Version 1.36.21 - 21th May 2026
[Bugfix]
- [LockPass] Fixed an issue where the internal password inconsistency detection and remediation tool introduced in version 1.36.20 could not run in production environments due to missing DDL permissions on temporary working tables. The process previously failed with an “Access denied” error during table creation.
Version 1.36.20 - 21th May 2026
[Bugfix]
- [LockPass] Fixed an issue where password sharing synchronization could be marked as completed even though some recipients had not received their copy, while decryption errors were not being tracked. The asynchronous handler now confirms all copies before completing synchronization, immediately logs decryption errors, and properly persists incomplete states to ensure consistent retry behavior
- [LockPass] Fixed issues where password assignment flows (restoration, downgrade, or ownership reassignment) could generate duplicate copies or leave orphaned entries due to outdated references or race conditions. Additional safeguards have been introduced to prevent invalid ownership reassignment, properly handle missing references, and avoid inconsistent intermediate states during deletion
- [General] Added an internal remediation tool to detect and automatically fix residual password inconsistencies, including orphaned entries, missing masters, and malformed relationships. The tool includes a dry-run mode and post-processing validation to ensure safe and controlled cleanup operations
Version 1.36.19 - 13th May 2026
[Bugfix]
- [LockPass] Fixed an issue where the 2FA icon was incorrectly displayed on passwords without a configured TOTP code. The OTP field no longer treats the
falsevalue as an active configuration. - [Parameters] Fixed a 403 error occurring when an Administrator created a new organization due to an incorrect exception type in permission checks
- [LockPass] Fixed an issue where categories created through group access could be assigned to the wrong organization. The API now retrieves the organization directly from the parent category or the user context to ensure consistency.
- [LockPass] Fixed inconsistencies in inactive user counters across the dashboard, export notifications, and CSV files by harmonizing calculation queries
- [LockPass] Fixed an issue where the “Monitor usage” setting was not saved when modified by users who were not the password owner, despite having edit permissions
- [LockTransfer] Fixed an issue where white labeling was not applied to dropboxes accessed through an
openToken. The white label configuration route now supports openToken access - [LockPass] Fixed an inconsistency where deleting shared personal passwords could leave them visible to moderators of the parent organization. Personal passwords are now properly isolated after deletion
- [Logs] Fixed an issue where completed and remaining download counts were missing from web interface logs and transfer notification emails. These details are now correctly tracked and displayed
Version 1.36.17 - 15th April 2026
[Bugfix]
- [LockPass] Fixed visibility inconsistencies between different roles within categories
- [LockTransfer] Fixed an issue to ensure all filenames are correctly displayed
- [Management] Full identification of all roles within permissions reports
- [General] Enhanced logging : now includes additional data on the number of downloads completed and remaining
Version 1.36.16 - 3rd April 2026
[Bugfix]
[LockPass] Fixed an issue with password decryption errors that prevented the credentials list from displaying
[General] Fixed an error occurring during the activation of renewed licenses upon refresh
General] Resolved a bug affecting IP address accuracy in download logs
Version 1.36.15 - 2nd April 2026
[Bugfix]
- [LockPass] Implemented automated processing to prevent data corruption
- [Management] Resolved a bug causing duplicate user entries
Version 1.36.14 - 30th March 2026
[Bugfix]
- [LockPass] Fixed issues during password moves where residual entries remained due to incorrect re-sharing, causing passwords to still appear in their original categories. This fix resolves multiple inconsistencies related to password moves
- [LockPass] Fixed issues where license activation could block user login or result in an incorrect total number of deployed licenses. The deployment process has been reviewed and optimized
Version 1.36.13 - 19th March 2026
[Bugfix]
- [General] Refactored and cleaned up HubSpot-related code on the Public Cloud environment
Version 1.36.12 - 19th March 2026
[Bugfix]
- [LockTransfer] Enhanced traceability by logging each file download from a dropbox, including file name, dropbox name, and dropbox ID
- [LockTransfer] Fixed an issue where download quotas were not fully applied during transfer creation, limiting downloads to one even when higher quotas were set. Quotas are now correctly enforced
- [LockTransfer] Fixed an issue where the default password policy configured for the Personal Space was not applied when updating a password. The policy is now properly enforced
- [LockTransfer] Fixed an issue where transfer expiration emails were always sent in German; the configured language is now correctly applied
- [LockPass] Fixed issues with password re-sharing caused by asynchronous processing. The sharing mechanism has been improved to ensure reliable synchronization
Version 1.36.11 - 5th March 2026
[Bugfix]
- [Dashboard] Optimized the dashboard cron job
- [LockTransfer] Fixed an issue where transfer expiration emails were sent in German. The language configured in the whitemark is now correctly applied
Version 1.36.10 - 2nd March 2026
[Bugfix]
- [SMTP] Fixed an issue where SMTP configuration using port 25 with TLS was not functioning properly. This is now supported
- [Documentation] Updated the SSH section of the API documentation
Version 1.36.9 - 19th February 2026
[Bugfix]
- [General] Introduced a background message processing service with automatic restart for improved reliability and queue stability
Version 1.36.8 - 17th February 2026
[Bugfix]
- [LockPass] Fixed a 500 error occurring when moving a password due to decryption issues in certain client environments
- [LockPass] Fixed an issue where users accessing a category outside their current organization via a group experienced blocked actions, including category creation and user assignment
Version 1.36.7 - 12th February 2026
[Bugfix]
- [LockPass] Fixed a 500 error occurring when creating a password while the Personal Space was locked
- [LockPass] Optimized the password sharing structure when adding a user or a group to a category
- [LockTransfer] Fixed an issue where files could disappear from depositboxes
Version 1.36.6 - 9th February 2026
[Bugfix]
- [LockPass] Fixed a password encryption error occurring when adding users or groups to a category
Version 1.36.5 - 5th February 2026
[Bugfix]
- [LockPass] Improved accuracy of IP addresses included in usage notification emails
- [LockPass] Fixed missing
tagfield in password decryption response - [LockPass] In LockPass, OTP codes now support up to 200 characters; fixed incorrect error message previously indicating a 64-character limit when exceeded
