forked from 418sec/TeamPass
-
Notifications
You must be signed in to change notification settings - Fork 0
/
changelog.txt
1028 lines (967 loc) · 45.5 KB
/
changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2.1.27
36/
#2564 Permissions problem
#2469 Export of credentials
35/
#2564 Permissions problem
#2563 Unable to add item via API
#2560 Fix an issue for one time password changes if current user is not root
#2536 low 40bit RC4 - pdf export?
#2505 Update readme.md
#2503 Update Dockerfile to use $uri and $args variables
#2439 Allow RFC2307bis group membership checks.
34/
#2549 Missing library
#2534 Syntax error in share permissions
33/
#2458 Items folder automatically changes to the personal one
#2156 #2183 Issue with cyrillic in exported files (PDF, CSV)
32/
#2513 Error for login with DUOSecurity
31/
#2511 LDAP Password change: old PW still valid
#2507 On user password change (from Users management page), email is not sent
#2499 Weird folders on first login with LDAP user
#2494 Upgrade error on config key 'bck_script_key' with single quote character
#2295 no edit possible if an folder added in the Allowed Folders
30/
#2486 Editing roles on users wipes dissimilar roles
#2458 Items folder automatically changes to the personal one
#2472 Nginx webroot is incorrect in Docker image. Fixed by merging #2477
29/
#2467, #2465 Cant login with normal user with hacking attempt message
28/
#2461 Install procedure failing
#2457 Endless DB upgrade loop when upgrading
27/
#2456 Postpone treatment to get user location (ipapi.co usage)
#2431 Correct item creation/edit tab label
26/
#2453 account creation... password sent in email is "undefined"
#2455 Unable to login after upgrade from 2.1.27.23 => 2.1.27.25
25/
#2454 Update from 2.1.27.23 to 2.1.27.24 doesn't work
24/
#2452 Fix API URL
#2438 Add new user fails due to missing default for not null fields
#2436 Undefined variable: user_id in api/functions.php
#2432 Empty item URL automatically fills with 'https://'
#2426 New option to force admin user to get connect using 2 factor code
#2416 Backslash in user's password
#2401 New LDAP account has full access when they log in for the first time
23/
#2419 Cannot show password by using item menu bars entry
#2418 Generating a new password for a user fails with error
#2403 Cannot Login using LDAP user
22/
#2408 Password complexity not enforced
#2326 link copy doesn't work corectly
21/
#2398 User unable to change their own password from profile window
#2395 php warning in logs
#2376 fix link in readme
20/
#2394 knowledge base page characters appear with "?"
#2393 After Deleting User, KB Is Blank
#2380 Increase fields size to prevent errors
#2372 Upload a file with dash in file name wil be renamed with underscore
Fix: loading folder information is wrong when using 'max'
Fix: error message `item already exits` culd appear on item edition
Security fix - Sanitized GET values in case of user password recovery (credit for Adam Roberts from http://www.nccgroup.trust/)
19/
#2379 Setting "Number of items to retrieve per query" to Max
18/
#2378 Personal sub-subfolders do not appear
#2373 Internal Server Error 500 Profile Window
17/
#2367 Incorrect import into personal folder
#2364 Using another protocol than HTTP for the URL is not possible
#2362 Removed excess item id from API url add/item
#2360 Show logs without any auth
#2355 Return the parent folder ids on API call read/userfolders
#2353 Generate Password not working - wrong POST field
#2349 Folder with flag "allow empty password" says "Insufficient password strenght" on item edition
#2347 Disable "Forgot Password?" link feature not working
#2346 [CSV-Import] convert field to string bevore using replace()
#2345 restore, enter decrypt key then system logs out
#2341 API - Incorrect update item parameters decoding
#2334 error adding entry with the same name then another entry in a different folder
#2314 SQL error in API near user name
#2312 API Issue adding folder on root
#2290 Protection of OTV page errors
#2298 support for login through http header
#2265 API - Add item - comma separated base64 encoded string
Fix - in bug report, the email password is visible
Fix - 'Hide inaccessible password folder' doesn't work in all cases
Security fix - DUO codes are sanitized (credit for Adam Roberts from http://www.nccgroup.trust/)
Security fix - Through URL some operations were possible with no user rights check (credit for Adam Roberts from http://www.nccgroup.trust/)
Security fix - Backup key is generated by default (credit for Adam Roberts from http://www.nccgroup.trust/)
16/
New - Added folders filter in Manage Roles page
New - Added folders alphabet filter in Manage Folders page
#2279 Google Authentication no link
#2277 Import fails when Login: / Account: has a backslash inside of it
#2274 Import from csv-list includes items that are marked as already imported
#2263 New upload settings to permit empty files and/or any extensions to be uploaded
15/
#2266 Google 2FA mail for temporary code is blank
14/
Fix for missing install/upgrade instructions
13/
New - Templating system based upon Custom Fields
#2256 User can select his 2FA methods if several selected
#2253 Google Authenticator not working
Item suggestion is not available from Regular User
#2246 Copy folder does not copy rights structure
#2245 TeamPass 2FA QR Code won't show after providing activiation code
#2244 html entities get interpreted inside passwords
12/
