Version 1.17.9 - 13th November 2023
[Improvement]
- [MANAGEMENT] Improving users deletion
- [GENERAL] Improving errors messages for the SSO connection
- [LOCKPASS] Improving large passwords export
Version 1.17.8 - 6th November 2023
[Bugfix]
- [MANAGEMENT] Bugfix when you try to resend validation link from the Management page where the user in some case doesnt receive the email.
[CVE Corrected]
| stdlib |
CVE-2023-24540 CVE-2023-44487 CVE-2023-39325 CVE-2023-29403 CVE-2023-29400 CVE-2023-24539 CVE-2023-39319 CVE-2023-39318 CVE-2023-29409 CVE-2023-29406 |
CRITICAL |
https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 |
| golang.org/x/net |
CVE-2023-39325 CVE-2023-44487 CVE-2023-3978 |
HIGH |
https://nvd.nist.gov/vuln/detail/CVE-2023-39325 |
| google.golang.org/grpc | CVE-2023-44487 | MEDIUM |
Version 1.17.7 - 30th October 2023
[Improvement]
- [LOCKFILES] Optimizing folder move
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-5363 | MEDIUM |
Version 1.17.6 - 24th October 2023
[Improvement]
- [LOCKTRANSFER] Optimizing performance
- [GENERAL] Optimizing personal export
Version 1.17.5 - 23th October 2023
[Bugfix]
- [MANAGEMENT] Fixed a bug that in certain cases the passage of a moderating user was not possible
Version 1.17.4 - 17th October 2023
[Improvement]
- [LOCKTRANSFER/LOCKFILES] Optimizing performance
- [MANAGEMENT] Optimizing performance when promote a user to moderator and demote a moderator
- [MANAGEMENT] Optimizing performance when delete user
- [GENERAL] SMTP configuration has been improved
[CVE Corrected]
| curl |
CVE-2023-38545 CVE-2023-38546 |
HIGH | |
| libcurl |
CVE-2023-38545 CVE-2023-38546 |
HIGH | |
| nghttp2-libs | CVE-2023-44487 | HIGH |
Version 1.17.3 - 4th October 2023
[Improvement]
- [DASHBOARD] Optimizing SQL requests
- [LOCKTRANSFER/LOCKFILES] Optimizing performances
- [HISTORY] Getting logs has been optimized
Version 1.17.2 - 23th September 2023
[CVE Corrected]
| curl | CVE-2023-38039 | HIGH | |
| libcurl | CVE-2023-38039 | HIGH | |
| libwebp | CVE-2023-4863 | HIGH |
Version 1.17.1 - 11th September 2023
[Improvement]
- [DASHBOARD] Optimizing some resources
- [GENERAL] Improving API documentation
Version 1.17.0 - 31th August 2023
[New feature]
- [GENERAL] Validation pages has been totally reworked
- [LOCKFILES] You can now move a folder
[Improvement]
- [GENERAL] Improving PIN bruteforce
- [LOCKPASS] Optimizing personal export
- [LOCKPASS] Optimizing shared export
Version 1.16.0 - 17th July 2023
[New feature]
- [GENERAL] Adding Dashboard
[Improvement]
- [GENERAL] Adding CSP on the Nginx configuration
- [LOCKTRANSFER] Improving report
- [LOGS] Adding a specific type of log "Moving" when you move a credential
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-2975 | LOW |
Version 1.15.2 - 27th June 2023
[Improvement]
- [GENERAL] Update some Symfony packages
- [GENERAL] Improving forgot password
- [GENERAL] Improving API documentation
- [LOCKFILES] Improving download of big folders
[CVE Corrected]
| libjpeg-turbo | CVE-2023-2804 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-2804 |
Version 1.15.0 - 31th May 2023
[Improvement]
- [GENERAL] API documentation has been reworked
[Bugfix]
- [GENERAL] Forgot password is now working with special character in the email