- [LockPass] Fixed an issue where the
domainfield could trigger a data processing error, resulting in a 500 error on the client side - [Cron] Removed the
boStatscron job for On-Premises
Version 1.36.4 - 29th January 2026
[Improvement]
- [LockPass] Improvement of endpoints and API communication security
Version 1.36.3 - 22th January 2026
[Bugfix]
- [General] Correction/improvement of error handling for NULL values in XLS token
- [LockTransfer] Correction regarding the visibility of recipients of a transfer after archiving when the transfer is sent by email
Version 1.36.2 - 15th January 2026
[Bugfix]
- [General] Fix for error handling with Hubspot, part two
Version 1.36.1 - 15th January 2026
[Bugfix]
- [General] Fix for error handling with Hubspot, part one
Version 1.36.0 - 13th January 2026
[New feature]
- [Options] New language Spanish and German available in email Whitemark
- [LockPass] Improved search, parent access categories are returned during a LockPass search
- [LockPass] Increase in the OTP field limit to 200 characters
[Bugfix]
- [General] A fix for recording IP addresses in rights reports has been deployed. In some cases, the IP address could be incorrect
Version 1.35.3 - 15th December 2025
[Bugfix]
- [General] Fix on deleting AD groups
Version 1.35.2 - 10th December 2025
[Bugfix]
- [General] LockSelf email sender fix
Version 1.35.1 - 8th December 2025
[Bugfix]
- [Hubspot] Fix email sender
Version 1.35.0 - 8th December 2025
[New feature]
- Improved HubSpot integration
Version 1.34.1 - 3rd December 2025
[Bugfix]
- [Management] Enhancing the welcome email for new users
- [General] Security fix for environment checks
- [LockTransfer] Correction on optimizing temporary files
- [Login] Fixed a log on the PIN step
Version 1.34.0 - 2nd December 2025
[New feature]
- [General] PHP version upgrade
[Bugfix]
- [General] PHP version upgrade
- [LockPass] Added security for password recovery from the recycle bin with category
- [LockTransfer] Fixes and improvements to logs for downloading multiple files from a transfer
- [Login] Fixed a log on the PIN step
Version 1.33.4 - 1st December 2025
[Bugfix]
- [LockPass] Added security for password recovery from the recycle bin
- [LockPass] Added security for password recovery from the recycle bin with category
- [LockTransfer] Fixes and improvements to logs for downloading multiple files from a transfer
- [Login] Fixed a log on the PIN step
Version 1.33.3 - 14th November 2025
[Bugfix]
- [General] Infrastructure performance fix
Version 1.33.2 - 28th October 2025
[Bugfix]
- [LockPass] Fixed a bug in OTP key checks that occurred when lowercase characters were detected
Version 1.33.1 - 14th October 2025
[Bugfix]
- [General] Improved security controls on variables communicating with various third-party services
Version 1.33.0 - 13th October 2025
[New feature]
- [LockPass] A breadcrumb trail is displayed when searching for categories
[Bugfix]
- [LockTransfer] Added security to the IP section related to deposit boxes
- [LockPass] Fix for base 64 encoding errors during export
Version 1.32.11 - 29th September 2025
[Bugfix]
- [Management] User deletion could get stuck in some cases, causing the application to crash
Version 1.32.10 - 16th September 2025
[Bugfix]
- [LockTransfer] Transfer archiving no longer retained recipients' emails
- [Management] Deleting a user returned an error and the process stopped, blocking the application
Version 1.32.9 - 10th September 2025
[Bugfix]
- [Management] Fixed access to the rights report
- [Options] Fix on SMTP connector
Version 1.32.8 - 4th September 2025
[Bugfix]
- [Dashboard] Fix for dashboard logs. In some cases the display was not complete
Version 1.32.7 - 3rd September 2025
[Bugfix]
- [General] Infrastructure performance fix
Version 1.32.6 - 3rd September 2025
[Bugfix]
- [General] Infrastructure performance fix
Version 1.32.5 - 2nd September 2025
[Bugfix]
- [LockTransfer] Fix for on dowloaad file not starting on new transfer.
Version 1.32.4 - 2nd September 2025
[Bugfix]
- [LockTransfer] Fix on transfer creation. Transfer creation was blocked in some cases
Version 1.32.3 - 29th August 2025
[Bugfix]
- [Management] Fix for deleting a user failing in some cases
- [LockTransfer] Fix on deposit box access
- [LockTransfer] Fix for file downloads not starting on deposit box
- [Dashboard] Fix on logs display
Version 1.32.2 - 21th August 2025
[Bugfix]
- [LockPass] Fix for slow access to personal space
Version 1.32.1 - 21th August 2025
[Bugfix]
- [POC] Fix on the mail system related to the language of the POC funnel
Version 1.32.0 - 20th August 2025
[New feature]
- [POC] Improving our POC system.
Version 1.31.2 - 19th August 2025
[Bugfix]
- [LockPass] In somes cases the search returned inaccessible results
Version 1.31.1 - 1st August 2025
[Bugfix]
- [Options] Fix button access to SSO configuration
Version 1.31.0 - 1st August 2025
[New feature]
- [Options] You can now set a default transfer type in the options
[Bugfix]
- [Management] Bug fix, the administrator of the parent organisation cannot modify user roles or access the Management tab in sub-organisations
- [Options] Bug fix, the SSO part was no longer testable
- [Dashboard] Bug fix, the export of large logs has been optimised. In some cases, it was not possible to perform the export
- [LockPass] Bug fix, moving an SSH password did not retain access in some cases
- [LockPass] Bug fix, password generation with the 200-character ASCII option was rejected
- [LockPass] Bug fix, the search was slow and has been optimised
- [LockTransfer] Bug fix, fix of the transfer notification template
Version 1.30.1 - 16th July 2025
[New feature]
- [LockFiles] Searching for files from LockFiles returned errors when decoding certain characters
Version 1.30.0 - 15th July 2025
[New feature]
- [LockTransfer] Expiration notifications are now sent if your transfer or deposit box has been active for more than 36 hours
[Bugfix]
- [LockTransfer] Bug fix, he decoding of file names during a download contained encoded characters
- [CRON] Bug fix, in some cases, the expiry of transfers and deposit boxes was not successful
Version 1.29.1 - 4th July 2025
[Bugfix]
- [LockTransfer] Bug fix, we have optimised the file transfer, in some cases, if the file was too large, there could be memory errors
- [SIE] Bug fix, when importing Dashlane file, some files returned errors due to the non-existent password policy
Version 1.29.0 - 3rd July 2025
[New feature]
- [GENERAL] Adding the German language
[Bugfix]
- [LOCKPASS] Bug fix, some passwords from the extension were wrong
- [OPTION] Fixed bugs that caused an error when deleting a sub-organisation
Version 1.28.8 - 26th June 2025
[Bugfix]
- [LOCKPASS] Bug fix, in some cases, it was not possible to change personal passwords
- [OPTION] Bug fix, an error was returned if the password was empty when the SMTP was modified
Version 1.28.7 - 25th June 2025
[Bugfix]
- [LOCKPASS] Bug fix, some password sharing when adding a person to a group could remain blocked for an indefinite time.
