Home / 2.1.27.25
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2018-10-30 22.7 kB
Release 2.1.27.25.tar.gz 2018-10-30 16.1 MB
Release 2.1.27.25.zip 2018-10-30 16.9 MB
Totals: 3 Items   33.0 MB 0

Refer to changelog file to know main changes in Release 2.1.27.

New during upgrade

When upgrading, you need to indicate a valid administrator name/password, and you will also need to copy the saltkey into a password filed. It will be saved inside your database. No database data are shown anymore. If the database information are changing, you need to update the file /includes/config/settings.php before starting upgrade. IMPORTANT NOTE for users that have migrated to 2.1.27.0 and that have file encryption option enabled

Files encryption process have completely being reworked. Before upgrading, please do the next:

  • open upload folder
  • copy existing files in a temporary folder
  • restore the files from a backup of a previous version (for example 2.1.26)
  • start upgrade

Newly introduced since 2.1.27.25

[#2454] Update from 2.1.27.23 to 2.1.27.24 doesn't work

Newly introduced since 2.1.27.24

[#2452] Fix API URL [#2438] Add new user fails due to missing default for not null fields [#2436] Undefined variable: user_id in api/functions.php [#2432] Empty item URL automatically fills with 'https://' [#2426] New option to force admin user to get connect using 2 factor code [#2416] Backslash in user's password [#2401] New LDAP account has full access when they log in for the first time

/!\This new version fixes a very old design choice regarding the encoding of user names. It may impacts your users in some specific cases. The fix consists in authenticating twice.

Newly introduced since 2.1.27.23

[#2419] Cannot show password by using item menu bars entry [#2418] Generatinga new password for a user fails with error [#2403] Cannot Login using LDAP user

Newly introduced since 2.1.27.22

[#2408] Password complexity not enforced [#2326] link copy doesn't work corectly

Newly introduced since 2.1.27.21

[#2398] User unable to change their own password from profile window [#2395] php warning in logs [#2376] fix link in readme

Newly introduced since 2.1.27.20

[#2394] knowledge base page characters appear with "?" [#2393] After Deleting User, KB Is Blank [#2380] Increase fields size to prevent errors [#2372] Upload a file with dash in file name wil be renamed with underscore Fix: loading folder information is wrong when using 'max' Fix: error message item already exits culd appear on item edition Security fix - Sanitized GET values in case of user password recovery (credit for Adam Roberts from http://www.nccgroup.trust/)

Newly introduced since 2.1.27.19

[#2379] Setting "Number of items to retrieve per query" to Max

Newly introduced since 2.1.27.18

[#2378] Personal sub-subfolders do not appear [#2373] Internal Server Error 500 Profile Window

Newly introduced since 2.1.27.17

[#2367] Incorrect import into personal folder [#2364] Using another protocol than HTTP for the URL is not possible [#2362] Removed excess item id from API url add/item [#2360] Show logs without any auth [#2355] Return the parent folder ids on API call read/userfolders [#2353] Generate Password not working - wrong POST field [#2349] Folder with flag "allow empty password" says "Insufficient password strenght" on item edition [#2347] Disable "Forgot Password?" link feature not working [#2346] [CSV-Import] convert field to string bevore using replace() [#2345] restore, enter decrypt key then system logs out [#2341] API - Incorrect update item parameters decoding [#2334] error adding entry with the same name then another entry in a different folder [#2314] SQL error in API near user name [#2312] API Issue adding folder on root [#2290] Protection of OTV page errors [#2298] support for login through http header [#2265] API - Add item - comma separated base64 encoded string Fix - in bug report, the email password is visible Fix - 'Hide inaccessible password folder' doesn't work in all cases Security fix - DUO codes are sanitized (credit for Adam Roberts from http://www.nccgroup.trust/) Security fix - Through URL some operations were possible with no user rights check (credit for Adam Roberts from http://www.nccgroup.trust/) Security fix - Backup key is generated by default (credit for Adam Roberts from http://www.nccgroup.trust/)

