Updates
- Fixed an issue where, after moving a password to the Bin, its shortcut could still be used to autofill data via the browser extension
- Fixed an issue with the incorrect display of role names in the recent actions of a folder
- Fixed an issue where incorrect data could be displayed on the History of actions and Editions tabs of the password card
- Improved overall system security
- Added "noavatar" parameter, which makes it possible to disable avatar transmission when performing API requests
- Fixed an issue with shortcut and password colors that sometimes failed to update until the page was refreshed
- Fixed incorrect display of some special characters in browsers on Windows
- Replaced outdated links in the mobile device connection window
- Improved overall system security
- Added "norepeats" parameter to the configuration file, which makes it possible to exclude consecutive identical characters when generating a password
Mandatory extension PIN code Now administrators have the option to make the browser extension PIN code mandatory for all users. If no PIN code is set, users will be prompted to create one when they log in to the browser extension. The "Mandatory PIN code in extension" setting is located in the ‘API, extension and mobile app’ section of the System settings.
History of actions with passwords With the new "Who can view the history of actions with passwords" setting, it is possible to grant users (with access levels below Admin) the right to view password history, password editions, and notifications of their changes — these features were previously available only to vault administrators.
Logging of all changes related to settings Now all changes in the Account settings, User management, LDAP settings, SSO settings, License info, and Background tasks are displayed in the Activity log.
Automatic updating of LDAP group lists Automatic updating of LDAP group lists can now be configured on the Groups tab in the LDAP settings. The update is performed through background tasks with a selected time interval.
Other improvements
- Added pop-up notifications when exporting data or moving data to the Bin
- Improved display of dropdown lists on the Activity log page
- Changed time display format of the "Automatic logout when inactive" and "Maximum lifetime of the session when inactive" settings
- Changed the Enabled / Disabled dropdown lists on the System settings and LDAP settings pages with toggles
- Increased minimum length of generated passwords to six characters
Bug fixes
- Fixed an issue in the Password generator where selected characters were sometimes missing in the generated password
- Fixed an issue where local users could not independently recover their account password when an LDAP server was enabled
- Fixed an issue where local users could not register in Passwork when an LDAP server was enabled
- Fixed an issue which occurred after moving a folder with shortcuts to another vault and shortcuts not being displayed in the new vault
- Fixed an issue that occurred when trying to move a shortcut found in search results without opening any vaults right after logging into Passwork
- Fixed an issue that occurred when trying to copy a password found in search results without opening any vaults right after logging into Passwork
- Fixed an issue that occurred when a password was sent to another user and remained on the recipient's Recents and Starred pages after the initial password was moved to the Bin
- Fixed the value in the time field for the "API key rotation period (in hours)" setting which was reset to zero after disabling it
- Fixed incorrect event logging in the Activity log after changing folder permissions
- Fixed incorrect text notification about assigning access rights to a user through a role
- Fixed incorrect tooltip text when hovering over the username of a recently created user
- Fixed incorrect display of long invitation titles
- Removed local registration page when LDAP server is enabled
More about Passwork 6.3 update in the Technical documentation and our Blog.
Bugfixes
- Fixed an issue when logged-out users encountered errors while trying to download an attached file via a password link
- Fixed an issue that prevented users from downloading attached files via a shortcut as they had no access rights to the original password
- Fixed an issue that occurred when trying to move a password found in search results without opening any vaults right after logging into Passwork
- Improved overall system security
Bugfixes
- Fixed an issue where changing the access level to “No access” for roles was not possible
- Replaced the outdated link to technical documentation in the Background tasks settings
- Fixed an issue that occurred while editing a password when the notificationEmail field of user from LDAP contained an array of email addresses
Bug fixes
- Fixed an issue where users with the "Manage all organization vaults" setting enabled were not included in the count of users who have access to the organization vault
- Fixed incorrect display of the context menu when selecting a filter on the "User Management" page
Improvements
- Added the option to prevent users from sending passwords with Edit access
- Increased the number of supported TOTP secret key formats
- Added the Cancel changes button in the SSO settings
- Added the path field containing information about the path to the password when exporting in CSV
- Added a mandatory master password request for data export when client-side encryption is enabled
- Removed links to outdated modal windows on the empty vault page
- Improved overall system security
Bug fixes
- Fixed an issue as a result of which the vault name was saved in the folder field when exporting to CSV
- Fixed the incorrect display of the number of passwords in certain folders and vaults during data export
- Fixed an issue with the incorrect sorting of the group list in the LDAP settings
- Fixed an issue with the content search not working correctly for multiline notes
- Fixed an issue which caused the compromise risk warning in the Security dashboard when a user, who obtained vault access through a role, viewed a password
- Fixed an issue which ignored the new parameters of license keys
- Fixed the 2FA reset issue which occurred when the administrator reset the authorization password
We recommend updating Passwork due to security fixes and improvements.
