Releases: vaultekbilisim/vaultpilot
Release list
VaultPilot 2.0.0
VaultPilot 2.0.0
VaultPilot 2.0.0 is the current public release for the self-hosted Windows Server vault. It moves the public product identity from PassMan to VaultPilot while preserving the compatibility aliases that existing installations may still rely on.
Release date: 2026-06-30
What changed
- VaultPilot is now the public product and release name across the console, docs, release assets, update manifest and operator-facing language.
- PassMan remains a legacy compatibility alias for older service names, data paths, environment variables, cookies, headers, extension protocol strings, update aliases and rollback decisions.
- The Overview screen now works as an operator cockpit for security posture, recommendations, breach status, server readiness, operational state, record distribution, update signals, access trend, maintenance and recent activity.
- Server System groups log rotation, retention, diagnostics, public host, port, HTTPS certificate state, restart guidance and non-destructive maintenance boundaries in one place.
- License screens explain plan, capacity, trial/licensed state, write state, expiry/renewal risk and module availability in operator language.
- Extension, offline share decrypter and DC Agent packages use VaultPilot naming while preserving compatibility behavior where older deployments need it.
Compatibility
New installs should use VaultPilotServer, VaultPilot Server, C:\ProgramData\VaultPilot, VAULTPILOT_*, vaultpilot-update.json and VaultPilot package names.
Existing installs may still rely on PassManServer, PassMan Server, C:\ProgramData\PassMan, PASSMAN_*, passman_session, x-passman-request, passman-update.json and legacy package names. Those names remain available for migration, rollback and old-client compatibility.
Security and trust
- Zero-knowledge boundaries are unchanged. Vault keys, master-derived keys, plaintext secrets, API keys, private keys and master passwords are not persisted or logged.
- Server API payload validation, RBAC checks, CSRF header expectations, extension pairing and signed update manifest verification remain active.
- Browser extension decrypted vault snapshots stay in runtime memory only. Background-worker restart or suspension locks the extension again.
- Diagnostics remain redacted and non-destructive. The console does not clear logs, caches, browser history, databases, update jobs or customer data.
Published assets
Verify asset names, file sizes and SHA-256 values before internal redistribution.
| Asset | Size | SHA-256 |
|---|---|---|
VaultPilot-2.0.0-x64.msi |
66,118,490 | c3c3189572fc5936f30e0f14e5d12b2ed4702e3db0efd32a1c8d2eba65b67842 |
vaultpilot-update.json |
1,430 | a6610b266c4a3bee2d689615e5f1b2bccf15067af3d8c0094832b10d67fb9351 |
vaultpilot-browser-vault-extension.zip |
181,103 | 7f95df52d796c8bb73196569dc77cfc220aadd7e971ca323825d505e947c02aa |
vaultpilot-extension-update.json |
257 | de3b30a3cdc2a58188d6421f96d8e164ead5406ebbee614e1569ac20eec69f55 |
vaultpilot-share-decrypter.zip |
102,632 | b6cd0cdc8cd2bd670348fca2587f7ad6d54604d2fa3c9d159e6a35c15301ed8a |
vaultpilot-share-decrypter.json |
219 | 7dca1ad23057223a221eaa0058b6ae8a5dfa4d12cbbcdf73b4249545cd34211b |
vaultpilot-dc-agent.ps1 |
98,891 | de8c4df43ff69b9a277e2cfaf4cb14f553512cf13b318eec45b725db1113e0fc |
vaultpilot-dc-agent.json |
212 | 9082376283457eeddbffd3aee8d4e6ed1b46674d498d027467a9eff6308f7f4e |
Operator checklist
- Take a server backup before production update.
- Download the MSI and manifest from this GitHub Release.
- Confirm the manifest, SHA-256 values, MSI signer evidence and asset list.
- Run the MSI as Administrator on the Windows server.
- After upgrade, verify the Windows service, data directory, Update Center state, extension pairing, active sessions, audit retention, license state and Server System diagnostics.
- If rollback is required, use a previously verified signed release package and the retained PassMan compatibility aliases. Do not manually edit ProgramData folders as a rollback method.
Documentation
- Repository home: https://github.com/ucsahinn/vaultpilot
- Release asset verification: https://github.com/ucsahinn/vaultpilot/blob/main/docs/en/release-asset-verification.md
- Turkish documentation: https://github.com/ucsahinn/vaultpilot/blob/main/docs/tr/README.md
- Security policy: https://github.com/ucsahinn/vaultpilot/blob/main/SECURITY.md
PassMan 1.8.21
PassMan 1.8.21
PassMan 1.8.21 is a self-hosted server hotfix for SQLite lock contention and update-helper evidence noise found in the 2026-06-09 diagnostics bundle.