- [LOCKPASS] Bugfix in favorite categories
- [LOCKPASS] Bugfix in Keeper import
- [LOCKPASS] Bugfix in search by tag
[CVE Corrected]
| curl |
CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 CVE-2023-28320 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-28319 https://avd.aquasec.com/nvd/cve-2023-28321 |
| libcrypto3 | CVE-2023-2650 | MEDIUM | |
| libcurl |
CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 CVE-2023-28320 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-28319 https://avd.aquasec.com/nvd/cve-2023-28321 |
| libssl3 | CVE-2023-2650 | MEDIUM | |
| libwebp | CVE-2023-1999 | HIGH | |
| ncurses-libs | CVE-2023-29491 | HIGH | |
| openssl | CVE-2023-2650 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-2650 |
Version 1.14.3 - 09th May 2023
[Bugfix]
- [LOCKPASS] Bugfix in password strenght
Version 1.14.2 - 25th April 2023
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-1255 | MEDIUM | |
| guzzlehttp/psr7 | CVE-2023-29197 | MEDIUM |
[Bugfix]
- [GENERAL] Bugfix in organization import
Version 1.14.1 - 12th April 2023
[CVE Corrected]
| libxml2 |
CVE-2023-28484 CVE-2023-29469 |
MEDIUM |
Version 1.14.0 - 27th March 2023
[New feature]
- [GENERAL] Administrators can now export users list
[Improvement]
- [LOCKPASS] Optimizing tag's search
[Bugfix]
- [LOCKFILES] Bugfix when you want to move a file in personal folder
- [LOCKFILES] Bugfix in personnal options inheritance
[CVE Corrected]
| curl |
CVE-2023-27535 CVE-2023-27533 CVE-2023-27534 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-27535 https://avd.aquasec.com/nvd/cve-2023-27533 https://avd.aquasec.com/nvd/cve-2023-27534 https://avd.aquasec.com/nvd/cve-2023-27536 |
| libcrypto3 | CVE-2023-0464 | MEDIUM | |
| libcurl |
CVE-2023-27535 CVE-2023-27533 CVE-2023-27534 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 |
LOW |
https://avd.aquasec.com/nvd/cve-2023-27535 https://avd.aquasec.com/nvd/cve-2023-27533 https://avd.aquasec.com/nvd/cve-2023-27534 https://avd.aquasec.com/nvd/cve-2023-27536 |
| libssl3 | CVE-2023-0464 | MEDIUM | |
| tiff | CVE-2022-3970 | HIGH | |
| CairoSVG | CVE-2023-27586 | CRITICAL | |
| knplabs/knp-snappy | CVE-2023-28115 | CRITICAL | https://avd.aquasec.com/nvd/cve-2023-28115 |
Version 1.13.6 - 01 March 2023
[CVE Corrected]
| api-platform/core | CVE-2023-25575 | HIGH |
Version 1.13.5 - 27th February 2023
[Bugfix]
- [LOCKPASS] Bugfix on password monitor usage
- [WHITEMARK] Updating banner is working now
Version 1.13.4 - 21th February 2023
[Bugfix]
- [EMAIL] Bugfix on customers banner
[CVE Corrected]
| curl |
CVE-2023-23916 CVE-2023-23914 CVE-2023-23915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-23916 |
| libcurl |
CVE-2023-23916 CVE-2023-23914 CVE-2023-23915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-23916 |
| tar | CVE-2022-48303 | HIGH |
Version 1.13.3 - 11th February 2023
[Improvement]
- [LOCKPASS] You cannot create two categories with the same name on your personnal categories
[Bugfix]
- [IMPORT] Bugfix in users import
- [LOCKFILES] Bugfix when you want to download a large number of files
- [MANAGEMENT] Bugfix on some users report
- [EXPORT] Passwords global export can now be opened by every zip tools
[CVE Corrected]
- Some security fixes
| symfony/http-kernel | CVE-2022-24894 | MEDIUM | https://avd.aquasec.com/nvd/cve-2022-24894 |
