Version 1.26.13 - 31th March 2025
[Bugfix]
- [SIE] Fixed KDBX import of multiple line feeds
- [DASHBOARD] Bug fix, in some cases, the data about storage was not updated
- [SSH] Bug fix, SSH key modification no longer worked
- [LOCKTRANSFER] Bug fix, transferring a single file, the description was no longer sent in the email
- [LOCKTRANSFER] Bug fix, in somes cases, the file repository did not work
Version 1.26.12- 17th March 2025
[CVE]
| libexpat | CVE-2024-8176 | HIGH | https://avd.aquasec.com/nvd/ |
Version 1.26.11 - 13th March 2025
[Bugfix]
- [LOCKPASS] Sub-category navigation was no longer usable
Version 1.26.10 - 12th March 2025
[Bugfix]
- [SIE] Bug fix, the OTP key of Dashlane imports has been modified
- [LOGIN] Bug fix, in some cases the bruteforce system did not correctly take into account the release time
Version 1.26.9 - 11th March 2025
[CVE]
| libxml2 | CVE-2024-56171 | HIGH | https://avd.aquasec.com/nvd/cve-2024-56171 |
| libxml2 | CVE-2024-8096 | HIGH | https://avd.aquasec.com/nvd/cve-2025-24928 |
Version 1.26.8 - 5th March 2025
[Bugfix]
- [LICENCE] Bug fix, New licenses from Firefox did not work on subscription
Version 1.26.7 - 4th March 2025
[Bugfix]
- [LICENCE] Bug fix of an error returned by the database during renewal
Version 1.26.6 - 3rd March 2025
[Bugfix]
- [LICENSE] Bug fix, in some cases, renewing a license caused an error
Version 1.26.5 - 27th February 2025
[Bugfix]
- [MANAGEMENT] Local SSO password removal improved in access rights
- [INFRASTRUCTURE] It is possible to modify the deletion of data on your disk between one and thirty days
- [TRASH] Bugfix, in some cases, an error occurred when deleting an entry from the recycle garbage can
- [SMTP] Bugfix, in some cases, it was not possible to save SMTP data when credentials were empty
- [SIE] Bugfix, during export, some specious characters were incorrectly exported
- [SIE] Bugfix, durint KDBX import, line breaks were incorrectly imported
Version 1.26.4 - 18th February 2025
[Bugfix]
- [DATABASE] Correction of a data migration
- [WHITEMARK] Bugfix, the square logo format would not save
- [SSH] Bugfix, in some cases, creating SSH access did not work
- [DASHBOARD] Bugfix, some data calculations have been optimised
Version 1.26.3 - 30th January 2025
[Bugfix]
- [LOCKFILES] Groups from the directory were not usable in some cases
Version 1.26.2 - 15th January 2025
[Bugfix]
- [SIE] Bugfix, Import firefox, the name field was automatically filled in with the url associated with the password
[CVE]
| curl | CVE-2024-11053 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-11053 |
| curl | CVE-2024-8096 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-8096 |
| curl | CVE-2024-9681 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-9681 |
| curl | CVE-2024-11053 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-11053 |
| curl | CVE-2024-8096 | MEDIUM | |
| curl | CVE-2024-9681 | MEDIUM |
Version 1.26.1 - 9th January 2025
[Bugfix]
- [MANAGEMENT] Bugfix, moving a user was no longer possible
- [SIE] Bugfix, user managers could not apply any changes to imported passwords
- [SIE] Bugfix, some special characters were not imported
[Improvement]
- [LOCKTRANSFER] Improved performance when downloading attachments in the deposit boxes
Version 1.26.0 - 27th December 2024
[New feature]
- [LOCKTRANSFER] Possibility of creating deposit boxes without a user
[Bugfix]
- [LOCKTRANSFER] Bugfix, fix email content linked to deposit boxes
Version 1.25.14 - 16th December 2024
[Bugfix]
- [MANAGEMENT] Added security to administrator password
- [MANAGEMENT] Added security before deleting an API user
Version 1.25.13 - 10th December 2024
[Bugfix]
- [LOCKPASS] Bugfix, updating a credential was impossible in some cases
Version 1.25.12 - 6th December 2024
[Bugfix]
- [LOCKPASS] Add support for OTP tokens with space in a credential
Version 1.25.11 - 5th December 2024
[Bugfix]
- [OPTIONS] Bugfix SMTP, in some cases SMTP errors were blocking the sending of mail