Improvements
- Added logging of System settings changes
- Added the tooltip in Email service settings indicating that the password has already been saved in the database
- Added the tooltip in the hidden vault header indicating that the vault is hidden
- Improved overall system security
Bug fixes
- Fixed an issue that caused nested folders to remain visible in the vault list after hiding their parent vault
- Fixed an issue where hidden vault couldn’t be made visible through the vault menu
- Fixed an issue where open password was not closed while being moved to another directory
- Fixed an issue when deleted passwords from the hidden vaults did not appear in the Bin
Other changes
- Removed external links from email notifications
- Updated icons in the vault menu
Improvements
- New Administrative rights settings in User management make it possible to grant ordinary users certain administrative rights, access to various sections of settings, and flexibly customize what they can modify without assigning them full administrator status
- All events related to changes in Administrative rights are now shown in Activity log. This includes details about the users who initiated these changes, as well as information about each modified setting, its previous and current values
- Revamped Hidden vaults. Now all users can hide any vaults, including private. Hiding makes vaults invisible only to the users who choose to do so and does not affect others. Hidden vault management is now carried out in a new window, which is available directly from the vault list
- Users with access to User management can now view all the vaults they administer, including private vaults
- Added logging of events within private vaults in Activity log
- Minor improvements to the settings interface
Bug fixes
- Fixed an issue in User management that allowed administrators to delete themselves
- Fixed an issue that prevented users from changing their temporary master password
- Fixed an issue where users couldn't set minimum length for authorization and master passwords
More about Passwork 6.3 update in the Technical documentation and our Blog.
Improvements
- Added an option in synchronization settings that allows selecting the type of authorization for new users from LDAP/AD
- Added the event of password import to Syslog
- Improved overall system performance
Bug fixes
- Fixed an issue that caused incorrect display of the LDAP user list on the Users tab when mapping a role to a group and performing synchronization in test mode
- Fixed an issue with the Angular Tooltip directive
- Fixed an issue where some special characters were not accepted when changing the authorization password
Improvements
- Added the Bin for deleted password and folders. Now, when deleting folders and passwords, they will be moved to the Bin. If needed, they can be restored, preserving previously set access permissions. Vaults are deleted without being moved to the Bin; they can only be restored from a backup
- Added protection measures to prevent accidental deletion of vaults
- Added protection against brute-force attacks on 2FA
- Improved LDAP synchronization performance
- Added a descriptions of parameters and minimum allowed values for API token expiration time and API refresh token expiration time to the API settings section
Bug fixes
- Fixed an issue with automatic assignment of folder structure to parent folders in role management
- Fixed an issue where a vault administrator couldn't add roles to a vault and manage their permissions
- Fixed an issue with incorrect display of additional access rights to passwords when moving them to another vault
Other changes
- The TLC is now selected by default in Email service settings
- Added PHP 8.2 support
More about Passwork 6.2 update in the Technical documentation and our Blog.
- Fixed an issue where administrators couldn't manage hidden vaults
- Fixed an issue with 2FA not working for some users after updating to version 6.1.0
- Fixed an issue where the LDAP authentication type was not set after upgrading to version 6.1.0 if the database had an initial value
In this version, we've introduced new settings that provide more options for user management, optimize the database performance and enhance security.
