v2.6.1

Passbolt Windows Application 2.6.1 restores ARM64 architecture support, which was inadvertently missing from the 2.6.0 release. The Windows application now properly supports all four CPU architectures: x64, x86, ARM, and ARM64.

Fixed

• PB-47634 Update csproj to accept arm64 architecture

v2.6.0

Passbolt Windows Application 2.6.0 introduces secret history, a highly demanded feature that gives users visibility and control over previous versions of their secrets. This release also includes several usability improvements requested and bug fixes reported by the community.

Secret history

It is now possible to access previous revisions of a secret directly from Passbolt.

Secret history helps reduce the impact of human error and offers a safer way to manage evolving secrets. For instance, this enables users to undo an accidental update on the spot. Note that the feature is disabled by default and requires an administrator to enable it from the administration workspace.

User and group workspace improvements

A new “Remove from group” action has been added to the user and group workspace. This addition eliminates the confusion between permanently deleting a user and simply removing them from a specific group.

Moreover, administrators can now instantly filter users that require attention via the “Attention Required” filter in the workspace. For instance: identifying users with a pending account recovery request to review, or missing metadata keys.

Import report

The application now displays a summary dialog after an import, offering accurate and actionable information. The report precisely categorises alerts into successes, warnings and errors, providing end users with additional logs.

Miscellaneous Improvements

As usual this release is packed with improvements and bug fixes reported by the community. For more, check out the changelog below.

Many thanks to everyone who provided feedback, reported issues, and helped refine these new features.

Added

• PB-17712 Focus should be put in the passphrase field when importing keepass file protected by passphrase
• PB-33599 Allow users to access previous revisions of a resource’s secret
• PB-33599 Allow administrators to configure how many secret revisions are retained
• PB-44420 Allow administrators to download the Users Directory sync report for follow-up actions
• PB-44434 As an administrator I can see encrypted metadata healthchecks from the administration workspace
• PB-45249 Add “Attention required” filter in the “Users & groups” workspace to filter users by attention required
• PB-45842 Add link to SCIM admin guide in the product
• PB-46427 Add remove from group button in User & Group Workspace page
• PB-46941 Windows application should be compatible with 5.7.0
• PB-46846 As a windows application I should catch the unexpected error to display it to a dialog

Fixed

• PB-18497 Add loading spinner when submitting imported GPG key during account extension association (activation/recover)
• PB-36183 Display UTC date in tooltip for relative “X days ago” timestamps
• PB-42032 Fix: update passphrase help section link goes to the former help site
• PB-43950 Add padding between fields and their description on the Users Directory administration page
• PB-44603 Help link in administration internationalization page should target the contribute page of the help site
• PB-44949 GITHUB#240 Inform menu crash on suggested resource icon
• PB-45263 Enforce password expiry on imported resources when a password policy requires it
• PB-45588 Extend metadata description textarea in resource creation dialog to use full available height
• PB-45699 User without groups is not display correctly on the right sidebar
• PB-45723 The in-form CTA is not visible since v5.5 for some web application
• PB-45797 Fix typos in BExt
• PB-45917 I can autofill my username in the login form of cryptpad in French
• PB-45992 Keep selection of resources when collapsing the Workspace section
• PB-46013 Empty Full Report textarea displayed in Users Directory dialogs when there are no resources to synchronize
• PB-46065 Prevent re-encryption of metadata with personal user key when a resource is shared with a group
• PB-46118 Import unexpected error handling on import
• PB-46191 Update UserSettings validateDomain to make sure the issue cannot be exploited
• PB-46372 As LU, I should see the content share dialog within the boundaries of the dialog
• PB-46385 Fix auto-fill on OVH with custom selector field on username

