v2.5.0

Passbolt Windows Application 2.4.0 ships with the zero-knowledge for encrypted metadata feature available with API 5.5.0. Zero-knowledge for encrypted metadata is intended for organisations that prioritise maximum privacy and can do without server-side auditability. In this mode, the server never receives the shared metadata private key and therefore cannot access any resource metadata.

When a new user joins, the server does not automatically share the key with them. Instead, administrators are notified by email once the user has completed their activation and is ready to receive access. From the Users & Groups workspace, administrators can then review the situation and share the key when the time is right.

Until a user receives the key, their experience is intentionally limited: actions that depend on the shared metadata key, such as sharing a resource, moving a private item into a shared folder, or creating content meant to be shared, are blocked.

To know more about the encrypted metadata zero-knowledge mode, check out this blog post.

Many thanks to everyone who took the time to file issues and suggest improvements.
Check out the changelog for more information.

[2.4.0] - 2025-09-17

Added

• PB-43921 - Increase directory sync report dialog size
• PB-44393 ZK - WP5.1 As an administrator I should be able to enable zero knowledge mode
• PB-44646 ZK - WP5.3 Add share metadata private keys to MetadataKeysSettingsEntity
• PB-44641 ZK - WP5.4 Create UpdateMetadataSettingsPrivateKeyService to to be able to disabled zero knowledge mode
• PB-44631 ZK - WP5.5 Update SaveMetadataKeysSettingsController to be able to disabled zero knowledge mode
• PB-44757 ZK - WP5.6 As an administrator with missing metadata keys I should not be able to change metadata settings

Fixed

• PB-44638 - Password expiry should not be removed when password is not updated
• PB-44604 - Fix regular expression on public key metadata validation
• PB-45060 - Fix custom fields json schema properties type
• PB-44933 - Fix setup a new user should have missing key set

Maintenance

• PB-44594 - Upgrade xregexp to 5.1.2

v2.4.0

Passbolt Windows Application 2.4.0 ships with the zero-knowledge for encrypted metadata feature available with API 5.5.0. Zero-knowledge for encrypted metadata is intended for organisations that prioritise maximum privacy and can do without server-side auditability. In this mode, the server never receives the shared metadata private key and therefore cannot access any resource metadata.

When a new user joins, the server does not automatically share the key with them. Instead, administrators are notified by email once the user has completed their activation and is ready to receive access. From the Users & Groups workspace, administrators can then review the situation and share the key when the time is right.

Until a user receives the key, their experience is intentionally limited: actions that depend on the shared metadata key, such as sharing a resource, moving a private item into a shared folder, or creating content meant to be shared, are blocked.

To know more about the encrypted metadata zero-knowledge mode, check out this blog post.

Many thanks to everyone who took the time to file issues and suggest improvements.
Check out the changelog for more information.

[2.4.0] - 2025-09-17

Added

• PB-43921 - Increase directory sync report dialog size
• PB-44393 ZK - WP5.1 As an administrator I should be able to enable zero knowledge mode
• PB-44646 ZK - WP5.3 Add share metadata private keys to MetadataKeysSettingsEntity
• PB-44641 ZK - WP5.4 Create UpdateMetadataSettingsPrivateKeyService to to be able to disabled zero knowledge mode
• PB-44631 ZK - WP5.5 Update SaveMetadataKeysSettingsController to be able to disabled zero knowledge mode
• PB-44757 ZK - WP5.6 As an administrator with missing metadata keys I should not be able to change metadata settings

Fixed

• PB-44638 - Password expiry should not be removed when password is not updated
• PB-44604 - Fix regular expression on public key metadata validation
• PB-45060 - Fix custom fields json schema properties type
• PB-44933 - Fix setup a new user should have missing key set

Maintenance

• PB-44594 - Upgrade xregexp to 5.1.2

v2.3.2

Passbolt Windows Application 2.3.2 fixes an issue introduced in version 2.3.0. The clipboard protection feature, which cleared the clipboard 30s after copying a secret, was causing the application to crash. Clipboard flushing has been temporarily disabled to allow users to access their secrets. We are investigating how to fix the crash and re-enable this security feature in a future release.

