Version 2.1.20 is released!

Download

Git Tag Release 2.1.20

Main changes

Security

2.1.20 embeds a lot of security improvements in order to close several SQL injection vectors, file inclusion protection bypass, XSS vectors, … based upon an audit performed. Beside this, the strategy for file access has been totally reviewed and the query wrapper changed and secured.

Bugs correction

Refer to Github Change-Log page.

API

An API has been introduced which permits to access the items from a 3rd party tool.

This API permits to read and add Items. New features such as delete items, manage folders, etc. will be added next.

Attachment Encryption

Based upon an option, it is now possible to encrypt the files uploaded and attached to items.

One Time View

This feature permits to share an Item to someone that doesn’t has access to Teampass. It is a one time shot view which means it is only accessible once and in a delay of a week (could be customized in a future release).

Suggestion System

The Suggestion System permits a read-only user to suggest a new Item.

What’s next?

  • The features introduced here will be improved,
  • Major point will be to implement a new database wrapper which will offer the possibility to use MySQLi. The choice is to go for MeekroDB which will provide a secured way to manage queries.