Merge branch 'release' into 'master'

v4.4.0

See merge request passbolt/passbolt-ce-api!199

.gitlab-ci/scripts/bin/help_site.sh

@@ -51,10 +51,10 @@ git clone -b master https://"$HELPSITE_TOKEN_NAME":"$HELPSITE_TOKEN"@"$HELP_SITE
 cd "$PASSBOLT_HELP_DIR"
 
 create_release_notes
-git checkout -b release_notes_"$CI_COMMIT_TAG"
+git checkout -b release_notes_"$CI_COMMIT_TAG"_"$PASSBOLT_FLAVOUR"
 git add _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
 git commit -m ":robot: Automatically added release notes for version $CI_COMMIT_TAG $PASSBOLT_FLAVOUR"
 glab auth login --token "$HELPSITE_TOKEN"
-mr_url=$(glab mr create -s release_notes_"$CI_COMMIT_TAG" -b master -d ":robot: Release notes for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" -t "Release notes for $CI_COMMIT_TAG" --push --repo "passbolt/passbolt-help" | grep 'https://gitlab.com/passbolt/passbolt-help/-/merge_requests/')
+mr_url=$(glab mr create -s release_notes_"$CI_COMMIT_TAG"_"$PASSBOLT_FLAVOUR" -b master -d ":robot: Release notes for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" -t "Release notes for $PASSBOLT_FLAVOUR $CI_COMMIT_TAG" --push --repo "passbolt/passbolt-help" | grep 'https://gitlab.com/passbolt/passbolt-help/-/merge_requests/')
 cd -
 bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":notebook: New helpsite release notes created for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" "$mr_url"

CHANGELOG.md

@@ -2,6 +2,83 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.4.0] - 2023-11-07
+### Added
+- PB-27773 As an administrator I can deny access to the mobile setup screen with RBAC
+- PB-27951 As system operator I should be warned in the healthcheck when using PHP < 8.1, as support for PHP versions 7.4 and 8.0 will soon be removed
+
+### Improved
+- PB-27948 Guest identification by their username should be case-insensitive, unless specified in configuration
+- PB-27957 Send notifications to all administrators when an administrator is deleted
+- PB-27941 Send notifications to administrators when an administrator loses its administrator role
+- PB-28171 Enable the email digest by default
+
+### Security
+- PB-28274 Fixes an XSS Security issue with mail content sanitization
+
+### Fixed
+- PB-25477 As an administrator, I should be able to recreate a user with an email that exists in the db via the command line
+- PB-27799 As an administrator installing passbolt on PostgreSQL, the database encoding should be set to utf-8
+- PB-27857 Fix help site release notes automation by adding flavour on help site release notes merge request
+
+### Maintenance
+- PB-27932 Improve code static by using cakedccakephp/phpstan
+- PB-28079 Remove deprecation warnings from the test suite
+
+## [4.4.0-test.3] - 2023-11-06
+### Added
+- PB-28537 As a user I should receive email digests translated in my locale
+
+## [4.4.0-rc.1] - 2023-11-03
+### Added
+- PB-27773 As an administrator I can deny access to the mobile setup screen with RBAC
+- PB-27951 As system operator I should be warned in the healthcheck when using PHP < 8.1, as support for PHP versions 7.4 and 8.0 will soon be removed
+
+### Improved
+- PB-27948 Guest identification by their username should be case-insensitive, unless specified in configuration
+- PB-27957 Send notifications to all administrators when an administrator is deleted
+- PB-27941 Send notifications to administrators when an administrator loses its administrator role
+- PB-28171 Enable the email digest by default
+
+### Security
+- PB-28274 Fixes an XSS Security issue with mail content sanitization
+
+### Fixed
+- PB-25477 As an administrator, I should be able to recreate a user with an email that exists in the db via the command line
+- PB-27799 As an administrator installing passbolt on PostgreSQL, the database encoding should be set to utf-8
+- PB-27857 Fix help site release notes automation by adding flavour on help site release notes merge request
+
+### Maintenance
+- PB-27932 Improve code static by using cakedccakephp/phpstan
+- PB-28079 Remove deprecation warnings from the test suite
+
+## [4.4.0-test.2] - 2023-10-30
+### Added
+- PB-28482 Styleguide version bump to v4.4.0
+
+## [4.4.0-test.1] - 2023-10-27
+### Added
+- PB-27773 As an administrator I can deny access to the mobile setup screen with RBAC
+- PB-27951 As system operator I should be warned in the healthcheck when using PHP < 8.1, as support for PHP versions 7.4 and 8.0 will soon be removed
+
+### Improved
+- PB-27948 Guest identification by their username should be case-insensitive, unless specified in configuration
+- PB-27957 Send notifications to all administrators when an administrator is deleted
+- PB-27941 Send notifications to administrators when an administrator loses its administrator role
+- PB-28171 Enable the email digest by default
+
+### Security
+- PB-28274 Fixes an XSS Security issue with mail content sanitization
+
+### Fixed
+- PB-25477 As an administrator, I should be able to recreate a user with an email that exists in the db
+- PB-27799 As an administrator installing passbolt on PostgreSQL, the database encoding should be set to utf-8
+- PB-27857 Fix help site release notes automation by adding flavour on help site release notes merge request
+
+### Maintenance
+- PB-27932 Improve code static by using cakedccakephp/phpstan
+- PB-28079 Remove deprecation warnings from the test suite
+
 ## [4.3.0] - 2023-09-26
 ### Added
 - PB-25405 As an administrator installing passbolt through the web installer, I should be able to configure authentication method for SMTP