Many thanks to everyone who reported the issue.

Fixed

• PB-45095: Copy username or password did nothing

v2.3.1

Passbolt Windows Application 2.3.1 is fixing an issue introduced during the version 2.1.0. When a user wanted to copy its password or its username, the clipboard was not working anymore and we solved it by adding the Clipboard feature done during the bext version 5.3.2 .

The new clipboard flush timer lets you copy secrets just long enough to use them; clipboard data is automatically cleared when the countdown (30s) expires, significantly reducing the risk of accidental exposure or leaks from forgotten clipboard content.

Many thanks to everyone who reported issues. Your feedback made this release possible and solves issues to all users today.

[2.3.1] - 2025-09-04

Fixed

• feature/PB-45095_Windows-app-copy-username-or-password-does-nothing

v2.3.0

Passbolt Windows application 2.2.1 is a hot fix release that restores protected actions like creating and editing resources on some API servers behind a proxy. If you saw CSRF errors, install 2.2.1 and try again.

Thanks to everyone who reported the issue. See the changelog for details.

[2.2.1] - 2025-08-01

Fixed

• PB-43969 CSRF token in request body or headers does not match or is missing on the windows app

v2.2.1

Passbolt Windows application 2.2.1 is a hot fix release that restores protected actions like creating and editing resources on some API servers behind a proxy. If you saw CSRF errors, install 2.2.1 and try again.

Thanks to everyone who reported the issue. See the changelog for details.

Fixed

PB-43969 CSRF token in request body or headers does not match or is missing on the windows app

v2.2.0

Windows passbolt 2.2.0 adds custom fields, one of the five most‑requested features from the community. Built on top of encrypted‑metadata introduced earlier this year, custom fields let users attach additional key‑value pairs to a resource or as a standalone one. Typical use‑cases include centralising CI/CD job variables and storing environment‑specific configuration values that need more structure than a general note.

Custom fields rely on encrypted metadata, therefore the feature is still in beta and is not yet available on Passbolt Cloud. A step‑by‑step guide on how to enable the encrypted metadata on a self‑hosted instance will be available in a blog post that will be published soon. The encrypted‑metadata feature is scheduled to be marked as stable in Passbolt 5.4, planned for August 2025.

Several bugs reported by the community have also been fixed. As always, thank you to everyone who took the time to file issues, test patches and suggest improvements. For a complete list of changes, consult the changelog.

Added

• PB-43269 Create the entity CustomFieldEntity
• PB-43271 Create the entity collection CustomFieldsCollection
• PB-43273 Create the entity SecretDataV5StandaloneCustomFieldsCollection
• PB-43275 Update the resource types schema definitions
• PB-43277 Update the ResourceMetadataEntity
• PB-43278 Update the ResourceFormEntity
• PB-43279 Update the Secret Entities
• PB-43283 Display a new entry the create/edit dialog to set custom fields on the left sidebar and the menu
• PB-43284 Create the CustomFieldForm for the create/edit dialog
• PB-43285 Handle the CustomFieldForm warnings and limitation
• PB-43286 Update create/edit resource to select secret custom fields for a standalone custom fields
• PB-43287 Display the Custom Fields section on the right sidebar
• PB-43289 Display standalone custom fields in the component DisplayResourceCreationMenu
• PB-43290 Display standalone custom fields in the component DisplayResourcesWorkspaceMainMenu
• PB-43291 Display the URIs section in the right sidebar
• PB-43374 Add validation on keys and values of each elements of custom fields for the resource form entity
• PB-43377 Add set collection into entity v2
• PB-43145 Find a list of resources based on IDs and that are suitable for local storage from the API
• PB-43146 Find a list of resources based on a parent folder id and that are suitable for the local storage from the API
• PB-43133 Display padding below tags in resource workspace left sidebar
• PB-42185 The folder caret that expands or collapses folders in the tree should have a larger clickable area to make it easier to use
• PB-43222 Improve the group dialog to match the new share dimensions
• PB-43147 Find and update resources based on parent folder id for the local storage
• PB-43148 Create a connector for finding resources based on a parent id for the styleguide to call it later
• PB-43149 Create a ResourcesServiceWorkerService to call the service worker for resource related operations
• PB-43150 Implement the optimidsed call in the Styleguide when filtering by a folder
• PB-43151 Optimise the data retrieved from the API such that updates are not done if unnecessary
• PB-43156 Clarify implications for backups and other devices before changing the passphrase in the user settings workspace
• PB-43489 Display unexpected error if there is any issue during the secret decryption

