- TOTP codes now function in password links
- Versions of used client libraries have been updated
- Localization of meta tags has been implemented
- Modified error message when incorrect authorization occurs
- Outdated events have been removed from the “Action” filter in the activity history
- Added “User master password reset” event to the activity history
- The “Password deletion” event now correctly displays the password name in the recent user activity
- Redundant element removed from the “Authorization and 2FA” page for domain users
- Increased the length of authorization and master passwords to 15 characters when creating a new user
- Successful registration notifications are now sent when an administrator adds a new user
- Improved the interface of the import window and hid unnecessary items when there are no vaults in an organization
- Fixed an issue when creating a link through the mobile application added an empty “attached files” field
- Fixed an issue with passwords created via API with an empty cryptedKey field that couldn’t be opened in the web version
In this new version we have added the ability to create shortcuts to passwords, improved integration with LDAP, expanded the list of administrator settings, added support for additional fields when importing and exporting data together with many other useful things.
Shortcuts are a new way to share passwords. No longer do you need to create copies of passwords in different directories. Instead, you can create shortcuts. When your original password is changed, all shortcuts associated with that password are automatically modified as well.
Depending on access rights, users can view or edit passwords via their shortcuts. Moreover, all that can be done without having access to the directory of the original password.
Sending passwords without granting "Partial Access" to vaults
"Partial Access" to vaults used to be automatically granted when sending passwords via "Inbox". Now, this access is directly linked to the sent password alone and no "Partial Access" to vaults is provided.
Administrators can clearly see which employees have access to certain vaults and which staff members have access only to specific passwords.
Redesigned LDAP settings interface and new features
- Enhanced addition of new users
- Independent setting of the master password by users upon their first login to the system
- Background update of user data from LDAP
- Special tags for deleted groups and role-associated groups.
- Now it’s possible to configure permissions for specific access levels for creating links, shortcuts, and sending passwords
- Users can independently set auto-logout time.
- You can set the maximum session lifetime for users during inactivity
- Users can select their preferred interface language.
- We unified the visual style for all settings sections and improved the functionality of various parameters
- "Save" and "Cancel Changes" buttons in the system settings will prevent accidental actions
- Added support for additional fields during password import and export operations
- Enhanced drag and drop functionality - Passwork now offers the options to move, copy, or create a shortcut when dragging passwords and folders
- Notification for administrators about new unconfirmed users
Read more — passwork.pro/v6-release
To upgrade to version 6.0, you must first upgrade to version 5.4, complete the data migration process and confirm it on the Passwork customer portal. Upgrade instructions — passwork.pro/migration-v6-help
Improvements to security and bug fixes:
- increased the number of iterations of the PBKDF algorithm to 300,000
- increased the length of generated master keys for vaults
- implemented Content Security Policies (CSP) in HTML pages for better data protection
- added the feature to use an API refresh token to extend the main API session token
- added the use of an API refresh token in the browser extension and mobile app
- fixed the error related to the changing of the master password in the security panel
- increased overall performance and stability
These changes will be especially relevant if your Passwork uses the client-side encryption mode.
Before updating to Passwork 5.3.0, create a backup of your database to avoid possible data loss.
You can now easily install and update Passwork on Windows Server using our installer.
The installer contains all necessary components for Passwork to work properly, making it suitable for servers without any internet access.
Detailed instructions for using the installer can be found in the “Installation and Updates” section on your portal.
Single-use code login
You can now log in to your portal using a single-use code. You provide your email address → receive a code → enter it → access the portal.
The old method of authorization via magic links is no longer available.
Help center contact
You can now contact our help center directly from the portal.
We have made a number of interface adjustments and added the email display feature for each authorized user.
Passwork Self-Hosted 1.1.3:
- fixed an issue with the period selection slider when generating a password link
- fixed an issue with viewing inbox passwords when encryption is disabled
Passwork 2FA 0.1.6:
- accelerated login confirmation when opening the application
- added a mechanism for data migration between devices using a QR code
- added a new feature to set API key rotation period in system settings
- fixed language selection when installing Passwork
- fixed saving the system setting "Maximum number of substrings to search"
- improved management of personal vaults via API
- optimized LDAP queries with a large number of users
- fixed authorization in LDAP when registration is disabled
- fixed bugs in the import interface
- added tooltips to the user list
- removed unused dialogs and obsolete language strings
- fixed transition from a notification about incoming passwords to the password
New mechanism for sending emails from background tasks:
- email notifications are now sent every 5 minutes using background tasks
- added a master switch to enable/disable email notifications in global setting
- noreplyEmail setting was moved from config file to global settings
- accelerated workflow for all users
These changes do not affect service emails — for example, emails containing links for password change. The logs of sent emails can be found in the logs of background tasks.
In addition, in the new version:
- added context menu in search results
- added LDAP server name in synchronization logs
- fixed problem with spaces in TOTP codes
- fixed issue with auto logout during inactivity
- fixed issue with displaying password path in search results
- fixed errors in logging system and system settings
In the new version of Passwork, we have completely redesigned the System settings. They are now divided into three sections:
- Global — organization settings that determine the operations of most of the Passwork functions
- Default — the values of the settings that will be used if no other custom settings are specified
- Custom — settings that can be set for individual users and roles
Now you can set up different interface languages, configure authorization methods, and enable mandatory two-factor authentication for individual users and roles.
To do this, click "Create a new settings group" in Сustom settings, add users or roles and select your desired settings. The newly created group will be added to the top of the list and will get the highest priority.
The following settings are now available:
- Ability to create organization vaults and private vaults
- Ability to create links to passwords
- Mandatory 2FA
- Time of automatic logout when inactive
- Authorization method (by local password, LDAP password or SSO)
- API usage
- Interface language
We're already working to add new settings.
Custom settings are only available with the advanced license. To get access to the new features — update your Passwork to version 5.2.