Today, we are releasing KeePassXC 2.7.11 with many bug fixes and enhancements. We are also very happy to announce that a previous version (2.7.9) has received a security Visa for passing the First-level Security Certification (CSPN) by the French National Cybersecurity Agency (ANSSI).
Managing a popular open source project is a lot of work and can be very rewarding. This is especially so for a security-critical application such as KeePassXC that enables people around the world to protect their most sensitive information. As such, we have implemented a robust quality control process that ensures all code merged into production is thoroughly reviewed, tested, and signed off on.
Recently, we changed our contribution policy and readme to address code created by Generative AI by adding the following paragraph:
Today, we are releasing KeePassXC 2.7.10 with many bug fixes and enhancements. The most prominent changes are the addition of a Proton Pass importer and (due to popular request) a new setting for changing the application font size. Other additions in this release are nicer icons in the password strength column, a character count in the password generator, toolbar buttons for quick access to database settings and statistics, a new MIXED case preset for the passphrase generator, and a command-line flag to start KeePassXC in minimised mode.
Today, we are releasing KeePassXC 2.7.9 with many bug fixes and enhancements. Highlights include improvements to CSV and Bitwarden importing, passkeys refinement, several UX issues, and improvement to using browser integration with the Snap distribution.
Today, we are releasing KeePassXC 2.7.8 with many bug fixes and enhancements, particularly to our passkey support. We also fixed several crashes that were discovered in the previous release. Finally, this version introduces several quality of life improvements that were ported over from the development branch that we think you will enjoy. Let’s dive in!
We’re thrilled to announce the release of KeePassXC version 2.7.7. This update brings several exciting features and enhancements that will improve your workflow and integration with modern authentication services. Let’s dive into the major highlights:
This release delivers the official implementation of Passkeys for KeePassXC! This feature is a year in the making and uses the existing browser integration service to both store and use Passkeys for authentication. A special thank you to Ortham for providing an extremely comprehensive standards, security, and privacy review of our implementation prior to release. If you haven’t heard of Passkeys yet, they are an alternative to passwords that are incredibly secure and privacy preserving. Read more about Passkeys and also read our documentation.
Today, we are releasing KeePassXC 2.7.6 with a few bug fixes and enhancements. This version fixes a crash on macOS that occurred on exit. We also improved the visual display when dragging entries to move/copy, Quick Unlock is now automatically activated when unlocking for Auto-Type or Browser access, and the Auto-Type button and shortcut key will be disabled when Auto-Type is turned off for the entry or group.
On June 19, 2023 an alleged KeePassXC vulnerability with the identifier CVE-2023–35866 was posted against KeePassXC versions up to 2.7.5. As the developers of KeePassXC, we do not consider the issue a vulnerability and have filed a request for the CVE to be rejected. Additional information can be found in the discussion on GitHub.
The root of the argument submitted by the CVE author is that an attacker with unfettered access to an already unlocked database could export or change the password without requiring the original credentials. Where this is true, there are numerous barriers to actually executing this attack sequence. In addition, having lost control of your computer in this manner would mean the attacker could execute any number of security compromises against your KeePassXC database, regardless of requiring credentials prior to export or credential change.
At this time, we are not planning any drastic changes to the program to address this submission. We are also monitoring the request to reject/dispute this CVE on the grounds it is not actually a vulnerability in our software. Information on mitigation and other factors is included after the break.
Today, we are releasing KeePassXC 2.7.5 with a bunch of bug fixes and performance improvements. This version fixes three separate crashes that were found with the support of our active community members. Additionally, we fixed several areas in the code that were causing significant slow downs when databases had more than a thousand entries.
This release brings several popular feature requests including a menu option to temporarily allow screen capture (Windows & macOS), an improved layout to the HTML export, improved KeePassXC logos and icons, and increasing the max TOTP step to 24 hours.
An audit of KeePassXC has been on the wish list since we started this project over six years ago. Today we are happy to announce the release of an audit conducted by Zaur Molotnikov, an independent security consultant, that was completed on January 19, 2023 against KeePassXC 2.7.4. This audit was conducted free of charge to the KeePassXC Team and the findings and writeup were reviewed for correctness.