Maintenance

• PB-30373 Remove unused event passbolt.app-bootstrap.navigate-to-logout
• PB-45099 Update: Regular expression on private key metadata validation
• PB-45100 Update: Regular expression on GPG Message validation
• PB-45585 Fix SCIM styleguide related unit tests error
• PB-45589 Refactor resource favorite capability to use FavoriteServiceWorkerService instead of direct port requests
• PB-45590 Migrate favorite logic from FavoriteModel to FavoriteResourceService and remove legacy model
• PB-45591 Route passbolt.favorite.add/delete events through controllers instead of calling services directly
• PB-45593 Add test coverage for FavoriteService API and rename class to align with Passbolt standard
• PB-45678 Upgrade ESLint dependencies across both repositories
• PB-45835 Migrate group (partially) related code to new architecture
• PB-45894 Rename leftSideBar and rightSideBar classes to respect naming convention
• PB-45963 Replace find-all with find-my-groups Port Requests
• PB-45965 Rename groupService to groupApiService
• PB-46127 Update i18next dependency
• PB-46190 Update themeEntity to remove preview unused field
• PB-46891 Small upgrade for js-yaml (Medium) - passbolt-windows
• PB-47110 Small upgrade for xregexp (High)
• PB-46829 Object deserialization can lead to remote code execution (Medium) - passbolt-windows
• PB-46894 Provide a packe.lock.json file for Aikido to improve dependencies scanning
• PB-46095 Migrate application from UWP to WinUI 3

v2.5.0

Passbolt Windows Application 2.4.0 ships with the zero-knowledge for encrypted metadata feature available with API 5.5.0. Zero-knowledge for encrypted metadata is intended for organisations that prioritise maximum privacy and can do without server-side auditability. In this mode, the server never receives the shared metadata private key and therefore cannot access any resource metadata.

When a new user joins, the server does not automatically share the key with them. Instead, administrators are notified by email once the user has completed their activation and is ready to receive access. From the Users & Groups workspace, administrators can then review the situation and share the key when the time is right.

Until a user receives the key, their experience is intentionally limited: actions that depend on the shared metadata key, such as sharing a resource, moving a private item into a shared folder, or creating content meant to be shared, are blocked.

To know more about the encrypted metadata zero-knowledge mode, check out this blog post.

Many thanks to everyone who took the time to file issues and suggest improvements.
Check out the changelog for more information.

[2.5.0] - 2025-09-17

Added

• PB-43921 - Increase directory sync report dialog size
• PB-44393 ZK - WP5.1 As an administrator I should be able to enable zero knowledge mode
• PB-44646 ZK - WP5.3 Add share metadata private keys to MetadataKeysSettingsEntity
• PB-44641 ZK - WP5.4 Create UpdateMetadataSettingsPrivateKeyService to to be able to disabled zero knowledge mode
• PB-44631 ZK - WP5.5 Update SaveMetadataKeysSettingsController to be able to disabled zero knowledge mode
• PB-44757 ZK - WP5.6 As an administrator with missing metadata keys I should not be able to change metadata settings

Fixed

• PB-44638 - Password expiry should not be removed when password is not updated
• PB-44604 - Fix regular expression on public key metadata validation
• PB-45060 - Fix custom fields json schema properties type
• PB-44933 - Fix setup a new user should have missing key set

Maintenance

• PB-44594 - Upgrade xregexp to 5.1.2

v2.4.0

Passbolt Windows Application 2.4.0 ships with the zero-knowledge for encrypted metadata feature available with API 5.5.0. Zero-knowledge for encrypted metadata is intended for organisations that prioritise maximum privacy and can do without server-side auditability. In this mode, the server never receives the shared metadata private key and therefore cannot access any resource metadata.

When a new user joins, the server does not automatically share the key with them. Instead, administrators are notified by email once the user has completed their activation and is ready to receive access. From the Users & Groups workspace, administrators can then review the situation and share the key when the time is right.

Until a user receives the key, their experience is intentionally limited: actions that depend on the shared metadata key, such as sharing a resource, moving a private item into a shared folder, or creating content meant to be shared, are blocked.

To know more about the encrypted metadata zero-knowledge mode, check out this blog post.

Many thanks to everyone who took the time to file issues and suggest improvements.
Check out the changelog for more information.

