Release notes

Notification settings
Added notification settings where users can choose notification types and delivery methods: in-app or via email. The section includes two tabs: Personal for notifications about actions affecting accounts, and Activity log for notifications about selected events from the action history when appropriate access is granted.

PIN in browser extension
The extension PIN is now securely stored as an encrypted hash on the server. In role settings, administrators can set a user inactivity period after which the extension will require re-entering the PIN.

Improvements

• Added an option to enable client-side encryption (Zero knowledge) in the setup wizard during initial Passwork configuration
• Added a confirmation modal when changing a role to Owner and restricted the ability to assign this role to users without a master password set
• Improved security dashboard analysis: entries with an empty Password field no longer fall into the Weak category and are not evaluated for complexity
• Added pagination and change indicators in the hidden vaults modal
• Added exception info, update and get commands, and the capability to retrieve TOTP codes via the CLI
• Added an option to limit link validity to one day
• Improved display of long names and logins in User management
• Improved display of inactive items in dropdown menus
• Improved event descriptions in Activity log
• Improved data import with large numbers of folders
• Improved localization

Bug fixes

• Fixed an issue where folders were not created during CSV import, causing passwords to import directly to the root directory
• Fixed automatic launch of background tasks for loading groups, users, and LDAP sync when saving changes on the Groups and Synchronization tabs, and when starting manual sync in LDAP settings
• Fixed display of pagination items when changing the sidebar width
• Fixed an issue where pagination in User management could stop working after using the search bar
• Fixed import window freezing when uploading files with large amounts of data and when importing vaults containing only folders
• Fixed an issue in export where not all passwords could be exported after selecting all directories with the checkbox
• Fixed an issue when bulk deleting large numbers of folders from the Bin
• Fixed issues when moving columns: overlapping and extending beyond the visible area
• Fixed filtering by invite creator: now it is possible to sequentially select different users without resetting the filter
• Fixed an issue where checkboxes in access modals were not reset after canceling changes
• Fixed an issue where a vault connection request appeared when connecting a user without access (version with client-side encryption)
• Fixed an issue where copy and move folder to another vault options were unavailable if folder access was granted through a group without access to the root directory
• Fixed an issue where the Move option remained available for folders in directories with "Full access" rights
• Fixed an issue where the active tab reset to Users after refreshing the User management page
• Fixed an issue in JSON import with structure preservation where passwords from folders could move to the root directory
• Fixed KeePass XML import issues when the <UUID> tag is missing and custom fields transfer incorrectly
• Fixed an issue where the first password edition was not saved after migration from version 6.x.x
• Fixed an issue where attachments stopped downloading from links after preparing for migration in version 5.4.2, with the problem persisting after updating to version 7.x.x
• Fixed an issue where links in the access window stopped displaying for some vaults and passwords after updating to version 7.x.x
• Fixed an issue in migration from version 6.x.x where user IDs displayed instead of user names in notifications
• Fixed user manual links: they now open in a new tab and lead to correct pages
• Fixed an issue where favicons failed to display correctly when changing the URL to a site with an unavailable favicon
• Fixed an issue where selected items remained highlighted after copying folders by drag-and-drop
• Fixed the display of the default role in user creation and confirmation windows
• Fixed an issue where the TOTP code would only update after reopening the password card when the key was changed

Other changes

• Changed default values for "Access to vault actions" section in Vaults settings
• Hidden the "Password sent to group" item from the actions filter in Activity log (version with client-side encryption)
• Hidden the Edit menu item in the password send window for users without the appropriate access rights
• Hidden the "Connect mobile device" menu item for users who have mobile app usage restricted by their role settings

Learn more about the Passwork 7.2 in our article.

