Refer to changelog file to know main changes in Release 2.1.27.

New during upgrade

When upgrading, you need to indicate a valid administrator name/password, and you will also need to copy the saltkey into a password filed. It will be saved inside your database. No database data are shown anymore. If the database information are changing, you need to update the file /includes/config/settings.php before starting upgrade. IMPORTANT NOTE for users that have migrated to 2.1.27.0 and that have file encryption option enabled

Files encryption process have completely being reworked. Before upgrading, please do the next:

open upload folder copy existing files in a temporary folder restore the files from a backup of a previous version (for example 2.1.26) start upgrade

Newly introduced since 2.1.27.9

Fixed a possible XSS (credit to ADLab of Venustech) Improved security related to User Management > a manager could potentially act on users not related to him Improved security related to Items Management > a user could potentially act on Items he should not have access to Securized script.backup.php by adding a security key Fixed some other security failures (credit to ​security at Amossys) Improved security regarding uploading files Fixed issue while restoring DB from administration page Fixed "PW copy to clipboard" log unconsistency in specific case Improved / Fixed administration task for encrypting/decrypting files Improved security regarding item history display Improved the possibility to define the access level on Roles when creating new folder Added filter in Roles New: confirm deletion of attachment [#1965] Login credentials do not correspond (json_decode issue) [#1964] Make email field in new LDAP user insertion null safe [#1961] After fresh installation the index.php shows random string [#1956] Warning appears on Category and API pages in admin mode [#1947] Dependency & array update in install checks [#1945] Cannot delete items [#1944] File upload results in error [#1941] Visualisation problems

Newly introduced since 2.1.27.8

Delete install folders and files during installation process Custom Field value can be masked Database password is encrypted in settings.php file PHPMailer library updated to 5.2.23 TwoFactorAuth library was updated Configuration variables are not set in SESSION anymore. Now read from tp.config.php file. Fix: issue on offline export Fix: error on deleting a folder at root [#1939] Unable to change page (role management) [#1937] Error while using script.backup.php in standalone [#1935] Add folder results in Requested JSON parse failed [#1933] Trying to move folder results in error message [#1932] Keepass upload fails [#1927] Changing language is not possible for users [#1924] Moving items give error: Requested JSON parse failed [#1923] Red wheel keeps turning, blocks display of new items [#1919] Upgrade to release 2.1.27.8 converts encrypted database password back to clear-text [#1915] Cannot Edit or Delete items in the Personal folder [#1909] Roles Management - Problem with acess rights "Edit" "Delete" [#1903] SSH Password Change does not work [#1900] Forgot your password --> Page reload automatic [#1891] Install error - Uncaught Defuse\Crypto\Exception\BadFormatException: Encoded data is shorter than expected [#1899] Active Directory authentication not working on fresh installed Cent OS 7 [#1890] access rights in manage roles [#1888] Export to CVS --> empty file (0 kb) [#1886] JSON Error when importing with an apostrophe (‘) [#1885] Undefined index: SSL_SERVER_CERT [#1884] Cannot delete custom fields - hangs indefinitely after confirm with spinning gear [#1882] Can't see any entry on any folder, using any account [#1881] Doesn't auto-delete install/ folder after installation completed [#1880] Custom Fields, Not encrypted/decrypted when toggled in Custom-Field Settings Screen [#1872] New Admin User login not working -JSON Parse file failure [#1870] Logic issue in headers sending [#1866] CSV import with empty url leads to value 0 [#1862] Import from Keepass.xml to Personalfolder no access to Item [#1857] API: Folders created at level 0 instead of correct level [#1856] Robustified tp.config.php creation in case of upgrade [#1851] Fix ldap suffix [#1850] Missing iconv in Docker [#1840] Added the "download" attribute [#1837] JSON error in Find page when user has no folders to browse [#1834] Typo in sources/main.functions.php [#1833] Opening a one time view page give a notice: A session had already been started... [#1830] Salt key field has already a character filled in. [#1829] Attachments is broken after upgrade from 2.1.27.0. Fix in progress [#1828] No error message when duplicate item names at personal keys [#1826] New dockerfile and docker-compose.yml [#1820] group vertical scroll bar not work correctly [#1819] Fix for QR sending from login page