- [SIE] Add support for line breaks in the KDBX import format
Version 1.25.10 - 28th November 2024
[Bugfix]
- [POC] Bugfix translation error
Version 1.25.9 - 27th November 2024
[Bugfix]
- [POC] Bugfix error when selecting the activity sector
Version 1.25.8 - 26th November 2024
[Bugfix]
- [MANAGEMENT] Bugfix error when deleting a sub-organisation in some cases
Version 1.25.7 - 26th November 2024
[Bugfix]
- [OPTIONS] Bugfix Block by IP option did not add the user's ip and blocked it automatically
- [SETTINGS] User export returns ‘No Connection’ instead of 01/01/1970
Version 1.25.6 - 14th November 2024
[Bugfix]
- [SIE] Bugfix Bitwarden import, categories were incorrectly imported in some cases
[CVE]
| libexpat | CVE-2024-50602 | MEDIUM | |
| symfony/http-client | CVE-2024-50342 | LOW | |
| symfony/http-foundation | CVE-2024-50345 | LOW | |
| symfony/process | CVE-2024-51736 | HIGH | |
| symfony/security-http | CVE-2024-51996 | HIGH | |
| symfony/validator | CVE-2024-50343 | LOW | |
| twig/twig | CVE-2024-51754 | LOW | |
| twig/twig | CVE-2024-51755 | LOW |
Version 1.25.5 - 12th November 2024
[Bugfix]
- [MANAGEMENT] Bugfix adding a user to a group did not work in some cases
Version 1.25.4 - 8th November 2024
[Bugfix]
- Database deployment fixes
Version 1.25.3 - 7th November 2024
[Bugfix]
- [SIE] Bugfix tags can be imported using commas or semicolons to separate them
- [SIE] Bugfix KBDX and keexpass XC import, categories were incorrectly imported in some cases
Version 1.25.2 - 6th November 2024
[Bugfix]
- [SIE] Bugfix keepass import not working
Version 1.25.1 - 28th October 2024
[Bugfix]
- [SIE] Bugfix import of tags not working
[Improvement]
- [SIE] Optimising performance when importing large volumes of passwords
Version 1.25.0 - 24th October 2024
[New feature]
- [SIE] Optimisation of the password import system for the various platforms
[Bugfix]
- [Management] Bugfix on creation of a sub-organization
Version 1.24.2 - 15th October 2024
[Bugfix]
- [Subscription] Bugfix on POC subscription
Version 1.24.1 - 14th October 2024
[Bugfix]
- [Subscription] Bugfix on license subscription
Version 1.24.0 - 11th October 2024
[New feature]
- You can add a prefix to filter company groups users
[Bugfix]
- [BIN] Bugfix for deleting an entry in the bin
Version 1.23.12 - 09th October 2024
[Bugfix]
- [LOCKPASS] Bugfix in the management of attached files
[CVE]
| libexpat |
CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 |
CRITICAL |
https://avd.aquasec.com/nvd/cve-2024-45490 |
Version 1.23.10 - 03th October 2024
[CVE]
| python3 |
CVE-2024-6232 CVE-2024-7592 CVE-2023-27043 CVE-2024-6923 CVE-2024-4032 CVE-2015-2104 |
HIGH |
https://avd.aquasec.com/nvd/cve-2024-6232 https://avd.aquasec.com/nvd/cve-2024-7592 https://avd.aquasec.com/nvd/cve-2023-27043 https://avd.aquasec.com/nvd/cve-2024-6923 https://avd.aquasec.com/nvd/cve-2024-4032 https://avd.aquasec.com/nvd/cve-2015-2104
|
| python3-pyc |
CVE-2024-6232 CVE-2024-7592 CVE-2023-27043 CVE-2024-6923 CVE-2024-4032 CVE-2015-2104 |
HIGH |
https://avd.aquasec.com/nvd/cve-2024-6232 https://avd.aquasec.com/nvd/cve-2024-7592 https://avd.aquasec.com/nvd/cve-2023-27043 https://avd.aquasec.com/nvd/cve-2024-6923 |
| python3-pycache-pyc0 |
CVE-2024-6232 CVE-2024-7592 CVE-2023-27043 CVE-2024-6923 CVE-2024-4032 CVE-2015-2104 |
HIGH |
https://avd.aquasec.com/nvd/cve-2024-6232 https://avd.aquasec.com/nvd/cve-2024-7592 https://avd.aquasec.com/nvd/cve-2023-27043 https://avd.aquasec.com/nvd/cve-2024-6923 |
Version 1.23.8 - 17th September 2024
[Improvement]
- [OUTLOOK] Entirely rework of the extension
Version 1.23.5 - 03th September 2024
[Improvement]
- [GENERAL] Improving user creation email
- [HISTORY] Improving search
Version 1.23.2 - 23th August 2024
[Bugfix]
- [LOCKTRANSFER] Deposit box manager can now add other manager
- [MANAGEMENT] You can now delete empty directory groups
Version 1.23.0 - 14th August 2024
[New feature]
- [GENERAL] Options. You can now manage multiple options depending on the usage of LockSelf.