[2.4.0] - 2025-09-17

Added

• PB-43921 - Increase directory sync report dialog size
• PB-44393 ZK - WP5.1 As an administrator I should be able to enable zero knowledge mode
• PB-44646 ZK - WP5.3 Add share metadata private keys to MetadataKeysSettingsEntity
• PB-44641 ZK - WP5.4 Create UpdateMetadataSettingsPrivateKeyService to to be able to disabled zero knowledge mode
• PB-44631 ZK - WP5.5 Update SaveMetadataKeysSettingsController to be able to disabled zero knowledge mode
• PB-44757 ZK - WP5.6 As an administrator with missing metadata keys I should not be able to change metadata settings

Fixed

• PB-44638 - Password expiry should not be removed when password is not updated
• PB-44604 - Fix regular expression on public key metadata validation
• PB-45060 - Fix custom fields json schema properties type
• PB-44933 - Fix setup a new user should have missing key set

Maintenance

• PB-44594 - Upgrade xregexp to 5.1.2

v2.3.2

Passbolt Windows Application 2.3.2 fixes an issue introduced in version 2.3.0. The clipboard protection feature, which cleared the clipboard 30s after copying a secret, was causing the application to crash. Clipboard flushing has been temporarily disabled to allow users to access their secrets. We are investigating how to fix the crash and re-enable this security feature in a future release.

Many thanks to everyone who reported the issue.

Fixed

• PB-45095: Copy username or password did nothing

v2.3.1

Passbolt Windows Application 2.3.1 is fixing an issue introduced during the version 2.1.0. When a user wanted to copy its password or its username, the clipboard was not working anymore and we solved it by adding the Clipboard feature done during the bext version 5.3.2 .

The new clipboard flush timer lets you copy secrets just long enough to use them; clipboard data is automatically cleared when the countdown (30s) expires, significantly reducing the risk of accidental exposure or leaks from forgotten clipboard content.

Many thanks to everyone who reported issues. Your feedback made this release possible and solves issues to all users today.

[2.3.1] - 2025-09-04

Fixed

• feature/PB-45095_Windows-app-copy-username-or-password-does-nothing

v2.3.0

Passbolt Windows application 2.2.1 is a hot fix release that restores protected actions like creating and editing resources on some API servers behind a proxy. If you saw CSRF errors, install 2.2.1 and try again.

Thanks to everyone who reported the issue. See the changelog for details.

[2.2.1] - 2025-08-01

Fixed

• PB-43969 CSRF token in request body or headers does not match or is missing on the windows app

v2.2.1

Passbolt Windows application 2.2.1 is a hot fix release that restores protected actions like creating and editing resources on some API servers behind a proxy. If you saw CSRF errors, install 2.2.1 and try again.

Thanks to everyone who reported the issue. See the changelog for details.

Fixed

PB-43969 CSRF token in request body or headers does not match or is missing on the windows app

v2.2.0

Windows passbolt 2.2.0 adds custom fields, one of the five most‑requested features from the community. Built on top of encrypted‑metadata introduced earlier this year, custom fields let users attach additional key‑value pairs to a resource or as a standalone one. Typical use‑cases include centralising CI/CD job variables and storing environment‑specific configuration values that need more structure than a general note.

Custom fields rely on encrypted metadata, therefore the feature is still in beta and is not yet available on Passbolt Cloud. A step‑by‑step guide on how to enable the encrypted metadata on a self‑hosted instance will be available in a blog post that will be published soon. The encrypted‑metadata feature is scheduled to be marked as stable in Passbolt 5.4, planned for August 2025.

Several bugs reported by the community have also been fixed. As always, thank you to everyone who took the time to file issues, test patches and suggest improvements. For a complete list of changes, consult the changelog.

