Skip to content

Commit ca2e35d

Browse files
claytontstevensonclaytontstevenson
committed
Merge branch 'release/4.2.0' into 'master'
Preparing the 4.2.0 release See merge request passbolt/passbolt_docker!243
2 parents b41cd55 + 90d620c commit ca2e35d

File tree

2 files changed

+29
-7
lines changed

2 files changed

+29
-7
lines changed

CHANGELOG.md

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,25 @@
33
All notable changes to this project will be documented in this file.
44
This project adheres to [Semantic Versioning](http://semver.org/).
55

6-
## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/4.1.1...HEAD)
6+
## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/4.2.0...HEAD)
7+
8+
## [4.2.0](https://github.com/passbolt/passbolt_docker/compare/4.1.1...4.2.0) - 2025-11-18
9+
10+
## Added
11+
12+
- Pin Passbolt server key generation to RSA by default
13+
- Openshift support
14+
15+
## Changed
16+
17+
- Upgraded Debian 13 as the base image
18+
- Bumped supercronic dependency to 0.2.39
19+
- Various testing improvements
20+
21+
## Fixed
22+
23+
- `mediaType` OCI type mismatch between index and manifest
24+
- JWT directory permission error
725

826
## [4.1.1](https://github.com/passbolt/passbolt_docker/compare/4.1.0...4.1.1) - 2025-04-02
927

RELEASE_NOTES.md

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
1-
Announcing the immediate availability of passbolt's docker repository 4.1.1.
1+
Announcing the immediate availability of passbolt's docker repository 4.2.0.
22

3-
This release adds docker secrets support for EMAIL_TRANSPORT_DEFAULT_PASSWORD
4-
and EMAIL_TRANSPORT_DEFAULT_USERNAME environment variables thanks to @Shtiggs
3+
This release, the first based on Debian 13, adds:
4+
- Openshift support for non-root images
5+
- Pin Passbolt server key generation to RSA by default
6+
- Bump `supercronic` to 0.2.39
57

6-
It also includes a warning message when APP_FULL_BASE_URL environment variable
7-
is not set to mitigate host header injection attacks. You can obtain more
8-
information about the subject in the following link: <https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection>
8+
Moreover, it also fixes:
9+
- `mediaType` OCI mismatch between index and manifest
10+
- JWT directory permission error
11+
12+
And brings miscellaneous testing improvements.

0 commit comments

Comments
 (0)