• PIN for extension is now stored server-side
• Added the option to set automatic extension lock after a set period following PIN entry
• Improved display of long vault, folder, and password names
• Fixed an issue that occurred during language switching
• Fixed an issue where user images were not displayed for some notifications

Improvements

• Added a restriction that blocks users from changing their own authorization type
• Improved migration to Passwork 7 for versions earlier than 5.3
• Improved descriptions for certain events in the Activity log

Bug fixes

• Fixed an issue where it was impossible to move a folder to the Bin via drag-and-drop if the "Access level required to copy folders and passwords" setting was set to "Action forbidden"
• Fixed duplicate "Save settings" button in Vault settings
• Fixed the display of parameter change indicators in Vault settings and User management in Safari browser
• Fixed incorrect redirect to Recents after successful extension authorization

• Fixed an issue where a user's access level in vaults remained unchanged after the user was added as an administrator for that vault type

Changes in version 2.0.27

• Further improved clickjacking protection: added blocking of clicks on hidden elements and checking for element overlap and CSS transformations
• Fixed an issue when following a link from a notification to a deleted vault or password
• Fixed an issue that could cause the extension to log out

Changes in versions 2.0.25 and 2.0.26

• In version 2.0.25, pop-up window offering autofill was disabled to test the extension’s resistance to clickjacking attacks. Warnings about suspicious elements on webpages were also added.
• In version 2.0.26, autofill pop-ups are available again, and you can now disable them for the entire organization. This is managed via the "Content scripts" setting in the "Browser extension" section of the system settings (starting from Passwork version 7.1.2). The extension automatically detects and blocks most common clickjacking methods.

• Added an option to disable extension content scripts on the organization level
• Added an option to import passwords without names
• Added more details to some of the actions in the activity log
• Added a restriction on client-side changes to permissions and settings of your own role
• Fixed an incorrect search behavior when adding users into a vault or a folder
• Fixed an issue that caused "Action history" and "Editions" tabs not to appear under certain scenarios
• Fixed an issue that caused a password attachment download to fail if the hashes did not match

Vault types
In Passwork 7.1, you can create custom vault types with flexible settings tailored to your organization’s needs:

• Each vault type allows you to assign dedicated administrators, set restrictions on vault creation and define a creator’s access level
• When you create a vault or change it’s type, select corporate administrators automatically gain access to it. Other administrators won’t be able to lower their access level or remove them altogether
• Now you can set up different vault types for various departments or projects, assign relevant administrators, and configure permissions for specific tasks

Viewing all system vaults
We’ve added an ability to view all vaults created within the organization, including the private ones. The list displays only the names of the vaults as well as users and groups that have access to them, while the vault contents are still available strictly to users with direct access. This opens up extensive opportunities for system-wide data storage audits. Access to the vault list is determined by role settings.

Improvements

• Improved the logic of inheriting access from multiple groups: now if a user belongs to groups with both "Full access" and "Forbidden" rights to a specific directory, the 'Forbidden' access level will be applied.
• Added "Access level required to leave vaults" and "Access level required to copy folders and passwords" settings
• Added the option to show a custom banner to unauthenticated users: when the "Show to unauthenticated users" option is enabled, the banner will be visible on the sign-in, sign-up, master password and password reset pages
• Added processing of digits and period parameters during TOTP code generation
• Added clickable links to vaults, folders, passwords, roles, groups, and users in notifications
• Added transfer of user session history when migrating from Passwork 6
• Added role settings dependency: when "View user authorization history" is disabled, the "Reset user sessions" option becomes inactive and is automatically disabled
• Added password sorting by name
• Improved action details in the Activity log for settings changes

Bug fixes

• Fixed an issue where the 2FA setup page did not appear when logging into Passwork after enabling mandatory 2FA in role settings.
• Fixed incorrect counting of failed login attempts with active "Limit on failed login attempts within a specified time frame" setting
• Fixed an issue where mobile app and browser extension sessions were not reset after disabling "Enable mobile apps" and "Enable browser extensions" in role settings
• Fixed an issue where Activity log filtered by a particular vault showed events from folders inside the vault: now, only events at the selected nesting level are displayed
• Fixed an issue where a search by color tag did not work for some passwords
• Fixed an issue where user data could be updated on LDAP login despite disabled "Allow user modification during LDAP synchronization" setting.
• Fixed an issue in the export window where unchecking all folders inside a vault also unchecked the vault itself
• Fixed incorrect behavior of the "Automatically log out after inactivity" setting
• Fixed incorrect display of notes
• Fixed incorrect redirect to the password’s or shortcut’s initial directory after editing these items in Favorites
• Fixed an error where the item deletion date in the Bin was reset during migration from Passwork 6
• Fixed incorrect behavior of the "LDAP synchronization" menu item on the user page when the "Manage LDAP synchronization settings for users" in role settings is enabled
• Fixed incorrect behavior of the "Authorization and 2FA" menu item on the user page when the "Reset user 2FA" in role settings is enabled
• Fixed incorrect display of the "Current role cannot be selected" error in role settings
• Fixed an issue where the Permissions and settings tab remained unavailable after enabling "View role permissions and settings" in role settings
• Fixed an issue where the "Manage roles" could not be enabled in role settings under certain scenarios