Added

• PB-43269 Create the entity CustomFieldEntity
• PB-43271 Create the entity collection CustomFieldsCollection
• PB-43273 Create the entity SecretDataV5StandaloneCustomFieldsCollection
• PB-43275 Update the resource types schema definitions
• PB-43277 Update the ResourceMetadataEntity
• PB-43278 Update the ResourceFormEntity
• PB-43279 Update the Secret Entities
• PB-43283 Display a new entry the create/edit dialog to set custom fields on the left sidebar and the menu
• PB-43284 Create the CustomFieldForm for the create/edit dialog
• PB-43285 Handle the CustomFieldForm warnings and limitation
• PB-43286 Update create/edit resource to select secret custom fields for a standalone custom fields
• PB-43287 Display the Custom Fields section on the right sidebar
• PB-43289 Display standalone custom fields in the component DisplayResourceCreationMenu
• PB-43290 Display standalone custom fields in the component DisplayResourcesWorkspaceMainMenu
• PB-43291 Display the URIs section in the right sidebar
• PB-43374 Add validation on keys and values of each elements of custom fields for the resource form entity
• PB-43377 Add set collection into entity v2
• PB-43145 Find a list of resources based on IDs and that are suitable for local storage from the API
• PB-43146 Find a list of resources based on a parent folder id and that are suitable for the local storage from the API
• PB-43133 Display padding below tags in resource workspace left sidebar
• PB-42185 The folder caret that expands or collapses folders in the tree should have a larger clickable area to make it easier to use
• PB-43222 Improve the group dialog to match the new share dimensions
• PB-43147 Find and update resources based on parent folder id for the local storage
• PB-43148 Create a connector for finding resources based on a parent id for the styleguide to call it later
• PB-43149 Create a ResourcesServiceWorkerService to call the service worker for resource related operations
• PB-43150 Implement the optimidsed call in the Styleguide when filtering by a folder
• PB-43151 Optimise the data retrieved from the API such that updates are not done if unnecessary
• PB-43156 Clarify implications for backups and other devices before changing the passphrase in the user settings workspace
• PB-43489 Display unexpected error if there is any issue during the secret decryption

Fixed

• PB-43109 Fix: from the sidebar when upgrade from v4 to v5 goes wrong the error message in the notification
• PB-43118 Hide the "Share metadata keys" button in the users workspace action bar for the current signed-in user
• PB-43215 Fix account recovery creator name
• PB-43063 Fix group edit dialog double warning message has broken UI
• PB-43117 Hide the "Share metadata keys" button in the users workspace action bar after sharing missing metadata keys with a user
• PB-43064 Fix group edit dialog can show a mix of error and warning messages
• PB-43150: fix folder not being reloaded
• PB-43424 Clicking on the "open in a new tab” call to action in the quick application should open the resource url in a new tab
• PB-43108 Display attention required icon on "metadata keys" label in the user details sidebar if the user is not having access to some metadata keys
• PB-43217 The default icon stroke width is too thick in the grid and doesn't match the custom icons
• PB-43220 Copy URL field action button lacks padding and is broken in the SSO settings
• PB-43168 Align vertically resources workspace select check-boxes
• PB-43211 The feedback message notifying the administrator when a metadata key has been shared with a user contains a typo
• PB-43471 Center vertically the icon on the create and edit dialog

v2.1.0

The Passbolt Windows App version 2.1.0 introduces the first features built on encrypted metadata, enhancing resource management and customisation. This update lays the groundwork for future improvements and delivers practical everyday benefits.

Resources using encrypted metadata now support multiple URIs. For example, addresses like app.example.com and admin.example.com can be linked to the same credential, helping the browser extension recognise credentials across multiple domains.

Icons and colours can now be set for resources with encrypted metadata, using a method compatible with KeePass for easy import and export. This visual distinction helps users quickly navigate large workspaces.

A new density setting is available to adjust grid spacing, providing a clearer, more comfortable view. Users can easily toggle this in the workspace column settings as needed.

The Passbolt interface now supports Ukrainian and Slovenian languages, enabling native speakers to use the tool comfortably without relying on English.

Additionally, resource owners now receive notifications on the day their passwords expire, supporting teams in managing rotation policies effectively.

This update includes several bug fixes and maintenance improvements based on community feedback. Thanks to everyone who contributed by reporting issues and suggesting improvements.

For full technical details of everything in this release, check out the changelog.

Added

• PB-41365 Support options for ECC Key generation

• PB-42936 Translate the application into Ukrainian

• PB-42897 Upgrade resource to v5 from information panel

• PB-42896 PB-42896 Display an “Upgrade Resource to v5” card in the information panel

• PB-42895 Upgrade v4 password string resources to v5 default

• PB-42894 Upgrade a single v4 resource to v5

• PB-42860 Translate the application into Slovenian

• PB-42796 Add a limit for multiple URIs

• PB-42788 As a user I can access the resource appearance customization from the create/edit

• PB-42704 Display missing metadata keys information in the user sidebar

• PB-42658 Refresh the users local storage after sharing missing metadata keys

• PB-42598 Retrieve missing_metadata_keys_ids information when retrieving signed-in user details with the getOrFindMe method of the UserModel