- [LOCKAPSS] Bug fix, in some cases, deleting a password could lead to a cascade deletion
Version 1.28.6 - 24th June 2025
[Bugfix]
- [CRON] Fixed a bug that prevented certain passwords from being updated. The user was blocked when changing the password.
Version 1.28.5 - 19th June 2025
[Bugfix]
- [SIE] Bug fix, in some cases, the import was unsuccessful because of the error handling system
- [OPTIONS] Bug fix, IP restrictions in CIDR format did not work
Version 1.28.4 - 18th June 2025
[Bugfix]
- [INFRASTRUCTURE] Improving the API infrastructure
Version 1.28.3 - 17th June 2025
[Bugfix]
- [LOCKPASS] Bug fix, following the addition of a new check on HTML injections, some characters were incorrectly returned. All fields have been revised
Version 1.28.2 - 12th June 2025
[Bugfix]
- [LOCKPASS] Bug fix, following the addition of a new check on HTML injections, some characters were incorrectly returned
- [OPTIONS] Bug fix, added an additional check on the format of the metadatas file during configuration
Version 1.28.1 - 6th June 2025
[Bugfix]
- [LICENCE]Bug fix, It was no longer possible to sign up for a trial period
Version 1.28.0 - 5th June 2025
[New feature]
- [OPTIONS] New option to activate / deactivate open deposit boxes
[Bugfix]
- [LOCKPASS] Bug fix, in some cases, It was no longer possible to modify passwords
- [LOCKPASS] Bug fix, ssh passwords were blocked on On-Premises instances
- [LOCKPASS] Bug fix, It was possible to perform an html injection on the description of an SSH password
- [LOCKTRANSFER] Bug fix, A NULL character was added to some files during download process, making them invalid.
Version 1.27.1 - 23th May 2025
[Bugfix]
- [LOCKSTRANSFER] Bug fix, deposit boxes and transfers were considered expired as soon as they were created
- [SIE] Password export has been optimised to improve handling of large volumes of data
- [LICENCE] Bug fix, during renewal, some data was not renewed correctly
Version 1.27.0 - 20th May 2025
[New feature]
- [GENERAL] New language, Espagnol is now available
[Bugfix]
- [LOGIN] Bug fix, in some cases, It was impossible to log in once your account had been validated
- [SIE] Bug fix, in some cases, an error due to certain password formats was blocking export
Version 1.26.14 - 15th April 2025
[Bugfix]
- [SIE] Bug fix, importing in Firefox format, a name is set by default with the URL
- [LOCKTRANSFER] Optimising security on deposit boxes
Version 1.26.13 - 31th March 2025
[Bugfix]
- [SIE] Fixed KDBX import of multiple line feeds
- [DASHBOARD] Bug fix, in some cases, the data about storage was not updated
- [SSH] Bug fix, SSH key modification no longer worked
- [LOCKTRANSFER] Bug fix, transferring a single file, the description was no longer sent in the email
- [LOCKTRANSFER] Bug fix, in somes cases, the file repository did not work
Version 1.26.12- 17th March 2025
[CVE]
| libexpat | CVE-2024-8176 | HIGH | https://avd.aquasec.com/nvd/ |
Version 1.26.11 - 13th March 2025
[Bugfix]
- [LOCKPASS] Sub-category navigation was no longer usable
Version 1.26.10 - 12th March 2025
[Bugfix]
- [SIE] Bug fix, the OTP key of Dashlane imports has been modified
- [LOGIN] Bug fix, in some cases the bruteforce system did not correctly take into account the release time
Version 1.26.9 - 11th March 2025
[CVE]
| libxml2 | CVE-2024-56171 | HIGH | https://avd.aquasec.com/nvd/cve-2024-56171 |
| libxml2 | CVE-2024-8096 | HIGH | https://avd.aquasec.com/nvd/cve-2025-24928 |
Version 1.26.8 - 5th March 2025
[Bugfix]
- [LICENCE] Bug fix, New licenses from Firefox did not work on subscription
Version 1.26.7 - 4th March 2025
[Bugfix]
- [LICENCE] Bug fix of an error returned by the database during renewal
Version 1.26.6 - 3rd March 2025
[Bugfix]
- [LICENSE] Bug fix, in some cases, renewing a license caused an error
Version 1.26.5 - 27th February 2025
[Bugfix]
- [MANAGEMENT] Local SSO password removal improved in access rights
- [INFRASTRUCTURE] It is possible to modify the deletion of data on your disk between one and thirty days
- [TRASH] Bugfix, in some cases, an error occurred when deleting an entry from the recycle garbage can
- [SMTP] Bugfix, in some cases, it was not possible to save SMTP data when credentials were empty
- [SIE] Bugfix, during export, some specious characters were incorrectly exported
- [SIE] Bugfix, durint KDBX import, line breaks were incorrectly imported
Version 1.26.4 - 18th February 2025
[Bugfix]
- [DATABASE] Correction of a data migration
- [WHITEMARK] Bugfix, the square logo format would not save
- [SSH] Bugfix, in some cases, creating SSH access did not work
- [DASHBOARD] Bugfix, some data calculations have been optimised
Version 1.26.3 - 30th January 2025
[Bugfix]
- [LOCKFILES] Groups from the directory were not usable in some cases
Version 1.26.2 - 15th January 2025
[Bugfix]
- [SIE] Bugfix, Import firefox, the name field was automatically filled in with the url associated with the password
[CVE]
| curl | CVE-2024-11053 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-11053 |
| curl | CVE-2024-8096 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-8096 |
| curl | CVE-2024-9681 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-9681 |
| curl | CVE-2024-11053 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-11053 |
| curl | CVE-2024-8096 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-8096 |
| curl | CVE-2024-9681 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-9681 |
