Updates
— Added: Bin for deleted passwords and folders
— Added: Protection against accidental removal of vault
— Added: Protection against 2FA brute force
— Improved: LDAP synchronization has been accelerated
— Improved: Descriptions of parameters and minimum allowed values for API token expiration time and API refresh token expiration time have been added to the API settings section
— Bugfix: Automatic assignment of "Navigation" to parent folders in role access management
— Fixed: The issue when a vault administrator could not add roles to a vault and manage their permissions has been fixed
— Fixed: The issue with showing additional access rights to passwords when moved to another vault has been fixed
— Improved: Select TLS in the default mail service settings
— Added: PHP 8.2 Support
Read more about the update — Passwork 6.2 update
— Bugfix: Administrator can't manage hidden vaults
— Bugfix: 2FA didn't work for certain users after upgrade to 6.1.0
— Bugfix: Migration to 6.1 didn’t set up LDAP authorization type if there was initial value in a database
User authorization methods
Now administrators can configure authorization types for each user: local password, domain password, SSO. When updating Passwork, it will analyze your settings and automatically assign the necessary authorization methods for all users.
Changes on the user page
— 2FA reset can now be done separately from the authorization password reset
— Changed the order of items in the right column
— When resetting the authorization password or master password, a temporary password will be generated, which the user will be obliged to change at the next login
— Increased the complexity of temporary passwords
— When resetting the master password, the user is logged out
Changes on the users page
— Removed the ability to change the user’s status (you can only change the status from the page of a specific user)
— Added authorization status icons
— Added the ability to mass change the type of authorization and ignore LDAP synchronization
— Added filters by authorization types and LDAP synchronization
System settings
— The new setting “Who can change administrators” allows you to prevent administrators from affecting other administrators (resetting the password, deactivating, and other actions)
— New setting “Allow saving the master password in the browser”. If prohibited, users will enter their master password each time they open a new browser tab with Passwork (if the master password mode is enabled)
— Added policies for the authorization password and master password
— Removed the “Authorization Type” setting, now instead it uses the types of authorization at users
SSO
— Support for 2FA on the Passwork side
— New setting “Logout from IDP when logging out of Passwork”
Security
— Added Passwork lock when changing the server master key
Background tasks
— Added automatic cleaning of the session collection in the database, so that the collection does not grow
Licensing
— Now we do not count users who have not yet been confirmed
LDAP
— Removed global LDAP enable/disable
— Added an LDAP synchronization icon to the server list
— Added the ability to exclude certain users from LDAP synchronization (roles and deactivation will not be applied to them)
— Improved: Better performance for changing permissions for a role in a folder
— Bugfix: API Key rotation contains a period field
— Bugfix: Correct saving of default and global settings
— Added: Event “User Master-Password Reset” in action history
— Improved: Notifications for successful registration now sent when a user is added by an administrator
— Improved: Disabled the first two items in Passwork if no vaults are present
— Improved: Enhanced the length of authorization passwords and master password during user creation
— Improved: Improved “Automatic logout when inactive” functionality for domain owners
— Improved: Removed package files during build
— Improved: Localization of meta tags implemented
— Improved: Font color in the avatar upload window now adapts to dark theme
— Improved: Updated versions of client libraries used
— Improved: Removed outdated events from the “Action” filter in action history
— Improved: Modified the error message for incorrect authorization
— Improved: Front-end adjustments for password import
— Fixed: If create password via API with empty cryptedKey field, it can not be opened in web
— Fixed: Password sharing menu no longer disappears during scrolling
— Fixed: OTP codes now functional in password links
— Fixed: In recent user activity, the “password deletion” event now correctly displays the password name instead of a character set
— Fixed: Fixed an issue where creating a link through the mobile app added an empty “attached files” field
— Fixed: Removed an unnecessary element on the “Authorization and 2FA” page for domain users
— Fixed: LDAP synchronisation disables wrong users
— Fixed: Not all users are shown on inviting dialog
— Added: Introducing Shortcuts for streamlined navigation
— Added: Capability to invite users via email
— Added: Interactive Drag’n’Drop dialog feature
— Added: Additional customizable settings
— Added: Revamped LDAP Integration pages for enhanced user experience
— Improved: Simplified user creation form
— Improved: Partial access has been removed for a more straightforward user experience
— Improved: Refined and user-friendly User Interface (UI)
How to migrate — Migration to Passwork 6