Merge branch 'release' into 'master'

PB-34020 Merge release into master (v4.9.0)

See merge request passbolt/passbolt-ce-api!299

.gitlab-ci/jobs/php_unit_tests/sequential/php_unit_tests.yml

@@ -49,8 +49,8 @@
     DATASOURCES_DEFAULT_DRIVER: Cake\Database\Driver\Postgres
     DATASOURCES_PORT: 5432
     DATASOURCES_DEFAULT_PORT: 5432
-    DATASOURCES_DEFAULT_ENCODING: 'utf8'
-    DATASOURCES_TEST_ENCODING: 'utf8'
+    DATASOURCES_DEFAULT_ENCODING: "utf8"
+    DATASOURCES_TEST_ENCODING: "utf8"
     DATASOURCES_TEST_PORT: 5432
 # TO BE REPLACED WITH
 #  before_script:
@@ -88,25 +88,25 @@
     reports:
       junit: unitreport.xml
   rules:
-    - if: '$CI_COMMIT_MESSAGE !~ /skip-unit/'
+    - if: "$CI_COMMIT_MESSAGE !~ /skip-unit/"
 
 ##
 ## CUSTOM COMBINATIONS
 ##
 seq-php7.4-mysql5.7:
   variables:
     PHP_VERSION: "7.4"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mysql-5.7'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mysql:5.7"
   extends:
     - .mysql-template
     - .test-template
   rules:
-    - if: '$TEST_DISABLED == null'
+    - if: "$TEST_DISABLED == null"
 
 seq-php8.0-postgres13:
   variables:
     PHP_VERSION: "8.0"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/postgres-13-alpine'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/postgres:13-alpine"
   extends:
     - .postgres-template
     - .test-template
@@ -117,7 +117,7 @@ seq-php8.0-postgres13:
 seq-php8.1-postgres15:
   variables:
     PHP_VERSION: "8.1"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/postgres-15-alpine'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/postgres:15-alpine"
   extends:
     - .postgres-template
     - .test-template
@@ -126,7 +126,7 @@ seq-php8.1-postgres15:
 #seq-php7.4-postgres12.11:
 #  variables:
 #    PHP_VERSION: "7.4"
-#    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/postgres-12-alpine'
+#    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/postgres:12-alpine"
 #  extends:
 #    - .postgres-template
 #    - .test-template
@@ -140,7 +140,7 @@ seq-php8.1-postgres15:
 #seq-php7.4-postgres11.16:
 #  variables:
 #    PHP_VERSION: "7.4"
-#    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/postgres-11-alpine'
+#    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/postgres:11-alpine"
 #  extends:
 #    - .postgres-template
 #    - .test-template
@@ -151,7 +151,7 @@ seq-php8.1-postgres15:
 seq-php7.4-mariadb10.5:
   variables:
     PHP_VERSION: "7.4"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mariadb-10.5'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:10.5"
   extends:
     - .mysql-template
     - .test-template
@@ -162,7 +162,7 @@ seq-php7.4-mariadb10.5:
 #seq-php7.4-postgres13.7:
 #  variables:
 #    PHP_VERSION: "7.4"
-#    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/postgres-13-alpine'
+#    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/postgres:13-alpine"
 #  extends:
 #    - .postgres-template
 #    - .test-template
@@ -174,7 +174,7 @@ seq-php7.4-mariadb10.5:
 seq-php7.4-mysql8:
   variables:
     PHP_VERSION: "7.4"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mysql-8.0'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mysql:8.0"
   extends:
     - .mysql-template
     - .test-template
@@ -185,7 +185,7 @@ seq-php7.4-mysql8:
 #seq-php7.4-postgres12.11:
 #  variables:
 #    PHP_VERSION: "7.4"
-#    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/postgres-12-alpine'
+#    DATABASE_ENGINE_VERSION: '${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/postgres:12-alpine'
 #  extends:
 #    - .postgres-template
 #    - .test-template
@@ -196,7 +196,7 @@ seq-php7.4-mysql8:
 seq-php8.1-mysql8:
   variables:
     PHP_VERSION: "8.1"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mysql-8.0'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mysql:8.0"
   extends:
     - .mysql-template
     - .test-template
@@ -207,7 +207,7 @@ seq-php8.1-mysql8:
 #seq-php8.1-postgres14.3:
 #  variables:
 #    PHP_VERSION: "8.1"
-#    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/postgres-14-alpine'
+#    DATABASE_ENGINE_VERSION: '${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/postgres:14-alpine'
 #  extends:
 #    - .postgres-template
 #    - .test-template
@@ -221,18 +221,18 @@ seq-php8.1-mysql8:
 seq-php8.2-mariadb10.3:
   variables:
     PHP_VERSION: "7.4"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mariadb-10.3'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:10.3"
   extends:
     - .mysql-template
     - .test-template
   rules:
-    - if: '$TEST_DISABLED == null'
+    - if: "$TEST_DISABLED == null"
 