Newly introduced since 2.1.27.16

New - Added folders filter in Manage Roles page New - Added folders alphabet filter in Manage Folders page [#2279] Google Authentication no link [#2277] Import fails when Login: / Account: has a backslash inside of it [#2274] Import from csv-list includes items that are marked as already imported [#2263] New upload settings to permit empty files and/or any extensions to be uploaded

Newly introduced since 2.1.27.15

[#2266] Google 2FA mail for temporary code is blank

Newly introduced since 2.1.27.14

Fix for missing install/upgrade instructions

Newly introduced since 2.1.27.13

New - Templating system based upon Custom Fields [#2256] User can select his 2FA methods if several selected [#2253] Google Authenticator not working [#2248] Item suggestion is not available from Regular User [#2246] Copy folder does not copy rights structure [#2245] TeamPass 2FA QR Code won't show after providing activiation code [#2244] html entities get interpreted inside passwords

Newly introduced since 2.1.27.12

Added new option permitting to enable secure image preview Added warning to user if login attempts identified since last successful connection Added Yubico support for 2FA authentication Added restriction access to Custom Fields Added textarea format for custom field Improved the possibility to move files folder outside of Teampass Domain Improved user creation with LDAP and Google and DUO 2FA Improved log in case of failed authentication - used login is shown Improved syslog message format Updated library PHPMailer to 5.5 [#2223] Error while using php v5.6 [#2206] New ldap user and ad password change [#2204] Password copy - cryptic log entry using syslog [#2202] Search functionality - no log entry upon display [#2201] Search functionality - password shown in plaintext [#2198] Hang when changing second folder password strength and required password strength [#2196] API create item fails when Base64 encoding contains "/" [#2192] Encrypted Files Are Stored (Temporary) in Plaintext And Can Be Downloaded Without Authorization [#2191] Bad redirection to login form on password recovery process [#2189] (Google) 2FA Does Not Work With LDAP (Windows / Active Directory)

Newly introduced since 2.1.27.11

Changed licensing to GNU GPL-3.0 New - User must provide a reason to access a restricted item New - Add option to have local and remote accounts when LDAP is enabled Improved security of password generator with php7 Improved cannot edit user without email Improved read-only user limitation to copy folder and import action Improved tree rebuild with API on folders change Improved tables primary and index usage Improved LDAP new user by default role Improved visibility of path in items list result Improved email body with item path Introduced an API key by user Fix for API keys truncated Fix offline password dispay in case of html tags similar in password Fix failed folder creation in case of password complexity not reached Fix missing quick icons in search results [#2175] Apostrophes are not handled correctly in usernames [#2174] Offline mode file bypass read right restrictions [#2172] 2FA Reset Link Can Be Abused [#2168] API for adding users is not working [#2167] Info tab is not working if behind a proxy [#2161] Missing backslash in acount name [#2160] Added a test for preventing Folders list not shown [#2154] Personal saltkey is not stored when option enabled [#2153] [{"error":"no_key_provided"} when running backup script on teampass container [#2152] No search result and empty popup appear [#2151] Error in knowledge base that does not show option to swap pages [#2140] Moving subfolder to root level not possible [#2127] Grant access with simple folder copy [#2118] Empty user at Keepass file is not empty after import [#2116] Insufficient password strength when creating Offline Mode [#2115] Fix script backup issue with encryption key [#2111] Add support for login through http header [#2109] restrict login to Group Ldap don't work [#2102] Changed field renewal_period size [#2096] Offline mode decryption fails if too much items exported [#2095] Can't upload files on items - Plupload update [#2094] PHP 7.2: Call to undefined function mcrypt_encrypt() [#2093] role human resources doesn't access expected pages [#2090] On folder copy, an empty message box is shown [#2087] Custom fields displayed if empty [#2085] CSV import error if URL too long [#2082] API: new folder is allocated to same roles as its parent [#2081] LDAP bug, can't check connection [#2080] Email sent on password copy in the clipboard [#2078] Purge Logs not selection not working properly [#2077] API: Deleting non existing folder deletes all folders [#2075] Button "delete selected Items" doesn't work [#2074] Backup by script not working [#2073] Move selected Items button [#2071] Search not working for items with multiple "Restricted to:" roles selected [#2069] Copy a read-only folder to a read-only folder [#2066] Read Only Users can Drag and drop items to there personal folder [#2065] send GAUTH-code on login form doesn't warn user if no email is set [#2064] LDAP and DUO users with administrator role taken to items page then logged out [#2063] Setting "Hide forgot password link on Home page" not correctly displayed [#2059] Fix for Custom LDAP port and adLDAP [#2035] After first time login as user Personal Folder is not correctly shown (100000) [#2015] Double click to edit not working for items created by a different user