New - Templating system based upon Custom Fields
#2256 User can select his 2FA methods if several selected
#2253 Google Authenticator not working
#2248 Item suggestion is not available from Regular User
#2246 Copy folder does not copy rights structure
#2245 TeamPass 2FA QR Code won't show after providing activiation code
#2244 html entities get interpreted inside passwords
12/
Added new option permitting to enable secure image preview
Added warning to user if login attempts identified since last successful connection
Added Yubico support for 2FA authentication
Added restriction access to Custom Fields
Added textarea format for custom field
Improved the possibility to move `files` folder outside of Teampass Domain
Improved user creation with LDAP and Google and DUO 2FA
Improved log in case of failed authentication - used login is shown
Improved syslog message format
Updated library PHPMailer to 5.5
#2223 Error while using php v5.6
#2206 New ldap user and ad password change
#2204 Password copy - cryptic log entry using syslog
#2202 Search functionality - no log entry upon display
#2201 Search functionality - password shown in plaintext
#2198 Hang when changing second folder password strength and required password strength
#2196 API create item fails when Base64 encoding contains "/"
#2192 Encrypted Files Are Stored (Temporary) in Plaintext And Can Be Downloaded Without Authorization
#2191 Bad redirection to login form on password recovery process
#2189 (Google) 2FA Does Not Work With LDAP (Windows / Active Directory)
11/
Changed licensing to GNU GPL-3.0
New - User must provide a reason to access a restricted item
New - Add option to have local and remote accounts when LDAP is enabled
Improved security of password generator with php7
Improved cannot edit user without email
Improved read-only user limitation to copy folder and import action
Improved tree rebuild with API on folders change
Improved tables primary and index usage
Improved LDAP new user by default role
Improved single click on key icon in items search list
Improved visibility of path in items list result
Improved email body with item path
Introduced an API key by user
Fix for API keys truncated
Fix offline password dispay in case of html tags similar in password
Fix failed folder creation in case of password complexity not reached
Fix missing quick icons in search results
#2175 Apostrophes are not handled correctly in usernames
#2174 Offline mode file bypass read right restrictions
#2172 2FA Reset Link Can Be Abused
#2168 API for adding users is not working
#2167 Info tab is not working if behind a proxy
#2161 Missing backslash in acount name
#2160 Added a test for preventing Folders list not shown
#2154 Personal saltkey is not stored when option enabled
#2153 [{"error":"no_key_provided"} when running backup script on teampass container
#2152 No search result and empty popup appear
#2151 Error in knowledge base that does not show option to swap pages
#2140 Moving subfolder to root level not possible
#2127 Grant access with simple folder copy
#2118 Empty user at Keepass file is not empty after import
#2116 Insufficient password strength when creating Offline Mode
#2115 Fix script backup issue with encryption key
#2111 Add support for login through http header
#2109 restrict login to Group Ldap don't work
#2102 Changed field renewal_period size
#2096 Offline mode decryption fails if too much items exported
#2095 Can't upload files on items - Plupload update
#2094 PHP 7.2: Call to undefined function mcrypt_encrypt()
#2093 role human resources doesn't access expected pages
#2090 On folder copy, an empty message box is shown
#2087 Custom fields displayed if empty
#2085 CSV import error if URL too long
#2082 API: new folder is allocated to same roles as its parent
#2081 LDAP bug, can't check connection
#2080 Email sent on password copy in the clipboard
#2078 Purge Logs not selection not working properly
#2077 API: Deleting non existing folder deletes all folders
#2075 Button "delete selected Items" doesn't work
#2074 Backup by script not working
#2073 Move selected Items button
#2071 Search not working for items with multiple "Restricted to:" roles selected
#2069 Copy a read-only folder to a read-only folder
#2066 Read Only Users can Drag and drop items to there personal folder
#2065 send GAUTH-code on login form doesn't warn user if no email is set
#2064 LDAP and DUO users with administrator role taken to items page then logged out
#2063 Setting "Hide forgot password link on Home page" not correctly displayed
#2059 Fix for Custom LDAP port and adLDAP
#2035 After first time login as user Personal Folder is not correctly shown (100000)
#2015 Double click to edit not working for items created by a different user
10/
Copy password/login button are correctly hidden and shown
Cursor is hidden on password display to permit a better visualization
Fixed error while coping an item
Fixed last 10 items seen list not display on page load
Fixed display strings with quotes issue
Fixed page About in Administration page
Fixed issue when sending email on visualization
Fixed issue while CSV import in personal sub-folder
Fixed potential error on item creation without password
Fixed "show description" option was not taken into consideration
Fixed an issue in auto-generating csrfp.config file
Fixed a potential error while generating tp.config file
Fixed issue in Duo Security log
Fixed no item details shown on Find page
