Release song: https://www.youtube.com/watch?v=F5uXomY94w8

Passbolt 5.8.0 introduces dynamic role management, allowing organizations to define additional roles that better align with internal policies, compliance requirements, and operational needs. This release also adds drag & drop user assignment to groups, simplifying day-to-day user and group management.

Warning: Ensure that all users have updated their browser extension to at least version 5.8 before assigning new roles. Otherwise, they will not be able to connect to Passbolt.

Dynamic role management

As was already the case with the default User role, Passbolt allows administrators to restrict what users can do by limiting access to specific capabilities. With version 5.8, this model is extended beyond the default Admin and User roles, making it possible to create additional roles and assign them to users for more granular control.

Dynamic roles also enable the delegation of administrative responsibilities. Rather than granting full administrative access, administrators can now assign selected capabilities to custom roles and distribute operational tasks across multiple users. Initial support covers group creation, as well as handling account recovery requests in Passbolt Pro.

At this stage, dynamic role management comes with a defined scope and set of constraints.

• The default Admin and User roles keep fixed names and cannot be renamed or deleted.
• As before, the User role can be restricted, but it cannot be assigned delegated administrative responsibilities.
• The Admin role, by contrast, always retains access to all capabilities and cannot be restricted.
• Custom roles are currently limited to two per instance and support a first set of administrative capabilities.

This scope will be expanded progressively as additional needs and use cases are identified by the community.

Drag & drop users to groups

Managing group membership often requires repetitive actions when working with large teams or frequently changing group structures. With Passbolt 5.8, administrators can now add users to a group by dragging them directly onto it from the Users & Groups workspace. This removes the need to open and edit each group individually and makes day-to-day group management faster and more fluid.

Miscellaneous improvements

As usual, this release includes fixes and smaller improvements intended to improve the overall experience. For the full list of changes, please refer to the changelog.

Many thanks to everyone who provided feedback and helped refine these features.

[5.8.0] - 2025-12-22

Added

• PB-46972 As an administrator I can create a new custom role
• PB-46973 As an administrator I can update a custom role
• PB-46968 As an administrator I can soft delete custom roles
• PB-46971 As an administrator I can list roles including deleted ones via filter
• PB-47169 As a user I receive an email notification when my role is changed
• PB-47345 As an administrator I receive an email notification when a role is created or updated
• PB-46975 As an administrator I can list RBACs including Actions
• PB-46976 As an administrator I can update RBACs for Actions
• PB-47006 As a logged-in user my role is fetched on every request to reflect role changes immediately
• PB-47083 As a user with appropriate RBAC permissions I can create groups
• PB-47196 As an administrator I can run the healthcheck command in POSIX mode
• PB-47274 As an administrator I can run a command to populate created_by and modified_by fields in secrets
• PB-47275 As an administrator I can run a command to populate secret revisions for existing secrets

Fixed

• PB-46374 As first admin I should not receive emails regarding encrypted metadata enablement during the first setup
• PB-46613 Fix web installer not working in HTTP when not in secure context
• PB-46640 Fix warnings in mfa_user_settings_reset_self.php email template
• PB-46645 Optimize action logs purge command dry run query
• PB-46913 Fix MfaUserSettingsDisableCommand to support case sensitive username comparison
• PB-46935 Fix 500 error on /metadata/session-keys/{uuid}.json endpoint when the request is sent twice
• PB-47236 Reduce the PHP memory load of the V570PopulateSecretRevisionsForExistingSecrets migration

Security

• PB-46890 Upgrade js-yaml dependency (Medium severity)

Maintenance

• PB-45979 Add CACHE_CAKETRANSLATIONS_CLASSNAME environment variable for cake_translations cache config
• PB-46388 Fix PHPUnit 11 deprecations

Release song: https://youtu.be/t12nOxmB278

Passbolt 5.7.2 fixes an issue introduced in v5.7.0 that affected the health check when it was run after the cleanup command.
The bug caused the server metadata private key to be incorrectly deleted, resulting in health check failures.
This has now been resolved, and the cleanup process works as expected.

We thank the community again for reporting this issue!

[5.7.2] - 2025-11-17

Fixed

• PB-46826 As an administrator running the cleanup task, the server metadata private key entry should not be deleted

Release song: https://youtu.be/XZMFeDxW60A?si=OJshLL0aEMe_5yTe

Passbolt 5.7.1 fixes an issue introduced in the previous version that affected logging in with Duo MFA. Authentication with Duo is now fully restored.

We thank the community for reporting this issue!

