/ko/messages.json @@ -4,7 +4,7 @@ "description": "The application name of the extension, displayed in the web store. 45 characters max." }, "appDescription": { - "message": "팀를 위한 오픈 소스 암호 관리자용 패스볼트 확장 프로그램", + "message": "팀을 위한 오픈 소스 암호 관리자용 패스볼트 확장 프로그램", "description": "The description of the extension, displayed in the web store. 85 characters max." } } diff --git a/src/all/locales/de-DE/common.json b/src/all/locales/de-DE/common.json index 708b953d..74769c07 100644 --- a/src/all/locales/de-DE/common.json +++ b/src/all/locales/de-DE/common.json @@ -20,8 +20,8 @@ "Encrypting": "Verschlüsselung", "Encrypting {{counter}}/{{total}}": "Verschlüsselung {{counter}}/{{total}}", "Encrypting secret": "Geheimnis wird verschlüsselt", - "Expiry date will be updated on {{count}} resource._one": "Expiry date will be updated on {{count}} resource.", - "Expiry date will be updated on {{count}} resource._other": "Expiry date will be updated on {{count}} resources.", + "Expiry date will be updated on {{count}} resource._one": "Das Ablaufdatum wird auf {{count}} Ressource aktualisiert.", + "Expiry date will be updated on {{count}} resource._other": "Das Ablaufdatum wird auf {{count}} Ressourcen aktualisiert.", "Exporting ...": "Exportieren ...", "Fetching parent permissions": "Übergeordnete Berechtigungen werden abgerufen", "Folder {{name}} can not be moved.": "Der Ordner {{name}} kann nicht verschoben werden.", @@ -34,7 +34,7 @@ "Initialize": "Initialisieren", "Initializing": "Initialisierung", "Initializing ...": "Initialisierung ...", - "Mark as expired ...": "Mark as expired ...", + "Mark as expired ...": "Als abgelaufen markieren ...", "MFA authentication is required.": "MFA-Authentifizierung ist erforderlich.", "Moving {{name}}": "{{name}} wird verschoben", "Moving {{total}} resources": "{{total}} Ressourcen werden verschoben", @@ -68,7 +68,7 @@ "The keys should be an array of valid openpgp private keys.": "Die Schlüssel sollten ein Array gültiger Openpgp Privatschlüssel sein.", "The keys should be an array of valid openpgp public keys.": "Die Schlüssel sollten ein Array gültiger Openpgp öffentlicher Schlüssel sein.", "The keys should be an array.": "Die Schlüssel müssen ein Array sein.", - "The message should be a valid openpgp clear text message.": "The message should be a valid openpgp clear text message.", + "The message should be a valid openpgp clear text message.": "Die Nachricht sollte eine gültige OpenPGP-Klartextnachricht sein.", "The message should be a valid openpgp message.": "Die Nachricht sollte eine gültige Openpgp-Nachricht sein.", "The message should be of type string.": "Die Nachricht sollte vom Typ String sein.", "The private key should be a valid openpgp key.": "Der private Schlüssel sollte ein gültiger Openpgp Schlüssel sein.", diff --git a/src/all/locales/pt-BR/common.json b/src/all/locales/pt-BR/common.json index 671fab13..6db6c908 100644 --- a/src/all/locales/pt-BR/common.json +++ b/src/all/locales/pt-BR/common.json @@ -20,8 +20,8 @@ "Encrypting": "Criptografando", "Encrypting {{counter}}/{{total}}": "Criptografando {{counter}}/{{total}}", "Encrypting secret": "Criptografando segredo", - "Expiry date will be updated on {{count}} resource._one": "Expiry date will be updated on {{count}} resource.", - "Expiry date will be updated on {{count}} resource._other": "Expiry date will be updated on {{count}} resources.", + "Expiry date will be updated on {{count}} resource._one": "A data de expiração será atualizada em {{count}} recurso.", + "Expiry date will be updated on {{count}} resource._other": "A data de expiração será atualizada em {{count}} recursos.", "Exporting ...": "Exportando...", "Fetching parent permissions": "Buscando permissões dos pais", "Folder {{name}} can not be moved.": "Não foi possível mover a pasta {{name}}.", @@ -34,7 +34,7 @@ "Initialize": "Inicializar", "Initializing": "Inicializando", "Initializing ...": "Inicializando ...", - "Mark as expired ...": "Mark as expired ...", + "Mark as expired ...": "Marcar como expirado...", "MFA authentication is required.": "Autenticação MFA é necessária.", "Moving {{name}}": "Movendo {{name}}", "Moving {{total}} resources": "Movendo {{total}} recursos", @@ -68,7 +68,7 @@ "The keys should be an array of valid openpgp private keys.": "As chaves devem ser uma matriz válida de chaves privadas OpenPGP.", "The keys should be an array of valid openpgp public keys.": "As chaves devem ser uma matriz válida de chaves públicas OpenPGP.", "The keys should be an array.": "As chaves devem ser uma matriz.", - "The message should be a valid openpgp clear text message.": "The message should be a valid openpgp clear text message.", + "The message should be a valid openpgp clear text message.": "A mensagem deve ser uma mensagem OpenPGP válida.", "The message should be a valid openpgp message.": "A mensagem deve ser uma mensagem OpenPGP válida.", "The message should be of type string.": "A mensagem deve ser uma sequência de caracteres válida.", "The private key should be a valid openpgp key.": "A chave privada deve ser uma chave OpenPGP válida.", diff --git a/src/chrome-mv3/manifest.json b/src/chrome-mv3/manifest.json index 4a8baf5a..d00c8989 100644 --- a/src/chrome-mv3/manifest.json +++ b/src/chrome-mv3/manifest.json @@ -2,7 +2,7 @@ "manifest_version": 3, "name": "__MSG_appName__", "short_name": "passbolt", - "version": "4.6.0", + "version": "4.6.2", "description": "__MSG_appDescription__", "default_locale": "en", "externally_connectable": { diff --git a/src/chrome/manifest.json b/src/chrome/manifest.json index 8c0749a6..06f58995 100644 --- a/src/chrome/manifest.json +++ b/src/chrome/manifest.json @@ -2,7 +2,7 @@ "manifest_version": 2, "name": "__MSG_appName__", "short_name": "passbolt", - "version": "4.6.0", + "version": "4.6.2", "description": "__MSG_appDescription__", "default_locale": "en", "externally_connectable": {}, diff --git a/src/firefox/manifest.json b/src/firefox/manifest.json index d49bb6e1..31d97f26 100644 --- a/src/firefox/manifest.json +++ b/src/firefox/manifest.json @@ -2,7 +2,7 @@ "manifest_version": 2, "name": "__MSG_appName__", "short_name": "passbolt", - "version": "4.6.0", + "version": "4.6.2", "description": "__MSG_appDescription__", "default_locale": "en", "browser_specific_settings": { diff --git a/src/safari/manifest.json b/src/safari/manifest.json index a4eca9be..2ab6f4f7 100644 --- a/src/safari/manifest.json +++ b/src/safari/manifest.json @@ -2,7 +2,7 @@ "manifest_version": 3, "name": "__MSG_appName__", "short_name": "passbolt", - "version": "4.6.0", + "version": "4.6.2", "description": "__MSG_appDescription__", "default_locale": "en", "externally_connectable": {},