Version 1.22.10 - 09th July 2024
[Improvement]
- [LOCKFILES] Improving folders move
[Bugfix]
- [LOCKPASS] Bugfix when you tried to download a category report
[CVE]
| libcrypto3 |
CVE-2024-4741 CVE-2024-5535 |
MEDIUM | |
| libssl3 |
CVE-2024-4741 CVE-2024-5535 |
MEDIUM | |
| openssl |
CVE-2024-4741 CVE-2024-5535 |
MEDIUM |
Version 1.22.8 - 26th June 2024
[Improvement]
- [LOCKPASS] Improving KDBX import
Version 1.22.7 - 24th June 2024
[Bugfix]
- [LOCKPASS] Bugfix when you try to add a category with the same name at the same place
Version 1.22.6 - 20th June 2024
[Improvement]
- [MANAGEMENT] Improving the moderator -> user feature
Version 1.22.5 - 19th June 2024
[Bugfix]
- [LOCKPASS] Bugfix when administrator wanted to download a category report
Version 1.22.4 - 17th June 2024
[Improvement]
- [MFA] Improving MFA enrollment
Version 1.22.3 - 12th June 2024
[Bugfix]
- [API] Bugfix where in some case an API user couldn't create a password
Version 1.22.1 - 10th June 2024
[Improvement]
- [LOCKPASS] Improving categories deletion
Version 1.22.0 - 03th June 2024
[New feature]
- [LOCKPASS] You can now open a SSH connexion directly from LockPass. Accessible only in private cloud.
Version 1.21.10 - 24th May 2024
[Bugfix]
- [LOCKPASS] Bugfix when a category manager want to create a new category
- [MANAGEMENT] Bugfix when you want to add a user in a group in some cases
Version 1.21.6 - 13th May 2024
[New Improvement]
- [LOCKPASS] Improving LockPass navigation
- [API DOC] Rewriting some methods
Version 1.21.0 - 07th May 2024
[New feature]
- [GENERAL] You can now add a MFA token for your standard connection
Version 1.20.25 - 03th May 2024
[Improvement]
- [IMPORT] You can now import your passwords throught the KDBX format
Version 1.20.24 - 02th May 2024
[Improvement]
- [LOCKPASS] Optimizing categories navigation
Version 1.20.23 - 30th April 2024
[Improvement]
- [LOCKPASS] You can now get the property of all passwords in a category
- [DASHBOARD] You can now export inactive users from the dashboard
Version 1.20.22 - 25th April 2024
[Improvement]
- [LOCKPASS] Optimizing categories navigation
- [EXPORT] Optimizing credentials' global export
Version 1.20.21 - 09th April 2024
[CVE]
|
libcrypto3 libssl3 openssl |
CVE-2024-2511 | LOW |
Version 1.20.20 - 04th April 2024
[Bugfix]
- [LOCKPASS] Bugfix in categories search
Version 1.20.17 - 28th March 2024
[Improvement]
- [LOCKFILES] Improving folder move
- [GENERAL] Account creation with a "+" is now accepted
[Bugfix]
- [EXPORT] Bugfix encodage for password export
Version 1.20.15 - 25th March 2024
[Improvement]
- [GENERAL] Improving users' disconnection
[Bugfix]
- [IMPORT] Bugfix for Edge password import
Version 1.20.15 - 19th March 2024
[CVE]
| libexpat | CVE-2024-28757 | HIGH |
Version 1.20.13 - 14th March 2024
[Bugfix]
- [LOCKTRANSFER] Bugfix for some deposit boxes where external users cannot saw files
Version 1.20.11 - 11th March 2024
[Bugfix]
- [GENERAL] Bugfix when some users tried to renew there license
Version 1.20.10 - 04th March 2024
[Improvement]
- [INTERCO AD] Improving users deletion
Version 1.20.9 - 19th February 2024
[CVE Corrected]
| libxml2 | CVE-2024-25062 | HIGH |
Version 1.20.7 - 09th February 2024
[Improvement]
- [LOCKPASS] Improving categories users deletion
- [LOCKFILES] You can now click directly on a folder when you're doing a search
- [LOCKFILES] Optimizing folder deletion
- [GENERAL] Moderators can now modify the whitemark
[Bugfix]