[5.7.1] - 2025-11-14

Fixed

• PB-46680 Fix DUO authentication form blocked by CSP header

Release song: https://youtu.be/fMnh5Tn8aeM

Passbolt 5.7.0 introduces secret history, a highly demanded feature that gives users visibility and control over previous
versions of their secrets. This release also includes several usability improvements requested and bug fixes reported by the community.

Secret history

It is now possible to access previous revisions of a secret directly from Passbolt.

Secret history helps reduce the impact of human error and offers a safer way to manage evolving secrets. For instance,
this enables users to undo an accidental update on the spot. Note that the feature is disabled by default and requires
an administrator to enable it from the administration workspace.

User and group workspace improvements

A new “Remove from group” action has been added to the user and group workspaces. This addition eliminates the confusion
between permanently deleting a user and simply removing them from a specific group.

Moreover, administrators can now instantly filter users that require attention via the “Attention Required” filter in
the workspace. For instance: identifying users with a pending account recovery request to review, or missing metadata keys.

Import report

The application now displays a summary dialog after an import, offering accurate and actionable information.
The report precisely categorises alerts into successes, warnings and errors, providing end users with additional logs.

Miscellaneous improvements

As usual this release is packed with improvements and bug fixes reported by the community. Notably, the reliability of autofill
has been improved across a wider range of websites. If you find that autofill does not work on a particular website, feel free
to open a bug report including the website details to help us identify the custom selector. For more, check out the changelog below.

Many thanks to everyone who provided feedback, reported issues, and helped refine these new features.

[5.7.0] - 2025-11-12

Added

• PB-46107 As an administrator I can define the number of past secret revisions persisted in DB
• PB-46109 As an administrator I can block the edition of the secret revisions settings with a configuration flag
• PB-46110 As a logged-in user I can view the past secret revisions of a resource
• PB-45059 As an administrator I can see in the healthcheck if zero knowledge is activated and the server has access to the key
• PB-45496 As an administrator I can run a clean-up task to delete metadata private keys entries of soft & hard-deleted users
• PB-45567 As an administrator I can run a passbolt user_index command to list all users
• PB-45567 As an administrator I can run a passbolt user_promote_to_administrator command to promote users to administrators
• PB-45567 As an administrator I can run a passbolt mfa_user_settings_disable command to disable MFA for a given user
• PB-46146 As an administrator I can hide the warning on commands run as non web-user with a configuration flag

Security

• PB-45158 Adds frame-ancestors:none and form-action:self to the CSP header

Fixed

• PB-44623 The API should return a 400 instead of 500 on /auth/jwt/logout.json when refresh_token isn't a UUID
• PB-45760 Fixes a translation in setup recover abort email reported by community
• PB-45262 Prevent activity log from showing secret creation during resource share as a secret update

Maintenance

• PB-45731 As a developer I can ensure by unit tests that all Crowdin translations are parsable
• PB-45788 Updates sessions.sql file as per the latest cakephp skeleton
• PB-43742 Updates PHPUnit vendor to v11
• PB-45829 Upgrades Passbolt API Web Installer to use OpenPGP.js version 6

Release song: https://youtu.be/SUu9aEoQOL8

Passbolt 5.6.1 addresses a security issue identified in the underlying CakePHP framework.
The issue has been fully mitigated through a framework update.
All administrators are advised to update to this version to maintain a secure environment.

[5.6.1] - 2025-11-04

Security

• PB-45919 Fix security issue in query generation for CakePHP

Release song: https://www.youtube.com/watch?v=bu50DtPF1Ac

Passbolt 5.6.0 introduces standalone notes to store sensitive secrets beyond passwords and shared metadata key rotation to give organisations stronger control over their encrypted data. This release also delivers several long-awaited usability improvements on the main workspaces that make the day-to-day experience smoother.

Standalone notes

It is now possible to create notes as standalone resources, no longer tied to a password or TOTP entry. This offers a dedicated resource type for text-based secrets that don’t fit into existing supported types such as passwords, TOTPs, or custom fields.

Standalone notes benefit from the same permissions, encryption, and audit trail as passwords, ensuring they remain just as secure and shareable. Each note supports up to 50 KB of text, leaving ample room for certificates, SSH keys, or other long-form secrets that Passbolt plans to support natively in the future. Import and export flows have been updated accordingly and any imported resources that contain only a description will now be recognised and created as standalone notes.

Resizable sidebars: more space where it matters

Both the main workspace and the Users & Groups workspace now feature sidebars that can be resized, giving users more control over how they view their data. This improvement makes it easier to read long folder names and navigate deeply nested folder structures.