 ## ROCKY LINUX 8.6
 seq-php8.0-mariadb10.5:
   variables:
     PHP_VERSION: "8.0"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mariadb-10.5'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:10.5"
   extends:
     - .mysql-template
     - .test-template
@@ -244,7 +244,7 @@ seq-php8.0-mariadb10.5:
 seq-php8.0-mariadb8.0:
   variables:
     PHP_VERSION: "8.0"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mysql-8.0'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mysql:8.0"
   extends:
     - .mysql-template
     - .test-template
@@ -255,7 +255,7 @@ seq-php8.0-mariadb8.0:
 #seq-php8.0-postgres13.7:
 #  variables:
 #    PHP_VERSION: "8.0"
-#    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/postgres-13-alpine'
+#    DATABASE_ENGINE_VERSION: '${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/postgres:13-alpine'
 #  extends:
 #    - .postgres-template
 #    - .test-template
@@ -266,9 +266,9 @@ seq-php8.0-mariadb8.0:
 seq-php8.3-mysql8:
   variables:
     PHP_VERSION: "8.3"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mysql-8.0'
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mysql:8.0"
   extends:
     - .mysql-template
     - .test-template
   rules:
-    - if: '$TEST_DISABLED == null'
+    - if: "$TEST_DISABLED == null"

CHANGELOG.md

@@ -2,6 +2,107 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.9.0] - 2024-07-23
+### Added
+- PB-33690 Improves response times by adding an index to gpgkeys.user_id column
+- PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
+- PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
+- PB-33813 Adds a fixed limit to the search-aros.json endpoint
+
+### Fixed
+- PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array
+- PB-33664 Fix missing "is" in the database schema up to date sentence (GITHUB #517)
+
+### Improved
+- PB-33429 As a user I should retrieve resources and folders parent folders in a single query
+- PB-33826 Improves the performance of resources.json by improving the datetime fields processing
+- PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
+- PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
+- PB-33702 Improves has-access filter performance on users.json
+- PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
+- PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump
+
+### Maintenance
+- PB-33692 Bump enygma/yubikey to v3.8
+
+### Security
+- PB-33747 Fix command injections vulnerabilities in composer/composer package
+
+## [4.9.0-rc.1] - 2024-07-18
+### Added
+- PB-33690 Improves response times by adding an index to gpgkeys.user_id column
+- PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
+- PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
+- PB-33813 Adds a fixed limit to the search-aros.json endpoint
+
+### Improved
+- PB-33429 As a user I should retrieve resources and folders parent folders in a single query
+- PB-33826 Improves the performance of resources.json by improving the datetime fields processing
+- PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
+- PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
+- PB-33702 Improves has-access filter performance on users.json
+- PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
+- PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump
+
+### Security
+- PB-33747 Fix command injections vulnerabilities in composer/composer package
+
+### Fixed
+- PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array
+
+### Maintenance
+- PB-33692 Bump enygma/yubikey to v3.8
+
+## [4.9.0-test.2] - 2024-07-17
+### Added
+- PB-33690 Improves response times by adding an index to gpgkeys.user_id column
+- PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
+- PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
+- PB-33813 Adds a fixed limit to the search-aros.json endpoint
+
+### Improved
+- PB-33429 As a user I should retrieve resources and folders parent folders in a single query
+- PB-33826 Improves the performance of resources.json by improving the datetime fields processing
+- PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
+- PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
+- PB-33702 Improves has-access filter performance on users.json
+- PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
+- PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump
+
+### Security
+- PB-33747 Fix command injections vulnerabilities in composer/composer package
+
+### Fixed
+- PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array
+
+### Maintenance
+- PB-33692 Bump enygma/yubikey to v3.8
+
+## [4.9.0-test.1] - 2024-07-15
+### Added
+- PB-33690 Improves response times by adding an index to gpgkeys.user_id column
+- PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
+- PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
+- PB-33813 Adds a fixed limit to the search-aros.json endpoint
+
+### Improved
+- PB-33429 As a user I should retrieve resources and folders parent folders in a single query
+- PB-33826 Improves the performance of resources.json by improving the datetime fields processing
+- PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
+- PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
+- PB-33702 Improves has-access filter performance on users.json
+- PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
+- PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump
+
+### Security
+- PB-33747 Fix command injections vulnerabilities in composer/composer package
+
+### Fixed
+- PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array
+
+### Maintenance
+- PB-33692 Bump enygma/yubikey to v3.8
+
 ## [4.8.0] - 2024-05-21
 ### Added
 - PB-33071 As an administrator I can purge the action logs table with a dedicated command