- [LOCKTRANSFER] Bugfix in some deposit box report
Version 1.20.1 - 24th January 2024
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-6237 | MEDIUM | |
| sqlite-libs | CVE-2023-7104 | HIGH |
Version 1.20.0 - 22th January 2024
[Improvement]
- [MANAGEMENT] Improving users deletion
- [MANAGEMENT] Improving users upgrade
[Bugfix]
- [LOCKPASS] Bugfix for passwords duplication in some cases
Version 1.19.0 - 08th January 2024
[Improvement]
- [GENERAL] You can now have one whitemark per organization
Version 1.18.1 - 03th December 2023
[Bugfix]
- [MANAGEMENT] Bugfix when you tried to create an API user with an expiration date
Version 1.18.0 - 30th November 2023
[Improvement]
- [LOCKPASS] Complete rework of the way passwords are shared during AD synchronization
Version 1.17.9 - 13th November 2023
[Improvement]
- [MANAGEMENT] Improving users deletion
- [GENERAL] Improving errors messages for the SSO connection
- [LOCKPASS] Improving large passwords export
Version 1.17.8 - 6th November 2023
[Bugfix]
- [MANAGEMENT] Bugfix when you try to resend validation link from the Management page where the user in some case doesnt receive the email.
[CVE Corrected]
| stdlib |
CVE-2023-24540 CVE-2023-44487 CVE-2023-39325 CVE-2023-29403 CVE-2023-29400 CVE-2023-24539 CVE-2023-39319 CVE-2023-39318 CVE-2023-29409 CVE-2023-29406 |
CRITICAL |
https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 |
| golang.org/x/net |
CVE-2023-39325 CVE-2023-44487 CVE-2023-3978 |
HIGH |
https://nvd.nist.gov/vuln/detail/CVE-2023-39325 |
| google.golang.org/grpc | CVE-2023-44487 | MEDIUM |
Version 1.17.7 - 30th October 2023
[Improvement]
- [LOCKFILES] Optimizing folder move
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-5363 | MEDIUM |
Version 1.17.6 - 24th October 2023
[Improvement]
- [LOCKTRANSFER] Optimizing performance
- [GENERAL] Optimizing personal export
Version 1.17.5 - 23th October 2023
[Bugfix]
- [MANAGEMENT] Fixed a bug that in certain cases the passage of a moderating user was not possible
Version 1.17.4 - 17th October 2023
[Improvement]
- [LOCKTRANSFER/LOCKFILES] Optimizing performance
- [MANAGEMENT] Optimizing performance when promote a user to moderator and demote a moderator
- [MANAGEMENT] Optimizing performance when delete user
- [GENERAL] SMTP configuration has been improved
[CVE Corrected]
| curl |
CVE-2023-38545 CVE-2023-38546 |
HIGH | |
| libcurl |
CVE-2023-38545 CVE-2023-38546 |
HIGH | |
| nghttp2-libs | CVE-2023-44487 | HIGH |
Version 1.17.3 - 4th October 2023
[Improvement]
- [DASHBOARD] Optimizing SQL requests
- [LOCKTRANSFER/LOCKFILES] Optimizing performances
- [HISTORY] Getting logs has been optimized
Version 1.17.2 - 23th September 2023
[CVE Corrected]
| curl | CVE-2023-38039 | HIGH | |
| libcurl | CVE-2023-38039 | HIGH | |
| libwebp | CVE-2023-4863 | HIGH |
Version 1.17.1 - 11th September 2023
[Improvement]
- [DASHBOARD] Optimizing some resources
- [GENERAL] Improving API documentation
Version 1.17.0 - 31th August 2023
[New feature]
- [GENERAL] Validation pages has been totally reworked
- [LOCKFILES] You can now move a folder
[Improvement]
- [GENERAL] Improving PIN bruteforce
- [LOCKPASS] Optimizing personal export
- [LOCKPASS] Optimizing shared export
Version 1.16.0 - 17th July 2023
[New feature]
- [GENERAL] Adding Dashboard
[Improvement]
- [GENERAL] Adding CSP on the Nginx configuration
- [LOCKTRANSFER] Improving report
- [LOGS] Adding a specific type of log "Moving" when you move a credential
