npm - passbolt-browser-extension - Versions diffs - 5.4.0 → 5.4.1 - Mend

passbolt-browser-extension 5.4.0 → 5.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +6 -1
package/README.md +2 -2
package/RELEASE_NOTES.md +8 -60
package/package.json +2 -2
package/src/chrome/manifest.json +1 -1
package/src/chrome-mv3/manifest.json +1 -1
package/src/firefox/manifest.json +1 -1
package/src/safari/manifest.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ## [Unreleased]
+## [5.4.1] - 2025-08-14
+- PB-44638 Password expiry should not be removed when password is not updated
+- PB-44668 The create menu import operation should be actionable when encrypted metadata plugin is not available
 ## [5.4.0] - 2025-08-13
 ### Added
 - PB-44201: E2EE The organisation settings offer now a simplified way to activate metadata encryption and the new resource types
@@ -2356,7 +2360,8 @@ self registration settings option in the left-side bar
 - AP: User with plugin installed
 - LU: Logged in user
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.0...HEAD
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.1...HEAD
+[5.4.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.0...v5.4.1
 [5.4.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.3.3...v5.4.0
 [5.3.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.3.0...v5.3.2
 [5.3.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.2.0...v5.3.0

package/README.md CHANGED Viewed

@@ -5,14 +5,14 @@
 	  /_/    \__,_/____/____/_.___/\____/_/\__/
 	Open source password manager for teams
-	(c) 2021 Passbolt SA
+	(c) 2025 Passbolt SA
 	https://www.passbolt.com
 ## License
 Passbolt - Open source password manager for teams
-(c) 2022 Passbolt SA
+(c) 2025 Passbolt SA
 This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
 Public License (AGPL) as published by the Free Software Foundation version 3.