Version 1.26.1 - 9th January 2025
[Bugfix]
- [MANAGEMENT] Bugfix, moving a user was no longer possible
- [SIE] Bugfix, user managers could not apply any changes to imported passwords
- [SIE] Bugfix, some special characters were not imported
[Improvement]
- [LOCKTRANSFER] Improved performance when downloading attachments in the deposit boxes
Version 1.26.0 - 27th December 2024
[New feature]
- [LOCKTRANSFER] Possibility of creating deposit boxes without a user
[Bugfix]
- [LOCKTRANSFER] Bugfix, fix email content linked to deposit boxes
Version 1.25.14 - 16th December 2024
[Bugfix]
- [MANAGEMENT] Added security to administrator password
- [MANAGEMENT] Added security before deleting an API user
Version 1.25.13 - 10th December 2024
[Bugfix]
- [LOCKPASS] Bugfix, updating a credential was impossible in some cases
Version 1.25.12 - 6th December 2024
[Bugfix]
- [LOCKPASS] Add support for OTP tokens with space in a credential
Version 1.25.11 - 5th December 2024
[Bugfix]
- [OPTIONS] Bugfix SMTP, in some cases SMTP errors were blocking the sending of mail
- [SIE] Add support for line breaks in the KDBX import format
Version 1.25.10 - 28th November 2024
[Bugfix]
- [POC] Bugfix translation error
Version 1.25.9 - 27th November 2024
[Bugfix]
- [POC] Bugfix error when selecting the activity sector
Version 1.25.8 - 26th November 2024
[Bugfix]
- [MANAGEMENT] Bugfix error when deleting a sub-organisation in some cases
Version 1.25.7 - 26th November 2024
[Bugfix]
- [OPTIONS] Bugfix Block by IP option did not add the user's ip and blocked it automatically
- [SETTINGS] User export returns ‘No Connection’ instead of 01/01/1970
Version 1.25.6 - 14th November 2024
[Bugfix]
- [SIE] Bugfix Bitwarden import, categories were incorrectly imported in some cases
[CVE]
| libexpat | CVE-2024-50602 | MEDIUM | https://avd.aquasec.com/nvd/cve-2024-50602 |
| symfony/http-client | CVE-2024-50342 | LOW | https://avd.aquasec.com/nvd/cve-2024-50342 |
| symfony/http-foundation | CVE-2024-50345 | LOW | https://avd.aquasec.com/nvd/cve-2024-50345 |
| symfony/process | CVE-2024-51736 | HIGH | https://avd.aquasec.com/nvd/cve-2024-51736 |
| symfony/security-http | CVE-2024-51996 | HIGH | https://avd.aquasec.com/nvd/cve-2024-51996 |
| symfony/validator | CVE-2024-50343 | LOW | https://avd.aquasec.com/nvd/cve-2024-50343 |
| twig/twig | CVE-2024-51754 | LOW | https://avd.aquasec.com/nvd/cve-2024-51754 |
| twig/twig | CVE-2024-51755 | LOW | https://avd.aquasec.com/nvd/cve-2024-51755 |
Version 1.25.5 - 12th November 2024
[Bugfix]
- [MANAGEMENT] Bugfix adding a user to a group did not work in some cases
Version 1.25.4 - 8th November 2024
[Bugfix]
- Database deployment fixes
Version 1.25.3 - 7th November 2024
[Bugfix]
- [SIE] Bugfix tags can be imported using commas or semicolons to separate them
- [SIE] Bugfix KBDX and keexpass XC import, categories were incorrectly imported in some cases
Version 1.25.2 - 6th November 2024
[Bugfix]
- [SIE] Bugfix keepass import not working
Version 1.25.1 - 28th October 2024
[Bugfix]
- [SIE] Bugfix import of tags not working
[Improvement]
- [SIE] Optimising performance when importing large volumes of passwords
Version 1.25.0 - 24th October 2024
[New feature]
- [SIE] Optimisation of the password import system for the various platforms
[Bugfix]
- [Management] Bugfix on creation of a sub-organization
Version 1.24.2 - 15th October 2024
[Bugfix]
- [Subscription] Bugfix on POC subscription
Version 1.24.1 - 14th October 2024
[Bugfix]
- [Subscription] Bugfix on license subscription
Version 1.24.0 - 11th October 2024
[New feature]
- You can add a prefix to filter company groups users
[Bugfix]
- [BIN] Bugfix for deleting an entry in the bin
Version 1.23.12 - 09th October 2024
[Bugfix]
- [LOCKPASS] Bugfix in the management of attached files
[CVE]
| libexpat |
CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 |
CRITICAL |
https://avd.aquasec.com/nvd/cve-2024-45490 |
Version 1.23.10 - 03th October 2024
[CVE]
| python3 |
CVE-2024-6232 CVE-2024-7592 CVE-2023-27043 CVE-2024-6923 CVE-2024-4032 CVE-2015-2104 |
HIGH |
https://avd.aquasec.com/nvd/cve-2024-6232 https://avd.aquasec.com/nvd/cve-2024-7592 https://avd.aquasec.com/nvd/cve-2023-27043 https://avd.aquasec.com/nvd/cve-2024-6923 https://avd.aquasec.com/nvd/cve-2024-4032 https://avd.aquasec.com/nvd/cve-2015-2104
|
| python3-pyc |
CVE-2024-6232 CVE-2024-7592 CVE-2023-27043 CVE-2024-6923 CVE-2024-4032 CVE-2015-2104 |
HIGH |
https://avd.aquasec.com/nvd/cve-2024-6232 https://avd.aquasec.com/nvd/cve-2024-7592 https://avd.aquasec.com/nvd/cve-2023-27043 https://avd.aquasec.com/nvd/cve-2024-6923 |
| python3-pycache-pyc0 |
CVE-2024-6232 CVE-2024-7592 CVE-2023-27043 CVE-2024-6923 CVE-2024-4032 CVE-2015-2104 |
HIGH |
https://avd.aquasec.com/nvd/cve-2024-6232 https://avd.aquasec.com/nvd/cve-2024-7592 https://avd.aquasec.com/nvd/cve-2023-27043 https://avd.aquasec.com/nvd/cve-2024-6923 |
Version 1.23.8 - 17th September 2024
[Improvement]
- [OUTLOOK] Entirely rework of the extension
Version 1.23.5 - 03th September 2024
[Improvement]
- [GENERAL] Improving user creation email
- [HISTORY] Improving search
Version 1.23.2 - 23th August 2024
[Bugfix]
- [LOCKTRANSFER] Deposit box manager can now add other manager
- [MANAGEMENT] You can now delete empty directory groups
Version 1.23.0 - 14th August 2024
[New feature]
- [GENERAL] Options. You can now manage multiple options depending on the usage of LockSelf.
