Skip to content

3.2.0.7

Latest

Choose a tag to compare

@nilsteampassnet nilsteampassnet released this 04 Jul 06:58
3608752

What's Changed

This maintenance release fixes upgrade and Docker startup issues on legacy installs, and completes the sharekeys recovery introduced in 3.2.0.6 for custom fields affected by the phpseclib v1 → v3 migration.

🐛 Bug fixes

  • Recover custom-field sharekeys broken by the v1 → v3 migration (#5252).
    After a 3.1.x → 3.2.0 upgrade, some users could be left with legacy v1 sharekeys on custom fields while already flagged as migrated, making encrypted field values unreadable ("inconsistent user" on sharekeys_fields). Three coordinated fixes:

    • repair_phpseclib_migration.php now detects inconsistent users across all sharekeys tables (items, fields, files, logs, suggestions) via a UNION, instead of sharekeys_items only, so field/file-only inconsistencies are found and reset.
    • The "Restore missing sharekeys" tool now rebuilds missing, empty and legacy v1 keys from the TP_USER reference (only valid v3 keys are treated as present), overwriting broken v1 rows in place.
    • The admin-assisted seed step re-seeds TP_USER when its existing key is a broken/legacy v1 (not only when missing), so the launching admin's in-session key repairs TP_USER, no private-key escrow required.
  • Block the upgrade on non-InnoDB tables with a clear pre-flight check (#5268).
    Legacy installs with MyISAM tables failed mid-upgrade because index keys sized for InnoDB's 3072-byte prefix exceed MyISAM's 1000-byte limit ("Specified key was too long"), leaving the UI spinning with no visible error. A new step-1 requirements check flags any teampass_* table not on InnoDB, lists the offending tables with an ALTER TABLE … ENGINE=InnoDB remediation, and prevents the upgrade from proceeding.

  • Fix the Docker auto-upgrade DB version detection (#5266).
    The Docker entrypoint auto-upgrade relied on the mysql client binary, which is not shipped in the image; version detection returned empty, silently skipping the upgrade and removing the install directory. It now reads the database version through a small PHP/mysqli helper (read-db-version.php, decrypting the DB password via Defuse from settings.php). The install directory is also kept when the version cannot be read, so a pending upgrade can still be finished through /install/upgrade.php.

Full Changelog

Full Changelog: 3.2.0.6...3.2.0.7

Important

  • Requires at least PHP 8.2
  • All teampass_* tables must use the InnoDB engine, the upgrade now checks this and blocks with remediation instructions if a MyISAM table is found.
  • No database schema change in this release.

Languages

Please join Teampass v3 translation project on Poeditor and translate it for your language.

Installation

Follow instructions from Documentation.

Upgrade

Follow instructions from Documentation.

Ideas and comments

Are welcome ... please use Discussions.

Download TeamPass