Changelog
Follow up on the latest improvements and updates.
RSS
In the new version of the browser extension, we have made it possible to set a mandatory PIN code for all users and improved its protection mechanism against brute-force attacks, we have enhanced the password search algorithm and introduced a number of UI improvements.
Mandatory PIN code
Now administrators can set PIN codes to be mandatory for all users. If no PIN code is set, users will be prompted to create one when they log in to the browser extension.
PIN code protection against brute force attacks
After each failed attempt to enter a PIN code, the input field will be blocked and cleared automatically. After five failed attempts to enter a PIN code, the extension will log a user out and reset the previously entered host address.
Improved password search while autofilling login forms
Password search to autofill login forms will occur across all passwords available to the user, not just the current domain.
Other Improvements
- Added PIN code request in the save password pop-up window
- Added validation of TOTP secret keys when editing passwords
- Made additional empty fields invisible when viewing passwords
- Improved the extension UI
Bug fixes
- Fixed an issue where users could not select actions for shortcuts, it occurred when user vault access rights were lower than Admin
- Fixed an issue where the Save button in the password editing window became inactive after deleting or changing the TOTP key to an incorrect one
- Fixed an issue where the API request to log out of the session could fail while logging out of the extension
- Fixed incorrect display of the Auto-lock field value when the PIN code is not set
- Fixed an issue with duplicate pop-up windows
The browser extension is available for Google Chrome, Apple Safari, Microsoft Edge, and Mozilla Firefox.
new
improved
fixed
Passwork 6.4
In the new version, we have added the option to set a mandatory browser extension PIN code for all users, significantly expanded the list of events displayed in the Activity log, improved working with LDAP group lists, and made it possible for administrators to configure user access rights to password history and notifications related to their changes.
Mandatory extension PIN code
Now administrators have the option to make the browser extension PIN code mandatory for all users. If no PIN code is set, users will be prompted to create one when they log in to the browser extension.
History of actions with passwords
With the new ‘Who can view the history of actions with passwords’ setting, it is possible to grant users (with access levels below Admin) the right to view password history, password editions, and notifications of their changes — these features were previously available only to vault administrators.
Logging of all changes related to settings
Now all changes in the Account settings, User management, LDAP settings, SSO settings, License info, and Background tasks are displayed in the Activity log.
Automatic updating of LDAP group list
sAutomatic updating of LDAP group lists can now be configured on the Groups tab in the LDAP settings. The update is performed through background tasks with a selected time interval.
Other improvements
- Added pop-up notifications when exporting data or moving data to the Bin
- Improved display of dropdown lists on the Activity log page
- Changed time display format of the ‘Automatic logout when inactive’ and ‘Maximum lifetime of the session when inactive’ settings
- Changed the Enabled / Disabled dropdown lists on the System settings and LDAP settings pages with toggles
- Increased minimum length of generated passwords to six characters
Bug fixes
- Fixed an issue in the Password generator where selected characters were sometimes missing in the generated password
- Fixed an issue where local users could not independently recover their account password when an LDAP server was enabled
- Fixed an issue where local users could not register in Passwork when an LDAP server was enabled
- Fixed an issue which occurred after moving a folder with shortcuts to another vault and shortcuts not being displayed in the new vault
- Fixed an issue that occurred when trying to move a shortcut found in search results without opening any vaults right after logging into Passwork
- Fixed an issue that occurred when trying to copy a password found in search results without opening any vaults right after logging into Passwork
- Fixed an issue that occurred when a password was sent to another user and remained on the recipient's Recents and Starred pages after the initial password was moved to the Bin
- Fixed the value in the time field for the ‘API key rotation period (in hours)’ setting which was reset to zero after disabling it
- Fixed incorrect event logging in the Activity log after changing folder permissions
- Fixed incorrect text notification about assigning access rights to a user through a role
- Fixed incorrect tooltip text when hovering over the username of a recently created user
- Fixed incorrect display of long invitation titles
- Removed local registration page when LDAP server is enabled
⚙️ The update is available on the customer portal
new
fixed
Passwork 6.3.10
- Fixed an issue when logged-out users encountered errors while trying to download an attached file via a link to the password
- Fixed an issue that prevented users from downloading attached files via a shortcut as they had no access rights to the initial password
- Fixed an issue that occurred when trying to move a password found in search results without opening any vaults right after logging into Passwork
- Improved overall system security
new
improved
fixed
Browser extension update 2.0.13
In the new version, we have improved the autofill algorithm, modified the PIN code request, and made minor changes to the interface and localization.
Improvements
- Improved the autofill algorithm for single-page login forms
- Updated the Save button which now becomes active only after making changes on the password editing page
- Minor improvements in localization and interface
Bug Fixes
- Fixed an issue with the PIN code in the locked extension which was not always required to run content scripts
- Fixed an issue in the Password generator where selected characters were sometimes missing in the generated password
- Fixed an issue with constant reloading while trying to log in to the extension
The browser extension is available for Google Chrome, Apple Safari, Microsoft Edge, and Mozilla Firefox.
