Merge branch 'feature/PB-45633_52-Publish-production-API' into 'master'

PB-45633 Publish production API (v5.6.0)

See merge request passbolt/passbolt-ce-api!454

Author: gmougenel

.gitlab-ci/jobs/php_unit_tests/sequential/php_unit_tests.yml

@@ -112,7 +112,7 @@
     - gpg --import config/gpg/unsecure_private.key
     - gpg --import config/gpg/unsecure.key
     - ./bin/cake passbolt create_jwt_keys
-    - composer create-split-testsuite
+    - composer create-split-testsuite -- 2
     - $PHPUNIT_COMMAND
   artifacts:
     reports:

CHANGELOG.md

@@ -2,6 +2,87 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [5.6.0] - 2025-10-08
+### Added
+- PB-45058 Add datacheck to check for existing metadata key with no metadata private keys
+- PB-44187 As an admin I cannot delete a metadata key associated with a deleted resource
+- PB-44183 As a user that is sole owner of v4 resources when v4 resources types are disabled, v4 resources should be ignored on an ownership transfer request
+- PB-44770 As a user I want to configure the trusted_proxies list as an environment variable
+- PB-45471 Add new database migration to add standalone notes resource type
+- PB-45472 Update resource types endpoints tests to assert enable/disable is working for new standalone notes resource type
+- PB-45473 Update resources endpoints tests to accommodate new standalone notes resource type
+
+### Fixed
+- PB-45222 Fix EmailDigest not working for v5 resources
+- PB-45447 Fix PUT /metadata/keys/<uuid>.json endpoint returning 500 error with trailing data
+- PB-45436 As an administrator I can define the default cache engine with an environment variable
+- PB-45454 Fix 500 error due to MySQL deadlock on create resource endpoint
+- PB-45456 Allow editing of v4 resources even when v4 resource type creation is disabled
+- PB-45258 Fix grammatical errors in the resource update email content
+- PB-45057 Reduce memory consumption on the action logs endpoints
+- PB-45057 Reduce memory consumption on resources and folders index endpoints
+
+### Maintenance
+- PB-44813 Bring back DDEV ldap related services for development environment
+- PB-44593 Bump i18next version
+- PB-45161 Fix regularly failing UsersIndexControllerPaginationTest.php test
+- PB-45270 Add custom exception message with client IP in /healthcheck/error.json
+- PB-45062 Fix user_setup_complete.php template in LU folder instead of AD
+
+## [5.6.0-rc.1] - 2025-10-03
+### Added
+- PB-45058 Add datacheck to check for existing metadata key with no metadata private keys
+- PB-44187 As an admin I cannot delete a metadata key associated with a deleted resource
+- PB-44183 As a user that is sole owner of v4 resources when v4 resources types are disabled, v4 resources should be ignored on an ownership transfer request
+- PB-44770 As a user I want to configure the trusted_proxies list as an environment variable
+- PB-45471 Add new database migration to add standalone notes resource type
+- PB-45472 Update resource types endpoints tests to assert enable/disable is working for new standalone notes resource type
+- PB-45473 Update resources endpoints tests to accommodate new standalone notes resource type
+
+### Fixed
+- PB-45222 Fix EmailDigest not working for v5 resources
+- PB-45447 Fix PUT /metadata/keys/<uuid>.json endpoint returning 500 error with trailing data
+- PB-45436 As an administrator I can define the default cache engine with an environment variable
+- PB-45454 Fix 500 error due to MySQL deadlock on create resource endpoint
+- PB-45456 Allow editing of v4 resources even when v4 resource type creation is disabled
+- PB-45258 Fix grammatical errors in the resource update email content
+- PB-45057 Reduce memory consumption on the action logs endpoints
+- PB-45057 Reduce memory consumption on resources and folders index endpoints
+
+### Maintenance
+- PB-44813 Bring back DDEV ldap related services for development environment
+- PB-44593 Bump i18next version
+- PB-45161 Fix regularly failing UsersIndexControllerPaginationTest.php test
+- PB-45270 Add custom exception message with client IP in /healthcheck/error.json
+- PB-45062 Fix user_setup_complete.php template in LU folder instead of AD
+
+## [5.6.0-test.1] - 2025-10-01
+### Added
+- PB-45058 Add datacheck to check for existing metadata key with no metadata private keys
+- PB-44187 As an admin I cannot delete a metadata key associated with a deleted resource
+- PB-44183 As a user that is sole owner of v4 resources when v4 resources types are disabled, v4 resources should be ignored on an ownership transfer request
+- PB-44770 As a user I want to configure the trusted_proxies list as an environment variable
+- PB-45471 Add new database migration to add standalone notes resource type
+- PB-45472 Update resource types endpoints tests to assert enable/disable is working for new standalone notes resource type
+- PB-45473 Update resources endpoints tests to accommodate new standalone notes resource type
+
+### Fixed
+- PB-45222 Fix EmailDigest not working for v5 resources
+- PB-45447 Fix PUT /metadata/keys/<uuid>.json endpoint returning 500 error with trailing data
+- PB-45436 As an administrator I can define the default cache engine with an environment variable
+- PB-45454 Fix 500 error due to MySQL deadlock on create resource endpoint
+- PB-45456 Allow editing of v4 resources even when v4 resource type creation is disabled
+- PB-45258 Fix grammatical errors in the resource update email content
+- PB-45057 Reduce memory consumption on the action logs endpoints
+- PB-45057 Reduce memory consumption on resources and folders index endpoints
+
+### Maintenance
+- PB-44813 Bring back DDEV ldap related services for development environment
+- PB-44593 Bump i18next version
+- PB-45161 Fix regularly failing UsersIndexControllerPaginationTest.php test
+- PB-45270 Add custom exception message with client IP in /healthcheck/error.json
+- PB-45062 Fix user_setup_complete.php template in LU folder instead of AD
+
 ## [5.5.2] - 2025-09-29
 ### Fixed
 - PB-45439 As an administrator I can edit the metadata key settings when not editing zero-knowledge mode

RELEASE_NOTES.md

@@ -1,9 +1,44 @@
-Release song: https://youtu.be/RyP8hGuyknA
+Release song: https://www.youtube.com/watch?v=bu50DtPF1Ac
 
-Passbolt 5.5.2 resolves an issue introduced in the previous version that affected the editing of encrypted metadata settings. Due to zero-knowledge mode being required in some conditions, administrators were unable to edit the metadata key settings. This has now been fixed, restoring the ability to customize these settings.
+Passbolt 5.6.0 introduces standalone notes, shared metadata key rotation, and resizable sidebars. As usual, this version also brings important security hardening through dependency updates as well as a series of bug fixes and maintenance improvements.
 
-We thank the community for reporting this issue!
+## Standalone notes
+It is now possible to create notes as a standalone resource type, without attaching them to credentials or other elements. Import and export processes have been updated to recognize and support this new type. Any imported resources that contain only a description will now be created as standalone notes.
+
+## Shared metadata key rotation
+Administrators can now rotate the shared metadata key at any time from the organization settings. This improvement marks one of the final steps in meeting metadata encryption requirements. The rotation process can be performed while the instance remains operational, so availability is not disrupted.
+
+## Resizable sidebars
+Both main workspace and Users & Groups workspace now feature sidebars that can be resized. This allows users to improve readability when working with long folder names or deeply nested folder structures. After resizing, a double-click on the sidebar handle resets it to its default width.
+
+## Miscellaneous Improvements
+The export of account kits is now compatible with larger private keys. The group membership update process has been optimized to reduce request payload size and to avoid certain size limitations. Sorting of folder names has also been improved with natural number ordering, meaning for example that "folder2" now correctly appears before "folder10."
+
+Many thanks to everyone who shared feedback, reported issues, and helped refine these features.
+
+## [5.6.0] - 2025-10-08
+### Added
+- PB-45058 Add datacheck to check for existing metadata key with no metadata private keys
+- PB-44187 As an admin I cannot delete a metadata key associated with a deleted resource
+- PB-44183 As a user that is sole owner of v4 resources when v4 resources types are disabled, v4 resources should be ignored on an ownership transfer request
+- PB-44770 As a user I want to configure the trusted_proxies list as an environment variable
+- PB-45471 Add new database migration to add standalone notes resource type
+- PB-45472 Update resource types endpoints tests to assert enable/disable is working for new standalone notes resource type
+- PB-45473 Update resources endpoints tests to accommodate new standalone notes resource type
 
-## [5.5.2] - 2025-09-29
 ### Fixed
-- PB-45439 As an administrator I can edit the metadata key settings when not editing zero-knowledge mode
+- PB-45222 Fix EmailDigest not working for v5 resources
+- PB-45447 Fix PUT /metadata/keys/<uuid>.json endpoint returning 500 error with trailing data
+- PB-45436 As an administrator I can define the default cache engine with an environment variable
+- PB-45454 Fix 500 error due to MySQL deadlock on create resource endpoint
+- PB-45456 Allow editing of v4 resources even when v4 resource type creation is disabled
+- PB-45258 Fix grammatical errors in the resource update email content
+- PB-45057 Reduce memory consumption on the action logs endpoints
+- PB-45057 Reduce memory consumption on resources and folders index endpoints
+
+### Maintenance
+- PB-44813 Bring back DDEV ldap related services for development environment
+- PB-44593 Bump i18next version
+- PB-45161 Fix regularly failing UsersIndexControllerPaginationTest.php test
+- PB-45270 Add custom exception message with client IP in /healthcheck/error.json
+- PB-45062 Fix user_setup_complete.php template in LU folder instead of AD

