Release notes

version 7 0 0 (06/may/2025) in the latest version, we've refined and enhanced every element of our product, making it even more convenient for users and more effective for addressing administrative tasks new backend and frontend we’ve completely rewritten the code using modern methods improved performance, simplified initial setup, sped up the implementation of new features, and laid the groundwork for developing a desktop application expanded api capabilities we’ve added a full fledged api to ensure seamless integration with existing systems and services now, you can use it to access all passwork features — from copying passwords to managing users and security settings updated ui we’ve redesigned the key sections based on your feedback and fixed a number of flaws, while improving ui personalization and maintaining the familiar workflow custom roles and groups instead of just two standard statuses, you can now create an unlimited number of roles with individual permissions and settings the previous "roles" have been renamed to "groups," and access management has been made more intuitive updated vault structure instead of organization vaults and personal vaults, users can now create private vaults a private vault becomes shared only when other users are added to it administrators are no longer automatically added to new vaults vault access confirmation adding users to groups no longer provides automatic access to vaults — access now requires confirmation from the vault's administrator users who gain access to a vault through ldap synchronization will also need to be confirmed learn more about all new features in passwork 7 in the passwork 7 0 docid\ ohosbrygimjc7tobmqfzp to upgrade to version 7 0, you’ll need to update your passwork to version 6 5, migrate your data, and confirm this in the customer portal upgrade instructions can be found migration to passwork 7 docid\ dh3vnbq gxhq3aa w4tvf ⚠️ we recommend exploring the new features and data migration specifics in a test environment before updating your self hosted version for testing, you can deploy passwork 7 on a separate server — this will allow you to review all the changes in the new version without affecting your current working environment version 6 5 0 (10/mar/2025) added data migration to passwork 7 added the option to enable a custom banner which will be displayed at the top of the screen the banner can be used for making important announcements, notifications, or instructions banner settings can be found under the “custom banner” section in the “system settings ” version 6 4 5 (14/jan/2025) fixed an issue with multiple sign ins when using two factor authentication (2fa) version 6 4 4 (18/dec/2024) fixed an issue where passwords from the root of the vault were moved into folders after exporting the vault to csv format and importing it back version 6 4 3 (14/oct/2024) fixed an issue where, after moving a password to the bin, its shortcut could still be used to autofill data via the browser extension fixed an issue with the incorrect display of role names in the recent actions of a folder fixed an issue where incorrect data could be displayed on the history of actions and editions tabs of the password card improved overall system security version 6 4 2 (19/sep/2024) added "noavatar" parameter, which makes it possible to disable avatar transmission when performing api requests fixed an issue with shortcut and password colors that sometimes failed to update until the page was refreshed fixed incorrect display of some special characters in browsers on windows replaced outdated links in the mobile device connection window improved overall system security version 6 4 1 (29/aug/2024) added "norepeats" parameter to the configuration file, which makes it possible to exclude consecutive identical characters when generating a password version 6 4 0 (04/jun/24) mandatory extension pin code now administrators have the option to make the browser extension pin code mandatory for all users if no pin code is set, users will be prompted to create one when they log in to the browser extension the "mandatory pin code in extension" setting is located in the ‘api, extension and mobile app’ section of the system settings history of actions with passwords with the new "who can view the history of actions with passwords" setting, it is possible to grant users (with access levels below admin) the right to view password history, password editions, and notifications of their changes — these features were previously available only to vault administrators logging of all changes related to settings now all changes in the account settings, user management, ldap settings, sso settings, license info, and background tasks are displayed in the activity log automatic updating of ldap group lists automatic updating of ldap group lists can now be configured on the groups tab in the ldap settings the update is performed through background tasks with a selected time interval other improvements added pop up notifications when exporting data or moving data to the bin improved display of dropdown lists on the activity log page changed time display format of the "automatic logout when inactive" and "maximum lifetime of the session when inactive" settings changed the enabled / disabled dropdown lists on the system settings and ldap settings pages with toggles increased minimum length of generated passwords to six characters bug fixes fixed an issue in the password generator where selected characters were sometimes missing in the generated password fixed an issue where local users could not independently recover their account password when an ldap server was enabled fixed an issue where local users could not register in passwork when an ldap server was enabled fixed an issue which occurred after moving a folder with shortcuts to another vault and shortcuts not being displayed in the new vault fixed an issue that occurred when trying to move a shortcut found in search results without opening any vaults right after logging into passwork fixed an issue that occurred when trying to copy a password found in search results without opening any vaults right after logging into passwork fixed an issue that occurred when a password was sent to another user and remained on the recipient's recents and starred pages after the initial password was