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-2975 | LOW |
Version 1.15.2 - 27th June 2023
[Improvement]
- [GENERAL] Update some Symfony packages
- [GENERAL] Improving forgot password
- [GENERAL] Improving API documentation
- [LOCKFILES] Improving download of big folders
[CVE Corrected]
| libjpeg-turbo | CVE-2023-2804 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-2804 |
Version 1.15.0 - 31th May 2023
[Improvement]
- [GENERAL] API documentation has been reworked
[Bugfix]
- [GENERAL] Forgot password is now working with special character in the email
- [LOCKPASS] Bugfix in favorite categories
- [LOCKPASS] Bugfix in Keeper import
- [LOCKPASS] Bugfix in search by tag
[CVE Corrected]
| curl |
CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 CVE-2023-28320 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-28319 https://avd.aquasec.com/nvd/cve-2023-28321 |
| libcrypto3 | CVE-2023-2650 | MEDIUM | |
| libcurl |
CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 CVE-2023-28320 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-28319 https://avd.aquasec.com/nvd/cve-2023-28321 |
| libssl3 | CVE-2023-2650 | MEDIUM | |
| libwebp | CVE-2023-1999 | HIGH | |
| ncurses-libs | CVE-2023-29491 | HIGH | |
| openssl | CVE-2023-2650 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-2650 |
Version 1.14.3 - 09th May 2023
[Bugfix]
- [LOCKPASS] Bugfix in password strenght
Version 1.14.2 - 25th April 2023
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-1255 | MEDIUM | |
| guzzlehttp/psr7 | CVE-2023-29197 | MEDIUM |
[Bugfix]
- [GENERAL] Bugfix in organization import
Version 1.14.1 - 12th April 2023
[CVE Corrected]
| libxml2 |
CVE-2023-28484 CVE-2023-29469 |
MEDIUM |
Version 1.14.0 - 27th March 2023
[New feature]
- [GENERAL] Administrators can now export users list
[Improvement]
- [LOCKPASS] Optimizing tag's search
[Bugfix]
- [LOCKFILES] Bugfix when you want to move a file in personal folder
- [LOCKFILES] Bugfix in personnal options inheritance
[CVE Corrected]
| curl |
CVE-2023-27535 CVE-2023-27533 CVE-2023-27534 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-27535 https://avd.aquasec.com/nvd/cve-2023-27533 https://avd.aquasec.com/nvd/cve-2023-27534 https://avd.aquasec.com/nvd/cve-2023-27536 |
| libcrypto3 | CVE-2023-0464 | MEDIUM | |
| libcurl |
CVE-2023-27535 CVE-2023-27533 CVE-2023-27534 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 |
LOW |
https://avd.aquasec.com/nvd/cve-2023-27535 https://avd.aquasec.com/nvd/cve-2023-27533 https://avd.aquasec.com/nvd/cve-2023-27534 https://avd.aquasec.com/nvd/cve-2023-27536 |
| libssl3 | CVE-2023-0464 | MEDIUM | |
| tiff | CVE-2022-3970 | HIGH | |
| CairoSVG | CVE-2023-27586 | CRITICAL | |
| knplabs/knp-snappy | CVE-2023-28115 | CRITICAL | https://avd.aquasec.com/nvd/cve-2023-28115 |
Version 1.13.6 - 01 March 2023
[CVE Corrected]
| api-platform/core | CVE-2023-25575 | HIGH |
Version 1.13.5 - 27th February 2023
[Bugfix]
- [LOCKPASS] Bugfix on password monitor usage
- [WHITEMARK] Updating banner is working now
Version 1.13.4 - 21th February 2023
[Bugfix]
- [EMAIL] Bugfix on customers banner
[CVE Corrected]
| curl |
CVE-2023-23916 CVE-2023-23914 CVE-2023-23915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-23916 |
| libcurl |
CVE-2023-23916 CVE-2023-23914 CVE-2023-23915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-23916 |
| tar | CVE-2022-48303 | HIGH |
Version 1.13.3 - 11th February 2023
[Improvement]
- [LOCKPASS] You cannot create two categories with the same name on your personnal categories