Version 1.22.10 - 09th July 2024
[Improvement]
- [LOCKFILES] Improving folders move
[Bugfix]
- [LOCKPASS] Bugfix when you tried to download a category report
[CVE]
| libcrypto3 |
CVE-2024-4741 CVE-2024-5535 |
MEDIUM | |
| libssl3 |
CVE-2024-4741 CVE-2024-5535 |
MEDIUM | |
| openssl |
CVE-2024-4741 CVE-2024-5535 |
MEDIUM |
Version 1.22.8 - 26th June 2024
[Improvement]
- [LOCKPASS] Improving KDBX import
Version 1.22.7 - 24th June 2024
[Bugfix]
- [LOCKPASS] Bugfix when you try to add a category with the same name at the same place
Version 1.22.6 - 20th June 2024
[Improvement]
- [MANAGEMENT] Improving the moderator -> user feature
Version 1.22.5 - 19th June 2024
[Bugfix]
- [LOCKPASS] Bugfix when administrator wanted to download a category report
Version 1.22.4 - 17th June 2024
[Improvement]
- [MFA] Improving MFA enrollment
Version 1.22.3 - 12th June 2024
[Bugfix]
- [API] Bugfix where in some case an API user couldn't create a password
Version 1.22.1 - 10th June 2024
[Improvement]
- [LOCKPASS] Improving categories deletion
Version 1.22.0 - 03th June 2024
[New feature]
- [LOCKPASS] You can now open a SSH connexion directly from LockPass. Accessible only in private cloud.
Version 1.21.10 - 24th May 2024
[Bugfix]
- [LOCKPASS] Bugfix when a category manager want to create a new category
- [MANAGEMENT] Bugfix when you want to add a user in a group in some cases
Version 1.21.6 - 13th May 2024
[New Improvement]
- [LOCKPASS] Improving LockPass navigation
- [API DOC] Rewriting some methods
Version 1.21.0 - 07th May 2024
[New feature]
- [GENERAL] You can now add a MFA token for your standard connection
Version 1.20.25 - 03th May 2024
[Improvement]
- [IMPORT] You can now import your passwords throught the KDBX format
Version 1.20.24 - 02th May 2024
[Improvement]
- [LOCKPASS] Optimizing categories navigation
Version 1.20.23 - 30th April 2024
[Improvement]
- [LOCKPASS] You can now get the property of all passwords in a category
- [DASHBOARD] You can now export inactive users from the dashboard
Version 1.20.22 - 25th April 2024
[Improvement]
- [LOCKPASS] Optimizing categories navigation
- [EXPORT] Optimizing credentials' global export
Version 1.20.21 - 09th April 2024
[CVE]
|
libcrypto3 libssl3 openssl |
CVE-2024-2511 | LOW | https://avd.aquasec.com/nvd/cve-2024-2511 |
Version 1.20.20 - 04th April 2024
[Bugfix]
- [LOCKPASS] Bugfix in categories search
Version 1.20.17 - 28th March 2024
[Improvement]
- [LOCKFILES] Improving folder move
- [GENERAL] Account creation with a "+" is now accepted
[Bugfix]
- [EXPORT] Bugfix encodage for password export
Version 1.20.15 - 25th March 2024
[Improvement]
- [GENERAL] Improving users' disconnection
[Bugfix]
- [IMPORT] Bugfix for Edge password import
Version 1.20.15 - 19th March 2024
[CVE]
| libexpat | CVE-2024-28757 | HIGH | https://avd.aquasec.com/nvd/cve-2024-28757 |
Version 1.20.13 - 14th March 2024
[Bugfix]
- [LOCKTRANSFER] Bugfix for some deposit boxes where external users cannot saw files
Version 1.20.11 - 11th March 2024
[Bugfix]
- [GENERAL] Bugfix when some users tried to renew there license
Version 1.20.10 - 04th March 2024
[Improvement]
- [INTERCO AD] Improving users deletion
Version 1.20.9 - 19th February 2024
[CVE Corrected]
| libxml2 | CVE-2024-25062 | HIGH | https://avd.aquasec.com/nvd/cve-2024-25062 |
Version 1.20.7 - 09th February 2024
[Improvement]
- [LOCKPASS] Improving categories users deletion
- [LOCKFILES] You can now click directly on a folder when you're doing a search
- [LOCKFILES] Optimizing folder deletion
- [GENERAL] Moderators can now modify the whitemark
[Bugfix]
- [LOCKTRANSFER] Bugfix in some deposit box report
Version 1.20.1 - 24th January 2024
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-6237 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-6237 |
| sqlite-libs | CVE-2023-7104 | HIGH | https://avd.aquasec.com/nvd/cve-2023-7104 |
Version 1.20.0 - 22th January 2024
[Improvement]
- [MANAGEMENT] Improving users deletion
- [MANAGEMENT] Improving users upgrade
[Bugfix]
- [LOCKPASS] Bugfix for passwords duplication in some cases
Version 1.19.0 - 08th January 2024
[Improvement]
- [GENERAL] You can now have one whitemark per organization
Version 1.18.1 - 03th December 2023
[Bugfix]
- [MANAGEMENT] Bugfix when you tried to create an API user with an expiration date
Version 1.18.0 - 30th November 2023
[Improvement]
- [LOCKPASS] Complete rework of the way passwords are shared during AD synchronization
Version 1.17.9 - 13th November 2023
[Improvement]
- [MANAGEMENT] Improving users deletion
- [GENERAL] Improving errors messages for the SSO connection
- [LOCKPASS] Improving large passwords export
Version 1.17.8 - 6th November 2023
[Bugfix]
- [MANAGEMENT] Bugfix when you try to resend validation link from the Management page where the user in some case doesnt receive the email.