• Minor bug fixes and performance improvements

• Improved handling of additional parameters in Acivity log when migrating from Passwork 6
• Fixed incorrect vault data export when access to its nested folder is restricted
• Fixed an issue where access confirmation requests to a vault failed to be sent under certain scenarios
• Improved data import performance

• Minor bug fixes and performance improvements

Improvements

• Added the option to filter passwords by username and login in Security dashboard
• Added the option to open a new tab when navigating to a password or folder from Security dashboard
• Added the option to select multiple roles when filtering users in User management
• Added a progress bar for actions performed in User management
• Added support for handling the data export restriction parameter in the web interface
• Optimized performance when processing large amounts of data

Bug fixes

• Fixed duplication of events in Activity log when viewing recent, favorite, and inbox passwords
• Fixed duplication of the Save and Cancel buttons in System and SSO settings under certain scenarios
• Fixed pagination issues when viewing password cards in a directory with many items
• Fixed an issue where users with viewing rights in User management could not access some user pages
• Fixed an issue where the Create shortcut, Create link, and Send buttons were displayed in the additional access window even though users had no permission for these actions
• Fixed an issue where the Manage roles option in role settings remained unavailable in certain scenarios
• Fixed an issue allowing the Read and edit access to be set for a shared password through the additional access window, even though sharing passwords with that access level was restricted
• Fixed an issue preventing the creation of a nested folder with the same name as its parent folder
• Fixed an issue where outdated settings could be used when starting background tasks
• Fixed an issue with data decryption when configuring SMTP with anonymous authentication
• Fixed an issue that occurred when connecting a user to a vault via a group in User management (relevant for the version without client-side encryption)
• Fixed incorrect navigation to the target directory when copying a folder via the context menu
• Fixed incorrect redirect to the Recents page when selecting Mailer config for the email service in System settings
• Fixed an error in the validation of passwords with the underscore special character
• Fixed a migration issue from Passwork 6 with invalid IDs

Group password sharing (only in the version without client-side encryption)
Now you can send passwords to a group of users — a new Groups field has been added to the password-sharing modal window. Password access updates automatically:

• When new users are added to a group, they will immediately see the password in their Inbox
• When users are removed from a group, the password will disappear from their Inbox
• If the same password is shared with a user both directly and through a group, the access level set directly will take precedence

Improvements

• Added support for links to vaults, folders, passwords, shortcuts, and other entities between the 6th and 7th versions of Passwork
• Added support for the OTPAuth encryption algorithm for generating TOTP codes
• Added a Forbidden by role tooltip for settings unavailable to users due to role limitations
• Added detailed logging of SSO settings changes
• Added an option to view the action history for shortcuts linked to deleted passwords
• Added the option to navigate to a shortcut's directory from additional access modal windows, provided users has access to the specified directories
• Added an empty state for the data export modal window
• Disabled checkboxes for directories in User management if the user has Full access or lower permissions for them
• Updated the appearance of deleted shortcut card