composer.json

@@ -174,15 +174,7 @@
         "stan": "phpstan analyse --memory-limit=-1",
         "psalm": "psalm.phar",
         "test": "phpunit --colors=always",
-        "create-split-testsuite" : "php tests/create_paratest_suites.php tmp/tests/testsuitesplit.xml 2",
-        "testsuite-1": [
-            "@composer create-split-testsuite",
-            "@composer test -- --testsuite 1 -c tmp/tests/testsuitesplit.xml"
-        ],
-        "testsuite-2": [
-            "@composer create-split-testsuite",
-            "@composer test -- --testsuite 2 -c tmp/tests/testsuitesplit.xml"
-        ],
+        "create-split-testsuite" : "php tests/create_paratest_suites.php tmp/tests/testsuitesplit.xml",
         "i18n:externalize": [
             "./bin/cake i18n extract --app ./ --paths src,plugins,templates --output resources/locales/en_UK --exclude /tests,/vendors,/src/Command --overwrite --extract-core no --no-location --merge yes",
             "find resources/locales/en_UK -name '*.pot' -exec sh -c 'mv \"$1\" \"${1%.pot}.po\"' _ {} \\;"

config/Migrations/20250925101439_V560AddStandaloneNoteResourceType.php

@@ -0,0 +1,37 @@
+<?php
+declare(strict_types=1);
+
+use App\Utility\UuidFactory;
+use Cake\I18n\DateTime;
+use Migrations\AbstractMigration;
+use Passbolt\ResourceTypes\Model\Definition\SlugDefinition;
+use Passbolt\ResourceTypes\Model\Entity\ResourceType;
+
+class V560AddStandaloneNoteResourceType extends AbstractMigration
+{
+    /**
+     * Change Method.
+     *
+     * More information on this method is available here:
+     * https://book.cakephp.org/migrations/4/en/migrations.html#the-change-method
+     *
+     * @return void
+     */
+    public function change(): void
+    {
+        $data = [
+            [
+                'id' => UuidFactory::uuid('resource-types.id.' . ResourceType::SLUG_V5_NOTE),
+                'slug' => ResourceType::SLUG_V5_NOTE,
+                'name' => 'Standalone note',
+                'description' => 'A resource with standalone notes.',
+                'definition' => SlugDefinition::v5Note(),
+                'created' => (new DateTime())->toDateTimeString(),
+                'modified' => (new DateTime())->toDateTimeString(),
+            ],
+        ];
+
+        $resourceTypesTable = $this->table('resource_types');
+        $resourceTypesTable->insert($data)->saveData();
+    }
+}

config/app.default.php

@@ -101,7 +101,7 @@
      */
     'Cache' => [
         'default' => [
-            'className' => FileEngine::class,
+            'className' => env('CACHE_DEFAULT_CLASSNAME', FileEngine::class),
             'path' => CACHE,
             'url' => env('CACHE_DEFAULT_URL', null),
 
@@ -141,7 +141,7 @@
          * Duration will be set to '+2 minutes' in bootstrap.php when debug = true
          */
         '_cake_model_' => [
-            'className' => FileEngine::class,
+            'className' => env('CACHE_CAKEMODEL_CLASSNAME', FileEngine::class),
             'prefix' => 'myapp_cake_model_',
             'path' => CACHE . 'models' . DS,
             'serialize' => true,

config/default.php

@@ -364,8 +364,9 @@
             // Only set to true if your instance runs behind load balancers/proxies that you control.
             'proxies' => [
                 'active' => filter_var(env('PASSBOLT_SECURITY_PROXIES_ACTIVE', false), FILTER_VALIDATE_BOOLEAN),
-                // If your instance is behind multiple proxies, redefine the list of IP addresses of proxies in your control in passbolt.php
-                'trustedProxies' => [],
+                // If your instance is behind multiple proxies, redefine the list of IP addresses of proxies in your control via passbolt.php or env var
+                // Example via env var: PASSBOLT_SECURITY_PROXIES_TRUSTED_PROXIES="127.1.1.1, 127.0.0.2"
+                'trustedProxies' => env('PASSBOLT_SECURITY_PROXIES_TRUSTED_PROXIES', ''),
             ],
             'mfa' => [
                 'duoVerifySubscriber' => filter_var(env('PASSBOLT_SECURITY_MFA_DUO_VERIFY_SUBSCRIBER', false), FILTER_VALIDATE_BOOLEAN),

config/version.php

@@ -1,8 +1,8 @@
 <?php
 return [
     'passbolt' => [
-        'version' => '5.5.2',
-        'name' => 'Hey Boy Hey Girl',
+        'version' => '5.6.0',
+        'name' => 'Big Jet Plane',
     ],
     'php' => [
         'minVersion' => '8.2',