Fixed issue related to item edition on doubleclick
Fixed issue no items shown on tag search
Fixed issue special characters bad display in search results
Fixed issue in password clipboard copy with double-quote character
Added SMTPAutoTLS for sendMail
Improved offline file with full encryption
Improved session validity check
Improved items draggability sometime broken
Improved personal item edition by enabling the folder edition
Ensure session extension is always positive
Added user group allowed for LDAP Windows AD
Added option to remove the forgot password link on home page if LDAP enabled
Added option lowercase letters for password generator
#2058 Importing KeyPass items into private personal folders
#2056 Custom Fields - displayed in unassigned folders
#2055 restricted_to of cache table has 2 different values
#2054 Alter table statement is run only once
#2053 Custom Fields - folders unchecked at second call up
#2051 2FA Google Name Displayed field not saving to configuration
#2043 LDAP Authentication is not working
#2029 Fix on install step3
#2028 Fix on install step3
#2027, #2023 Fatal Error after installation and setting change
#2025 LDAP allowed user group doesn't work
#2016 Not all roles visible
#2013 Bad condition in upgrade script
#2010 Default Administrated by for user created via LDAP authentication
#2004 Administrator has no access to Items
#1997 Error on folder creation of no Parent is selected
#1996 Some settings resets to defaults
#1993 Policy for personal saltkey
#1990 Improving mysql indexes
#1989 Authentication problem
#1980 personal item is not deleted
#1974 Changing saltkey operation
#1970 ip-api.com use is not compatible with https
#1960 Access Denied for personal folder
#1840 add "download" attribute to export file
9/
Fixed a possible XSS (credit to ADLab of Venustech)
Improved security related to User Management
> a manager could potentially act on users not related to him
Improved security related to Items Management
> a user could potentially act on Items he should not have access to
Securized script.backup.php by adding a security key
Fixed some other security failures (credit to security at Amossys)
Improved security regarding uploading files
Fixed issue while restoring DB from administration page
Fixed "PW copy to clipboard" log unconsistency in specific case
Improved / Fixed administration task for encrypting/decrypting files
Improved security regarding item history display
Improved the possibility to define the access level on Roles when creating new folder
Added filter in Roles
New: confirm deletion of attachment
#1965 Login credentials do not correspond (json_decode issue)
#1964 Make email field in new LDAP user insertion null safe
#1961 After fresh installation the index.php shows random string
#1956 Warning appears on Category and API pages in admin mode
#1947 Dependency & array update in install checks
#1945 Cannot delete items
#1944 File upload results in error
#1941 Visualisation problems
8/
Delete install folders and files during installation process
Custom Field value can be masked
Database password is encrypted in settings.php file
PHPMailer library updated to 5.2.23
TwoFactorAuth library was updated
Configuration variables are not set in SESSION anymore. Now read from tp.config.php file.
Fix: issue on offline export
Fix: error on deleting a folder at root
#1939 Unable to change page (role management)
#1937 Error while using script.backup.php in standalone
#1935 Add folder results in Requested JSON parse failed
#1933 Trying to move folder results in error message
#1932 Keepass upload fails
#1927 Changing language is not possible for users
#1924 Moving items give error: Requested JSON parse failed
#1923 Red wheel keeps turning, blocks display of new items
#1919 Upgrade to release 2.1.27.8 converts encrypted database password back to clear-text
#1915 Cannot Edit or Delete items in the Personal folder
#1909 Roles Management - Problem with acess rights "Edit" "Delete"
#1903 SSH Password Change does not work
#1900 Forgot your password --> Page reload automatic
#1891 Install error - Uncaught Defuse\\Crypto\\Exception\\BadFormatException: Encoded data is shorter than expected
#1899 Active Directory authentication not working on fresh installed Cent OS 7
#1890 access rights in manage roles
#1888 Export to CVS --> empty file (0 kb)
#1886 JSON Error when importing with an apostrophe (‘)
#1885 Undefined index: SSL_SERVER_CERT
#1884 Cannot delete custom fields - hangs indefinitely after confirm with spinning gear
#1882 Can't see any entry on any folder, using any account
#1881 Doesn't auto-delete install/ folder after installation completed
#1880 Custom Fields, Not encrypted/decrypted when toggled in Custom-Field Settings Screen
#1872 New Admin User login not working -JSON Parse file failure
#1870 Logic issue in headers sending
#1866 CSV import with empty url leads to value 0
#1862 Import from Keepass.xml to Personalfolder no access to Item
#1857 API: Folders created at level 0 instead of correct level
#1856 Robustified tp.config.php creation in case of upgrade
#1851 Fix ldap suffix
#1850 Missing iconv in Docker
#1840 Added the "download" attribute
#1837 JSON error in Find page when user has no folders to browse
#1834 Typo in sources/main.functions.php
#1833 Opening a one time view page give a notice: A session had already been started...
#1830 Salt key field has already a character filled in.