moved to the bin fixed the value in the time field for the "api key rotation period (in hours)" setting which was reset to zero after disabling it fixed incorrect event logging in the activity log after changing folder permissions fixed incorrect text notification about assigning access rights to a user through a role fixed incorrect tooltip text when hovering over the username of a recently created user fixed incorrect display of long invitation titles removed local registration page when ldap server is enabled more about passwork 6 3 update in the technical documentation and our blog version 6 3 10 (15/apr/24) bugfixes fixed an issue when logged out users encountered errors while trying to download an attached file via a password link fixed an issue that prevented users from downloading attached files via a shortcut as they had no access rights to the original password fixed an issue that occurred when trying to move a password found in search results without opening any vaults right after logging into passwork improved overall system security version 6 3 9 (04/apr/24) bugfixes fixed an issue where changing the access level to “no access” for roles was not possible replaced the outdated link to technical documentation in the background tasks settings version 6 3 8 (03/apr/24) fixed an issue that occurred while editing a password when the notificationemail field of user from ldap contained an array of email addresses version 6 3 7 (20/mar/24) bug fixes fixed an issue where users with the "manage all organization vaults" setting enabled were not included in the count of users who have access to the organization vault fixed incorrect display of the context menu when selecting a filter on the "user management" page version 6 3 6 (19/mar/24) improvements added the option to prevent users from sending passwords with edit access increased the number of supported totp secret key formats added the cancel changes button in the sso settings added the path field containing information about the path to the password when exporting in csv added a mandatory master password request for data export when client side encryption is enabled removed links to outdated modal windows on the empty vault page improved overall system security bug fixes fixed an issue as a result of which the vault name was saved in the folder field when exporting to csv fixed the incorrect display of the number of passwords in certain folders and vaults during data export fixed an issue with the incorrect sorting of the group list in the ldap settings fixed an issue with the content search not working correctly for multiline notes fixed an issue which caused the compromise risk warning in the security dashboard when a user, who obtained vault access through a role, viewed a password fixed an issue which ignored the new parameters of license keys fixed the 2fa reset issue which occurred when the administrator reset the authorization password we recommend updating passwork due to security fixes and improvements version 6 3 3 (19/feb/24) improvements added logging of system settings changes added the tooltip in email service settings indicating that the password has already been saved in the database added the tooltip in the hidden vault header indicating that the vault is hidden improved overall system security bug fixes fixed an issue that caused nested folders to remain visible in the vault list after hiding their parent vault fixed an issue where hidden vault couldn’t be made visible through the vault menu fixed an issue where open password was not closed while being moved to another directory fixed an issue when deleted passwords from the hidden vaults did not appear in the bin other changes removed external links from email notifications updated icons in the vault menu version 6 3 0 (01/feb/24) improvements new administrative rights settings in user management make it possible to grant ordinary users certain administrative rights, access to various sections of settings, and flexibly customize what they can modify without assigning them full administrator status all events related to changes in administrative rights are now shown in activity log this includes details about the users who initiated these changes, as well as information about each modified setting, its previous and current values revamped hidden vaults now all users can hide any vaults, including private hiding makes vaults invisible only to the users who choose to do so and does not affect others hidden vault management is now carried out in a new window, which is available directly from the vault list users with access to user management can now view all the vaults they administer, including private vaults added logging of events within private vaults in activity log minor improvements to the settings interface bug fixes fixed an issue in user management that allowed administrators to delete themselves fixed an issue that prevented users from changing their temporary master password fixed an issue where users couldn't set minimum length for authorization and master passwords more about passwork 6 3 update in the technical documentation and our blog version 6 2 2 (24/jan/24) improvements added an option in synchronization settings that allows selecting the type of authorization for new users from ldap/ad added the event of password import to syslog improved overall system performance bug fixes fixed an issue that caused incorrect display of the ldap user list on the users tab when mapping a role to a group and performing synchronization in test mode fixed an issue with the angular tooltip directive fixed an issue where some special characters were not accepted when changing the authorization password version 6 2 0 (15/nov/23) improvements added the bin for deleted password and folders now, when deleting folders and passwords, they will be moved to the bin if needed, they can be restored, preserving previously set access permissions vaults are deleted without being moved to the bin; they can only be restored from a backup added protection measures to prevent accidental deletion of vaults added protection against brute force attacks on 2fa improved ldap synchronization performance added a descriptions of parameters and minimum allowed values for api token expiration time and api refresh token expiration time to the api settings section bug