Release 2.1.7

Posted by on April 18, 2012 Leave a comment (5) Go to comments

Release 2.1.7 of TeamPass has been delivered the 17-APR-2012.

For this release, the focus has been done on security in order to close some open holes due to the usage of Uploadify library. This last has been kept because it is a very good library for uploading files but by default it lacks of security systems. Thank to Simon Leblanc that permits me to open the eyes on this aspect (see his POST for more security tips).
I’ll publish in the next days a special page for improving security on your TeamPass  installation.

3 other major changes concern:

  • the correction of importation of data (with CSV and Keepass format),
  • the possibility for each user to reset his personal saltkey. Concerning this last point, be careful that this will purge all the personal items of the user,
  • a new check that is now done before major user actions that validate or not the possibility for a user to do this specific action. This work is started and will be continued on all possible actions.

What are the changes done on this release.

  • Corrections: SF247 – SF248 – SF261 – SF264 – SF265 – SF266 – SF267
    • Old passwords in log were badly encoded
    • Item copy from search page is now ok
  • Improvements:
    • #67: protection of Uploadify library
    • Protection of Downloadfile.php improved
    • SF228: reset personal saltkey (warning it purges personal items)
    • SF262: Copy of item is in log
    • Rights checks added before major action
    • Email is send to new created user

For any bug detection, please use Github

TeamPass's Life
  1. Dyon Beaart April 20, 2012 at 12:40 pm

    Thanks for the updated release.

    I migrated easily from my cpassman 1.82 installation.

    I did however need to patch the find.queries.php a bit, due to the fact that i have some special chars in some of my descriptions. (error was: DataTables warning: JSON data from server could not be parsed. This is caused by a JSON formatting error.)

    I added this line in sources/find.queries.php on line 158:
    $txt = str_replace(array(‘[',']‘,’\”,chr(10),chr(13)),”,$txt);

    Hope this helps someone

    Reply
  2. jekader May 3, 2012 at 6:56 pm

    Great, will upgrade to the newest version ASAP!
    I also subscribed to RSS in order not to lose upcoming news.

    Keep up the great work!

    Reply
  3. Jeroen May 21, 2012 at 12:16 pm

    Nice stuff !
    But… URL adds the http:// uri, whilst i try to add a rdp:// uri, how can i make sure that url does not get rewritten in the app ?
    (what i try to do is make rdp:// work…)

    Reply
  4. Steeve June 19, 2012 at 9:08 pm

    Hi,

    I’m just testing your product and I use french language.

    Since I have upgrade to 2.1.7 release all items are blocks (or as read only).When I turn language to english (or other then french) everything works well! Is it the upgrade process or something wrong with the translation?

    Thanks

    Reply
  5. guyom78 August 27, 2012 at 3:31 pm

    Hello,

    I have downgradded in 2.1.7 from 2.1.8 because i couldn’t modify an element nor be notified by email at the creation of an item on 2.1.8

    But I have noticed the same problem as Steeve on this version 2.1.7… so in downgradded again to 2.1.6 and now, I am happy :)

    Reply