Bug fixes

• Fixed an issue where the master password reset button in the Authorization and 2FA modal window did not work correctly when local password authorization was disabled
• Fixed an issue where users could see the Assign as owner button when changing another user's role, but attempting to assign ownership resulted in an Access denied message
• Fixed an issue where opening a password caused the current directory selection to disappear in the navigation panel
• Fixed an issue where the 2FA connected event was logged in Activity log before the 2FA connection was confirmed
• Fixed an issue where not all groups and roles were displayed in filters
• Fixed an Access denied error when attempting to navigate from a shortcut to the initial password in a vault with Read and edit access level
• Fixed an error that occurred when opening the password context menu if the TOTP field contained an OTPAuth URI
• Fixed an issue where deleting a password via API or by another user did not trigger a redirect to the Recents page in the web version
• Fixed an issue where enabling/disabling the Automatically clear background task history setting caused the task to appear in the scheduler only after refreshing the page
• Fixed an issue where a folder continued to display in its original directory after being moved until the expanded directories in the navigation panel were collapsed/expanded
• Fixed an issue where creating a new vault caused expanded directories in the navigation panel to collapse
• Fixed an issue where not all users were displayed in the user addition window for a vault
• Fixed an issue where the cancel button did not clear the DN for finding groups in AD/LDAP field when adding an LDAP server
• Fixed an issue where the system notification about resetting the authorization password did not automatically disappear
• Fixed an issue with resetting selected roles, groups, and invitations in user management when the search query was empty
• Fixed an issue where the group filter was reset after clearing the role filter
• Fixed an issue where nested elements in the navigation panel collapsed after creating a new vault
• Fixed an issue with incorrect display of some icons on the vault access request tab
• Fixed incorrect font in directory names

• Fixed incorrect migration of attachments and password editions to Passwork 7
• Fixed an issue where the API session could be reset after token renewal
• Improved overall performance and stability

• Minor bug fixes and performance improvements

• Fixed incorrect background task name for LDAP synchronization in test mode
• Fixed an issue where changes in role settings could not be saved after setting the minimum refresh token lifetime
• Improved overall system stability and performance

Improvements

• Added new settings Restrict password reuse and Password history length to the authorization password complexity policies
• Added an option to navigate to the initial password directory from the Recents and Favorites
• Added tooltips for long group, folder, password, and shortcut names
• Prevented creation of additional fields with duplicate names or names already used in system fields — identical names with different cases are allowed
• Improved filters in User management and Activity log
• Improved the UI, dark theme, and localization

Bug fixes

• Fixed sorting of vaults, folders, passwords, and shortcuts in Favorites, Inbox, Search, and Bin
• Fixed an issue where the SMTP password field sometimes displayed Empty even though a password was set
• Fixed an issue where trying to open a password with a lot of characters in the Password field prevented cards from opening and users were redirected to the Recents
• Fixed an issue where a prompt to change the local password sometimes appeared after logging in via LDAP
• Fixed an issue where the Master password complexity policy settings appeared in role settings when the client-side encryption was disabled
• Fixed an issue where some system notifications were not sent to administrators and users with permission to view them
• Fixed an issue where manually imported data was reset when returning to data mapping
• Fixed incorrect display of access levels in the System settings changed event
• Fixed sorting by date in the Bin

• Added "Password link opened" event to Activity log
• Added an ability to create test task in Background tasks for users that have viewing access to the corresponding section
• Fixed incorrect password indexing after migration
• Fixed an issue that prevented profile images from loading
• General improvements to UI and localization

• Fixed issues with migration
• Added a notification for clearing finished background tasks
• Fixed an issue where profile images in notifications were missing
• Fixed an issue where a scroll bar in dropdown menus was missing
• General improvements to UI and localization

• Improved password and 2FA reset window
• Fixed notificaton migration from Passwork 6
• Fixed DSN generation for SMTP
• Fixed internal migration order for MongoDB

• Improved UI in Security dashboard and User management
• Improved Passwork authorization form in mobile browsers
• Added role, group and invite counters in corresponding tabs of User management
• Changed the default order of Navigation pane elements
• Fixed an issue that prevented downloading files attached to passwords shared via one-time link
• General improvements to UI and localization

In Passwork 7, we've refined and enhanced every element of our product, making it even more convenient for users and more effective for addressing administrative tasks.

New backend and frontend
We’ve completely rewritten the code using modern methods: improved performance, simplified initial setup, sped up the implementation of new features, and laid the groundwork for developing a desktop application.

Expanded API capabilities
We’ve added a full-fledged API to ensure seamless integration with existing systems and services. Now, you can use it to access all Passwork features — from copying passwords to managing users and security settings.