new
improved
fixed
Passwork 6.3.6
Improvements
- Added the option to prevent users from sending passwords with Edit access
- Increased the number of supported TOTP secret key formats
- Added the Cancel changes button in the SSO settings
- Added the path field containing information about the path to the password when exporting in CSV
- Added a mandatory master password request for data export when client-side encryption is enabled
- Removed links to outdated modal windows on the empty vault page
- Improved overall system security
Bug fixes
- Fixed an issue as a result of which the vault name was saved in the folder field when exporting to CSV
- Fixed the incorrect display of the number of passwords in certain folders and vaults during data export
- Fixed an issue with the incorrect sorting of the group list in the LDAP settings
- Fixed an issue with the content search not working correctly for multiline notes
- Fixed an issue which caused the compromise risk warning in the Security dashboard when a user, who obtained vault access through a role, viewed a password
- Fixed an issue which ignored the new parameters of license keys
- Fixed the 2FA reset issue which occurred when the administrator reset the authorization password
We recommend updating Passwork due to security fixes and improvements.
new
improved
fixed
Browser extension update 2.0.11
In the new version, we have updated the manifest to the latest version, improved password search, modified the PIN code storage format, and introduced a number of changes for a smoother user experience.
Improvements
- Modified the PIN code storage format in the local storage
- Added option to search for passwords using keywords, tags, and color tags simultaneously
- Disabled automatic login attempt after autofill to ensure proper functioning with non-standard authentication forms
- Migrated to the Manifest V3 with enhanced security policies and architecture, ensuring more stable and efficient communication between the extension and your browser
- Added automatic closing of the successful authorization message
- Improved performance and security
Bug fixes
- Fixed issue with the search query reset after clicking the Back button on the page with found passwords
- Fixed issue with certain combinations of special characters causing an error when entered in the Exclude characters field of the password generator
The browser extension is available for Google Chrome, Apple Safari, Microsoft Edge, and Mozilla Firefox.
new
improved
fixed
Passwork 6.3.3
Improvements
- Added logging of System settings changes
- Added tooltip in Email service settings indicating that the password has already been saved in the database
- Added tooltip in the hidden vault header indicating that the vault is hidden
- Released security patches
Bug fixes
- Fixed issue when nested folders were still visible in the vault list after hiding their parent vault
- Fixed issue when deleted passwords from the hidden vaults did not appear in the Bin
- Fixed issue when hidden vault couldn’t be made visible through the vault menu
- Fixed issue when open password was not closed while being moved to another directory
Other changes
- Removed external links from email notifications
- Updated icons in the vault menu
new
improved
fixed
Passwork 6.3
In this new version, we have added a feature which makes it possible to grant ordinary users some administrative rights without making them administrators. This option is a response to one of the most frequent requests from our customers. Additionally, we have revamped the hiding of vaults and expanded the features of private vaults.
Administrative rights
(Available with the Advanced license)In this new version, there is no need to make users administrators in order to provide access to specific settings or User management. Now, you can grant users only certain administrative rights and flexibly customize the sections which they can access and modify.
For example, you can allow employees to create new users and view the history of user actions, track settings changes while restricting access to organization vaults and System settings.
Hidden vaults
In the previous versions of Passwork only organization administrators were able to hide vaults. Also, only organization vaults could be hidden. In this new version, all users can hide any vaults. Hiding makes vaults invisible only for the user who choose to do it and does not affect others.
Private vault improvements
Besides hiding private vaults, employees with User management access can now see all vaults which they administer (including private vaults). Private vault administrators can view all events related to their vaults in the Activity log.
Other changes:
- Added logging of changes in the Administrative rights section
- Fixed an issue which prevented users from changing their temporary master password
- Fixed an issue which prevented users from setting the minimum length for authorization and master passwords
- Fixed an issue in User management which made user self-deletion possible
- Minor improvements to the settings interface
new
improved
fixed
Passwork 6.2.2
Improvements
- Added the option which makes it possible to select a type of authorization for new users from LDAP / AD in the synchronization settings
- Added the event of password import to Syslog
- Improved overall system performance
Bug fixes
- Fixed incorrect display of the LDAP user list on the Users tab when mapping a role to a group and performing synchronization in the test mode
- Fixed an issue with the Angular Tooltip directive
- Fixed an issue where some special characters were not accepted when changing the authorization password
new
improved
fixed
Passwork 6.2
This new version introduces the Bin – deleted folders and passwords can now be easily restored. Additional protection from accidental vault deletion and brute force attacks on 2FA has been added, LDAP synchronization has been accelerated, API settings have been improved, and role management errors have been fixed.
Bin
- In the Bin, users can view only deleted items from those vaults where they are administrators
- When restoring deleted folders to their initial directories, user access rights and roles from those folders will also be restored
- If passwords have been sent to users, they will disappear from their “Inbox” when moved to the Bin, the associated links and shortcuts to these passwords will become invalid
- When restored from the Bin, additional access rights to passwords can be restored as well – they will reappear in the “Inbox” section, all associated links and shortcuts will become valid again
- Vaults are deleted without being moved to the Bin
Protection against accidental removal of vault
Now, to confirm the deletion of a vault, its name must be entered. It will be permanently deleted along with all the data contained in it.
Protection against 2FA brute force
Protection against 2FA brute force has been added – after several attempts of entering incorrect 2FA codes, the user will be temporarily blocked. The number of attempts, input interval, and block time are set in the config.ini file.
Other changes
- LDAP synchronization has been accelerated
- Descriptions of parameters and minimum allowed values for API token expiration time and API refresh token expiration time have been added to the API settings section
- Automatic assignment of “Navigation” to parent folders in role management has been fixed
- The issue when a vault administrator could not add roles to a vault and manage their permissions has been fixed
- The issue with showing additional access rights to passwords when moved to another vault has been fixed
Load More
→