| symfony/security-bundle | CVE-2022-24895 | LOW | https://avd.aquasec.com/nvd/cve-2022-24895 |
Version 1.13.2 - 3rd February 2023
[Bugfix]
- [LOCKFILES] Groups appears correctly on the folders
- [GENERAL] Bugfix for self signed SMTP
Version 1.13.1 - 26th January 2023
[Improvement]
- [MANAGEMENT] Improving global export
- [LOCKPASS] Improving Dashlane import
[CVE Corrected]
| pkgconf | CVE-2023-24056 | UNKNOWN |
https://avd.aquasec.com/nvd/cve-2023-24056 |
| cakephp/database |
CVE-2023-22727 |
CRITICAL |
https://avd.aquasec.com/nvd/cve-2023-22727 |
Version 1.13.0 - 16th January 2023
[New feature]
- [GENERAL] Updating PHP to PHP8.2
- [GENERAL] Updating Symfony to Symfony 5.4
- [GENERAL] Updating Nginx to Nginx to Nginx 1.23.3
Version 1.12.0 - 05th January 2023
[New feature]
- [LOCKPASS] You can now export all the shared passwords with associate files in a ZIP
Version 1.11.0 - 26th December 2022
Technical version
Version 1.10.9 - 12th December 2022
[CVE Corrected]
| python3 | CVE-2022-37454 | CRITICAL |
| python3 |
CVE-2022-42919 CVE-2022-45061 |
HIGH |
Version 1.10.8 - 6th December 2022
[Bugfix]
- [LOCKPASS] Bugfix for categories creation in some cases
Version 1.10.7 - 29th November 2022
[Improvement]
- [LOCKPASS] Optimizing auto detection for the browser extension
Version 1.10.6 - 24th November 2022
[Improvement]
- [LOCKPASS - TECH ONLY] Improving categories entity migration
Version 1.10.5 - 21th November 2022
[Improvement]
- [LOCKPASS - TECH ONLY] Migration of categories entity
Version 1.10.4 - 16th November 2022
[Improvement]
- [LOCKPASS] Improving Lastpass import
[CVE Corrected]
| pixman | CVE-2022-44638 | HIGH | https://avd.aquasec.com/nvd/cve-2022-44638 |
Version 1.10.3 - 28th October 2022
[Improvement]
- [LOCKTRANSFER] Managing language translations on external pages in iOS / Android
[CVE Corrected]
| curl |
CVE-2022-32221 CVE-2022-42916 CVE-2022-42915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-32221 https://avd.aquasec.com/nvd/cve-2022-42915 https://avd.aquasec.com/nvd/cve-2022-42916 |
| dbus-libs |
CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-42010 https://avd.aquasec.com/nvd/cve-2022-42011 https://avd.aquasec.com/nvd/cve-2022-42012 |
| expat |
CVE-2022-40674 CVE-2022-43680 |
CRITICAL |
https://avd.aquasec.com/nvd/cve-2022-40674 https://avd.aquasec.com/nvd/cve-2022-43680 |
| libcurl |
CVE-2022-32221 CVE-2022-42915 CVE-2022-42916 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-32221 https://avd.aquasec.com/nvd/cve-2022-42915 https://avd.aquasec.com/nvd/cve-2022-42916 |
| libxml2 |
CVE-2022-40303 CVE-2022-40304 |
HIGH |
https://avd.aquasec.com/nvd/cve-2022-40303 https://avd.aquasec.com/nvd/cve-2022-40304 |
| twig/twig | CVE-2022-39261 | HIGH | https://avd.aquasec.com/nvd/cve-2022-39261 |
Version 1.10.2 - 24th October 2022
Technical version
Version 1.10.1 - 20th October 2022
Technical version
Version 1.10.0 - 17th October 2022
[New feature]
- [LOCKPASS] You now have an option on the categories to allow passwords deletion
[Improvement]
- [HISTORY] You can now export logs for a given duration
- [GENERAL] Improving file upload time
- [LOCKTRANSFER] You can now compartmentalize or decompartmentalize an existing deposit box
Version 1.9.1 - 19th september 2022