RELEASE_NOTES.md

@@ -1,35 +1,37 @@
-Release song: https://youtu.be/s88r_q7oufE
+Release song: https://www.youtube.com/watch?v=6Ejga4kJUts
 
-Introducing the newest release of passbolt – get to know version 4.3
+Version 4.4 of the Community Edition has launched with new capabilities and improvements.
 
-This update extends the portability of TOTP (Time Based One Time Password) content. You can now access TOTP items from passbolt’s mobile app and web interface. While the ability to create a TOTP is still limited to mobile, this update lets you view them through the browser, adding to its flexibility and usability.
+With this release, users are able to manage TOTPs directly from the browser, providing an extended TOTP experience across all their devices. They can now be created, deleted, organised and shared with others just like any other resource type.
 
-Improvements have also been made to the customisation of the grid in the password workspace. This update makes edits to the grid persistent, meaning that changes will now be saved between sessions. To further improve overall usability, an optional column for TOTP has also been added.
+Another highlight of this release, administrators now have the ability to suspend/unsuspend users. This new feature will offer administrators with more control over access management of their instance. By example, they will be able to prevent access to the passbolt instance for users in temporary leave, therefore enforce company policies.
 
-Thank you for using passbolt, for contributing to the vision, and your feedback.
+And that's not all – a number of fixes and enhancements have been implemented to improve user experience. Among them, notification emails are now aggregated in certain cases, including limiting emails when a user imports a large amount of passwords.
 
-## [4.3.0] - 2023-09-26
+If you’re a system operator, please note that using older PHP versions will now trigger a healthcheck warning. Support for PHP 7.4 and 8.0 will be discontinued soon. Admins are encouraged to upgrade to PHP 8.1 or higher and use the latest version of the passbolt API.
+
+Get the most out of passbolt – upgrade to version 4.4. Thanks for continuing to support passbolt and for being part of the community!
+
+
+## [4.4.0] - 2023-11-07
 ### Added
-- PB-25405 As an administrator installing passbolt through the web installer, I should be able to configure authentication method for SMTP
-- PB-25185 As a signed-in user on the browser extension, I want to export my account to configure the Windows application
-- PB-25944 As an administrator I can define the schema on installation with Postgres
-- PB-25497 As an administrator I can disable users (experimental)
+- PB-27773 As an administrator I can deny access to the mobile setup screen with RBAC
+- PB-27951 As system operator I should be warned in the healthcheck when using PHP < 8.1, as support for PHP versions 7.4 and 8.0 will soon be removed
 