Newly introduced since 2.1.27.10

Copy password/login button are correctly hidden and shown Cursor is hidden on password display to permit a better visualization Fixed error while coping an item Fixed last 10 items seen list not display on page load Fixed display strings with quotes issue Fixed page About in Administration page Fixed issue when sending email on visualization Fixed issue while CSV import in personal sub-folder Fixed potential error on item creation without password Fixed "show description" option was not taken into consideration Fixed an issue in auto-generating csrfp.config file Fixed a potential error while generating tp.config file Fixed issue in Duo Security log Fixed no item details shown on Find page Fixed issue related to item edition on doubleclick Fixed issue no items shown on tag search Fixed issue special characters bad display in search results Added SMTPAutoTLS for sendMail Improved offline file with full encryption Improved session validity check Improved items draggability sometime broken Improved personal item edition by enabling the folder edition Ensure session extension is always positive Added user group allowed for LDAP Windows AD Added option to remove the forgot password link on home page if LDAP enabled [#2054] Alter table statement is run only once [#2053] Custom Fields - folders unchecked at second call up [#2043] LDAP Authentication is not working [#2029] Fix on install step3 [#2028] Fix on install step3 [#2025] LDAP allowed user group doesn't work [#2027], [#2023] Fatal Error after installation and setting change [#2016] Not all roles visible [#2013] Bad condition in upgrade script [#2010] Default Administrated by for user created via LDAP authentication [#2004] Administrator has no access to Items [#1997] Error on folder creation of no Parent is selected [#1996] Some settings resets to defaults [#1993] Policy for personal saltkey [#1990] Improving mysql indexes [#1989] Authentication problem [#1980] personal item is not deleted [#1974] Changing saltkey operation [#1970] ip-api.com use is not compatible with https [#1960] Access Denied for personal folder [#1840] add "download" attribute to export file

Newly introduced since 2.1.27.9

Fixed a possible XSS (credit to ADLab of Venustech) Improved security related to User Management > a manager could potentially act on users not related to him Improved security related to Items Management > a user could potentially act on Items he should not have access to Securized script.backup.php by adding a security key Fixed some other security failures (credit to ​security at Amossys) Improved security regarding uploading files Fixed issue while restoring DB from administration page Fixed "PW copy to clipboard" log unconsistency in specific case Improved / Fixed administration task for encrypting/decrypting files Improved security regarding item history display Improved the possibility to define the access level on Roles when creating new folder Added filter in Roles New: confirm deletion of attachment [#1965] Login credentials do not correspond (json_decode issue) [#1964] Make email field in new LDAP user insertion null safe [#1961] After fresh installation the index.php shows random string [#1956] Warning appears on Category and API pages in admin mode [#1947] Dependency & array update in install checks [#1945] Cannot delete items [#1944] File upload results in error [#1941] Visualisation problems

