2.1.20 embeds a lot of security improvements in order to close several
SQL injection vectors,
file inclusion protection bypass,
XSS vectors, … based upon an audit performed.
Beside this, the strategy for file access has been totally reviewed and the query wrapper changed and secured.
Refer to Github Change-Log page.
An API has been introduced which permits to access the items from a 3rd party tool.
This API permits to
add Items. New features such as delete items, manage folders, etc. will be added next.
Based upon an option, it is now possible to encrypt the files uploaded and attached to items.
One Time View
This feature permits to share an Item to someone that doesn’t has access to Teampass. It is a one time shot view which means it is only accessible once and in a delay of a week (could be customized in a future release).
The Suggestion System permits a read-only user to suggest a new Item.
- The features introduced here will be improved,
- Major point will be to implement a new database wrapper which will offer the possibility to use MySQLi. The choice is to go for MeekroDB which will provide a secured way to manage queries.