Main changes in 2.1.27

New: Custom Fields are only visible if defined Fix issue in tree if subfolder is visible while parent is not Fix issues regarding DUOSecurity Fix upgrade doesn't start in case that sk.php file has moved Fix for Custom Fields not displayed as defined by order field Secure fixes Session increase time feature is now increasing with the expected user session duration Default language cannot be changed fix Fix for "hide not accessible folders" option New Defuse Encryption implemented in place of phpCrypt NEW AGSES authentication implemented NEW Custom Fields data can be encrytped or not in database NEW Folder copy feature NEW Mass move or delete operation on Items NEW Item change proposal IMP Implemented new session encryption library SecureHandler (getting rid of mcrypt extension) IMP Language selection is now in User Profile (Default language is used on authentication page) IMP User creation dialogbox improved with all user properties IMP New user login availability is checked "live" IMP Filtering counters in datatables IMP Users Management dialogbox improved IMP 2FA authentication change to improve security (no call to external QR generator) UPD AES library updated FIX "Find" feature: copy from public to personal folder, and list of folders is refreshed when copying an Item Fix: Prevent moving a folder to one of its child folder New: Multiselection in Roles vs Folders matrix New: LDAP configuration test mode (in progress) Fix: Global saltkey change Fix: Copy folder does'nt copy included items Fix: Encrypt/Decrypt attachments feature from admin page

[#1806] [#1796] Can't add folder from API [#1787] email notifications are not sent if there are any admins with empty email address [#1776] Allow restricting items to users and roles - Wrong Item Owner [#1775] Can not decrypt a created crypted Backup - Improved encryption with Defuse [#1774] Announce this Item by email [#1769] Installation issue - no admin account is created [#1762] Share user rights works backwards [#1761] Reset of my Personal Saltkey [#1743] Enable anonymous LDAP queries [#1690] Unable to set/save personal salt key with LDAP user [#1742] Fix for issue [#1539] verifying LDAP groups properly [#1740] Missing buttons on Users page [#1737] Cannot import files [#1735] Dockerfile - PHP extension "curl" is loaded Extension curl is not loaded [#1733] Copy Item doesn't work if copy from public to public folders [#1731] Cannot login in after fresh install [#1729] Protection against bigger data than database field size [#1727] Cannot edit or delete entry in the Personal folder [#1725] Some fixes [#1723] Fix spin not removed while reseting user saltkey [#1722] SELinux issue leads to upload impossible [#1718] Moving a folder to itself [#1717] After deleting a folder, items are still visible in search page [#1713] Doubleclick on directory shows items twice [#1710] Error on psk change [#1709] Missing field in table on fresh install [#1707] "Restricted To" not working correctly when creating new items [#1706] User can edit & delete items without rights [#1696] Fix for no log for OTV [#1695] Manager can create folder at root from Items pas [#1686] Fix for item History dialogbox [#1685] Fix in Portuguese file [#1684] Estonian language still missing [#1679] Sort by don't work in Utilities/logs [#1676] Pre-auth XSS in index.php [#1674] name and lastname are changed on other user edit [#1672] Anonymous settings not stored [#1670] Incremental upgrade not active [#1669] Logout - Errors [#1668] File encryption is not correct in case of upgrade [#1666] Can`t set avatar [#1662] Can not delete folders [#1659] Third level of sub folders in the Personal folder are not seen [#1654] User management page - no "next" button [#1635] New folder inheritance of parent specific settings [#1631] Error could be appear on upgrade when checking folders and files [#1628] URL link to specific item does not work [#1627] Improved label preview length [#1625] Request to add/change password [#1624] Error 500 while importing item with API (with PHP < 7) [#1621] New option: OTV can be disabled [#1620] Direct copy password from seach results and large folders [#1616] Cannot show password with IE11 [#1614] Generate personal folders sets regular root folders also as personal [#1608] All folders are deleted [#1603] Attached files disappears [#1601] Time zone can't be saved in My Profile [#1593] Insert duplicate label with API [#1592] Show Client IP in mail to admin about logged on users [#1588] Fix for OTV links [#1587] fix for e-mail to administrator on logon does not work [#1581] Fix for new folder Custom Fields inheritance [#1579] Fix for preventing a php fatal error [#1575] Fix for tree not loaded when user has no access to a folder with children [#1571] Drag and drop from PF to public folder makes item password corrupted [#1571] Create an item inside another folder than the one selected [#1561] Personal folder deletion deletes all [#1559] API IP Whitelist check does not consider XFF [#1556] Fix bug for upgrading old passwords [#1553] LDAP support - Add LDAP port - Add support multi LDAP server [#1551] Authentication through LDAP posix-search [#1550] 2 Factor enabled but can still log in without code [#1549] Read Only users can use Personal Folders [#1543] Wrong Saltkey message after setting [#1533] The change of the main SALT Key doesn't work [#1532] Added error message in install.js if db-pw contains double quotes [#1531] Database otv table originator field should be int instead of tinyint [#1514] User language selection is done in Profile dialogbox [#1474] New option: create an item without password [#1472] "folder access" and "role" settings when adding new user + propage rights from one user [#1464] CSV files broken, html entities not decoded, newlines not stripped [#1422] Folders deletion protocol has been securized to prevent unconsistencies in folders tree [#1412] New option: Manager can move items they can view [#1408] Display folders visible by a user [#1299] Export to pdf or csv shows htmlencoded