Updated UI
We’ve redesigned the key sections based on your feedback and fixed a number of flaws, while improving UI personalization and maintaining the familiar workflow.

Custom roles and groups
Instead of just two standard statuses, you can now create an unlimited number of roles with individual permissions and settings. The previous Roles have been renamed to Groups, and access management has been made more intuitive.

Updated vault structure
Instead of organization vaults and personal vaults, users can now create private vaults. A private vault becomes shared only when other users are added to it. Administrators are no longer automatically added to new vaults.

Vault access confirmation
Adding users to groups no longer provides automatic access to vaults — access now requires confirmation from the vault's administrator. Users who gain access to a vault through LDAP synchronization will also need to be confirmed.

To upgrade to version 7.0, you’ll need to update your Passwork to version 6.5, migrate your data, and confirm this in the customer portal. Upgrade instructions can be found Migration to Passwork 7.

⚠️ We recommend exploring the new features and data migration specifics in a test environment before updating your self-hosted version. For testing, you can deploy Passwork 7 on a separate server — this will allow you to review all the changes in the new version without affecting your current working environment.

Sign-in and autofill
The extension won't open new tabs when autofilling your credentials on websites with the "Sign in using Passwork" button.

TOTP сodes
Spaces will now be automatically removed when copying or entering values in the TOTP field. Additionally, an issue that sometimes led to TOTP codes being generated incorrectly has been fixed.

Other changes

• Added tooltips for long titles
• Added an ability to set colors for folders
• Fixed an issue that prevented notes from being displayed in the password info
• Fixed an issue with Passwork tabs closing after terminating the extension session
• Fixed an issue with spaces being removed in search queries

• Added data migration to Passwork 7
• Added the option to enable a custom banner which will be displayed at the top of the screen. The banner can be used for making important announcements, notifications, or instructions. Banner settings can be found under the Custom banner section in the System settings.

• Fixed an issue with multiple sign-ins when using two-factor authentication (2FA)

• Updated autofill algorithms to minimize the number of server requests — autofill window now appears on all websites with a login form
• Added error notifications for expired authorization tokens
• Fixed an issue where the extension would unexpectedly log out during background requests
• Fixed an issue which prevented copying inbox passwords from the autofill window

• Fixed an issue where passwords from the root of the vault were moved into folders after exporting the vault to CSV format and importing it back

• Fixed the incorrect notification stating that a password has been copied successfully which could appear before a password was saved to the clipboard
• Fixed the incorrect activation of autofill on websites when no credentials are found in Passwork
• Fixed an issue where users could not log out of the extension after the API usage restriction was enabled
• Fixed an issue where a shortcut could be selected in the autofill window even though its password had been removed
• Fixed an issue where the browser tab with Passwork could automatically close after signing in to the extension
• Fixed an issue where browser extension data was not reset after its removal
• Increased the delay time before the extension closes after 5 failed PIN attempts from 4 to 7 seconds

• Fixed an issue where, after moving a password to the Bin, its shortcut could still be used to autofill data via the browser extension
• Fixed an issue with the incorrect display of role names in the recent actions of a folder
• Fixed an issue where incorrect data could be displayed on the History of actions and Editions tabs of the password card
• Improved overall system security

• Added noavatar parameter, which makes it possible to disable avatar transmission when performing API requests
• Fixed an issue with shortcut and password colors that sometimes failed to update until the page was refreshed
• Fixed incorrect display of some special characters in browsers on Windows
• Replaced outdated links in the mobile device connection window
• Improved overall system security

• Added norepeats parameter to the configuration file, which makes it possible to exclude consecutive identical characters when generating a password

Mandatory PIN code
Now administrators can set PIN codes to be mandatory for all users. If no PIN code is set, users will be prompted to create one when they log in to the browser extension.

PIN code protection against brute force attacks
After each failed attempt to enter a PIN code, the input field will be blocked and cleared automatically. After five failed attempts to enter a PIN code, the extension will log a user out and reset the previously entered host address.

Improved password search while autofilling login forms
Password search to autofill login forms will occur across all passwords available to the user, not just the current domain.