package/RELEASE_NOTES.md CHANGED Viewed

@@ -1,67 +1,15 @@
-Release song: https://www.youtube.com/watch?v=kymdKYtkJbQ
+Release song: https://www.youtube.com/watch?v=6tpGC4lgpMg
-Passbolt v5.4.0 ships with encrypted metadata and the accompanying new resource types promoted to stable. These capabilities have been battle-tested for months, and the last remaining edge cases have been smoothed out so they can now be enabled for everyone.
+This hot-fix addresses several issues introduced in recent v5.x releases.
-Removing the beta label means that every new instance starts with encrypted metadata activated by default. As a result, features introduced in previous releases, such as icons, multiple URIs and custom fields, are available from day one without any action from end-users.
+Since v5.3, organizations running Passbolt on servers with a locale different from en-UK could encounter issues to update or later to use the application, which have now been resolved.
-For existing instances, the activation process has been simplified: administrators can decide with a single click whether their organisation is ready or would prefer to postpone the launch. Once enabled, the instance immediately supports the new resource types and their extended capabilities. Because the change may disrupt external integrations, existing content is not migrated automatically; migration remains the responsibility of content owners or administrators. It can be performed item-by-item in the resource workspace or organisation-wide with the resource-metadata administration migration tool.
+It also fixes a problem where organizations that had manually disabled encrypted metadata using the kill switch available to system administrators were unable to initiate imports credentials from the web application. This was a side effect of recent work preparing for the upcoming zero-knowledge capability, which will further strengthen the encrypted metadata feature introduced earlier.
-Revisiting resource capabilities was also an opportunity to increase the maximum size of secret notes to 50 000 characters, leaving ample room for full certificate chains, keys of any flavour or any long text you need to keep encrypted.
+Finally, since v5.0, resources whose secrets had been modified, irrespective of whether the secret was a password, a TOTP, or a secure note, have had their expiration dates automatically rotated, which was not the expected behaviour. The expected behaviour is now restored: the expiration date is rotated only when the password is edited.
-This release further improves cryptographic performance by introducing elliptic-curve keys (Curve25519/Ed25519) for new users. These keys provide security comparable to RSA-3072 while significantly reducing processing time and payload size.
-Performance has been tuned for large organisations that manage substantial numbers of users or resources. Among other improvements: Users' workspace now opens more quickly, and deleting multiple resources generates fewer I/O operations.
-Czech joins the list of supported languages, allowing native speakers to use Passbolt entirely in their own words, vítejte!
-Many thanks to everyone who reported issues and tested encrypted metadata over the past months. Your feedback made this release possible and brings these new features to all users today.
-### Added
-- PB-44201: E2EE The organisation settings offer now a simplified way to activate metadata encryption and the new resource types
-- PB-42205: E2EE encrypted metadata and new resource types are activated by default after the first administrator setup
-- PB-43255: Add support for multiple uri import export on kdbx files
-- PB-43110: ZK - WP4.2 As a signed-in user I should not be allowed to upgrade resources with missing key situation
-- PB-43712: Translate the application in Czech
-- PB-43939: ZK - WP3.2 Add an app event to get or find the metadata keys settings
-- PB-43980: Add support for custom field import export on kdbx files
-- PB-44080: ZK - WP4.1 Create a dialog explaining the missing key situation
-- PB-44081: ZK - WP4.3 As a signed-in user I should not be allowed to create resources with missing key situation in the resource workspace
-- PB-44090: ZK - WP4.4 As a signed-in user I should not be allowed to edit resources with missing key situation
-- PB-44091: ZK - WP4.5 As a signed-in user I should not be allowed to share resources with missing key situation
-- PB-44094: ZK - WP4.6 As a signed-in user I should not be allowed to import resources with missing key situation
-- PB-44095: ZK - WP4.7 As a signed-in user I should not be allowed to move resources with missing key situation
-- PB-44096: ZK - WP4.8 As a signed-in user I should not be allowed to move folders with missing key situation
-- PB-44097: ZK - WP4.9 Display a page explaining the missing key situation on the quick app
-- PB-44098: ZK - WP4.10 As a signed-in user I should not be allowed to create resources with missing key situation in the quick app
-- PB-44099: ZK - WP4.11 As a signed-in user I should not be allowed to generate password on the inform menu
-- PB-44206: ZK - WP4.14 As administrators I cannot trigger the encrypted metadata migration if I have missing metadata keys
-- PB-44211: ZK - WP3.5 Add MetadataKeysSettingsLocalStorageContextProvider to the App and the quick-app and the inform menu
-- PB-44212: CU - WP5.2 Update ExternalResourceEntity buildDtoFromResourceEntityDto to support custom fields
-- PB-44286: ZK - WP3.6 Add a quick app and inform menu event to get the metadata keys settings
-- PB-44295: ZK - WP4.15 As a signed-in user with missing keys I should not be able to create resource if metadata shared key is enforced on the inform menu
-- PB-44296: ZK - WP4.16 As a signed-in user I should not be allowed to move shared folders into personal folders with missing key situation
-- PB-44327: Display sub-folders in breadcrumbs
-- PB-44374: Extend notes v5 max length to 50_000
+We thank the community for promptly reporting these issues.
 ### Fixed
-- PB-43296: Displaying resource activities should not crash the application when a resource activity does not have related user or group
-- PB-43652: The sentence to change the passphrase in the user settings workspace should have a space after.
-- PB-43657: Resources loading became noticeably slower after migrating to encrypted
-- PB-43667: Cancelling the user passphrase request should not trigger an error when sharing missing metadata key
-- PB-43676: Cancelling the user passphrase should not freeze the create resource dialog
-- PB-43719: After importing resources from Bitwarden the URIs are not separated correctly
-- PB-43784: Display the progression of the encryption of metadata in the import dialog
-- PB-43906: User should be notified of any errors while loading comments
-- PB-44079: Update/Create a method in resourceLocalStorage.js to bulk delete resources
-- PB-44161: As a user I should not see the resource description and note warning message if only one of them is concerned
-- PB-44273: Activities are not loaded when new resource is clicked after load more activities of a previous resource
-### Maintenance
-- PB-43585: Azure SSO login_hint settings can now be configured
-- PB-43908: Move logic of commentModel file to a service and update assertions in controllers
-- PB-44076: Create a Controller to handle Resource Delete
-- PB-44077: Create a dedicated Service to handle resource deletion
-- PB-44396: the endpoint complete/recover.json is now used instead of the legacy endpoint
-### Security
-- PB-43730: Upgrade vulnerable library brace-expansion
+PB-44638 Password expiry should not be removed when password is not updated
+PB-44668 The create menu import operation should be actionable when encrypted metadata plugin is not available

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "5.4.0",
+  "version": "5.4.1",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2025 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
@@ -22,7 +22,7 @@
     "locutus": "~2.0.9",
     "openpgp": "^6.1.1",
     "papaparse": "^5.5.2",
-    "passbolt-styleguide": "^5.4.3",
+    "passbolt-styleguide": "^5.4.4",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",

package/src/chrome/manifest.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "manifest_version": 2,
   "name": "__MSG_appName__",
   "short_name": "passbolt",
-  "version": "5.4.0",
+  "version": "5.4.1",
   "description": "__MSG_appDescription__",
   "default_locale": "en",
   "externally_connectable": {},

package/src/chrome-mv3/manifest.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "manifest_version": 3,
   "name": "__MSG_appName__",
   "short_name": "passbolt",
-  "version": "5.4.0",
+  "version": "5.4.1",
   "description": "__MSG_appDescription__",
   "default_locale": "en",
   "minimum_chrome_version": "116",

package/src/firefox/manifest.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "manifest_version": 2,
   "name": "__MSG_appName__",
   "short_name": "passbolt",
-  "version": "5.4.0",
+  "version": "5.4.1",
   "description": "__MSG_appDescription__",
   "default_locale": "en",
   "browser_specific_settings": {

package/src/safari/manifest.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "manifest_version": 3,
   "name": "__MSG_appName__",
   "short_name": "passbolt",
-  "version": "5.4.0",
+  "version": "5.4.1",
   "description": "__MSG_appDescription__",
   "default_locale": "en",
   "externally_connectable": {},