Release 2.1.7 of TeamPass has been delivered the 17-APR-2012.
For this release, the focus has been done on security in order to close some open holes due to the usage of Uploadify library. This last has been kept because it is a very good library for uploading files but by default it lacks of security systems. Thank to Simon Leblanc that permits me to open the eyes on this aspect (see his POST for more security tips).
I’ll publish in the next days a special page for improving security on your TeamPass installation.
3 other major changes concern:
- the correction of importation of data (with CSV and Keepass format),
- the possibility for each user to reset his personal saltkey. Concerning this last point, be careful that this will purge all the personal items of the user,
- a new check that is now done before major user actions that validate or not the possibility for a user to do this specific action. This work is started and will be continued on all possible actions.
What are the changes done on this release.
- Corrections: SF247 – SF248 – SF261 – SF264 – SF265 – SF266 – SF267
- Old passwords in log were badly encoded
- Item copy from search page is now ok
- #67: protection of Uploadify library
- Protection of Downloadfile.php improved
- SF228: reset personal saltkey (warning it purges personal items)
- SF262: Copy of item is in log
- Rights checks added before major action
- Email is send to new created user
For any bug detection, please use Github