Other Improvements

• Added PIN code request in the save password pop-up window
• Added validation of TOTP secret keys when editing passwords
• Made additional empty fields invisible when viewing passwords
• Improved the extension UI

Bug fixes

• Fixed an issue where users could not select actions for shortcuts, it occurred when user vault access rights were lower than Admin
• Fixed an issue where the Save button in the password editing window became inactive after deleting or changing the TOTP key to an incorrect one
• Fixed an issue where the API request to log out of the session could fail while logging out of the extension
• Fixed incorrect display of the Auto-lock field value when the PIN code is not set
• Fixed an issue with duplicate pop-up windows

Mandatory extension PIN code
Now administrators have the option to make the browser extension PIN code mandatory for all users. If no PIN code is set, users will be prompted to create one when they log in to the browser extension. The Mandatory PIN code in extension setting is located in the API, extension and mobile app section of the System settings.

History of actions with passwords
With the new "Who can view the history of actions with passwords" setting, it is possible to grant users (with access levels below Admin) the right to view password history, password editions, and notifications of their changes — these features were previously available only to vault administrators.

Logging of all changes related to settings
Now all changes in the Account settings, User management, LDAP settings, SSO settings, License info, and Background tasks are displayed in the Activity log.

Automatic updating of LDAP group lists
Automatic updating of LDAP group lists can now be configured on the Groups tab in the LDAP settings. The update is performed through background tasks with a selected time interval.

Other improvements

• Added pop-up notifications when exporting data or moving data to the Bin
• Improved display of dropdown lists on the Activity log page
• Changed time display format of the "Automatic logout when inactive" and "Maximum lifetime of the session when inactive" settings
• Changed the Enabled/Disabled dropdown lists on the System settings and LDAP settings pages with toggles
• Increased minimum length of generated passwords to six characters

Bug fixes

• Fixed an issue in the Password generator where selected characters were sometimes missing in the generated password
• Fixed an issue where local users could not independently recover their account password when an LDAP server was enabled
• Fixed an issue where local users could not register in Passwork when an LDAP server was enabled
• Fixed an issue which occurred after moving a folder with shortcuts to another vault and shortcuts not being displayed in the new vault
• Fixed an issue that occurred when trying to move a shortcut found in search results without opening any vaults right after logging into Passwork
• Fixed an issue that occurred when trying to copy a password found in search results without opening any vaults right after logging into Passwork
• Fixed an issue that occurred when a password was sent to another user and remained on the recipient's Recents and Starred pages after the initial password was moved to the Bin
• Fixed the value in the time field for the "API key rotation period (in hours)" setting which was reset to zero after disabling it
• Fixed incorrect event logging in the Activity log after changing folder permissions
• Fixed incorrect text notification about assigning access rights to a user through a role
• Fixed incorrect tooltip text when hovering over the username of a recently created user
• Fixed incorrect display of long invitation titles
• Removed local registration page when LDAP server is enabled

• Fixed an issue when logged-out users encountered errors while trying to download an attached file via a password link
• Fixed an issue that prevented users from downloading attached files via a shortcut as they had no access rights to the original password
• Fixed an issue that occurred when trying to move a password found in search results without opening any vaults right after logging into Passwork
• Improved overall system security

Improvements

• Improved the autofill algorithm for single-page login forms
• Updated the Save button which now becomes active only after making changes on the password editing page
• Minor improvements in localization and interface

Bug fixes

• Fixed an issue with the PIN code in the locked extension which was not always required to run content scripts
• Fixed an issue in the Password generator where selected characters were sometimes missing in the generated password
• Fixed an issue with constant reloading while trying to log in to the extension

• Fixed an issue where changing the access level to No access for roles was not possible
• Replaced the outdated link to technical documentation in the Background tasks settings

• Fixed an issue that occurred while editing a password when the notificationEmail field of user from LDAP contained an array of email addresses

• Fixed an issue where users with the Manage all organization vaults setting enabled were not included in the count of users who have access to the organization vault
• Fixed incorrect display of the context menu when selecting a filter on the User Management page