[CVE Corrected]
| stdlib |
CVE-2023-24540 CVE-2023-44487 CVE-2023-39325 CVE-2023-29403 CVE-2023-29400 CVE-2023-24539 CVE-2023-39319 CVE-2023-39318 CVE-2023-29409 CVE-2023-29406 |
CRITICAL |
https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 |
| golang.org/x/net |
CVE-2023-39325 CVE-2023-44487 CVE-2023-3978 |
HIGH |
https://nvd.nist.gov/vuln/detail/CVE-2023-39325 |
| google.golang.org/grpc | CVE-2023-44487 | MEDIUM | https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |
Version 1.17.7 - 30th October 2023
[Improvement]
- [LOCKFILES] Optimizing folder move
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-5363 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-5363 |
Version 1.17.6 - 24th October 2023
[Improvement]
- [LOCKTRANSFER] Optimizing performance
- [GENERAL] Optimizing personal export
Version 1.17.5 - 23th October 2023
[Bugfix]
-
[MANAGEMENT] Fixed a bug that in certain cases the passage of a moderating user was not possible
Version 1.17.4 - 17th October 2023
[Improvement]
- [LOCKTRANSFER/LOCKFILES] Optimizing performance
- [MANAGEMENT] Optimizing performance when promote a user to moderator and demote a moderator
- [MANAGEMENT] Optimizing performance when delete user
- [GENERAL] SMTP configuration has been improved
[CVE Corrected]
| curl |
CVE-2023-38545 CVE-2023-38546 |
HIGH | |
| libcurl |
CVE-2023-38545 CVE-2023-38546 |
HIGH | |
| nghttp2-libs | CVE-2023-44487 | HIGH | https://avd.aquasec.com/nvd/cve-2023-44487 |
Version 1.17.3 - 4th October 2023
[Improvement]
- [DASHBOARD] Optimizing SQL requests
- [LOCKTRANSFER/LOCKFILES] Optimizing performances
- [HISTORY] Getting logs has been optimized
Version 1.17.2 - 23th September 2023
[CVE Corrected]
| curl | CVE-2023-38039 | HIGH | https://avd.aquasec.com/nvd/cve-2023-38039 |
| libcurl | CVE-2023-38039 | HIGH | https://avd.aquasec.com/nvd/cve-2023-38039 |
| libwebp | CVE-2023-4863 | HIGH | https://avd.aquasec.com/nvd/cve-2023-4863 |
Version 1.17.1 - 11th September 2023
[Improvement]
- [DASHBOARD] Optimizing some resources
- [GENERAL] Improving API documentation
Version 1.17.0 - 31th August 2023
[New feature]
- [GENERAL] Validation pages has been totally reworked
- [LOCKFILES] You can now move a folder
[Improvement]
- [GENERAL] Improving PIN bruteforce
- [LOCKPASS] Optimizing personal export
- [LOCKPASS] Optimizing shared export
Version 1.16.0 - 17th July 2023
[New feature]
- [GENERAL] Adding Dashboard
[Improvement]
- [GENERAL] Adding CSP on the Nginx configuration
- [LOCKTRANSFER] Improving report
- [LOGS] Adding a specific type of log "Moving" when you move a credential
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-2975 | LOW | https://avd.aquasec.com/nvd/cve-2023-2975 |
Version 1.15.2 - 27th June 2023
[Improvement]
- [GENERAL] Update some Symfony packages
- [GENERAL] Improving forgot password
- [GENERAL] Improving API documentation
- [LOCKFILES] Improving download of big folders
[CVE Corrected]
| libjpeg-turbo | CVE-2023-2804 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-2804 |
Version 1.15.0 - 31th May 2023
[Improvement]
- [GENERAL] API documentation has been reworked
[Bugfix]
- [GENERAL] Forgot password is now working with special character in the email
- [LOCKPASS] Bugfix in favorite categories
- [LOCKPASS] Bugfix in Keeper import
- [LOCKPASS] Bugfix in search by tag
[CVE Corrected]
| curl |
CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 CVE-2023-28320 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-28319 https://avd.aquasec.com/nvd/cve-2023-28321 |
| libcrypto3 | CVE-2023-2650 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-2650 |
| libcurl |
CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 CVE-2023-28320 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-28319 https://avd.aquasec.com/nvd/cve-2023-28321 |
| libssl3 | CVE-2023-2650 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-2650 |
| libwebp | CVE-2023-1999 | HIGH | https://avd.aquasec.com/nvd/cve-2023-1999 |
| ncurses-libs | CVE-2023-29491 | HIGH | https://avd.aquasec.com/nvd/cve-2023-29491 |
| openssl | CVE-2023-2650 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-2650 |
Version 1.14.3 - 09th May 2023
[Bugfix]
- [LOCKPASS] Bugfix in password strenght
Version 1.14.2 - 25th April 2023
[CVE Corrected]
|
libcrypto3 libssl3 openssl |
CVE-2023-1255 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-1255 |
| guzzlehttp/psr7 | CVE-2023-29197 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-29197 |
[Bugfix]
- [GENERAL] Bugfix in organization import
Version 1.14.1 - 12th April 2023
[CVE Corrected]
| libxml2 |
CVE-2023-28484 CVE-2023-29469 |
MEDIUM |
Version 1.14.0 - 27th March 2023
[New feature]
- [GENERAL] Administrators can now export users list
[Improvement]
- [LOCKPASS] Optimizing tag's search
[Bugfix]
- [LOCKFILES] Bugfix when you want to move a file in personal folder
- [LOCKFILES] Bugfix in personnal options inheritance
[CVE Corrected]
| curl |
CVE-2023-27535 CVE-2023-27533 CVE-2023-27534 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-27535 https://avd.aquasec.com/nvd/cve-2023-27533 https://avd.aquasec.com/nvd/cve-2023-27534 https://avd.aquasec.com/nvd/cve-2023-27536 |
| libcrypto3 | CVE-2023-0464 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-0464 |
| libcurl |
CVE-2023-27535 CVE-2023-27533 CVE-2023-27534 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 |
LOW |
https://avd.aquasec.com/nvd/cve-2023-27535 https://avd.aquasec.com/nvd/cve-2023-27533 https://avd.aquasec.com/nvd/cve-2023-27534 https://avd.aquasec.com/nvd/cve-2023-27536 |
| libssl3 | CVE-2023-0464 | MEDIUM | https://avd.aquasec.com/nvd/cve-2023-0464 |
| tiff | CVE-2022-3970 | HIGH | https://avd.aquasec.com/nvd/cve-2022-3970 |
| CairoSVG | CVE-2023-27586 | CRITICAL | https://avd.aquasec.com/nvd/cve-2023-27586 |
| knplabs/knp-snappy | CVE-2023-28115 | CRITICAL | https://avd.aquasec.com/nvd/cve-2023-28115 |
Version 1.13.6 - 01 March 2023
[CVE Corrected]
| api-platform/core | CVE-2023-25575 | HIGH | https://avd.aquasec.com/nvd/cve-2023-25575 |
Version 1.13.5 - 27th February 2023
[Bugfix]
- [LOCKPASS] Bugfix on password monitor usage
- [WHITEMARK] Updating banner is working now
Version 1.13.4 - 21th February 2023
[Bugfix]
- [EMAIL] Bugfix on customers banner
[CVE Corrected]
| curl |
CVE-2023-23916 CVE-2023-23914 CVE-2023-23915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-23916 |
| libcurl |
CVE-2023-23916 CVE-2023-23914 CVE-2023-23915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2023-23916 |
| tar | CVE-2022-48303 | HIGH | https://avd.aquasec.com/nvd/cve-2022-48303 |
Version 1.13.3 - 11th February 2023
[Improvement]
- [LOCKPASS] You cannot create two categories with the same name on your personnal categories
[Bugfix]
- [IMPORT] Bugfix in users import
- [LOCKFILES] Bugfix when you want to download a large number of files