Fixed

• PB-43109 Fix: from the sidebar when upgrade from v4 to v5 goes wrong the error message in the notification
• PB-43118 Hide the "Share metadata keys" button in the users workspace action bar for the current signed-in user
• PB-43215 Fix account recovery creator name
• PB-43063 Fix group edit dialog double warning message has broken UI
• PB-43117 Hide the "Share metadata keys" button in the users workspace action bar after sharing missing metadata keys with a user
• PB-43064 Fix group edit dialog can show a mix of error and warning messages
• PB-43150: fix folder not being reloaded
• PB-43424 Clicking on the "open in a new tab” call to action in the quick application should open the resource url in a new tab
• PB-43108 Display attention required icon on "metadata keys" label in the user details sidebar if the user is not having access to some metadata keys
• PB-43217 The default icon stroke width is too thick in the grid and doesn't match the custom icons
• PB-43220 Copy URL field action button lacks padding and is broken in the SSO settings
• PB-43168 Align vertically resources workspace select check-boxes
• PB-43211 The feedback message notifying the administrator when a metadata key has been shared with a user contains a typo
• PB-43471 Center vertically the icon on the create and edit dialog

v2.1.0

The Passbolt Windows App version 2.1.0 introduces the first features built on encrypted metadata, enhancing resource management and customisation. This update lays the groundwork for future improvements and delivers practical everyday benefits.

Resources using encrypted metadata now support multiple URIs. For example, addresses like app.example.com and admin.example.com can be linked to the same credential, helping the browser extension recognise credentials across multiple domains.

Icons and colours can now be set for resources with encrypted metadata, using a method compatible with KeePass for easy import and export. This visual distinction helps users quickly navigate large workspaces.

A new density setting is available to adjust grid spacing, providing a clearer, more comfortable view. Users can easily toggle this in the workspace column settings as needed.

The Passbolt interface now supports Ukrainian and Slovenian languages, enabling native speakers to use the tool comfortably without relying on English.

Additionally, resource owners now receive notifications on the day their passwords expire, supporting teams in managing rotation policies effectively.

This update includes several bug fixes and maintenance improvements based on community feedback. Thanks to everyone who contributed by reporting issues and suggesting improvements.

For full technical details of everything in this release, check out the changelog.

Added

• PB-41365 Support options for ECC Key generation

• PB-42936 Translate the application into Ukrainian

• PB-42897 Upgrade resource to v5 from information panel

• PB-42896 PB-42896 Display an “Upgrade Resource to v5” card in the information panel

• PB-42895 Upgrade v4 password string resources to v5 default

• PB-42894 Upgrade a single v4 resource to v5

• PB-42860 Translate the application into Slovenian

• PB-42796 Add a limit for multiple URIs

• PB-42788 As a user I can access the resource appearance customization from the create/edit

• PB-42704 Display missing metadata keys information in the user sidebar

• PB-42658 Refresh the users local storage after sharing missing metadata keys

• PB-42598 Retrieve missing_metadata_keys_ids information when retrieving signed-in user details with the getOrFindMe method of the UserModel

