v2.0.1

The Passbolt Windows App version 2.0.1 release adds support for encrypted resource metadata features as an opt-in feature. Early adopters can turn it on, test real-world workflows and feed back improvements, while more cautious teams, or teams with a lot of custom integrations, can wait until they are ready.

This is a major milestone for the product, further extending Passbolt’s security model to improve confidentiality for the contextual information surrounding credentials. This means that metadata such as names, login URLs, and similar fields are now also cryptographically protected. As is customary for high-risk security features, this implementation has been audited by security researchers from Cure53 with a public report publication coming soon.

Additionally, the password expiry feature is now enabled by default for new installations. This capability is considered a security best practice, helping organizations enforce rotation policies and mitigate risks associated with long-lived shared credentials. For existing instances, administrators can enable this feature manually from the administration workspace. To learn more, check out the blog article: Passbolt’s New Automation of Shared Passwords Expiry.

This version also upgrades the OpenPGP.js library to address a recently discovered vulnerability. While the impact of this issue is minimal, OpenPGP.js is a cornerstone of the extension, so the update is essential.

The release also includes fixes for several bugs reported by the community after the major v5 redesign.

As always, thank you to everyone who provided bug reports and feedback, and a special thanks to the OpenPGP.js team for the timely heads-up and patch.