• PB-42590 Write the background color and icon ID into KDBX files

• PB-42589 Read the background color and icon ID from KDBX files

• PB-42588 Adapt the ResourceIcon component to handle IconEntity

• PB-42587 Add the AddResourceAppearance form part for the resource dialog

• PB-42586 Add the ‘appearance’ metadata field in the resource dialog

• PB-42585 Add IconEntity as an associated entity in MetadataEntity

• PB-42584 Create IconEntity to hold custom icon and color information

• PB-42570 Create a method canSuggestUris using canSuggestUri

• PB-42543 Allow users to navigate to the additional URIs from the SelectResourceForm

• PB-42536 Allow user to add additional URIs from the Create and Edit Resource v5 dialogs

• PB-42534 Display resource additional URIs badge in the filtered resource of the QuickApplication

• PB-42533 Display resource additional URIs badge in the suggested resource of the QuickApplication

• PB-42530 Display resource additional URIs in the details of a resource of the QuickApplication

• PB-42529 Display resource additional URIs badge in the browsed resource of the QuickApplication

• PB-42528 Display resource additional URIs badge in the resource details sidebar

• PB-42527 Display resource additional URIs badge in the resources grid

• PB-42526 Create the ResourceUrisBadge component to handle resource additional URIs badge and the tooltip displaying them

• PB-42130 Add shareMetadataKeyPrivate event to AppEvents

• PB-42129 Create ShareMetadataKeyPrivateController and use ShareMetadataKeyPrivateService to perform the action

• PB-42127 Create ShareMetadataKeyPrivateService and implement shareMissing method

• PB-42114 Add create or share method to metadata private key api service

• PB-42368 Update EncryptOne method from EncryptMetadataPrivateKeysService to allow encryption without signature

• PB-42134 Update DisplayUsersContextualMenu to display a Share metadata keys action if key is missing

• PB-42133 Update DisplayUserWorkspaceActions to display a Share metadata keys action if key is missing

• PB-42132 Implement Dialog confirmation when administrator wants to share keys with an user

• PB-42131 Add share method into metadataKeysServiceWorkerService to perform the UI action

• PB-42126 Add cloneForSharing method into MetadataPrivateKeyEntity

• PB-42124 Create ShareMetadataPrivateKeysCollection

• PB-42110 Update userModel updateLocalStorage method to include missing_metadata_keys_ids option

• PB-42109 Add missing_metadata_keys_ids property to UserEntity

• PB-41617 Add comfortable grid

• PB-39042 Display upgrade resource to v5 card

Improved

• PB-42883 Improve performance by skipping the decryption of unchanged metadata.
• PB-41654 Transform workspaces shifter into a dropdown
• PB-42184 Increase the share dialog width to accommodate longer strings from translations or user names

Fixed

• PB-41760 On some conditions, scrollbars can appear and break the design
• PB-42561 The folder tree caret when scrolling appeared in the wrong orientation
• PB-43008 Fix dragging v5 resources into shared folders should trigger the share strategy on the resource
• PB-42985 Translate the button manage account in the profile dropdown
• PB-42789 Fix userAvatar on userInformationPanel with attention required svg
• PB-42702 Fix contains missing_metadata_keys_ids miss match
• PB-42606 Fix the Quick App Login form CTA spinner should not be displayed over the text of the button
• PB-42272 Fix display v5 resource metadata in the grid when filtering by group
• PB-42077 Update navigation menu icon width
• PB-41649 Re-align components in the left sidebar
• PB-41643 Remove TOTP MFA (profile workspace) border around the QR code and card
• PB-41642 Update Turn off MFA primary button to be red

Maintenance

• PB-43012 Change authentication_token parameter to token for get the user key policies endpoint
• PB-42790 Replace legacy Icon by SVG
• PB-42572 Update Quickaccess HomePage to use the canSuggestUris
• PB-42571 Update isSuggestion in resource entity to use canSuggestUris
• PB-42569 Create and merge canSuggestUri into a service
• PB-42978 Check object_type is defined and valid before metadata encryption

Security

• PB-42613 Upgrade browser extension OpenPGP.js to the latest version
• PB-42700 Upgrade vulnerable library undici and lockfile-lint-api
• PB-42391 Update Papaparse library