Main Application
- Starts SQLite with WAL mode, normal synchronous mode, foreign-key enforcement, and a 15-second busy timeout so short write bursts do not immediately fail customer API requests.
- Reduces no-op Active Directory agent polling writes by keeping
last_seen_atstable inside a one-minute heartbeat window when no command is leased. - Avoids rewriting unchanged large Active Directory full-sync snapshot fields while preserving sync metadata, command clearing, and audit creation.
- Keeps the existing vault, sharing, extension, update, and DC agent command contracts unchanged.
Installer And Update Helper
- Makes installer helper log writes best-effort so an access-denied log append cannot contaminate update evidence or interrupt the helper path.
- Applies the same best-effort logging behavior to restart-helper log output.
Verification
npm run lintnpm run testnpm run build:windowsnpm run update:manifest:issue -- --version 1.8.21 --tag v1.8.21npm run update:manifest:verify -- --manifest public\downloads\passman-update.jsonnpm run ui:smokenpm run msi:verifynpm run msi:sandbox-package -- -AllowUnsignedDevMsinpm run msi:evidencenpm audit --audit-level=high
Release artifact SHA-256:
PassMan-1.8.21-x64.msi:5f56d371d3a75fe57e3a6c9d9b6ba96d819f807c04c5ece42d277e88a51635d0passman-chromium-extension.zip:533d1f089f05753b1feff9caa31b6126fada73bcc4c836a738263d653ce6af6fpassman-share-decrypter.zip:94750f75efba50e19f5290fc47091341a77d8456b03acd2c9f9b289403c53a86passman-ad-agent.ps1:383c543bbc83b3c4ccd39f2ee39308aef9ef547f9fcc82ddc572dd86a87b71f1
PassMan 1.8.20
PassMan 1.8.20
PassMan 1.8.20 is a self-hosted server patch for the browser extension installation and update channel after the PassMan Enterprise Vault Extension moved to Chrome Web Store.
Main Application
- Changed the Browser Extension screen to present the Chrome Web Store listing and extension ID as the primary customer install path.
- Removed the old manual ZIP install call-to-action from the main customer flow. The Chromium extension ZIP remains a release archive, local development package, and emergency fallback artifact only.
- Updated Update Center extension status to report the Chrome Web Store channel, store update URL, and non-applicable local policy state.
- Updated release checklist, component versioning, architecture notes, and operator documentation so old enterprise-policy/manual-ZIP guidance is not treated as current product behavior.
Chromium Browser Extension 1.3.1
- The extension About view exposes the installed version and a Chrome Web Store update check.
- The update button asks Chromium to check the Web Store and reloads the extension only when Chromium reports an available staged update.
- Updated extension icons are packaged at the required 16, 32, 48, and 128 pixel sizes.
Verification
npm run lintnpm run testnpm run build:windowsnpm run update:manifest:issue -- --version 1.8.20 --tag v1.8.20npm run update:manifest:verify -- --manifest public\downloads\passman-update.jsonnpm run ui:smokenpm run msi:verifynpm run msi:sandbox-package -- -AllowUnsignedDevMsinpm run msi:evidencenpm audit --audit-level=high
Release artifact SHA-256:
PassMan-1.8.20-x64.msi:c164c2aec97a502e0dfdfc952051dc3653afcbe67dde0e77eb9fbcfa6008c8ddpassman-chromium-extension.zip:533d1f089f05753b1feff9caa31b6126fada73bcc4c836a738263d653ce6af6fpassman-share-decrypter.zip:98e54b08fbb033b83b9b531f155663e11fa459594c2c3ffd190077cf936ea41bpassman-ad-agent.ps1:383c543bbc83b3c4ccd39f2ee39308aef9ef547f9fcc82ddc572dd86a87b71f1
PassMan 1.8.19
PassMan 1.8.19
PassMan 1.8.19 is a self-hosted server patch for Active Directory agent authorization on real server installs.
Main Application
- Fixed AD agent install and repair authorization when the server process reads the same SQLite provider record through a different
server-secretor data-directory context. - New directory agent bearer tokens are stored with a portable SHA-256 verifier while existing server-secret HMAC token records remain accepted for upgrade compatibility.
- Added redacted directory-agent auth failure reasons in server logs so operators can distinguish missing providers, revoked tokens, empty token hashes, and token mismatches without logging token values.