#1829 Attachments is broken after upgrade from 2.1.27.0. Fix in progress
#1828 No error message when duplicate item names at personal keys
#1826 New dockerfile and docker-compose.yml
#1820 group vertical scroll bar not work correctly
#1819 Fix for QR sending from login page
6-7/
Fix: upgrade process with encrypted attachments
Fix for #1806
5/
New: Custom Fields are only visible if defined
Fix issue in tree if subfolder is visible while parent is not
Fix issues regarding DUOSecurity
Fix upgrade doesn't start in case that sk.php file has moved
Fix for Custom Fields not displayed as defined by `order` field
#1796 Can't add folder from API
#1787 email notifications are not sent if there are any admins with empty email address
#1776 Allow restricting items to users and roles - Wrong Item Owner
#1775 Can not decrypt a created crypted Backup - Improved encryption with Defuse
#1774 Announce this Item by email
#1769 Installation issue - no admin account is created
#1762 Share user rights works backwards
#1761 Reset of my Personal Saltkey
#1743 Enable anonymous LDAP queries
#1690 Unable to set/save personal salt key with LDAP user
3-4/
New: Multiselection in Roles vs Folders matrix
New: LDAP configuration test mode (in progress)
Fix: Prevent moving a folder to one of its child folder
Fix: Global saltkey change
Fix: Copy folder does'nt copy included items
Fix: Encrypt/Decrypt attachments feature from admin page
Fix: SQL injection corrected in users.queries.php (author: Pang@ADLab of Venustech)
#1742 Fix for issue #1539 verifying LDAP groups properly
#1740 Missing buttons on Users page
#1737 Cannot import files
#1735 Dockerfile - PHP extension "curl" is loaded Extension curl is not loaded
#1733 Copy Item doesn't work if copy from public to public folders
#1731 Cannot login in after fresh install
#1729 Protection against bigger data than database field size
#1727 Cannot edit or delete entry in the Personal folder
2/
Secure fixes
Session increase time feature is now increasing with the expected user session duration
Default language cannot be changed fix
Fix for "hide not accessible folders" option
#1725 Some fixes
#1723 Fix spin not removed while reseting user saltkey
#1722 SELinux issue leads to upload impossible
#1718 Moving a folder to itself
#1717 After deleting a folder, items are still visible in search page
#1713 Doubleclick on directory shows items twice
#1710 Error on psk change
#1709 Missing field in table on fresh install
#1707 "Restricted To" not working correctly when creating new items
#1706 User can edit & delete items without rights
#1696 Fix for no log for OTV
#1695 Manager can create folder at root from Items pas
#1686 Fix for item History dialogbox
#1685 Fix in Portuguese file
#1684 Estonian language still missing
#1679 Sort by don't work in Utilities/logs
#1676 Pre-auth XSS in index.php
#1674 name and lastname are changed on other user edit
#1672 Anonymous settings not stored
#1670 Incremental upgrade not active
#1669 Logout - Errors
#1668 File encryption is not correct in case of upgrade
#1666 Can`t set avatar
#1662 Can not delete folders
#1659 Third level of sub folders in the Personal folder are not seen
#1654 User management page - no "next" button
2/
New Defuse Encryption implemented in place of phpCrypt
NEW AGSES authentication implemented
NEW Custom Fields data can be encrytped or not in database
NEW Folder copy feature
NEW Mass move or delete operation on Items
NEW Item change proposal
IMP Implemented new session encryption library SecureHandler (getting rid of mcrypt extension)
IMP Language selection is now in User Profile (Default language is used on authentication page)
IMP User creation dialogbox improved with all user properties
IMP New user login availability is checked "live"
IMP Filtering counters in datatables
IMP Users Management dialogbox improved
IMP 2FA authentication change to improve security (no call to external QR generator)
UPD AES library updated
FIX "Find" feature:
- copy from public to personal folder
- list of folders is refreshed when copying an Item
# Copy folders
#1635 New folder inheritance of parent specific settings
#1631 Error could be appear on upgrade when checking folders and files
#1628 URL link to specific item does not work
#1627 Improved label preview length
#1625 Request to add/change password
#1624 Error 500 while importing item with API (with PHP < 7)
#1621 New option: OTV can be disabled
# New option: create Item without password
#1620 Direct copy password from seach results and large folders
#1616 Cannot show password with IE11
#1614 Generate personal folders sets regular root folders also as personal
#1608 All folders are deleted
#1603 Attached files disappears
#1601 Time zone can't be saved in My Profile
#1593 Insert duplicate label with API
#1592 Show Client IP in mail to admin about logged on users
#1588 Fix for OTV links
#1587 fix for e-mail to administrator on logon does not work
#1581 Fix for new folder Custom Fields inheritance
#1579 Fix for preventing a php fatal error
#1575 Fix for tree not loaded when user has no access to a folder with children
#1571 Drag and drop from PF to public folder makes item password corrupted
#1571 Create an item inside another folder than the one selected
#1561 Personal folder deletion deletes all
#1559 API IP Whitelist check does not consider XFF
#1556 Fix bug for upgrading old passwords
#1553 LDAP support - Add LDAP port - Add support multi LDAP server
#1551 Authentication through LDAP posix-search
#1550 2 Factor enabled but can still log in without code
#1549 Read Only users can use Personal Folders
#1543 Wrong Saltkey message after setting
#1533 The change of the main SALT Key doesn't work
#1532 Added error message in install.js if db-pw contains double quotes
#1531 Database otv table originator field should be int instead of tinyint
#1514 User language selection is done in Profile dialogbox