Improvements

• Added the option to prevent users from sending passwords with Edit access
• Increased the number of supported TOTP secret key formats
• Added the Cancel changes button in the SSO settings
• Added the path field containing information about the path to the password when exporting in CSV
• Added a mandatory master password request for data export when client-side encryption is enabled
• Removed links to outdated modal windows on the empty vault page
• Improved overall system security

Bug fixes

• Fixed an issue as a result of which the vault name was saved in the folder field when exporting to CSV
• Fixed the incorrect display of the number of passwords in certain folders and vaults during data export
• Fixed an issue with the incorrect sorting of the group list in the LDAP settings
• Fixed an issue with the content search not working correctly for multiline notes
• Fixed an issue which caused the compromise risk warning in the Security dashboard when a user, who obtained vault access through a role, viewed a password
• Fixed an issue which ignored the new parameters of license keys
• Fixed the 2FA reset issue which occurred when the administrator reset the authorization password

Improvements

• Modified the PIN code storage format in the local storage
• Added option to search for passwords using keywords, tags, and color tags simultaneously
• Disabled automatic login attempt after autofill to ensure proper functioning with non-standard authentication forms
• Migrated to the Manifest V3 with enhanced security policies and architecture, ensuring more stable and efficient communication between the extension and your browser
• Added automatic closing of the successful authorization message
• Improved performance and security

Bug fixes

• Fixed issue with the search query reset after clicking the Back button on the page with found passwords
• Fixed issue with certain combinations of special characters causing an error when entered in the Exclude characters field of the password generator

Improvements

• Added logging of System settings changes
• Added the tooltip in Email service settings indicating that the password has already been saved in the database
• Added the tooltip in the hidden vault header indicating that the vault is hidden
• Improved overall system security

Bug fixes

• Fixed an issue that caused nested folders to remain visible in the vault list after hiding their parent vault
• Fixed an issue where hidden vault couldn’t be made visible through the vault menu
• Fixed an issue where open password was not closed while being moved to another directory
• Fixed an issue when deleted passwords from the hidden vaults did not appear in the Bin

Other changes

• Removed external links from email notifications
• Updated icons in the vault menu

Improvements

• New Administrative rights settings in User management make it possible to grant ordinary users certain administrative rights, access to various sections of settings, and flexibly customize what they can modify without assigning them full administrator status
• All events related to changes in Administrative rights are now shown in Activity log. This includes details about the users who initiated these changes, as well as information about each modified setting, its previous and current values
• Revamped Hidden vaults. Now all users can hide any vaults, including private. Hiding makes vaults invisible only to the users who choose to do so and does not affect others. Hidden vault management is now carried out in a new window, which is available directly from the vault list
• Users with access to User management can now view all the vaults they administer, including private vaults
• Added logging of events within private vaults in Activity log
• Minor improvements to the settings interface

Bug fixes

• Fixed an issue in User management that allowed administrators to delete themselves
• Fixed an issue that prevented users from changing their temporary master password
• Fixed an issue where users couldn't set minimum length for authorization and master passwords

Improvements

• Added an option in synchronization settings that allows selecting the type of authorization for new users from LDAP/AD
• Added the event of password import to Syslog
• Improved overall system performance

Bug fixes

• Fixed an issue that caused incorrect display of the LDAP user list on the Users tab when mapping a role to a group and performing synchronization in test mode
• Fixed an issue with the Angular Tooltip directive
• Fixed an issue where some special characters were not accepted when changing the authorization password

Improvements

• Added the Bin for deleted password and folders. Now, when deleting folders and passwords, they will be moved to the Bin. If needed, they can be restored, preserving previously set access permissions. Vaults are deleted without being moved to the Bin; they can only be restored from a backup
• Added protection measures to prevent accidental deletion of vaults
• Added protection against brute-force attacks on 2FA
• Improved LDAP synchronization performance
• Added a descriptions of parameters and minimum allowed values for API token expiration time and API refresh token expiration time to the API settings section

Bug fixes

• Fixed an issue with automatic assignment of folder structure to parent folders in role management
• Fixed an issue where a vault administrator couldn't add roles to a vault and manage their permissions
• Fixed an issue with incorrect display of additional access rights to passwords when moving them to another vault

Other changes

• The TLC is now selected by default in Email service settings
• Added PHP 8.2 support

• Fixed an issue where administrators couldn't manage hidden vaults

• Fixed an issue with 2FA not working for some users after updating to version 6.1.0

• Fixed an issue where the LDAP authentication type was not set after upgrading to version 6.1.0 if the database had an initial value

In Passwork 6.1, we've introduced new settings that provide more options for user management, optimize the database performance and enhance security.