- [MANAGEMENT] Bugfix on some users report
- [EXPORT] Passwords global export can now be opened by every zip tools
[CVE Corrected]
- Some security fixes
| symfony/http-kernel | CVE-2022-24894 | MEDIUM | https://avd.aquasec.com/nvd/cve-2022-24894 |
| symfony/security-bundle | CVE-2022-24895 | LOW | https://avd.aquasec.com/nvd/cve-2022-24895 |
Version 1.13.2 - 3rd February 2023
[Bugfix]
- [LOCKFILES] Groups appears correctly on the folders
- [GENERAL] Bugfix for self signed SMTP
Version 1.13.1 - 26th January 2023
[Improvement]
- [MANAGEMENT] Improving global export
- [LOCKPASS] Improving Dashlane import
[CVE Corrected]
| pkgconf | CVE-2023-24056 | UNKNOWN | https://avd.aquasec.com/nvd/cve-2023-24056 |
| cakephp/database | CVE-2023-22727 | CRITICAL | https://avd.aquasec.com/nvd/cve-2023-22727 |
Version 1.13.0 - 16th January 2023
[New feature]
- [GENERAL] Updating PHP to PHP8.2
- [GENERAL] Updating Symfony to Symfony 5.4
- [GENERAL] Updating Nginx to Nginx to Nginx 1.23.3
Version 1.12.0 - 05th January 2023
[New feature]
- [LOCKPASS] You can now export all the shared passwords with associate files in a ZIP
Version 1.11.0 - 26th December 2022
Technical version
Version 1.10.9 - 12th December 2022
[CVE Corrected]
| python3 | CVE-2022-37454 | CRITICAL | https://avd.aquasec.com/nvd/cve-2022-37454 |
| python3 |
CVE-2022-42919 CVE-2022-45061 |
HIGH |
Version 1.10.8 - 6th December 2022
[Bugfix]
- [LOCKPASS] Bugfix for categories creation in some cases
Version 1.10.7 - 29th November 2022
[Improvement]
- [LOCKPASS] Optimizing auto detection for the browser extension
Version 1.10.6 - 24th November 2022
[Improvement]
- [LOCKPASS - TECH ONLY] Improving categories entity migration
Version 1.10.5 - 21th November 2022
[Improvement]
- [LOCKPASS - TECH ONLY] Migration of categories entity
Version 1.10.4 - 16th November 2022
[Improvement]
- [LOCKPASS] Improving Lastpass import
[CVE Corrected]
| pixman | CVE-2022-44638 | HIGH | https://avd.aquasec.com/nvd/cve-2022-44638 |
Version 1.10.3 - 28th October 2022
[Improvement]
- [LOCKTRANSFER] Managing language translations on external pages in iOS / Android
[CVE Corrected]
| curl |
CVE-2022-32221 CVE-2022-42916 CVE-2022-42915 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-32221 https://avd.aquasec.com/nvd/cve-2022-42915 https://avd.aquasec.com/nvd/cve-2022-42916 |
| dbus-libs |
CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-42010 https://avd.aquasec.com/nvd/cve-2022-42011 https://avd.aquasec.com/nvd/cve-2022-42012 |
| expat |
CVE-2022-40674 CVE-2022-43680 |
CRITICAL |
https://avd.aquasec.com/nvd/cve-2022-40674 https://avd.aquasec.com/nvd/cve-2022-43680 |
| libcurl |
CVE-2022-32221 CVE-2022-42915 CVE-2022-42916 |
MEDIUM |
https://avd.aquasec.com/nvd/cve-2022-32221 https://avd.aquasec.com/nvd/cve-2022-42915 https://avd.aquasec.com/nvd/cve-2022-42916 |
| libxml2 |
CVE-2022-40303 CVE-2022-40304 |
HIGH |
https://avd.aquasec.com/nvd/cve-2022-40303 https://avd.aquasec.com/nvd/cve-2022-40304 |
| twig/twig | CVE-2022-39261 | HIGH | https://avd.aquasec.com/nvd/cve-2022-39261 |
Version 1.10.2 - 24th October 2022
Technical version
Version 1.10.1 - 20th October 2022
Technical version
Version 1.10.0 - 17th October 2022
[New feature]
- [LOCKPASS] You now have an option on the categories to allow passwords deletion
[Improvement]
- [HISTORY] You can now export logs for a given duration
- [GENERAL] Improving file upload time
- [LOCKTRANSFER] You can now compartmentalize or decompartmentalize an existing deposit box
Version 1.9.1 - 19th september 2022
[Bugfix]
- [LOCKFILES] Bugfix in personnal file rename
- [MANAGEMENT] Bugfix in user report
Version 1.9.0 - 12th september 2022
[New feature]
- [LOCKPASS / LOCKFILES] You can now download report for a LockPass category or LockFiles folder
- [MANAGEMENT] You can now import a list of groups
[Improvement]
- [LOCKFILES] Rename uploaded file by adding (X) at the end if this upload as the same name than an other
Version 1.8.1 - 5th september 2022
[Improvement]
- [LOCKPASS] You can add multiple URL in a credential using "|"
[Bugfix]
- [LOCKPASS] Bugfix in monitoring usage for some passwords
- [LOCKFILES] Bugfix when you're trying to move a file from your personal root directory
Version 1.8.0 - 25th August 2022
[New feature]
- [GENERAL] You can now manage SSO configuration if the option is enable
[Bugfix]
- [LOCKTRANSFER] Bugfix for some transfers reports
Version 1.7.1 - 18th August 2022
[New feature]
- [MANAGEMENT] You can now sort the users
- [LOCKFILES] Directories are now shown when doing a search
Version 1.7.0 - 29th July 2022
[New feature]
- [GENERAL] Administrators and moderators will receive an email to know which users activate their account
- [LOCKPASS] You will now receive an email when a category expired
[Improvement]
- [LOCKPASS] When you monitor usage of a password, you know if the password is use or modify
- [LOCKTRANSFER] Users are sorted in the deposit boxes
Version 1.6.3 - 18th July 2022
[Bugfix]
- [LOCKTRANSFER] Transfers protected by password can be create without email
Version 1.6.2 - 15th July 2022
[Improvement]
- [GENERAL] You can configure your SMTP connection directly from the application if the option is available for your installation
- [GENERAL] Autocompletion in the application is improved
- [MANAGEMENT] Provider users can now be administrator and moderator
[Bugfix]
- [LOCKTRANSFER] Shared emails are been notified in the reports
- [LOCKPASS] You cannot modify name of a main category if it already exist
- [LOCKPASS] You cannot import a category if the expiration date is past
[CVE Corrected]
| guzzlehttp/guzzle | CVE-2022-29248 CVE-2022-31042 CVE-2022-31043 CVE-2022-31091 CVE-2022-31090 |
HIGH | avd.aquasec.com/nvd/cve-2022-29248 avd.aquasec.com/nvd/cve-2022-31042 avd.aquasec.com/nvd/cve-2022-31043 avd.aquasec.com/nvd/cve-2022-31091 avd.aquasec.com/nvd/cve-2022-31090 |
Version 1.6.1 - 27th June 2022
[Improvement]
- [LOCKTRANSFER] Improving report for multiples transfers
- [MANAGEMENT] Improving users report
[Bugfix]
- [LOCKPASS] Bugfix in category creation by an API user
[CVE Corrected]
| libpcre2-16 |
CVE-2022-1586 CVE-2022-1587 |
CRITICAL |
avd.aquasec.com/nvd/cve-2022-1586 avd.aquasec.com/nvd/cve-2022-1587 |
Version 1.6.0 - 30th May 2022
[New feature]
- [GENERAL] Applicative logs can be retrieve by syslog for premium customers
- [GENERAL] When an account is locked after 10 connexion attempt, the administrator will now receive an email
[Bugfix]
- [MANAGEMENT] Bugfix when you try to delete a group in some case
- [LOCKFILES] Email is correctly insert in history when a user download a file
Version 1.5.2 - 25th Apr 2022
[Improvement]
- [MANAGEMENT] User report can be get in English
- [LOCKPASS] A category manager cannot self remove
Version 1.5.1 - 3th Apr 2022
[Global]
- Upgrade MariaDB. Version 10.6.7.