The ability to resize sidebars adds to the overall customisation of the interface, complementing existing options such as adjusting the width of the main workspace grid columns or choosing which information to display. Once adjusted, the sidebar adapts smoothly to the preferred width, and a quick double-click on the handle resets it to the default size.

Shared metadata key rotation

Administrators can now rotate the shared metadata key directly from the organisation settings without disrupting the availability of the instance. This capability gives organisations greater control over their encrypted metadata and is another milestone in completing the encrypted metadata roadmap.

Rotating the shared key enhances security in several important ways. It supports compliance with internal security policies or industry standards that require periodic key rotation. It also strengthens forward secrecy: when a collaborator leaves the organisation, administrators can generate and distribute a new shared metadata key to ensure that former members cannot access metadata encrypted after their departure.

Miscellaneous Improvements

This release is also packed with minor bug fixes and performance improvements, notably in group management where large updates are now split into smaller requests. This change reduces the load on the API and resolves timeout issues that could occur when many changes were applied to the same group at once. For the full list of changes, check out the changelog.

Many thanks to everyone who shared feedback, reported issues, and helped refine these features.

[5.6.0] - 2025-10-08

Added

• PB-45058 Add datacheck to check for existing metadata key with no metadata private keys
• PB-44187 As an admin I cannot delete a metadata key associated with a deleted resource
• PB-44183 As a user that is sole owner of v4 resources when v4 resources types are disabled, v4 resources should be ignored on an ownership transfer request
• PB-44770 As a user I want to configure the trusted_proxies list as an environment variable
• PB-45471 Add new database migration to add standalone notes resource type
• PB-45472 Update resource types endpoints tests to assert enable/disable is working for new standalone notes resource type
• PB-45473 Update resources endpoints tests to accommodate new standalone notes resource type

Fixed

• PB-45222 Fix EmailDigest not working for v5 resources
• PB-45447 Fix PUT /metadata/keys/.json endpoint returning 500 error with trailing data
• PB-45436 As an administrator I can define the default cache engine with an environment variable
• PB-45454 Fix 500 error due to MySQL deadlock on create resource endpoint
• PB-45456 Allow editing of v4 resources even when v4 resource type creation is disabled
• PB-45258 Fix grammatical errors in the resource update email content
• PB-45057 Reduce memory consumption on the action logs endpoints
• PB-45057 Reduce memory consumption on resources and folders index endpoints

Maintenance

• PB-44813 Bring back DDEV ldap related services for development environment
• PB-44593 Bump i18next version
• PB-45161 Fix regularly failing UsersIndexControllerPaginationTest.php test
• PB-45270 Add custom exception message with client IP in /healthcheck/error.json
• PB-45062 Fix user_setup_complete.php template in LU folder instead of AD

Release song: https://www.youtube.com/watch?v=bu50DtPF1Ac

Passbolt 5.6.0-rc.1 is a feature release candidate introducing standalone notes, shared metadata key rotation and resizable sidebars. This release comes as usual with security reinforcement by updating 3rd party libraries and other bug fixes.

In addition, it also includes bug fixes and maintenance updates:

• export of account kit is compatible with bigger private keys
• group membership update process is updated to reduce request size and avoid some size limitations
• folders name sort includes now natural number counting

Make sure to follow the steps here. As always, your feedback is invaluable, give it a try and report any issues you come across.
Enjoy the testing journey! ❤️

[5.6.0-rc.1] - 2025-10-06

Added

• PB-45058 Add datacheck to check for existing metadata key with no metadata private keys
• PB-44187 As an admin I cannot delete a metadata key associated with a deleted resource
• PB-44183 As a user that is sole owner of v4 resources when v4 resources types are disabled, v4 resources should be ignored on an ownership transfer request
• PB-44770 As a user I want to configure the trusted_proxies list as an environment variable
• PB-45471 Add new database migration to add standalone notes resource type
• PB-45472 Update resource types endpoints tests to assert enable/disable is working for new standalone notes resource type
• PB-45473 Update resources endpoints tests to accommodate new standalone notes resource type

Fixed

• PB-45222 Fix EmailDigest not working for v5 resources
• PB-45447 Fix PUT /metadata/keys/.json endpoint returning 500 error with trailing data
• PB-45436 As an administrator I can define the default cache engine with an environment variable
• PB-45454 Fix 500 error due to MySQL deadlock on create resource endpoint
• PB-45456 Allow editing of v4 resources even when v4 resource type creation is disabled
• PB-45258 Fix grammatical errors in the resource update email content
• PB-45057 Reduce memory consumption on the action logs endpoints
• PB-45057 Reduce memory consumption on resources and folders index endpoints

Maintenance

• PB-44813 Bring back DDEV ldap related services for development environment
• PB-44593 Bump i18next version
• PB-45161 Fix regularly failing UsersIndexControllerPaginationTest.php test
• PB-45270 Add custom exception message with client IP in /healthcheck/error.json
• PB-45062 Fix user_setup_complete.php template in LU folder instead of AD

Release song: https://youtu.be/RyP8hGuyknA

Passbolt 5.5.2 resolves an issue introduced in the previous version that affected the editing of encrypted metadata settings. Due to zero-knowledge mode being required in some conditions, administrators were unable to edit the metadata key settings. This has now been fixed, restoring the ability to customize these settings.