[Bugfix]
- [IMPORT] Bugfix in users import
- [LOCKFILES] Bugfix when you want to download a large number of files
- [MANAGEMENT] Bugfix on some users report
- [EXPORT] Passwords global export can now be opened by every zip tools
[CVE Corrected]
- Some security fixes
| symfony/http-kernel | CVE-2022-24894 | MEDIUM | https://avd.aquasec.com/nvd/cve-2022-24894 |
| symfony/security-bundle | CVE-2022-24895 | LOW | https://avd.aquasec.com/nvd/cve-2022-24895 |
Version 1.13.2 - 3rd February 2023
[Bugfix]
- [LOCKFILES] Groups appears correctly on the folders
- [GENERAL] Bugfix for self signed SMTP
Version 1.13.1 - 26th January 2023
[Improvement]
- [MANAGEMENT] Improving global export
- [LOCKPASS] Improving Dashlane import
[CVE Corrected]
| pkgconf | CVE-2023-24056 | UNKNOWN |
https://avd.aquasec.com/nvd/cve-2023-24056 |
| cakephp/database |
CVE-2023-22727 |
CRITICAL |
https://avd.aquasec.com/nvd/cve-2023-22727 |
Version 1.13.0 - 16th January 2023
[New feature]
- [GENERAL] Updating PHP to PHP8.2
- [GENERAL] Updating Symfony to Symfony 5.4
- [GENERAL] Updating Nginx to Nginx to Nginx 1.23.3
Version 1.12.0 - 05th January 2023
[New feature]
- [LOCKPASS] You can now export all the shared passwords with associate files in a ZIP
Version 1.11.0 - 26th December 2022
Technical version
Version 1.10.9 - 12th December 2022
[CVE Corrected]
| python3 | CVE-2022-37454 | CRITICAL |
| python3 |
CVE-2022-42919 CVE-2022-45061 |
HIGH |
Version 1.10.8 - 6th December 2022
[Bugfix]
- [LOCKPASS] Bugfix for categories creation in some cases
Version 1.10.7 - 29th November 2022
[Improvement]
- [LOCKPASS] Optimizing auto detection for the browser extension
Version 1.10.6 - 24th November 2022
[Improvement]
- [LOCKPASS - TECH ONLY] Improving categories entity migration
Version 1.10.5 - 21th November 2022
[Improvement]
- [LOCKPASS - TECH ONLY] Migration of categories entity
Version 1.10.4 - 16th November 2022
[Improvement]
- [LOCKPASS] Improving Lastpass import
[CVE Corrected]
| pixman | CVE-2022-44638 | HIGH | https://avd.aquasec.com/nvd/cve-2022-44638 |
Version 1.10.3 - 28th October 2022
[Improvement]
- [LOCKTRANSFER] Managing language translations on external pages in iOS / Android
[CVE Corrected]
| curl |
CVE-2022-32221 CVE-2022-42916 CVE-2022-42915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-32221 https://avd.aquasec.com/nvd/cve-2022-42915 https://avd.aquasec.com/nvd/cve-2022-42916 |
| dbus-libs |
CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-42010 https://avd.aquasec.com/nvd/cve-2022-42011 https://avd.aquasec.com/nvd/cve-2022-42012 |
| expat |
CVE-2022-40674 CVE-2022-43680 |
CRITICAL |
https://avd.aquasec.com/nvd/cve-2022-40674 https://avd.aquasec.com/nvd/cve-2022-43680 |
| libcurl |
CVE-2022-32221 CVE-2022-42915 CVE-2022-42916 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-32221 https://avd.aquasec.com/nvd/cve-2022-42915 https://avd.aquasec.com/nvd/cve-2022-42916 |
| libxml2 |
CVE-2022-40303 CVE-2022-40304 |
HIGH |
https://avd.aquasec.com/nvd/cve-2022-40303 https://avd.aquasec.com/nvd/cve-2022-40304 |
| twig/twig | CVE-2022-39261 | HIGH | https://avd.aquasec.com/nvd/cve-2022-39261 |
Version 1.10.2 - 24th October 2022
Technical version
Version 1.10.1 - 20th October 2022
Technical version
Version 1.10.0 - 17th October 2022
[New feature]
- [LOCKPASS] You now have an option on the categories to allow passwords deletion
[Improvement]
- [HISTORY] You can now export logs for a given duration