User management

• 2FA reset can now be done separately from the authorization password reset
• Enhanced master password reset security — after resetting the master password, all active user sessions will be reset
• Added an option to individually choose the authorization type for each user
• Added new icons in user list showing authorization types
• Now, when an administrator resets the authorization password or master password, a temporary password will be generated. Upon login, a user will be required to change it
• Added an option to change authorization types and LDAP synchronization for a group of users
• Added filters for authorization types and LDAP synchronization
• Increased the complexity of temporary passwords
• Removed the option to change user status from the user list. Now, the status of a user can only be changed from specific user page
• Changed the order of user settings

System settings

• Added an option to restrict administrators from managing other administrators
• Added new policies for the authorization password and master password complexity
• Added an option to enable or disable mandatory entering of master password each time a user opens a new browser tab for Passwork

SSO, LDAP settings, License info, Background tasks and other changes

• Added 2FA support for SSO authorization
• Added an option to logout of IdP when logging out of Passwork in SSO settings
• Added automatic cleaning of session collection in the database to limit its size
• Improved the LDAP settings interface by removing the global enabling/disabling of LDAP authorization and adding new icons indicating which AD servers have LDAP synchronization enabled
• Unverified users are no longer counted in the total number of users displayed in License info
• If the server master key was changed, Passwork will be locked to protect data

• Improved performance of changing permissions for a role in a folder

• Fixed an issue where the API key rotation period was not taken into account when updating the API key
• Fixed an issue with saving of the default and global settings

Improvements

• Added the event of user master password reset in Activity log
• Added notification for successful registration when an administrator adds a new user
• Increased the length of authorization and master passwords to 15 characters when creating a new user
• Improved the the import window interface and hid unnecessary items when there are no vaults in an organization
• Improved the automatic logout when inactive functionality for domain owners
• Modified the error message for incorrect authorization
• Added localization for meta tags

Bug fixes

• Fixed an issue with TOTP codes not functioning in password links
• Fixed an issue with incorrect display of password name in the password deletion event in recent user activity
• Fixed an issue where creating a link through the mobile application added an empty Attached files field
• Fixed an issue where passwords created via the API with an empty cryptedKey field couldn’t be opened in the web version
• Fixed an issue with the password sharing menu disappeared during scrolling

Other changes

• Removed outdated events from the Action filter in the Activity log
• Removed a redundant element from the Authorization and 2FA page for domain users
• Updated the versions of client libraries

• Fixed an issue where LDAP synchronization incorrectly disabled users

• Fixed an issue where not all users were appearing in the invitation dialog

Improvements

• Added the shortcuts for passwords. When the original password is changed, all shortcuts associated with it are automatically updated as well. Depending on access rights, users can view or edit passwords through their shortcuts.
• Enhanced drag-and-drop functionality. You can now move, copy, or create shortcuts by dragging passwords and folders.
• Revamped LDAP settings. Improved the process of adding new users, added background updates of user data from LDAP, introduced special tags for deleted groups and role-associated groups, and allowed users to set their master password independently upon their first login to the system.
• Previously, partial access to vaults was automatically granted when sending passwords via Inbox. Now, this access is directly linked only to the sent password, and no partial access to vaults is provided.
• Unified the visual style across all settings sections and improved the functionality of various parameters

Other changes

• Added support for additional fields during password import and export operations
• Added Save and Cancel buttons in System settings to prevent accidental actions
• Added a notification about new unconfirmed users
• Added an option to configure permissions for specific access levels when creating links, shortcuts, and sending passwords
• Added an option to invite users via email
• Added an option to select default interface language for new users
• Added an option to set the maximum session lifetime for users during inactivity
• Added an option to set auto logout time for users