Newly introduced since 2.1.27.8

Delete install folders and files during installation process Custom Field value can be masked Database password is encrypted in settings.php file PHPMailer library updated to 5.2.23 TwoFactorAuth library was updated Configuration variables are not set in SESSION anymore. Now read from tp.config.php file. Fix: issue on offline export Fix: error on deleting a folder at root [#1939] Unable to change page (role management) [#1937] Error while using script.backup.php in standalone [#1935] Add folder results in Requested JSON parse failed [#1933] Trying to move folder results in error message [#1932] Keepass upload fails [#1927] Changing language is not possible for users [#1924] Moving items give error: Requested JSON parse failed [#1923] Red wheel keeps turning, blocks display of new items [#1919] Upgrade to release 2.1.27.8 converts encrypted database password back to clear-text [#1915] Cannot Edit or Delete items in the Personal folder [#1909] Roles Management - Problem with acess rights "Edit" "Delete" [#1903] SSH Password Change does not work [#1900] Forgot your password --> Page reload automatic [#1891] Install error - Uncaught Defuse\Crypto\Exception\BadFormatException: Encoded data is shorter than expected [#1899] Active Directory authentication not working on fresh installed Cent OS 7 [#1890] access rights in manage roles [#1888] Export to CVS --> empty file (0 kb) [#1886] JSON Error when importing with an apostrophe (‘) [#1885] Undefined index: SSL_SERVER_CERT [#1884] Cannot delete custom fields - hangs indefinitely after confirm with spinning gear [#1882] Can't see any entry on any folder, using any account [#1881] Doesn't auto-delete install/ folder after installation completed [#1880] Custom Fields, Not encrypted/decrypted when toggled in Custom-Field Settings Screen [#1872] New Admin User login not working -JSON Parse file failure [#1870] Logic issue in headers sending [#1866] CSV import with empty url leads to value 0 [#1862] Import from Keepass.xml to Personalfolder no access to Item [#1857] API: Folders created at level 0 instead of correct level [#1856] Robustified tp.config.php creation in case of upgrade [#1851] Fix ldap suffix [#1850] Missing iconv in Docker [#1840] Added the "download" attribute [#1837] JSON error in Find page when user has no folders to browse [#1834] Typo in sources/main.functions.php [#1833] Opening a one time view page give a notice: A session had already been started... [#1830] Salt key field has already a character filled in. [#1829] Attachments is broken after upgrade from 2.1.27.0. Fix in progress [#1828] No error message when duplicate item names at personal keys [#1826] New dockerfile and docker-compose.yml [#1820] group vertical scroll bar not work correctly [#1819] Fix for QR sending from login page

Main changes in 2.1.27

New: Custom Fields are only visible if defined Fix issue in tree if subfolder is visible while parent is not Fix issues regarding DUOSecurity Fix upgrade doesn't start in case that sk.php file has moved Fix for Custom Fields not displayed as defined by order field Secure fixes Session increase time feature is now increasing with the expected user session duration Default language cannot be changed fix Fix for "hide not accessible folders" option New Defuse Encryption implemented in place of phpCrypt NEW AGSES authentication implemented NEW Custom Fields data can be encrytped or not in database NEW Folder copy feature NEW Mass move or delete operation on Items NEW Item change proposal IMP Implemented new session encryption library SecureHandler (getting rid of mcrypt extension) IMP Language selection is now in User Profile (Default language is used on authentication page) IMP User creation dialogbox improved with all user properties IMP New user login availability is checked "live" IMP Filtering counters in datatables IMP Users Management dialogbox improved IMP 2FA authentication change to improve security (no call to external QR generator) UPD AES library updated FIX "Find" feature: copy from public to personal folder, and list of folders is refreshed when copying an Item Fix: Prevent moving a folder to one of its child folder New: Multiselection in Roles vs Folders matrix New: LDAP configuration test mode (in progress) Fix: Global saltkey change Fix: Copy folder does'nt copy included items Fix: Encrypt/Decrypt attachments feature from admin page

