New Release: v3.9.0 ~ Bunny

v3.9.0 ~ Bunny

Release date: January 20th, 2023

:fireworks: Happy New Year Passbolt Community :fireworks:

:hugs: :heart: A Big Thank You to all the Community Members and Developers :hugs:

The team at Passbolt is thrilled to announce the release of v3.9 Pro and CE for immediate availability!

Passbolt Pro v3.9 ships with Single Sign On (SSO) in Alpha for all Pro users. This will allow authentication and onboarding via Azure SSO (via OAuth2 and OpenID Connect).

Passbolt CE v3.9 ships with Multi Factor Authentication (MFA) for all community edition users! Users can now set up MFA using various methods, including Duo, TOTP (Google Authenticator, Authy), and YubiKey (with Yubico Cloud).

:smile: Additionally, v3.9 also includes support for PHP 8.2.

Important: Even though SSO is considered fairly stable as of now, it is strongly discouraged to roll it out in production environments without prior testing. This Alpha version is indeed released for end user evaluation and to receive your initial feedback. The final stable version will be released after SSO has been fully audited by a Cure53 in the next few weeks, and major issues reported by the communities are fixed, as it is usually the case with new sensitive features.

The team at Passbolt is committed to continuous improvement. Passbolt thrives to provide the best security available while offering exceptional customer service and user experience. It wouldn’t be possible without the Passbolt community. The contributions, bug reports, and input provided by the community is truly appreciated as well as essential.

Remarkable things are on their way! Among new features to look for are Duo v4 support, self-registration and MFA policies. Then expect support for additional SSO providers (Google, KeyCloak) and improved SSO integration during recover. Stay tuned to see how Passbolt expands in the coming months.

The team is glad to make MFA, a former Passbolt Pro feature, more widely available, as it’s been a highly requested feature within our community (even though one could argue that the existing authentication protocol already combined 2 factors of authentication: the private key and the master passphrase). The goal at Passbolt is to provide the best security possible first while constantly improving user experience. It wouldn’t be possible without the incredible community that surrounds Passbolt. Thank you to everyone who contributed ideas, reported bugs, and provided input.

Big things are on their way! Keep an eye out for how Passbolt continues to grow and evolve in the coming months with additional Pro edition features becoming available for the CE edition, such as folders!

:heart: To show your support, please write a review on the app / extension webstore (chrome, firefox, edge, ios, android).

:heart: Thank you to all the Passbolt developers for keeping our passwords safe :partying_face: :tada::heart:

Release Notes: Pro
Release Notes: CE

:musical_note: “Bunny” :musical_note:

[3.9.0] - 2023-01-19

:new: Pro

  • Passbolt Pro v3.9 ships with Single Sign On (SSO) in Alpha for all Pro users. This will allow authentication and onboarding via Azure SSO (via OAuth2 and OpenID Connect).

:new: CE

  • PB-20539 As a user I can protect the authentication to passbolt with a second factor method

:hammer_and_wrench: :toolbox: Fixed:

  • PB-19601 As an admin running the healthcheck I should not see an unmanaged error if DB connection fails
  • PB-21497 GITHUB-437 As an administrator I should see default user avatar in the email I receive when a user complete the setup
  • PB-21501 GITHUB-411 As an administrator I should see the correct path relative to config tips in the health check report
  • PB-21756 As an anonymous user switching MFA provider I should be redirected to the original target

Hi! Do you plan to support FIDO2 as well?


Yes WebAuthn is in the works, but after Duo v4.

1 Like

Hey everyone,

Tags for CE were teased in the ‘what’s cooking for 2022’ post a year ago, is that still happening anytime soon?


Yes folders and tags are also coming in the CE this quarter (or Q2, depending on how fast the Pro Edition roadmap is moving).

AD or LDAP is common feature which should be available in CE. Without these small organization or teams can’t use it.

@deeepakkumarthakur16 Small organizations and teams use passbolt without the Pro features all the time.

@Duffman Hello, is there going to be an option for “custom” OIDC providers using OpenID Connect, or do you plan to support only the main names such as Microsoft and Google as listed in this post?

Hello @oidc_user, yes it’s in the works. Multiple people requested this already, so we’ll tackle it during this cycle of work on SSO.

As passbolt CE administrator, could we use LDAP?

Hello @inas,
Unfortunately LDAP is a PRO feature, if that something you would be interested with, you can request a free trial for PRO or Cloud. :slightly_smiling_face: