With KeePass Client v7.11.38
Nov 28th, 2022
These Release Notes detail the differences between this release and the previous Stable version.
The following security concerns have been addressed in this release:
- Vulnerability Patches
- Additional information could theoretically allow an authenticated user opportunity to take advantage of leveraging existing authorized access and access information.
- In a specific security context, insufficient output controls could allow an authenticated user opportunity to exploit handling very specific system information with specialized data values.
- In a localized security context, insufficient safeguard could allow an authenticated user to store data for system retrieval outside of intended user parameters.
- This update resolves these concerns.
- Companies will be given months to deploy this patch, before more specific information is disclosed.
- Provides ability to store Authenticator Key (TOTP) values on an Entry.
- When this value is entered, the Entry will then immediately start generating and displaying the 2-Factor Authentication codes of 6-digits (or more) length. This feature is released first in both the Web Client application and KeePass desktop application at this time.
- Support for UPN (UserPrincipalName) login format, which allows long usernames in the format similar to email addresses.
- KeePass Support for Azure AD Application Proxy.
- An Active Directory / LDAP user will now be auto-disconnected when filtered out by the directory connection filter.
- KeePass web technologies including SAML SSO connections, are now facilitated using the standard Edge chromium browser control WebView2.
- Improved compatibility for KeePass Client WebView2 component for installation.
- This full offline install includes all files.
- Important Notes:
- The install files include Microsoft WebView2 component which supports OAuth authentication methods and proxy. The KeePass desktop install file size: 372 MB
- This reduces the many unfortunate install failures, experienced with alternate Microsoft's management with WebView2.
- In the future, this WebView2 component can be expected to be fully removed. The industry has come to also better support native browsers with OAuth methods without this WebView2 component. This will bring the extremely large file size back down to previous levels.
- DUO RADIUS 2FA better handles "Push" with a new 2FA Provider specifically for DUO.
- "Move" action will better facilitate and handle moves of items between folders.
- Allowing moves if the user has Create + Delete + Grant permissions
- Requests confirmation of the change
- And if access changes are permitted, an alert is displayed indicating the access that will be changing.
- Added Affected Users & Roles filter parameters on Audit Events logging.
- Added Folder filter parameter to Password Access History report.
- Adjust KeePass login window size to better accommodate 2FA source selection and other browser messages.
- Require user acceptance to system security message.
- Added KeePass TOTP copy menu item and keyboard shortcut
- Added additional KeePass export support for TOTP.
- Fixed a bug where Private Folders may not be accessible in Offline Cache in the performance mode where pre-calculation is turned off.
- Fixed KeePass TOTP field value & display issues.
- Fixed a bug that would give an error with KeePass import functionality.
- A Password Auto Changer component is improved for compatibility with protocols on newer Linux/Unix type systems.
- Fixed a bug that would give an error with Password Auto Changer
- Fixed a bug that would give an error with proxy connections
- Fixed an error displayed in general settings.
- Requires .NET 4.8
- The Upgrade will try to download these files from the internet for the upgrade, if they are not already installed.
Stalled Install progress:
- If the file installation appears to be stalled after 5-10 minutes, stop, restart the machine, and restart the install.
- There may be framework files being added that contribute to this issue.
Saving the username in KeePass client:
- If https:// is not specified in KeePass Server URL, the username will not be saved for the user for the next time they login.
- All users must upgrade to KeePass client version 7.11.38.