- [GENERAL] Improving file upload time
- [LOCKTRANSFER] You can now compartmentalize or decompartmentalize an existing deposit box
Version 1.9.1 - 19th september 2022
[Bugfix]
- [LOCKFILES] Bugfix in personnal file rename
- [MANAGEMENT] Bugfix in user report
Version 1.9.0 - 12th september 2022
[New feature]
- [LOCKPASS / LOCKFILES] You can now download report for a LockPass category or LockFiles folder
- [MANAGEMENT] You can now import a list of groups
[Improvement]
- [LOCKFILES] Rename uploaded file by adding (X) at the end if this upload as the same name than an other
Version 1.8.1 - 5th september 2022
[Improvement]
- [LOCKPASS] You can add multiple URL in a credential using "|"
[Bugfix]
- [LOCKPASS] Bugfix in monitoring usage for some passwords
- [LOCKFILES] Bugfix when you're trying to move a file from your personal root directory
Version 1.8.0 - 25th August 2022
[New feature]
- [GENERAL] You can now manage SSO configuration if the option is enable
[Bugfix]
- [LOCKTRANSFER] Bugfix for some transfers reports
Version 1.7.1 - 18th August 2022
[New feature]
- [MANAGEMENT] You can now sort the users
- [LOCKFILES] Directories are now shown when doing a search
Version 1.7.0 - 29th July 2022
[New feature]
- [GENERAL] Administrators and moderators will receive an email to know which users activate their account
- [LOCKPASS] You will now receive an email when a category expired
[Improvement]
- [LOCKPASS] When you monitor usage of a password, you know if the password is use or modify
- [LOCKTRANSFER] Users are sorted in the deposit boxes
Version 1.6.3 - 18th July 2022
[Bugfix]
- [LOCKTRANSFER] Transfers protected by password can be create without email
Version 1.6.2 - 15th July 2022
[Improvement]
- [GENERAL] You can configure your SMTP connection directly from the application if the option is available for your installation
- [GENERAL] Autocompletion in the application is improved
- [MANAGEMENT] Provider users can now be administrator and moderator
[Bugfix]
- [LOCKTRANSFER] Shared emails are been notified in the reports
- [LOCKPASS] You cannot modify name of a main category if it already exist
- [LOCKPASS] You cannot import a category if the expiration date is past
[CVE Corrected]
| guzzlehttp/guzzle | CVE-2022-29248 CVE-2022-31042 CVE-2022-31043 CVE-2022-31091 CVE-2022-31090 |
HIGH | avd.aquasec.com/nvd/cve-2022-29248 avd.aquasec.com/nvd/cve-2022-31042 avd.aquasec.com/nvd/cve-2022-31043 avd.aquasec.com/nvd/cve-2022-31091 avd.aquasec.com/nvd/cve-2022-31090 |
Version 1.6.1 - 27th June 2022
[Improvement]
- [LOCKTRANSFER] Improving report for multiples transfers
- [MANAGEMENT] Improving users report
[Bugfix]
- [LOCKPASS] Bugfix in category creation by an API user
[CVE Corrected]
| libpcre2-16 |
CVE-2022-1586 CVE-2022-1587 |
CRITICAL |
avd.aquasec.com/nvd/cve-2022-1586 avd.aquasec.com/nvd/cve-2022-1587 |
Version 1.6.0 - 30th May 2022
[New feature]
- [GENERAL] Applicative logs can be retrieve by syslog for premium customers
- [GENERAL] When an account is locked after 10 connexion attempt, the administrator will now receive an email
[Bugfix]
- [MANAGEMENT] Bugfix when you try to delete a group in some case
- [LOCKFILES] Email is correctly insert in history when a user download a file
Version 1.5.2 - 25th Apr 2022
[Improvement]
- [MANAGEMENT] User report can be get in English
- [LOCKPASS] A category manager cannot self remove
Version 1.5.1 - 3th Apr 2022
[Global]
- Upgrade MariaDB. Version 10.6.7.