 ### Improved
-- PB-25999 Performance optimisation of update secret process
-- PB-26097 Adds cake.po translation files for all languages supported by CakePHP
+- PB-27948 Guest identification by their username should be case-insensitive, unless specified in configuration
+- PB-27957 Send notifications to all administrators when an administrator is deleted
+- PB-27941 Send notifications to administrators when an administrator loses its administrator role
+- PB-28171 Enable the email digest by default
 
 ### Security
-- PB-25827 As a user with encrypted message enabled in the email content visibility, I would like to see the gpg message encrypted with my key when a password is updated
+- PB-28274 Fixes an XSS Security issue with mail content sanitization
 
 ### Fixed
-- PB-25802 As a user I want to see localized date in my emails
-- PB-25863 Fix emails not sent due to message-id header missing
+- PB-25477 As an administrator, I should be able to recreate a user with an email that exists in the db via the command line
 - PB-27799 As an administrator installing passbolt on PostgreSQL, the database encoding should be set to utf-8
+- PB-27857 Fix help site release notes automation by adding flavour on help site release notes merge request
 
 ### Maintenance
-- PB-25894 Run CI on postgres versions 13 and 15 instead of version 12 only
-- PB-25969 As a developer, I can render emails in tests with html special chars
-- PB-26107 Upgrade the cakephp/chronos library
-- PB-26159 Update singpolyma/openpgp-php to improve compatibility with PHP 8.2
-- PB-25247 Add integration tests on the MFA select provider endpoint
+- PB-27932 Improve code static by using cakedccakephp/phpstan
+- PB-28079 Remove deprecation warnings from the test suite

bin/cron

@@ -4,12 +4,12 @@
 
 set -euo pipefail
 
-DIGEST_ENABLED=${PASSBOLT_PLUGINS_EMAIL_DIGEST_ENABLED:-0}
+DIGEST_ENABLED=${PASSBOLT_PLUGINS_EMAIL_DIGEST_ENABLED:-1}
 
 DIR=$(dirname "$(readlink -f "$0")")
 
-if [[ "$DIGEST_ENABLED" = 0 ]]; then
-    "$DIR"/cake EmailQueue.sender
-else
+if [[ "$DIGEST_ENABLED" = 1 ]]; then
     "$DIR"/cake passbolt email_digest send
+else
+    "$DIR"/cake EmailQueue.sender
 fi

composer.json

@@ -16,6 +16,9 @@
         "allow-plugins": {
             "dealerdirect/phpcodesniffer-composer-installer": true,
             "cakephp/plugin-installer": true
+        },
+        "audit": {
+          "abandoned": "report"
         }
     },
     "authors": [
@@ -71,6 +74,7 @@
         "ext-openssl": "*",
         "ext-pdo": "*",
         "ext-curl": "*",
+        "composer/composer": "^2.6.4",
         "cakephp/cakephp": "^4.4.15",
         "cakephp/chronos": "2.4.*",
         "longwave/laminas-diactoros": "^2.14.1",
@@ -100,10 +104,11 @@
         "phpunit/phpunit": "~9.5.2",
         "cakephp/cakephp-codesniffer": "^4.5",
         "passbolt/passbolt-selenium-api": "^4.2",
-        "passbolt/passbolt-test-data": "^4.1.0",
+        "passbolt/passbolt-test-data": "^4.4",
         "vierge-noire/cakephp-fixture-factories": "^v2.9.0",
         "cakephp/localized": "4.0.0",
-        "vimeo/psalm": "^5.0.0"
+        "vimeo/psalm": "^5.0.0",
+        "cakedc/cakephp-phpstan": "^2.0"
     },
     "autoload": {
         "psr-4": {