fixes fixed an issue with automatic assignment of folder structure to parent folders in role management fixed an issue where a vault administrator couldn't add roles to a vault and manage their permissions fixed an issue with incorrect display of additional access rights to passwords when moving them to another vault other changes the tlc is now selected by default in email service settings added php 8 2 support more about passwork 6 2 update in the technical documentation and our blog version 6 1 3 (30/oct/23) fixed an issue where administrators couldn't manage hidden vaults version 6 1 2 (24/oct/23) fixed an issue with 2fa not working for some users after updating to version 6 1 0 version 6 1 1 (18/oct/23) fixed an issue where the ldap authentication type was not set after upgrading to version 6 1 0 if the database had an initial value version 6 1 0 (11/oct/23) in this version, we've introduced new settings that provide more options for user management, optimize the database performance and enhance security user management 2fa reset can now be done separately from the authorization password reset enhanced master password reset security — after resetting the master password, all active user sessions will be reset added an option to individually choose the authorization type for each user added new icons in user list showing authorization types now, when an administrator resets the authorization password or master password, a temporary password will be generated upon login, a user will be required to change it added an option to change authorization types and ldap synchronization for a group of users added filters for authorization types and ldap synchronization increased the complexity of temporary passwords removed the option to change user status from the user list now, the status of a user can only be changed from specific user page changed the order of user settings system settings added an option to restrict administrators from managing other administrators added new policies for the authorization password and master password complexity added an option to enable or disable mandatory entering of master password each time a user opens a new browser tab for passwork sso, ldap settings, license info, background tasks and other changes added 2fa support for sso authorization added an option to logout of idp when logging out of passwork in sso settings added automatic cleaning of session collection in the database to limit its size improved the ldap settings interface by removing the global enabling/disabling of ldap authorization and adding new icons indicating which ad servers have ldap synchronization enabled unverified users are no longer counted in the total number of users displayed in license info if the server master key was changed, passwork will be locked to protect data more about passwork 6 1 update in the technical documentation version 6 0 5 (15/sep/23) improved performance of changing permissions for a role in a folder version 6 0 4 (22/aug/23) bug fixes fixed an issue where the api key rotation period was not taken into account when updating the api key fixed an issue with saving of the default and global settings version 6 0 3 (16/aug/23) improvements added the event of user master password reset in activity log added notification for successful registration when an administrator adds a new user increased the length of authorization and master passwords to 15 characters when creating a new user improved the the import window interface and hid unnecessary items when there are no vaults in an organization improved the automatic logout when inactive functionality for domain owners modified the error message for incorrect authorization added localization for meta tags bug fixes fixed an issue with totp codes not functioning in password links fixed an issue with incorrect display of password name in the password deletion event in recent user activity fixed an issue where creating a link through the mobile application added an empty attached files field fixed an issue where passwords created via the api with an empty cryptedkey field couldn’t be opened in the web version fixed an issue with the password sharing menu disappeared during scrolling other changes removed outdated events from the action filter in the activity log removed a redundant element from the authorization and 2fa page for domain users updated the versions of client libraries version 6 0 2 (24/jul/23) fixed an issue where ldap synchronization incorrectly disabled users version 6 0 1 (20/jul/23) fixed an issue where not all users were appearing in the invitation dialog version 6 0 0 (19/jul/23) improvements added the shortcuts for passwords when the original password is changed, all shortcuts associated with it are automatically updated as well depending on access rights, users can view or edit passwords through their shortcuts enhanced drag and drop functionality you can now move, copy, or create shortcuts by dragging passwords and folders revamped ldap settings improved the process of adding new users, added background updates of user data from ldap, introduced special tags for deleted groups and role associated groups, and allowed users to set their master password independently upon their first login to the system previously, partial access to vaults was automatically granted when sending passwords via inbox now, this access is directly linked only to the sent password, and no partial access to vaults is provided unified the visual style across all settings sections and improved the functionality of various parameters other changes added support for additional fields during password import and export operations added save and cancel buttons in system settings to prevent accidental actions added a notification about new unconfirmed users added an option to configure permissions for specific access levels when creating links, shortcuts, and sending passwords added an option to invite users via email added an option to select default interface language for new users added an option to set the maximum session lifetime for users during inactivity added an option to set auto logout time for users to upgrade to version 6 0, you must first upgrade to version 5 4, complete the data migration process and confirm it on the passwork customer portal upgrade instructions — migration to passwork 6