RELEASE_NOTES.md

@@ -1,42 +1,31 @@
-Release song: https://youtu.be/hbe3CQamF8k
+Release song: https://youtu.be/zUzd9KyIDrM?si=bPS9Qu1t351eZEHH
 
-Passbolt v4.8.0 is a maintenance release focusing on the migration of the browser extension to the latest MV3
-architecture and adding tools for administrators to help them manage their instance.
+Passbolt v4.9.0 is a significant update that addresses long-standing user requests and enhances performance. In this release, a highly requested feature was introduced where the passwords workspace now displays the location of resources. This addition provides extra meta information to help users efficiently identify passwords and where they are located. Additionally, the search functionality has been improved to use resource locations as meta information. Users can now retrieve a resource by using the names of its parent folders, which can greatly simplify the process of finding passwords depending on your organisation's classification system.
 
-This release marks the introduction of the first version of the MV3 extension for Chrome. The transition to MV3 has been
-in progress since last year, with changes rolled out progressively until now. The base code between MV2 and MV3 is
-nearly identical, and both extensions will continue to be maintained in parallel. A detailed blog post explaining our
-migration process will be coming soon.
+The team has also focused on various performance improvements to meet the growing needs of organisations managing an increasing number of passwords. These enhancements also prepare the way for the upcoming v5.0.0, which will support more content types and include an additional encryption layer. Both the API and the browser extension have been optimised, resulting in a 50% improvement in retrieving and treating collections of resources, according to our benchmarks.
 
-A new feature allowing administrators to purge audit logs from the command line was added. This will help reclaim database
-space for logs that are no longer relevant, improving the performance of long-running instances while keeping necessary
-logs for forensic and audit activities.
-
-A new command has also been added to help administrators debug issues with their SMTP server. Email functionality is
-crucial for Passbolt, and diagnosing connection problems is not always straightforward. This new command aims to simplify
-the process when connecting to a new SMTP server as well as understand errors that could occur on existing integration.
-
-As passbolt moves towards supporting more content types this year, significant work has been done to enhance performance
-across the entire stack, from the database to the API and the browser extension. This release includes some of these
-improvements, with more enhancements on the way in the next coming release v4.9.0.
-
-We hope these updates enhance your experience with Passbolt. Your feedback is always valuable to us.
-
-
-## [4.8.0] - 2024-05-21
+## [4.9.0] - 2024-07-23
 ### Added
-- PB-33071 As an administrator I can purge the action logs table with a dedicated command
-- PB-33231 As an administrator I want to know if a custom certificate is in use for SMTP
-- PB-32579 As an administrator I can view email_queue records via passbolt command
-
-### Improved
-- PB-32888 As an admin I should not get a time-out on health checks on air-gapped network
-- PB-32983 Access email settings only when emails are sent
+- PB-33690 Improves response times by adding an index to gpgkeys.user_id column
+- PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
+- PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
+- PB-33813 Adds a fixed limit to the search-aros.json endpoint
 
 ### Fixed
-- PB-33451 Fix 500 error on authentication when nonce is not a string
-- PB-33073 As a user logging in, invalid login operation should not be logged as success in the audit logs
-- PB-33234 The application should not throw an error if the JWT public key is not parsable
+- PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array
+- PB-33664 Fix missing "is" in the database schema up to date sentence (GITHUB #517)
+
+### Improved
+- PB-33429 As a user I should retrieve resources and folders parent folders in a single query
+- PB-33826 Improves the performance of resources.json by improving the datetime fields processing
+- PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
+- PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
+- PB-33702 Improves has-access filter performance on users.json
+- PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
+- PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump
 
 ### Maintenance
-- PB-30314 Bump passbolt/passbolt-test-data to v4.8
+- PB-33692 Bump enygma/yubikey to v3.8
+
+### Security
+- PB-33747 Fix command injections vulnerabilities in composer/composer package

composer.json

@@ -79,7 +79,7 @@
         "ext-openssl": "*",
         "ext-pdo": "*",
         "ext-curl": "*",
-        "composer/composer": "^2.7.0",
+        "composer/composer": "^2.7.7",
         "cakephp/cakephp": "^4.5",
         "cakephp/chronos": "2.4.*",
         "longwave/laminas-diactoros": "^2.14.1",
@@ -98,7 +98,7 @@
         "firebase/php-jwt": "^6.2.0",
         "spomky-labs/otphp": "^10.0.0",
         "bacon/bacon-qr-code": "^2.0.7",
-        "enygma/yubikey": "^3.5",
+        "enygma/yubikey": "^3.8",
         "duosecurity/duo_universal_php": "^1.0.2"
     },
     "require-dev": {