New Release: v4.11.1 ~ Rebel Rebel

Announcements
1

v4.11.1 ~ Rebel Rebel

Release Date: 18th February, 2025

:notes: Rebel Rebel :notes:

Passbolt v4.11.1 API is out. This is a minor security update to address a host header injection vulnerability. This update adds a new flag to help mitigate the risk for misconfigured servers.

If you’re running Passbolt, we strongly recommend reviewing the release notes and update as needed.

:link: Read the release notes: https://hubs.li/Q0377hlh0

:link: Incident report details: https://www.passbolt.com/incidents/host-header-injection

Special thanks to security researcher David Silva for reporting the issue. We appreciate everyone who contributed to making passbolt more secure. :heart:

If you have any questions, suggestions, or feedback, feel free to share them here in the Passbolt Community Forum.

2 Likes
2

Hello there,
According to the documentation found here : https://github.com/passbolt/passbolt_browser_extension/releases
It’s recommended to migrate to PHP 8.2 (to prep for v5).

Yet the setup script is forcing 8.1.
How could we upgrade to 8.2 then ? Is it safe to overwrite the file ?

Thanks

3

Can you link to the file are you are mentioning? To make sure we’re talking about the same thing / to answer. Thanks,

4

Can you precise your distribution? We are gonna publish a blog article later today to provide strategies for the migration from php < 8.2 to 8.2.

Thanks.

5

Hello,

We are RHEL based.
I am referring to this file download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh
Where there are explicit references to “install php:remi-8.1”

Thanks

6

I can extract a section of the future blog post:

For RHEL 9/8 distro family, users who prefer to update PHP rather than migrate to a new server, here’s how to install PHP 8.2 using Remi’s repository. If you installed passbolt using our one-liner script, you already are using Remi’s repository.

Reset PHP modules and enable PHP 8.2 from Remi:

dnf module reset php -y

dnf module disable php -y

dnf module enable php:remi-8.2 -y

Install or update PHP 8.2 and the extensions needed for passbolt:

dnf install -y php php-cli php-curl php-fpm php-gd php-intl php-json php-mbstring php-mysqlnd php-pecl-gnupg php-pgsql php-process php-xml php-ldap

Verify that PHP 8.2 is now installed:

php -v

You should see output indicating PHP 8.2.x is installed.

Configure PHP-FPM to start automatically and start the service:

systemctl enable php-fpm

systemctl start php-fpm

Restart your web server:

systemctl restart nginx

Once PHP 8.2 is properly installed and configured, you’ll be ready for the passbolt v5 update when it becomes available in April. Remember to back up your database and passbolt configuration before performing any major version upgrade.

Let me know :slight_smile:

1 Like
7

can you please provide the guide for debian CE? i will appreciate it very much. thanks

8

Upgrading PHP on Debian 11 and Ubuntu 22.04 using Ondrej

For Debian 11 and Ubuntu 22.04 users who prefer to update PHP rather than migrate to a new server, here’s how to install PHP 8.2 using Ondřej Surý’s repository:

First, make sure you have a backup of your system prior to the update and let’s make now sure your system is up to date:

sudo apt update 
sudo apt upgrade

Add the GPG key for the Ondřej’s repository:

curl -fsSL https://packages.sury.org/php/apt.gpg | sudo gpg --dearmor -o /usr/share/keyrings/php-archive-keyring.gpg

Add the repository to your sources list:

echo "deb [signed-by=/usr/share/keyrings/php-archive-keyring.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list

Update package lists with the new repository included:

sudo apt update

Install PHP 8.2 and the extensions needed for passbolt:

sudo apt install -y php8.2 php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-intl php8.2-mbstring php8.2-mysql php8.2-opcache php8.2-xml php8.2-gnupg php8.2-pgsql php8.2-ldap

Verify that PHP 8.2 is now installed:

php8.2 -v

Configure the system to use PHP 8.2 as the default PHP version:

sudo update-alternatives --set php /usr/bin/php8.2

Verify that PHP 8.2 is now the default version:

php -v

Configure PHP-FPM to start automatically and restart the service:

sudo systemctl enable php8.2-fpm
sudo systemctl start php8.2-fpm

If you’re using Nginx, update your configuration to use PHP 8.2-FPM:

# Edit your passbolt nginx configuration
sudo nano /etc/nginx/sites-enabled/nginx-passbolt.conf
# Change the PHP-FPM socket path if necessary
# From: fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# To: fastcgi_pass unix:/run/php/php8.2-fpm.sock;

Test your Nginx configuration:

sudo nginx -t

If the test is successful, restart Nginx:

sudo systemctl restart nginx

Voilà!

2 Likes
9

It worked perfectly, thank you very much!

3 Likes
10

The blog post is published on the website: Preparing for Passbolt v5: PHP 8.2 Requirement

2 Likes
11

Hello @LuckySecret can you confirm that the shared procedure is working for you?

12

Unable to insytall Latest Version

Ubuntu OS Ubuntu 24.04.2 LTS
PHP Version PHP v8.3
Currently Installed Version Passbolt CE: 4.11.1-1

Trying to upgrade to 4.12.0

root@netdata:~/subins# sudo apt install passbolt-ce-server
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
passbolt-ce-server is already the newest version (4.11.1-1).
The following package was automatically installed and is no longer required:
mailcap
Use ‘sudo apt autoremove’ to remove it.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@netdata:~/subins# sudo apt autoremove

1 Like
13

Packages are still being built. Only github code has been updated atm. Come back in few hours :slight_smile:

2 Likes
14

Yes I confirm (a bit late) that it worked like a charm.
Thanks for the responsiveness

1 Like