[Bugfix]
- [LOCKFILES] Bugfix in personnal file rename
- [MANAGEMENT] Bugfix in user report
Version 1.9.0 - 12th september 2022
[New feature]
- [LOCKPASS / LOCKFILES] You can now download report for a LockPass category or LockFiles folder
- [MANAGEMENT] You can now import a list of groups
[Improvement]
- [LOCKFILES] Rename uploaded file by adding (X) at the end if this upload as the same name than an other
Version 1.8.1 - 5th september 2022
[Improvement]
- [LOCKPASS] You can add multiple URL in a credential using "|"
[Bugfix]
- [LOCKPASS] Bugfix in monitoring usage for some passwords
- [LOCKFILES] Bugfix when you're trying to move a file from your personal root directory
Version 1.8.0 - 25th August 2022
[New feature]
- [GENERAL] You can now manage SSO configuration if the option is enable
[Bugfix]
- [LOCKTRANSFER] Bugfix for some transfers reports
Version 1.7.1 - 18th August 2022
[New feature]
- [MANAGEMENT] You can now sort the users
- [LOCKFILES] Directories are now shown when doing a search
Version 1.7.0 - 29th July 2022
[New feature]
- [GENERAL] Administrators and moderators will receive an email to know which users activate their account
- [LOCKPASS] You will now receive an email when a category expired
[Improvement]
- [LOCKPASS] When you monitor usage of a password, you know if the password is use or modify
- [LOCKTRANSFER] Users are sorted in the deposit boxes
Version 1.6.3 - 18th July 2022
[Bugfix]
- [LOCKTRANSFER] Transfers protected by password can be create without email
Version 1.6.2 - 15th July 2022
[Improvement]
- [GENERAL] You can configure your SMTP connection directly from the application if the option is available for your installation
- [GENERAL] Autocompletion in the application is improved
- [MANAGEMENT] Provider users can now be administrator and moderator
[Bugfix]
- [LOCKTRANSFER] Shared emails are been notified in the reports
- [LOCKPASS] You cannot modify name of a main category if it already exist
- [LOCKPASS] You cannot import a category if the expiration date is past
[CVE Corrected]
| guzzlehttp/guzzle | CVE-2022-29248 CVE-2022-31042 CVE-2022-31043 CVE-2022-31091 CVE-2022-31090 |
HIGH | avd.aquasec.com/nvd/cve-2022-29248 avd.aquasec.com/nvd/cve-2022-31042 avd.aquasec.com/nvd/cve-2022-31043 avd.aquasec.com/nvd/cve-2022-31091 avd.aquasec.com/nvd/cve-2022-31090 |
Version 1.6.1 - 27th June 2022
[Improvement]
- [LOCKTRANSFER] Improving report for multiples transfers
- [MANAGEMENT] Improving users report
[Bugfix]
- [LOCKPASS] Bugfix in category creation by an API user
[CVE Corrected]
| libpcre2-16 |
CVE-2022-1586 CVE-2022-1587 |
CRITICAL |
avd.aquasec.com/nvd/cve-2022-1586 avd.aquasec.com/nvd/cve-2022-1587 |
Version 1.6.0 - 30th May 2022
[New feature]
- [GENERAL] Applicative logs can be retrieve by syslog for premium customers
- [GENERAL] When an account is locked after 10 connexion attempt, the administrator will now receive an email
[Bugfix]
- [MANAGEMENT] Bugfix when you try to delete a group in some case
- [LOCKFILES] Email is correctly insert in history when a user download a file
Version 1.5.2 - 25th Apr 2022
[Improvement]
- [MANAGEMENT] User report can be get in English
- [LOCKPASS] A category manager cannot self remove
Version 1.5.1 - 3th Apr 2022
[Global]
- Upgrade MariaDB. Version 10.6.7.