• PB-42590 Write the background color and icon ID into KDBX files

• PB-42589 Read the background color and icon ID from KDBX files

• PB-42588 Adapt the ResourceIcon component to handle IconEntity

• PB-42587 Add the AddResourceAppearance form part for the resource dialog

• PB-42586 Add the ‘appearance’ metadata field in the resource dialog

• PB-42585 Add IconEntity as an associated entity in MetadataEntity

• PB-42584 Create IconEntity to hold custom icon and color information

• PB-42570 Create a method canSuggestUris using canSuggestUri

• PB-42543 Allow users to navigate to the additional URIs from the SelectResourceForm

• PB-42536 Allow user to add additional URIs from the Create and Edit Resource v5 dialogs

• PB-42534 Display resource additional URIs badge in the filtered resource of the QuickApplication

• PB-42533 Display resource additional URIs badge in the suggested resource of the QuickApplication

• PB-42530 Display resource additional URIs in the details of a resource of the QuickApplication

• PB-42529 Display resource additional URIs badge in the browsed resource of the QuickApplication

• PB-42528 Display resource additional URIs badge in the resource details sidebar

• PB-42527 Display resource additional URIs badge in the resources grid

• PB-42526 Create the ResourceUrisBadge component to handle resource additional URIs badge and the tooltip displaying them

• PB-42130 Add shareMetadataKeyPrivate event to AppEvents

• PB-42129 Create ShareMetadataKeyPrivateController and use ShareMetadataKeyPrivateService to perform the action

• PB-42127 Create ShareMetadataKeyPrivateService and implement shareMissing method

• PB-42114 Add create or share method to metadata private key api service

• PB-42368 Update EncryptOne method from EncryptMetadataPrivateKeysService to allow encryption without signature

• PB-42134 Update DisplayUsersContextualMenu to display a Share metadata keys action if key is missing

• PB-42133 Update DisplayUserWorkspaceActions to display a Share metadata keys action if key is missing

• PB-42132 Implement Dialog confirmation when administrator wants to share keys with an user

• PB-42131 Add share method into metadataKeysServiceWorkerService to perform the UI action

• PB-42126 Add cloneForSharing method into MetadataPrivateKeyEntity

• PB-42124 Create ShareMetadataPrivateKeysCollection

• PB-42110 Update userModel updateLocalStorage method to include missing_metadata_keys_ids option

• PB-42109 Add missing_metadata_keys_ids property to UserEntity

• PB-41617 Add comfortable grid

• PB-39042 Display upgrade resource to v5 card

Improved

• PB-42883 Improve performance by skipping the decryption of unchanged metadata.
• PB-41654 Transform workspaces shifter into a dropdown
• PB-42184 Increase the share dialog width to accommodate longer strings from translations or user names

Fixed

• PB-41760 On some conditions, scrollbars can appear and break the design
• PB-42561 The folder tree caret when scrolling appeared in the wrong orientation
• PB-43008 Fix dragging v5 resources into shared folders should trigger the share strategy on the resource
• PB-42985 Translate the button manage account in the profile dropdown
• PB-42789 Fix userAvatar on userInformationPanel with attention required svg
• PB-42702 Fix contains missing_metadata_keys_ids miss match
• PB-42606 Fix the Quick App Login form CTA spinner should not be displayed over the text of the button
• PB-42272 Fix display v5 resource metadata in the grid when filtering by group
• PB-42077 Update navigation menu icon width
• PB-41649 Re-align components in the left sidebar
• PB-41643 Remove TOTP MFA (profile workspace) border around the QR code and card
• PB-41642 Update Turn off MFA primary button to be red

Maintenance

• PB-43012 Change authentication_token parameter to token for get the user key policies endpoint
• PB-42790 Replace legacy Icon by SVG
• PB-42572 Update Quickaccess HomePage to use the canSuggestUris
• PB-42571 Update isSuggestion in resource entity to use canSuggestUris
• PB-42569 Create and merge canSuggestUri into a service
• PB-42978 Check object_type is defined and valid before metadata encryption

Security

• PB-42613 Upgrade browser extension OpenPGP.js to the latest version
• PB-42700 Upgrade vulnerable library undici and lockfile-lint-api
• PB-42391 Update Papaparse library

v2.0.1

The Passbolt Windows App version 2.0.1 release adds support for encrypted resource metadata features as an opt-in feature. Early adopters can turn it on, test real-world workflows and feed back improvements, while more cautious teams, or teams with a lot of custom integrations, can wait until they are ready.