#1474 New option: create an item without password
#1472 "folder access" and "role" settings when adding new user + propage rights from one user
#1464 CSV files broken, html entities not decoded, newlines not stripped
#1422 Folders deletion protocol has been securized to prevent unconsistencies in folders tree
#1412 New option: Manager can move items they can view
#1408 Display folders visible by a user
#1299 Export to pdf or csv shows htmlencoded
2.1.26
#1537 Homepage not loading in French
#1527 Error Field 'timestamp' doesn't have a default value
#1526 New .htaccess file in ./includes/config
#1525 Bad encoding in previous used passwords list
#1515 Cannot add new users if similar user name exists
#1512 Long folder names break UI
#1511 Fix on LDAP due to library upgrade
#1510 During upgrade, clean personal_folder field in DB
#1504 Error while creating a new user with API
#1494 csrfp.config.php not updated on URL change
#1491 Added check against only numeric folder name
#1489 JSON error on quick search if no folder access
#1497 Nothing happens when clicking "Remove orphan items from database"
#1375 Symbol < breaks password in One Time View page
#1481 Query error
#1476 Fix personal folder update script for
#1463 PDF Export still broken
#1454 API outputs deleted passwords
#1453 API should have function "userpw"
#1452 API should also output the url to each password
#1457 New email address not used until logoff & logon
#1450 Purge log feature - purges nothing
#1449 Delete category hangs UI and crashes PHP
#1448 admin delete removed password multiple select not working
#1445 Password label doesn't preserve '\' character
#1439 Fix for large files upload
#1438 Sanitize ampersand to URL encoding in csrfp.config
#1426 Fixes for many critical issues with OTV
#1421 Item will not be automatically deleted when accessed through otv option enabled
#1415 Installation Issue and PDF export password field mask
Fixed problem for user to change self password
Fixed problem for deleting all directories
#1414 Subfolders created into personal folders are presented in Folders and Roles management
#1409 Updated PDF library to fit 7.x PHP
#1407 Remove Save button in 2FA settings tab
#1402 User can define his timezone
#1395 Error with Chrome while upgrading
#1394 Replace ascii characters in cpliboard copy
#1392 Corrected sql error while restoring database
#1389 Requested JSON parse failed when copying item
#1386 JSON parse failed (history item view)
#1384 SyntaxError: Invalid Character if Syslog enabled
#1383 Export to PDF - Incorrect formatting
#1381 LDAP user have unlimited access on first logon
#1380 CSV or KeePass Import - Title as "0"
#1378 JSON parse error when changing user password (with several roles)
#1369 Cannot save some settings
#1361 Duo prevents the ability to add/edit items
#1353 Add ldap_start_tls if set
#1346 On upgrade settings.php not found
#1345 Admin, password change and logoff not working
#1344 Wrap all non-GROUP BY columns in an aggregate function (MIN)
#1342 Change my password screen loop
#1340 Upgrade process last step
#1335 This page doesn't exist
#1328 Minimum password complexity for folders and items
#1334 Fix "installation related pages" dead link
#1333 Fix LDAP search base input
#1332 API not allowing roles separation of pipe '|'
#1326 Fixed LDAP functionality
#1325 updated Dockerfile
#1310 Addes Estonian language
#1309 error while loading folders (if simplify tree option enabled)
#1308 Teampass hangs when a folder is create with option "New sub-folder inherits rights from parent folder" enabled
#1301 add ldap_search_base record for db init
#1300 After 3 bad login attempts, user needs to wait 10s before new try
#1299 Export to pdf or csv shows htmlencoded
#1298 Backup-filename on 2.1.27 contains /
#1292 SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
#1284 fix for can_manage_all_users update during upgrade
#1279 SyntaxError: Unexpected token î in JSON at position 0
#1278 CSRFProtector protection while restoring a backup file
#1276 MySQL 5.7 query error
#1269 Typo error
#1263 Error at line 75 in suggestion page
#1251 Improving CSRFP configuration
#1240 Security fixes on some missed queries and on non-protected text fields
#1241 OTV visible more than one time
#1238 Fix for upgrade.php where mysql_result() command were still not replaced
#1235 Import from Keepass: missing items with the same title
#1229 CSRFProtector message while DUO is enabled
#1225 Unable to Access OTV Link
#1224 Fixed errors in export_to_html_format
#1211 No FA code sent from home page
#1210 Fix for main.queries.php
#1206 Fix for importing files
#1203 Needed PHP extensions check during install & update process
#1197 Awesome Font 4.5.0
#1193 When I login with user admin " loading ... " and it does not finish
#1192 Cannot save "enable attachments encryption"
#1188 Implemented proposals for source code improvement
#1186 open/highlight folder tree of displayed item
#1183 Syntax Error on personal folders option
#1181 403 Access Forbidden by CSRFProtector! at config save
#1178 New user right added for managing all users (super Manager)
#1174 Adding LDAP groups support to 'posix-search' LDAP auth
#1172 Complete number of Items displayed in Tree
#1158 Admin password cannot be changed
#910 Backslashes in accounts are not copied to clipboard
#268 Password recovery "Forgot your password?" don't do anything
NEW: Server user password change through SSH connection
NEW: Upgrade database handler improved for better upgrades management
NEW: New user right added for managing all users (super Manager)
FIX: If expiration engaged and password is changed, the warning is still present.
FIX: New suggestion folder could remain empty in some specific cases.
FIX: By creating a role, this new one is directly visible by creator.
FIX: Security issue with downloadFile.php. Now protected by session and htaccess.