[Improvement]
- [GENERAL] Category manager can now use autocompletion
[Bugfix]
- [LOCKPASS] Bugfix in tags when a password is modified
- [LOCKTRANSFER] Bugfix in large deposit box reports
[CVE Corrected]
| Library | Vulnerability ID | Severity | URL |
| zlib | CVE-2018-25032 | High | avd.aquasec.com/nvd/cve-2018-25032 |
Version 1.5.0 - 20th Mar 2022
[Improvement]
- [GENERAL] UPN is now supported
- [LOCKPASS] You will no longer recover ownership of a password when you change it
- [LOCKTRANSFER / LOCKFILES] Files size has been added for actions in the history tab
[Bugfix]
- [GENERAL] Bugfix in user account password change
- [GENERAL] Timeout bugfix in organization import
- [LOCKPASS] Simple users can now download file in LockPass, even if they are not owner
- [LOCKPASS] Bugfix when you delete a lot of passwords at the same time
- [LOCKPASS] Bugfix in tags search
[CVE Corrected]
| Library | Vulnerability ID | Severity | URL |
| expat | CVE-2022-25235 | Critical | avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | Critical | avd.aquasec.com/nvd/cve-2022-25236 | |
| CVE-2022-25315 | Critical | avd.aquasec.com/nvd/cve-2022-25315 | |
| CVE-2022-25314 | High | avd.aquasec.com/nvd/cve-2022-25314 | |
| CVE-2022-25313 | Medium | avd.aquasec.com/nvd/cve-2022-25313 | |
| libblkid | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libcrypto1.1 | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libmount | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libretls | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libssl1.1 | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libuuid | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libxml2 | CVE-2022-23308 | High | avd.aquasec.com/nvd/cve-2022-23308 |
| libxslt | CVE-2021-30560 | High | avd.aquasec.com/nvd/cve-2021-30560 |
| openssl | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| py3-pillow | Critical | avd.aquasec.com/nvd/cve-2022-22817 | |
| Medium | avd.aquasec.com/nvd/cve-2022-24303 |
Version 1.4.3 - 11th Feb 2022
[Global]
- Upgrade MariaDB. Version 10.6.5.
[Improvement]
- Category has added in logs for the passwords actions
- Log has been added when you delete a user
- Log has been added when you export the logs
[Bugfix]
- Bugfix on the report generation for LockTransfer
- Bugfix on the search in LockFiles
- Bugfix on Firefox import
Version 1.4.2 - 24th Jan 2022
[New feature]
- More informations are loged for the SSO connection
[Improvement]
- Dashlane's import has been modified with the new one
[CVE Corrected]
Version 1.4.1 - 10th Jan 2022
[Improvement]
- Methods for search and decrypt password has been improved
Version 1.4.0 - 06th Jan 2022
[Global]
- Alpine version has been updated to 3.15.0
- Nginx version has been updated to 1.21.5
- The entire configuration of Nginx and PHP-FPM has been optimized.
Version 1.3.1 - 17th Nov 2021
[Bugfix]
- Buttons on the new extension popup has been switched. The first button copy the login. The second copy the password.
- Switching organisation's administrator.
Version 1.3.0 - 16th Nov 2021
[Global]
- A new license system comes with this version. You can now upsell and crossell directly from your application (if you are migrated on the new mechanism)
[New feature]
- All imports return a CSV file with errors if the file contains any
[Improvement]
- System logs has been reviewed to clean them and add some informations
[Bugfix]
- Tags are been added when you create a password
- Rework the LastPass import after they has changed they export
- Bugfix with categories searching for a user who is in the category via a group
Version 1.2.1 - 28th Oct 2021
[Improvement]
- Environment variable APP_DEBUG now add more debug logs (like SMTP or SSO)
- Application logs has been reviewed to add some informations
Version 1.2.0 - 21th Oct 2021
[New feature]
- You can now delete sub organizations
[Bugfix]
- Bugfix for Firefox password import
- Files name are correctly decoded for a search in LockFiles
Version 1.1.0 - 13th Oct 2021
[Improvement]
- You can now retrieve the LockPass categories when you're doing a search
Version 1.0.32 - 27th Sep 2021
[Global]
- Upgrade Nginx. Version 1.21.3
- Upgrade MariaDB. Version 10.6.4
[Improvement]
- LockPass requests are now asynchronous
- The "see more" feature has been improve on all products
- Switch from password policy id to password policy name in categories import
[Bugfix]
- Bugfix when a user tried to download a folder in personnal folder
- Bugfix when a simple user tried to delete a file from a password - Even if he has the right to modify the password
- When a user move a password in another category, files keep the links
[CVE Corrected]
| Status | CVE Severity | Package | CVE Description |
|---|---|---|---|
| Unapproved | Medium CVE-2021-33560 | libgcrypt | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560 |
Mise à jour