Improvements to security and bug fixes:
- increased the number of iterations of the PBKDF algorithm to 300,000
- increased the length of generated master keys for vaults
- implemented Content Security Policies (CSP) in HTML pages for better data protection
- added the feature to use an API refresh token to extend the main API session token
- added the use of an API refresh token in the browser extension and mobile app
- fixed the error related to the changing of the master password in the security panel
- increased overall performance and stability
These changes will be especially relevant if your Passwork uses the client-side encryption mode.
Before updating to Passwork 5.3.0, create a backup of your database to avoid possible data loss.
You can now easily install and update Passwork on Windows Server using our installer.
The installer contains all necessary components for Passwork to work properly, making it suitable for servers without any internet access.
Detailed instructions for using the installer can be found in the “Installation and Updates” section on your portal.
Single-use code login
You can now log in to your portal using a single-use code. You provide your email address → receive a code → enter it → access the portal.
The old method of authorization via magic links is no longer available.
Help center contact
You can now contact our help center directly from the portal.
We have made a number of interface adjustments and added the email display feature for each authorized user.
Passwork Self-Hosted 1.1.3:
- fixed an issue with the period selection slider when generating a password link
- fixed an issue with viewing inbox passwords when encryption is disabled
Passwork 2FA 0.1.6:
- accelerated login confirmation when opening the application
- added a mechanism for data migration between devices using a QR code
- added a new feature to set API key rotation period in system settings
- fixed language selection when installing Passwork
- fixed saving the system setting "Maximum number of substrings to search"
- improved management of personal vaults via API
- optimized LDAP queries with a large number of users
- fixed authorization in LDAP when registration is disabled
- fixed bugs in the import interface
- added tooltips to the user list
- removed unused dialogs and obsolete language strings
- fixed transition from a notification about incoming passwords to the password
New mechanism for sending emails from background tasks:
- email notifications are now sent every 5 minutes using background tasks
- added a master switch to enable/disable email notifications in global setting
- noreplyEmail setting was moved from config file to global settings
- accelerated workflow for all users
These changes do not affect service emails — for example, emails containing links for password change. The logs of sent emails can be found in the logs of background tasks.
In addition, in the new version:
- added context menu in search results
- added LDAP server name in synchronization logs
- fixed problem with spaces in TOTP codes
- fixed issue with auto logout during inactivity
- fixed issue with displaying password path in search results
- fixed errors in logging system and system settings
In the new version of Passwork, we have completely redesigned the System settings. They are now divided into three sections:
- Global — organization settings that determine the operations of most of the Passwork functions
- Default — the values of the settings that will be used if no other custom settings are specified
- Custom — settings that can be set for individual users and roles
Now you can set up different interface languages, configure authorization methods, and enable mandatory two-factor authentication for individual users and roles.
To do this, click "Create a new settings group" in Сustom settings, add users or roles and select your desired settings. The newly created group will be added to the top of the list and will get the highest priority.
The following settings are now available:
- Ability to create organization vaults and private vaults
- Ability to create links to passwords
- Mandatory 2FA
- Time of automatic logout when inactive
- Authorization method (by local password, LDAP password or SSO)
- API usage
- Interface language
We're already working to add new settings.
Custom settings are only available with the advanced license. To get access to the new features — update your Passwork to version 5.2.
Version 5.1.11 with updated design of the import/export windows makes it possible to import data from KeePass in the .XML format, that enables you to keep the original structure of vaults and folders.
- fixed bugs with auto-logout when inactive
- changed API session ID generation method to a more secure one
- fixed syslog entry
- minor improvements to the php_saml library
- browser extension 1.3.6 version support (with localstorage encryption feature, fixes for CVE-2022-42955, CVE-2022-42956)