[Improvement]
- [GENERAL] Category manager can now use autocompletion
[Bugfix]
- [LOCKPASS] Bugfix in tags when a password is modified
- [LOCKTRANSFER] Bugfix in large deposit box reports
[CVE Corrected]
| Library | Vulnerability ID | Severity | URL |
| zlib | CVE-2018-25032 | High | avd.aquasec.com/nvd/cve-2018-25032 |
Version 1.5.0 - 20th Mar 2022
[Improvement]
- [GENERAL] UPN is now supported
- [LOCKPASS] You will no longer recover ownership of a password when you change it
- [LOCKTRANSFER / LOCKFILES] Files size has been added for actions in the history tab
[Bugfix]
- [GENERAL] Bugfix in user account password change
- [GENERAL] Timeout bugfix in organization import
- [LOCKPASS] Simple users can now download file in LockPass, even if they are not owner
- [LOCKPASS] Bugfix when you delete a lot of passwords at the same time
- [LOCKPASS] Bugfix in tags search
[CVE Corrected]
| Library | Vulnerability ID | Severity | URL |
| expat | CVE-2022-25235 | Critical | avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | Critical | avd.aquasec.com/nvd/cve-2022-25236 | |
| CVE-2022-25315 | Critical | avd.aquasec.com/nvd/cve-2022-25315 | |
| CVE-2022-25314 | High | avd.aquasec.com/nvd/cve-2022-25314 | |
| CVE-2022-25313 | Medium | avd.aquasec.com/nvd/cve-2022-25313 | |
| libblkid | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libcrypto1.1 | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libmount | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libretls | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libssl1.1 | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| libuuid | CVE-2022-0563 | Medium | avd.aquasec.com/nvd/cve-2022-0563 |
| libxml2 | CVE-2022-23308 | High | avd.aquasec.com/nvd/cve-2022-23308 |
| libxslt | CVE-2021-30560 | High | avd.aquasec.com/nvd/cve-2021-30560 |
| openssl | CVE-2022-0778 | High | avd.aquasec.com/nvd/cve-2022-0778 |
| py3-pillow | Critical | avd.aquasec.com/nvd/cve-2022-22817 | |
| Medium | avd.aquasec.com/nvd/cve-2022-24303 |
Version 1.4.3 - 11th Feb 2022
[Global]
- Upgrade MariaDB. Version 10.6.5.
[Improvement]
- Category has added in logs for the passwords actions
- Log has been added when you delete a user
- Log has been added when you export the logs
[Bugfix]
- Bugfix on the report generation for LockTransfer
- Bugfix on the search in LockFiles
- Bugfix on Firefox import
Version 1.4.2 - 24th Jan 2022
[New feature]
- More informations are loged for the SSO connection
[Improvement]
- Dashlane's import has been modified with the new one
[CVE Corrected]
Version 1.4.1 - 10th Jan 2022
[Improvement]
- Methods for search and decrypt password has been improved
Version 1.4.0 - 06th Jan 2022
[Global]
- Alpine version has been updated to 3.15.0
- Nginx version has been updated to 1.21.5
- The entire configuration of Nginx and PHP-FPM has been optimized.
Version 1.3.1 - 17th Nov 2021
[Bugfix]
- Buttons on the new extension popup has been switched. The first button copy the login. The second copy the password.
- Switching organisation's administrator.
Version 1.3.0 - 16th Nov 2021
[Global]
- A new license system comes with this version. You can now upsell and crossell directly from your application (if you are migrated on the new mechanism)
[New feature]
- All imports return a CSV file with errors if the file contains any
[Improvement]
- System logs has been reviewed to clean them and add some informations
[Bugfix]
- Tags are been added when you create a password
- Rework the LastPass import after they has changed they export
- Bugfix with categories searching for a user who is in the category via a group
Version 1.2.1 - 28th Oct 2021
[Improvement]
- Environment variable APP_DEBUG now add more debug logs (like SMTP or SSO)
- Application logs has been reviewed to add some informations
Version 1.2.0 - 21th Oct 2021
[New feature]
- You can now delete sub organizations
[Bugfix]
- Bugfix for Firefox password import
- Files name are correctly decoded for a search in LockFiles
Version 1.1.0 - 13th Oct 2021
[Improvement]
- You can now retrieve the LockPass categories when you're doing a search
Version 1.0.32 - 27th Sep 2021
[Global]
- Upgrade Nginx. Version 1.21.3
- Upgrade MariaDB. Version 10.6.4
[Improvement]
- LockPass requests are now asynchronous
- The "see more" feature has been improve on all products
- Switch from password policy id to password policy name in categories import
[Bugfix]
- Bugfix when a user tried to download a folder in personnal folder
- Bugfix when a simple user tried to delete a file from a password - Even if he has the right to modify the password
- When a user move a password in another category, files keep the links
[CVE Corrected]
| Status | CVE Severity | Package | CVE Description |
|---|---|---|---|
| Unapproved | Medium CVE-2021-33560 | libgcrypt | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560 |
Mise à jour