Version v7.11.38

With KeePass Client v7.11.38

Release Date

Nov 28th, 2022

These Release Notes detail the differences between this release and the previous Stable version.

Download Here

Upgrade Instructions


The following security concerns have been addressed in this release:

  • Vulnerability Patches
    • Summary:
      • Additional information could theoretically allow an authenticated user opportunity to take advantage of leveraging existing authorized access and access information.
      • In a specific security context, insufficient output controls could allow an authenticated user opportunity to exploit handling very specific system information with specialized data values.
      • In a localized security context, insufficient safeguard could allow an authenticated user to store data for system retrieval outside of intended user parameters.
    • Status:
      • This update resolves these concerns.

New Feature

  • Provides ability to store Authenticator Key (TOTP) values on an Entry.
    • When this value is entered, the Entry will then immediately start generating and displaying the 2-Factor Authentication codes of 6-digits (or more) length. This feature is released first in both the Web Client application and KeePass desktop application at this time.


  • Support for UPN (UserPrincipalName) login format, which allows long usernames in the format similar to email addresses.
  • KeePass Support for Azure AD Application Proxy.
  • Framework JavaScript library updates
  • An Active Directory / LDAP user will now be auto-disconnected when filtered out by the directory connection filter.
  • KeePass web technologies including SAML SSO connections, are now facilitated using the standard Edge chromium browser control WebView2.
  • Improved compatibility for KeePass Client WebView2 component for installation.
    • This full offline install includes all files.
    • Important Notes:
      • The install files include Microsoft WebView2 component which supports OAuth authentication methods and proxy. The KeePass desktop install file size: 372 MB
      • This reduces the many unfortunate install failures, experienced with alternate Microsoft's management with WebView2.
      • In the future, this WebView2 component can be expected to be fully removed. The industry has come to also better support native browsers with OAuth methods without this WebView2 component. This will bring the extremely large file size back down to previous levels. 
  • DUO RADIUS 2FA better handles "Push" with a new 2FA Provider specifically for DUO.
  • "Move" action will better facilitate and handle moves of items between folders.
    • Allowing moves if the user has Create + Delete + Grant permissions
    • Requests confirmation of the change
    • And if access changes are permitted, an alert is displayed indicating the access that will be changing.
  • Added Affected Users & Roles filter parameters on Audit Events logging.
  • Added Folder filter parameter to Password Access History report.
  • Adjust KeePass login window size to better accommodate 2FA source selection and other browser messages.
  • Require user acceptance to system security message.
  • Added KeePass TOTP copy menu item and keyboard shortcut
  • Added additional KeePass export support for TOTP.

Bug Fixes

  • Fixed a bug where Private Folders may not be accessible in Offline Cache in the performance mode where pre-calculation is turned off.
  • Fixed KeePass TOTP field value & display issues.
  • Fixed a bug that would give an error with KeePass import functionality.
  • A Password Auto Changer component is improved for compatibility with protocols on newer Linux/Unix type systems.
  • Fixed a bug that would give an error with Password Auto Changer
  • Fixed a bug that would give an error with proxy connections
  • Fixed an error displayed in general settings.

Known Issues

  • KeePass client File Size:

    • Benefit: For secure authentication and helpful mitigation of security issues, the install files include WebView2 component which supports customer options for rigorous OAuth authentication methods and application proxy.
    • Drawback: KeePass desktop install file size: 372 MB
    • This reduces the many unfortunate install failures or potential security issues.
    • In the future, with further modifications the support for the machine's default browser will replace this WebView2 component. This will bring the large file size back down to previous levels. 
  • Requires .NET 4.8

    • The Upgrade may try to download these .NET 4.8 files from the internet for the upgrade, if they are not already installed:
    • Running this once before install/upgrade will ensure the install process is smooth.
  • Stalled Install progress:

    • Otherwise, if the file installation appears to be stalled after 10 minutes, stop, restart the machine, and restart the install.
    • The .NET framework files have now been added and the install should run smoothly.
  • Saving the login username in KeePass client:

    • If https:// is not specified in KeePass Server URL, the username will not be saved for the user for the next time they login.

Compatibility Notes

  • All users must upgrade to KeePass client version 7.11.38.