FIX: QRCode is not visible in Users list
FIX: Display inconsistancies in User log results
Fix: Inconsistency in Delete & Restore process
Fix: Errors in CSV import process
Fix: Impossible to proceed with 'password lost' process
Fix: OTV item not reachable
Analyzed with RIPS (https://www.ripstech.com/) against security bugs
2.1.25
#1169 sending Google Authenticator code through index page
#1160 hiding user password change option if DUOSecurity
#1152 Error while saving settings
#1149 log failed user authentication
#1148 Answer from Server cannot be parsed!
#1147 Mask/Display password not logged
#1146 Roles on separate pages
#1144 Login failure gives odd error
#1143 import csv double quotes issue
#1141 Syslog
#1140 Security fix for Multiple vulnerabilities
#1135 DataTables warning : table id=t_users - Invalid JSON Response
#1128 Requested Json Parse Failed
#1123 No Item to show in a folder after upgrading
#1122 When deleting an item, confirmation modal doesn't show the name of the item to be deleted
#1120 Not connect.n Verify Network
#1114 Cannot Delete Favorites Due to "undefined function prefix_table() "
#1108 Table teampass_keys missing!
#1103 omplexity Matches new password but still claims otherwise
#1102 Users cannot create folders
#1096 One time link view problem
#1095 Move Personal folder to Group Folder
#1086 "Error Encryption of the Password" after update
#1078 Send events to syslog
Fix for changing SaltKey in admin page
Fix for complete list of Roles in Admin Roles page
Fix for Users and Items currently edited list that were not proposing "next" button
Fix for label “By clicking the save button, you will delete ….” persistent
Fix for list loaded twice if double click in Tree folder
Fix for search result not displayed if previous folder was empty
Fix for possible sql injection via LIMIT parameters
Fix on profile dialogbox
Implemented Deletion and Restoration events in item's History
Implemented better handling of User role selection
Implemented multi personal folders
Implemented CSRFP library usage for security purpose
Implemented new "Yes/No" button in settings page
Implemented log view for failed authentication
Implemented Tree sequentially load (via ajax)
Add new item from API (for teampass-connect) (not yet tested)
2.1.24
#1090 - Fix for Export to PDF last folder not taken into consideration
#1088 - #1085 - Password show problem
#1087 - Managers can edit and delete Items they are allowed to see flag
#1085 - Fix for copy to clipboard that sometime fails to work correctly
#1073 - User can create folder on root without permission
#1074 - Read only user can create folders + wipe out all items on remove folder
#1069 - Knowledge Base can not change page
#1068 - personal saltkey not saved
#1067 - Suggestion feature not working
#1064 - Record in db are not deleted when you delete in GUI
#1058 - Fix API issue while adding an item
#1063 - Fix for Forgot password not working
#1062 - Warning for hex2bin function usage (PHP>5.4)
#1061 - for for Can not import password from keepass xml
#1055 - Personal item cannot be deleted
#1048 - Encryption error flag is visible for no reason
#1045 - Missing fields in table (pw_iv and data_iv)
#1042 - Added pagination in Users page
#1042 - Pagination on Users Page
#1060 - Added new logging events (password copied, password shown)
#1041 - "Forgot your password?" not working
#1027 - User right more refined with "No deletion" possible right
#953 - Make sure to rebuild the tree when creating an user with a personal folder
#1035 - added php-xml install check
#950 - #1005 - can not create Admin account
#936 - #937 - Session file_exists not allowed while running through open_basedir restriction
#970 - API special char fix
#962 - Error message when using the Find-function
#955 - Fix LDAP Settings UI
Fix passwords are empty when importing from Keepass
Fix empty URL column in off-line html
A lot of small fixes
New: implemented 2factor authentication DUOSecurity feature
New: create User via API
New: Vietnamese language added
New: Tree structure is loaded dynamically
New: Notification to Managers for awaiting suggestions
2.1.23
#727 - #729 - Encoding problem
#799 - Error: Field 'field_1' doesn't have a default value
#830 - Fix documentation syntax
#829 - Removing unecessary php closing tags
#807 - Fix rights based on roles for new folders
#808 - Add a SMTP security parameter to the email configuration
#805 - Keepass Import improvements
#790 - Install fixes
#835 - Links in items description don't work
#817 - Wrong number of users online
#838 - Fix for mysqli encoding
#839 - Keepass fixes
#853 - New setting for default session expiration delay
#851 - Multiple fixes for LDAP integration
#814 - #857
#880 - Fix for View logs error redeclared function getBits
#881 - Fix for "Forgot your password?" not working
#900 - Fix for New folder incorrect permissions (read-only)
#890 - Fix for Personal Folder only read permission
#910 - Fix for Backslashes in accounts are not copied to clipboard
#913 - Fix for 'Announce this item by email' fails
#915 - Export to PDF corrected
#907 - Move folder feature
#917 - Fix on API
#941 - Fix for user_not_exists message (LDAP)
#988 - Error on copy item
#992 - Added to Log User Created By
PR : #871 - #887
API: add FIND feature
Fix: copy not possible in RO folders
Fix: If GA activated, Users can ask for a new code from the login page
Fix: Off-line file url was not correct in download button
Removal of Keys table
Implementation of PhpCrypt library as encryption library (AES-128 with CBC mode)
Implementation of Awesomefont in Items page
Clean up of old comments
Added "long press" to show password
Fix of bug in Offline export
List of Users is now loaded through Ajax to prevent timeout in case of long list of users
Personal saltkey change is now performed through Ajax to prevent timeout in case of long list of passwords
Fix for users with "Allowed folders" that can't write inside them.