[#1806] [#1796] Can't add folder from API [#1787] email notifications are not sent if there are any admins with empty email address [#1776] Allow restricting items to users and roles - Wrong Item Owner [#1775] Can not decrypt a created crypted Backup - Improved encryption with Defuse [#1774] Announce this Item by email [#1769] Installation issue - no admin account is created [#1762] Share user rights works backwards [#1761] Reset of my Personal Saltkey [#1743] Enable anonymous LDAP queries [#1690] Unable to set/save personal salt key with LDAP user [#1742] Fix for issue [#1539] verifying LDAP groups properly [#1740] Missing buttons on Users page [#1737] Cannot import files [#1735] Dockerfile - PHP extension "curl" is loaded Extension curl is not loaded [#1733] Copy Item doesn't work if copy from public to public folders [#1731] Cannot login in after fresh install [#1729] Protection against bigger data than database field size [#1727] Cannot edit or delete entry in the Personal folder [#1725] Some fixes [#1723] Fix spin not removed while reseting user saltkey [#1722] SELinux issue leads to upload impossible [#1718] Moving a folder to itself [#1717] After deleting a folder, items are still visible in search page [#1713] Doubleclick on directory shows items twice [#1710] Error on psk change [#1709] Missing field in table on fresh install [#1707] "Restricted To" not working correctly when creating new items [#1706] User can edit & delete items without rights [#1696] Fix for no log for OTV [#1695] Manager can create folder at root from Items pas [#1686] Fix for item History dialogbox [#1685] Fix in Portuguese file [#1684] Estonian language still missing [#1679] Sort by don't work in Utilities/logs [#1676] Pre-auth XSS in index.php [#1674] name and lastname are changed on other user edit [#1672] Anonymous settings not stored [#1670] Incremental upgrade not active [#1669] Logout - Errors [#1668] File encryption is not correct in case of upgrade [#1666] Can`t set avatar [#1662] Can not delete folders [#1659] Third level of sub folders in the Personal folder are not seen [#1654] User management page - no "next" button [#1635] New folder inheritance of parent specific settings [#1631] Error could be appear on upgrade when checking folders and files [#1628] URL link to specific item does not work [#1627] Improved label preview length [#1625] Request to add/change password [#1624] Error 500 while importing item with API (with PHP < 7) [#1621] New option: OTV can be disabled [#1620] Direct copy password from seach results and large folders [#1616] Cannot show password with IE11 [#1614] Generate personal folders sets regular root folders also as personal [#1608] All folders are deleted [#1603] Attached files disappears [#1601] Time zone can't be saved in My Profile [#1593] Insert duplicate label with API [#1592] Show Client IP in mail to admin about logged on users [#1588] Fix for OTV links [#1587] fix for e-mail to administrator on logon does not work [#1581] Fix for new folder Custom Fields inheritance [#1579] Fix for preventing a php fatal error [#1575] Fix for tree not loaded when user has no access to a folder with children [#1571] Drag and drop from PF to public folder makes item password corrupted [#1571] Create an item inside another folder than the one selected [#1561] Personal folder deletion deletes all [#1559] API IP Whitelist check does not consider XFF [#1556] Fix bug for upgrading old passwords [#1553] LDAP support - Add LDAP port - Add support multi LDAP server [#1551] Authentication through LDAP posix-search [#1550] 2 Factor enabled but can still log in without code [#1549] Read Only users can use Personal Folders [#1543] Wrong Saltkey message after setting [#1533] The change of the main SALT Key doesn't work [#1532] Added error message in install.js if db-pw contains double quotes [#1531] Database otv table originator field should be int instead of tinyint [#1514] User language selection is done in Profile dialogbox [#1474] New option: create an item without password [#1472] "folder access" and "role" settings when adding new user + propage rights from one user [#1464] CSV files broken, html entities not decoded, newlines not stripped [#1422] Folders deletion protocol has been securized to prevent unconsistencies in folders tree [#1412] New option: Manager can move items they can view [#1408] Display folders visible by a user [#1299] Export to pdf or csv shows htmlencoded

Source: README.md, updated 2018-10-30