PassMan DC Agent Service 1.2.10
- No script contract change. Existing install and repair commands keep using the generated
pma_agent id andpmt_token format. - Operators should rotate any agent tokens that were pasted into support chats or terminals after upgrading the server.
Verification
npm run lintnpm run testnpm run build:windowsnpm run ui:smoke
PassMan 1.8.18
PassMan 1.8.18
PassMan 1.8.18 is a self-hosted server patch for the Active Directory credential and operator execution workflow.
Main Application
- Added credential-backed PassMan login activation and removal from credential records, with Users screen source badges for local, synced, and credential-backed accounts.
- Hardened AD credential login naming so imported domain credentials prefer the short SAM account name while keeping directory metadata for audit and removal.
- Kept AD password assignment separate from login access activation: changing an AD password remains an agent action, while adding/removing PassMan login access is an explicit credential action.
- Updated RDP downloads to avoid embedding passwords in
.rdpfiles and to disable local resource redirection defaults that trigger broad Windows security prompts.
PassMan DC Agent Service 1.2.10
-RepairServicenow validates the supplied PassMan agent id/token before writing the refreshed service config.- Repair can update the domain controller host and bind username interactively, while preserving the existing values when Enter is pressed.
- If DC or bind settings change during repair, the bind password is requested locally again and protected on the Windows host.
Verification
npm run lintnpm run testnpm run build:windowsnpm run ui:smoke
PassMan 1.8.17
PassMan 1.8.17 fixes refresh/restart session persistence and update status performance. Server sessions are persisted only as token hashes with a 15-minute idle expiry, protected API polling waits for verified sessions after browser refresh, and update status no longer hashes every old staged MSI on each poll.
PassMan 1.8.16
PassMan 1.8.16 fixes the overview signal regression from the 1.8.15 lazy-query performance pass. Overview audit-chain and server-runtime signals are live again, expensive admin queries remain lazy, and the waiting skeleton is softened to avoid the dark-bar loading look.\n\nSHA256 PassMan-1.8.16-x64.msi: E3CB1D40B2DF69478B6970665751DCD3DF261DC36FB3A140CD6B1AF3AA827727\n\nVerified with npm run test -- tests/security-regression.test.ts, npm run lint, npm run test, npm run build:windows, npm run update:manifest:verify, and npm run ui:smoke.
PassMan 1.8.15
PassMan 1.8.15
Fast unlock and first-screen performance
- Fixed: refresh within the 15-minute fast-unlock window now restores the unlocked vault from a secure browser-session fallback even if SharedWorker or Service Worker memory was reclaimed by the browser.
- Improved: Passwords, notes, files, certificates, and credential screens no longer start update, diagnostics, directory, users, license, share, or extension polling until the related workspace is opened.
- Improved: active server-update polling still runs while an update is in progress, but steady-state update polling no longer competes with normal vault browsing.
- Fixed: the update recovery test timeout now reflects Windows update-status simulation under the full parallel test suite.
Security boundary
- The fast-unlock fallback still avoids localStorage, sessionStorage, cookies, logs, and server persistence.
- Backend authorization remains unchanged; every protected API call still requires the server session.
PassMan 1.8.14
PassMan 1.8.14
Fast unlock and console responsiveness
- Restores the 15-minute RAM fast-unlock session through the low-latency SharedWorker path before falling back to the Service Worker path.
- Shortens fast-unlock restore fallback waits so refreshes do not sit on the lock screen while a worker is still activating.
- Allows protected list queries to start as soon as the vault keys and session identity are restored; backend session authorization still guards every API request.
- Softens vault list loading placeholders so loading states no longer appear as heavy dark bars before records arrive.
PassMan 1.8.13
PassMan 1.8.13
Installer reliability
- Fixed a silent MSI rollback path introduced by stale runtime cleanup before file installation.
- The stale runtime cleanup action is now best-effort and cannot fail the install before the real server install/health-check action runs.
- This resolves upgrades that failed with
PreparePassManServerFiles/ Windows Installer error 1722 beforeInstallPassManServercould repair the service.
Recovery tools
- Added
PassManLogCollector.exeto the packaged server payload for one-click diagnostics collection. - Added
PassManBackupTool.exeto the packaged server payload for protectedC:\ProgramData\PassManbackup collection. - Both tools request elevation when needed, show progress, write a manifest, and reveal the generated zip in Explorer.
- The log collector sanitizes obvious token/password/bearer patterns and does not collect database, config secrets, certificates, or private keys.
- The backup tool collects restore-critical data and excludes logs, update job caches, staged MSI files, and temporary files by default.