Removed extra files from Yubico folder
Update process: suggestions passwords are reencrypted
Suggestion migrated to new encryption
2.1.22
#700 - Errors related to "includes/js/jstree/themes/default"
#718 - Two factor authentication: "This user has no email set!"
#674 - API - User rights
#697 - Default language setting, not being applied to automatically created ldap users.
#698 - Default language setting, not being applied to newly created users.
#707 - httpRequest is missing in upgrade process
#725 - Disable button after item creation or edition
#720 - cannot sign up to 2factor
#690 - limit password export via PDF/CSV to user/group
#745 - Enable again save_button after error on Add/Edit Item
#739 - OTV correction
#731 - Export password to file
#653 - Passwords preprended during upgrade
#767 - Backup restore feature fix
#774 - Call to undefined method DB::queryInsert
Other: #711 - #699 - #726 - #744 - #684 - #737
New - Rights "Read / Write / No Access" added to folders for better rights management
New - quick copy to clipboard for password and login
New - New option : Prevent against duplicate items in same folder
New - If folder is read-only for the User then it is striked-through
Changed - list of restricted users refined by folder selected
Fix - Not possible to see more than 8 Roles in Roles matrix
2.1.21
#597 - Rapid click on save button on "Add a folder"
#599 - SQL:AUTO_INCREMENT id --> language
#600 - preg_replace(): Unknown modifier '|'
#598 - Extra fields in home page
#602 - can't change user password by very heavy complexity
#603 - password complexity check only in javascript
#415 - Items are not show when in folder view. Can easy search and open.
#578 - API generate new key
#580 - Redirect to login page when accessing directly an item (if not logged)
#576 - Mismatch email_body tags
#607 - HMTL export erroneous download link
#622 - Tooltip on left menu buttons
#619 - CSV Import does not import passwords
#617 - CSV Import doesn't handle passwords with quotes well
#627 - Complete authentication bypass
#626 - API vulnerable (improvement in progress)
#633 - favicon correction
#636 - MySQL on non-standard port
#632 - Refactor order of index.php
#629 - A password for admin account is required during installation
#654 - Tab character breaks json format
#652 - one-time view not working when interface is in French
#658 - Rapid Click on Item Copy
#657 - Rapid Click on Password Creation
#656 - Can't Create Folder as User
#643 - email charset in UTF-8
#641 - Add and save item -> double click on that icon won't work
#671 - When password is generated, it is added in confirm field too
#672 - Changing password makes account inaccessible
#637 - Multi Domain LDAP
#673 - Changed strategy for quick icon clipboard copy
#639 - Design fix in admin page
#681 - Fix for Folder and Users creation as Administrator
#680 - Set custom expiry for one time view link
#682 - Fix SMTP authentication which were used regardless of the settings
- Fix a query used in the "lost password" management.
- Fix the mysql error message when the session_expired page is accesseded...
- New option permitting to send or not an email to User when admin changes his password
- Fix for image viewer when option files encryption is set
- Fix for password complexity level update
2.1.20
#492 - Default admin password not working
#509 - Password complexity
#493 - Unable to purge logs
#503 - manual insertions in Items History log not working
#494 - Logs > Administration JSON error
#491 - Applying email address to user
#441 - Attachments encryption
#459 - Turn off strict mode
#477-#452 - Fix for upgrade
#459 - Turn off strict mode
#472 - Error on line 582 index.php
#474 - Set default to checked for secure passwords
#497 - Moved GA QR code creation to administration
#487 - Off-line mode, link make the page scroll up
#533 #521 #528 - Installation issue
#525 - Settings.php should not be commited
#527 - Potential security bug
#485 - CVS Import on V 2.1.19 quotes problems
#544 - DataTables warning: JSON data from server could not be parsed
#547 - User search
#520 - API access
#549 #550 - Server Time in footer
#539 - New feature: Simplify Items Tree
#547 - Search in Users page
#401 - Folder role inheretance on new folder
#552 - added MBstring check
#554 - Search-Page "Jump to item"-Button not working correctly
Fork from slimm609 - Encrypted Sessions and CSRFGuard enabled
Issues with folder creation in "personal folder"
#536 - one time view page for anonymous user
#517 - New feature: Suggest items system
New feature: Sub-folder inherits of parent folder
2.1.19
#413 - fix for PHP Parse error: syntax error, unexpected '['
#447 - fix for PHP Fatal error: Cannot redeclare getBits()
#442 - problem edit folder
#399 - Export encrypted passwords (off-line mode)
#408 - Personal Salt Key changing doesn't work
#419 - Password complexity not refreshed
#418 - English translation improvement
#407 - "Restricted to" feature improvement
#402 - In item list, description is cut with <br />
#393 - Password input and confirmation field location
#388 - Unable to move items between folders
#400 - Extra fields for Item
#414 - Maintenance mode during upgrade can be disabled
#389 - Language dropdown not working
#392 - Check of absolute path for SK.PHP
#385 - Email not sent ... check your configuration (to be checked)
#379 - CSV importing not working (to be checked)
#134 - Login After Session Expires
#429 - Changed user.psk field to allow NULLs
#428 : error: iconv(): Detected an illegal character in input string
#426/#430 : New option to disable information loading in Admin page
#142 - Google Authenticator implemented
* Dialogbox not closed when changing folder name
* Display Item details through Find page error
2.1.18
#315 - jstree style.css badly referenced
#314 - Folder is not being deleted
#320 - Enabling LDAP prevents local admin login
#317 - server expected extensions are tested
#318 - Upgrade process badly creates sk.php file
#348 - Fix for undefined index "isAdministratedByRole"
#350 - Fix for Lock and delete user actions don't refresh page
#354 - Fix for removing folders
#359 - Fix for initial user password change complexity check
#371 - Fix for uploaded files corrupted
#291 - Fix to support openLDAP / posix style LDAP
#361 - Option to use login password as SALT key
* Fix - no possibility to update a Role
* Fix - editing users by clicking on the fields broken
* Fix - parse error in database errors log
* New - requested user password complexity shown when changing password
* New - option for deactivate client-server encryption (usage of SSL)
* New - in tree, new counters added (subfolders and items in subfolders numbers)
* New language added - Catalan
2.1.17
* New exchange encryption protocol. No key is visible. The channel is
encrypted at start of session.