We thank the community for reporting this issue!

[5.5.2] - 2025-09-29

Fixed

• PB-45439 As an administrator I can edit the metadata key settings when not editing zero-knowledge mode

Release song: https://youtu.be/L3Wo8jcNrkQ

Passbolt 5.5.0 is a feature release introducing encrypted metadata in zero-knowledge mode and SCIM provisioning (beta) for automated user management.

Encrypted Metadata Zero-Knowledge Mode

This mode is designed for organizations that prioritize privacy over server-side auditability. In this setup, the server never has access to the shared metadata private key.

• Key distribution: When a new user joins, the server does not distribute the metadata key.
  Administrators are notified by email and can review which users are missing the key in the Users & Groups workspace. Keys must then be shared manually.
• User experience: Until the key is received, the user’s actions are limited. Operations that depend on metadata, such as sharing a resource, moving a private item into a shared folder or creating resources intended to be shared are blocked.
• Guidance in UI: If a restricted action is attempted, the interface provides an explanation and steps to resolve the issue.

More details are available in the dedicated blog post on encrypted metadata and zero-knowledge.

Several bugs reported by the community have also been fixed. As always, thank you to everyone who took the time to file issues and suggest improvements. Checkout the changelog for more information.

[5.5.0] - 2025-09-15

Added

• PB-44639 As an administrator, when updating metadata settings from friendly mode to zero knowledge, I should see the server key dropped in DB
• PB-44756 Updates metadata keys settings endpoint to accept server metadata private key
• PB-44752 Adds a new data check for existing resources v5 encrypted with hard or soft deleted shared metadata key

Fixed

• PB-45060 Fixes custom fields json schema properties type
• PB-45062 Fixes user_setup_complete.php template in LU folder instead of AD
• PB-44760 Fixes health check "record not found in table organization_settings" issue (GITHUB #563)

Maintenance

• PB-44915 Changes DDEV containers names and URLs from passbolt-ce-api to passbolt-api
• PB-44813 Updates ddev config
• PB-44772 Speeds up continuous integration by splitting pipelines in two distinct test suites

Release song: https://youtu.be/L3Wo8jcNrkQ

Passbolt 5.5.0-rc.1 is a feature release candidate introducing encrypted metadata in zero-knowledge mode and SCIM provisioning (beta) for automated user management.

Encrypted Metadata Zero-Knowledge Mode

This mode is designed for organizations that prioritize privacy over server-side auditability. In this setup, the server never has access to the shared metadata private key.

• Key distribution: When a new user joins, the server does not distribute the metadata key.
  Administrators are notified by email and can review which users are missing the key in the Users & Groups workspace. Keys must then be shared manually.
• User experience: Until the key is received, the user’s actions are limited. Operations that depend on metadata, such as sharing a resource, moving a private item into a shared folder or creating resources intended to be shared are blocked.
• Guidance in UI: If a restricted action is attempted, the interface provides an explanation and steps to resolve the issue.

More details are available in the dedicated blog post on encrypted metadata and zero-knowledge.

Several bugs reported by the community have also been fixed. As always, thank you to everyone who took the time to file issues and suggest improvements. Checkout the changelog for more information.

[5.5.0-rc.1] - 2025-09-12

Added

• PB-44639 As an administrator, when updating metadata settings from friendly mode to zero knowledge, I should see the server key dropped in DB
• PB-44756 Updates metadata keys settings endpoint to accept server metadata private key
• PB-44752 Adds a new data check for existing resources v5 encrypted with hard or soft deleted shared metadata key

Fixed

• PB-45060 Fixes custom fields json schema properties type
• PB-45062 Fixes user_setup_complete.php template in LU folder instead of AD
• PB-44760 Fixes health check "record not found in table organization_settings" issue (GITHUB #563)

Maintenance

• PB-44915 Changes DDEV containers names and URLs from passbolt-ce-api to passbolt-api
• PB-44813 Updates ddev config
• PB-44772 Speeds up continuous integration by splitting pipelines in two distinct test suites