User management
- 2FA reset can now be done separately from the authorization password reset
- Enhanced master password reset security — after resetting the master password, all active user sessions will be reset
- Added an option to individually choose the authorization type for each user
- Added new icons in user list showing authorization types
- Now, when an administrator resets the authorization password or master password, a temporary password will be generated. Upon login, a user will be required to change it
- Added an option to change authorization types and LDAP synchronization for a group of users
- Added filters for authorization types and LDAP synchronization
- Increased the complexity of temporary passwords
- Removed the option to change user status from the user list. Now, the status of a user can only be changed from specific user page
- Changed the order of user settings
System settings
- Added an option to restrict administrators from managing other administrators
- Added new policies for the authorization password and master password complexity
- Added an option to enable or disable mandatory entering of master password each time a user opens a new browser tab for Passwork
SSO, LDAP settings, License info, Background tasks and other changes
- Added 2FA support for SSO authorization
- Added an option to logout of IdP when logging out of Passwork in SSO settings
- Added automatic cleaning of session collection in the database to limit its size
- Improved the LDAP settings interface by removing the global enabling/disabling of LDAP authorization and adding new icons indicating which AD servers have LDAP synchronization enabled
- Unverified users are no longer counted in the total number of users displayed in License info
- If the server master key was changed, Passwork will be locked to protect data
More about Passwork 6.1 update in the Technical documentation.
- Improved performance of changing permissions for a role in a folder
Bug fixes
- Fixed an issue where the API key rotation period was not taken into account when updating the API key
- Fixed an issue with saving of the default and global settings
Improvements
- Added the event of user master password reset in Activity log
- Added successful registration notifications when an administrator adds a new use
- Increased the length of authorization and master passwords to 15 characters when creating a new user
- Improved the interface of the import window and hid unnecessary items when there are no vaults in an organization
- Improved the automatic logout when inactive functionality for domain owners
- Modified the error message for incorrect authorization
- Added localization of meta tags
Bug fixes
- Fixed an issue with TOTP codes not functioning in password links
- Fixed an issue with incorrect display of password name in the Password deletion event in recent user activity
- Fixed an issue where creating a link through the mobile application added an empty Attached files field
- Fixed an issue where passwords created via API with an empty cryptedKey field couldn’t be opened in the web version
- Fixed an issue with the password sharing menu disappeared during scrolling
Other changes
- Removed outdated events from the Action filter in the Activity log
- Removed redundant element from the Authorization and 2FA page for domain users
- Updated the versions of client libraries
- Fixed an issue with LDAP synchronization disabled wrong users
- Fixed an issue where not all users were displayed in the invitation dialog
Improvements
- Added the shortcuts for passwords. When the original password is changed, all shortcuts associated with that password are automatically modified as well. Depending on the access rights, users can view or edit passwords via their shortcuts
- Enhanced drag and drop functionality. Passwork now offers the options to move, copy, or create a shortcut when dragging passwords and folders
- Revamped the LDAP settings. Improved the addition of new users, added background update of user data from LDAP, special tags for deleted groups and role-associated groups and independent setting of the master password by users upon their first login to the system
- Partial Access to the vaults used to be automatically granted when sending passwords via Inbox. Now, this access is directly linked to the sent password alone and no Partial Access to vaults is provided
- Unified the visual style for all settings sections and improved the functionality of various parameters
Other changes
- Added support for additional fields during password import and export operations
- Added Save and Cancel buttons in System settings to prevent accidental actions
- Added a notification about new unconfirmed users
- Added an option to configure permissions for specific access levels for creating links, shortcuts, and sending passwords
- Added an option to invite users via email
- Added an option to select preferred interface language for users
- Added an option to set the maximum session lifetime for users during inactivity
- Added an option to set auto logout time for users
To upgrade to version 6.0, you must first upgrade to version 5.4, complete the data migration process and confirm it on the Passwork customer portal. Upgrade instructions — Migration to Passwork 6.