* HTTPS connection can be activated (be carefull, you need a certificate)
* Change Users passwords encryption
* Corrected - once clicked on not authorized Item, any Item selection was
no more possible.
#283 - Rights on a folder created at root are set.
#285 - New settings: Anyone can modify option can be activated by default
#287 - newly created personal folders ar propergated to the group
#289 - Personal folder name badly constructed
#270 - Restricted items visible in Find results
#298 - Protection against bad actions on personal folders
#299 - User can be explicetly administrated by Managers of specific Roles
#300 - Personal SK is encrypted in COOKIE
#301 - Corrected query call error
#302 - Under "Views" users can see items that exist in personal folders
that have been accessed
#307 - fclose() statement badly placed
2.1.16
* #245 - #248 - #249 - #265 - #266 - #267 - #268 - #273
* #277: Change personal saltkey error
2.1.15
* list of bugs corrected: #242 - #254 - #244 - #247 - #256 - #250 - #254 - #248
#243 - #252 - #232 - #240 - #260 - #259 - #262 - #251 - #236
* MySQL hashing => todo
* CSV importation
2.1.14
* list of bugs corrected: #238 - #235 - #239 - #203 - #201 - #233 - #226 - #236
#228 - #189 - #234 - #225 - #239 - #194 - #86
* Corrected bug for sending emails
* Different small corrections
2.1.13
* Code improvement for PSR compliance
* jQueryUI updated to v1.9
* Cleanup unused files
* #207: Managers can only see the Roles they are allowed to.
* #190, #192, #199, #202, #196, #204, #191, #214 corrected
* Correction: taking into account user "can create at root level" setting
* Added: saltkey is exported in a unique file that should be moved outside
"www" server scope.
* Added: 2-factors authentication
* Added: new check when Role creation
* Added: new check for database query error
* Added: Item in edition will lock any other edition
* Added: New administrator View permitting to view "Users actually connected"
and "Tokens taken for Items in edition"
* Added: User account contains now Name and Last Name fields
2.1.12
* #188
* #185 Started adjusting codebase to follow PSR 1 and PSR 2 based on ecaron
work (thank you)
2.1.11
* #184 - bug correction
2.1.10
* #161 - #100 - #175
* #163 Personal saltkey duration based on cookie (under option)
* share item -> manage error when email not sent
* Improved/corrected export CSV and PDF
* Correction: During upgrade, languages table is wrong
* Personal Saltkey is stored in cookie (new admin setting)
* Emails settings are moved to admin settings page (no more in settings.php)
* Files folder is now a setting (to improve security)
* Exported PDF is encrypted (contributor: Jay2k1)
* #168 Add description field in PDF
* #174 User creation and modification log
2.1.9
* #126-#132-#130-#131-#139-#129-#141-#146
* Italian translation
* Find page - focus in search box (contributor: Jay2k1)
2.1.8
* SF 206
* #107-#95-#102-#103-#67-#32-#87-#71-#125-#120-#116-#111-#108-#104-#90-
#85-#78-#48-#34-#67-#75-#82-#84
* bug correction cache table
* view Item details from the Find page
* CSV export -> started
* mail notification when selecting an item
* share Item by mail
* add email field in Item form
* automatic deletion of Item after X opening or after limit date
* Roles / Folders matrix: Roles passwords complexity shown
2.1.7
* SF 247 - 248 - 261 - 264 - 265 - 266 - 267
* 67: protect uploadify library => different file protection added
* protect Downloadfile.php
* SF228: reset personal saltkey (purge personal items)
* SF262: copy of item is in log
* old password in log was badly encoded
* item copy from search page corrected
* some rights checks added before action
* email send to new created user
2.1.6
* #59: settings.php email setting errors
* #67: Protected upload file
* added email notification for user requiering an access to a restricted item.
* 264: Feature Request: Password History
2.1.5
* #56: Temporary solution for keeping old ADMIN profile rights
2.1.4
* Corrections: SF237, SF240, SF243 , #29, #25, #32 , #36 , #37 , #39 , #40