This is a major milestone for the product, further extending Passbolt’s security model to improve confidentiality for the contextual information surrounding credentials. This means that metadata such as names, login URLs, and similar fields are now also cryptographically protected. As is customary for high-risk security features, this implementation has been audited by security researchers from Cure53 with a public report publication coming soon.

Additionally, the password expiry feature is now enabled by default for new installations. This capability is considered a security best practice, helping organizations enforce rotation policies and mitigate risks associated with long-lived shared credentials. For existing instances, administrators can enable this feature manually from the administration workspace. To learn more, check out the blog article: Passbolt’s New Automation of Shared Passwords Expiry.

This version also upgrades the OpenPGP.js library to address a recently discovered vulnerability. While the impact of this issue is minimal, OpenPGP.js is a cornerstone of the extension, so the update is essential.

The release also includes fixes for several bugs reported by the community after the major v5 redesign.

As always, thank you to everyone who provided bug reports and feedback, and a special thanks to the OpenPGP.js team for the timely heads-up and patch.

v2.0.0

The Passbolt Windows Desktop App takes a major step forward with the release of version 2.0.0, aiming to make it easier for Windows users to collaborate on access and credentials - whether you’re in IT, DevOps or part of the broader workforce.

This release introduces a refreshed user interface, which offers a more modern, cleaner and user-friendly experience and addresses long-standing ergonomic issues.

This release also lays the groundwork for the upcoming capabilities, such as key-value pairs, SSH keys, and certificates.

For in-depth details behind the redesigned user interface, check out the UI Redesign blog post.

Thank you to the community for all your feedback, testing, and support in making this milestone possible. We hope you’ll enjoy the new look and look forward to hearing from you.

Added

• PB-33425 Allow users to reset resource grid columns to default factory settings through the columns settings dropdown
• PB-35232 Add a resource grid filter to display only private resources
• PB-37332 Rename encrypted description to note and clearly differentiate between the metadata description and the secret note
• PB-37620 Allow users to resize and reorder the users grid
• PB-37638 Add a details sidebar for multiple grid resource selections to allow users to review their selection
• PB-38938 Redirect administrator to a home page instead of the first available settings page
• PB-38940 Organize the administration menu into meaningful sections
• PB-39415 Redesign the application
• PB-39464 Introduce unified and modular resource creation and editing dialogs to support upcoming resource types
• PB-40150 Display a default resource icon in the grid
• PB-41425 Investigate to use DisplayUserSettingsWorkspace from component
• PB-41414 Migrate import account kit screen
• PB-41406 Migrate import steps screen

Fixed

• PB-28280 Display the complete resource path in sidebar details
• PB-33618 Disable the "select all" dropdown in the users grid until bulk operations are supported
• PB-39994 Display a pending changes banner after modifying administration email notification settings
• PB-39995 Ease identification of generated organization recovery key file name by including the GPG key identifier
• PB-40268 Display a pending changes banner after modifying administration internationalization settings
• PB-40270 Display a pending changes banner after modifying administration email server settings
• PB-40271 Display a pending changes banner after modifying administration RBAC settings
• PB-40272 Display a pending changes banner after modifying administration users directory settings
• PB-40273 Display a pending changes banner after modifying administration SSO settings
• PB-40669 Display loading feedback in the folder navigation tree during folder loading
• PB-40186 WP6-7.5 Validate the object_type property of v5 secrets to mitigate unwanted content decryption attacks
• PB-40576 Reposition the expiry item in resources grid column settings to reflect its lower display priority in the grid
• PB-41275 Display the complete folder path in sidebar details
• PB-41638 Fix Hide administration workspace shifter on desktop app

Maintenance

• PB-40117 Upgrade browser extensions repositories to node 22
• PB-40687 Upgrade vulnerable library babel and relative
• PB-40688 Upgrade vulnerable library i18next-parser and relative