Version v8.1.0

With KeePass Client v8.0.8

Release Date

Sep 1, 2023

These Release Notes detail the differences between this release and the last Stable version.

Download Here

Upgrade Instructions

New Feature: Zero Knowledge Encryption

  • Summary:
    • Zero Knowledge Encryption provides superior privacy and data protection.

    • Only the user will have the access to their decryption key and their passwords, and those they share the passwords with. Even the server itself does not have the knowledge or ability to decrypt these keys, and so cannot access the user's passwords.

    • Users passwords are encrypted before they leave their device, and remain encrypted in transit and on the server. Decryption requires the unique user key, available only to the user, inaccessible to the server.

    • In other words, no one else can decrypt the user's passwords—even if they have (or gain) access to the password server or intercept the data during transfer. Because only the user has the key, the user's passwords can only be accessed on their own devices, via their own software.

    • For more information, click here.

  • Description:
    • Configured in Settings.
    • Allows users to selectively encrypt entries using client-side encryption, so that the data values are not even accessible to the server or database.
    • Provides users with their own secure set of encryption keys.
    • Encrypted fields are encrypted / decrypted using these keys. 
    • These keys are derived from the user's own Encryption Password or Secret Key (randomly generated key, securely stored into the user's device).
  • Benefits:

    • Protects secrets Internally, or from your Hosting or Cloud Partners
    • Provides an additional encryption layer in-transit and at-rest (on the database & server)
  • Available in:

    • Enterprise+SSO edition

    • Web Client (only, at this time)
  • Feature Support:

    • Passwordless Sign-In (with SAML SSO)
    • Client-side Encryption
    • Encryption Option for Entry Fields
      • Passwords
      • Authenticator Secrets
    • Authentication Methods:
      • Secret Keys
      • User Encryption Passwords
      • Secret Keys or Encryption Passwords
    • Corporate Key Architecture - for admins
    • Unique User Encryption Keys
    • Password Resets
      • by Admin - with Corporate Keys
      • by User - Self-Serve Reset
    • Share Secrets Securely - with other users
    • Active Directory/LDAP Integration
    • Trust Remote Sources - manual/auto-approval
    • New Device Easy-Transfer of Secret Keys
    • Automatic Error Checking and Resolution
    • Client Logging to Server
    • Secure Shared Web Worker Technology - web client support
    • Military Grade Encryption: AES256-GCM, RSA 2048-bit Asymmetric 

New Feature: File Integrity Monitoring

  • Description & Features:

    • Ability to enable application file scans - to ensure the integrity of the files, remain unchanged from the vendor's original files, and have not been altered, replaced, or corrupted.
    • Ability to automatically stop the site if the service detects any file changes, so that there is no corruption of data
      • The application will not run until the file errors are corrected
    • FIM Alerts - Reports the specific file errors found.
  • Available in:

    • Enterprise+SSO edition

    • Server & Web client files

New Features

  • Option to Export to CSV file from the web application.
    • (expect to see more secure features options in the future)
  • Audit Event Report - Ability to create a custom report based on Audit events history


  • 3 Security Patches:
    • A minor security patch has been applied to defend the application against malicious external attackers who might seek to leverage an application component contrary to intent in order to potentially exploit potential vulnerabilities. 
    • A minor security patch has been applied to protect a particular internal output control, which could allow an authenticated user opportunity to exploit potential vulnerabilities. 
    • The security patch from standard KeePass 2.54 has been applied
  • This update resolves these concerns.


  • Web login window display changes to support added security capabilities.
  • Minor main menu changes.
  • Ability to create users via the API, when allowed in the options settings.
  • Ability to use Syslog with an Encrypted TCP option, including to ignore TLS chain errors. 
  • Ability to view and sort on Date Archived column, in the system Archive folder.
  • Azure AD App Proxy time-outs can now be renewed with a button press.
  • Ability to schedule custom reports based on the Audit events history.
  • Restrict Client Download Tab visibility for users that cannot use those restricted apps.
  • Ability to enable or restrict which client applications can connect to the server
  • Ability to filter Audit Events by folder or entry
  • Zero Knowledge Encryption will require changing the password on first use
  • Performance improvements:
    • Web Client login and folder navigation
    • Web Client Offline loading
    • Pre-calculation mode is set and is now the default
    • Password Access History Report
    • Access History Report
    • All Access Report
    • User Access Report
  • Added hints for Entry fields with explanations.

Bug Fixes

  • Fixed an issue that could cause problem with client app authentications.
  • Fixed an issue to standardize Syslog datetime format, in accordance with RFC3164.
  • Fixed a problem with 2FA self-enrollment process
  • Fixed a problem where unable to copy from the TOTP menu item
  • Fixed a problem with SAML SSO Enforced sign-in.
  • Fixed a problem with AD/LDAP user import.
  • Fixed a rare KeePass user sign-in problem.
  • Fixed an error with web search.
  • Fixed an archive folder loading error.
  • Fixed a server problem that that affects iOS mobile display in v8.

Known Issues

  • KeePass client File Size:

    • KeePass desktop install file size: 370 MB.
      • Includes WebView2 component with the benefits of rigorous OAuth authentication methods, application proxy, mitigation of security issues, and reducing potential install failures.
      • Future: using the machine's default browser will bring the large file size back down to previous levels. 
  • Stalled Install progress:

    • The installation requires .NET 4.8 framework files as a prerequisite (see section below)
    • If the file installation process is stalled after 10 minutes, stop, restart the machine, and restart the install. The files have now been added and the install will now complete.

Compatibility Notes

  • KeePass:
    • KeePass for Pleasant users must upgrade to 8.0.8

  • Server: Requires .NET 4.8

    • The Upgrade may try to download these .NET 4.8 files from the internet for the upgrade, if they are not already installed:
    • Running this once before install/upgrade will ensure the install process is smooth.