[Improvement]
- [GENERAL] Category manager can now use autocompletion
[Bugfix]
- [LOCKPASS] Bugfix in tags when a password is modified
- [LOCKTRANSFER] Bugfix in large deposit box reports
[CVE Corrected]
| Library | Vulnerability ID | Severity | URL |
| zlib | CVE-2018-25032 | High | avd.aquasec.com/nvd/cve-2018-25032 |
Version 1.5.0 - 20th Mar 2022
[Improvement]
- [GENERAL] UPN is now supported
- [LOCKPASS] You will no longer recover ownership of a password when you change it
- [LOCKTRANSFER / LOCKFILES] Files size has been added for actions in the history tab
[Bugfix]
- [GENERAL] Bugfix in user account password change
- [GENERAL] Timeout bugfix in organization import
- [LOCKPASS] Simple users can now download file in LockPass, even if they are not owner
- [LOCKPASS] Bugfix when you delete a lot of passwords at the same time
- [LOCKPASS] Bugfix in tags search
[CVE Corrected]
| Library | Vulnerability ID | Severity | URL |
| expat | CVE-2022-25235 | Critical | avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | Critical | avd.aquasec.com/nvd/cve-2022-25236 | |
| CVE-2022-25315 | Critical | avd.aquasec.com/nvd/cve-2022-25315 | |
| CVE-2022-25314 | High | avd.aquasec.com/nvd/cve-2022-25314 | |
| CVE-2022-25313 | Medium | avd.aquasec.com/nvd/cve-2022-25313 | |
| libblkid | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libcrypto1.1 | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libmount | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libretls | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libssl1.1 | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libuuid | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libxml2 | CVE-2022-23308 | High | avd.aquasec.com/nvd/cve-2022-23308 |
| libxslt | CVE-2021-30560 | High | avd.aquasec.com/nvd/cve-2021-30560 |
| openssl | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| py3-pillow | Critical | avd.aquasec.com/nvd/cve-2022-22817 | |
| Medium | avd.aquasec.com/nvd/cve-2022-24303 |
Version 1.4.3 - 11th Feb 2022
[Global]
- Upgrade MariaDB. Version 10.6.5.
[Improvement]
- Category has added in logs for the passwords actions
- Log has been added when you delete a user
- Log has been added when you export the logs
[Bugfix]
- Bugfix on the report generation for LockTransfer
- Bugfix on the search in LockFiles
- Bugfix on Firefox import
Version 1.4.2 - 24th Jan 2022
[New feature]
- More informations are loged for the SSO connection
[Improvement]
- Dashlane's import has been modified with the new one
[CVE Corrected]
Version 1.4.1 - 10th Jan 2022
[Improvement]
- Methods for search and decrypt password has been improved
Version 1.4.0 - 06th Jan 2022
[Global]
- Alpine version has been updated to 3.15.0
- Nginx version has been updated to 1.21.5
- The entire configuration of Nginx and PHP-FPM has been optimized.
Version 1.3.1 - 17th Nov 2021
[Bugfix]
- Buttons on the new extension popup has been switched. The first button copy the login. The second copy the password.
- Switching organisation's administrator.
Version 1.3.0 - 16th Nov 2021
[Global]
- A new license system comes with this version. You can now upsell and crossell directly from your application (if you are migrated on the new mechanism)
[New feature]
- All imports return a CSV file with errors if the file contains any
[Improvement]
- System logs has been reviewed to clean them and add some informations
[Bugfix]
- Tags are been added when you create a password
- Rework the LastPass import after they has changed they export
- Bugfix with categories searching for a user who is in the category via a group
Version 1.2.1 - 28th Oct 2021
[Improvement]
- Environment variable APP_DEBUG now add more debug logs (like SMTP or SSO)
- Application logs has been reviewed to add some informations
Version 1.2.0 - 21th Oct 2021
[New feature]
- You can now delete sub organizations
[Bugfix]
- Bugfix for Firefox password import
- Files name are correctly decoded for a search in LockFiles
Version 1.1.0 - 13th Oct 2021
[Improvement]
- You can now retrieve the LockPass categories when you're doing a search
Version 1.0.32 - 27th Sep 2021
[Global]
- Upgrade Nginx. Version 1.21.3
- Upgrade MariaDB. Version 10.6.4
[Improvement]
- LockPass requests are now asynchronous
- The "see more" feature has been improve on all products
- Switch from password policy id to password policy name in categories import
[Bugfix]
- Bugfix when a user tried to download a folder in personnal folder
- Bugfix when a simple user tried to delete a file from a password - Even if he has the right to modify the password
- When a user move a password in another category, files keep the links
[CVE Corrected]
| Status | CVE Severity | Package | CVE Description |
|---|---|---|---|
| Unapproved | Medium CVE-2021-33560 | libgcrypt | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560 |
Mise à jour