TBD

Release song: TBD

The Passbolt API v5 is now available as a release candidate.
We have updated the CakePHP library to version 5. The PHP minimum version is now 8.2, and version 8.4 is now supported!
See the blog post here on how to upgrade to PHP 8.2. For more detailed information, please refer to the changelogs.

We would also like to thank the community for their invaluable feedback.

[5.0.0-rc.1] - 2025-04-07

Added

• PB-39434 As an administrator I can log user actions on file in an SIEM compatible format
• PB-39627 Enforce PHP 8.2 as minimum passbolt API requirement
• PB-40155 Add Passbolt API support of PHP 8.4
• PB-40247 Add API status documentation link to the health check command

Fixed

• PB-39706 When creating a user from CLI the metadata_private_keys should have their fields created_by and modified_by set
• PB-41356 As an administrator I can delete a resource type associated to deleted resources

Maintenance

• PB-28246 Refactor the whole application to upgrade CakePHP to version 5
• PB-39434 Add code coverage to ActionLogsUsernameQueryStrategy
• PB-39660 Mock MfaFormInterface to avoid tests failing occasionally
• PB-39630 Fix ResourcesIndexControllerPaginationTest recurrently failing test

Basket Case

Release song: https://youtu.be/NUTGr5t3MoY?si=1hitMfMv8PDn1Wf2

This is a maintenance release. It fixes a reported issue when notifying group administrators that a user should be added to a group. The issue occurred when a group administrator had been suspended.

Thank you to the community for the valuable feedback!

[4.12.1] - 2025-03-17

Fixed

• PB-39959 Fixes an issue when fetching the locale of suspended users when queried in a sub-query

Rusty Cage

Release song: https://www.youtube.com/watch?v=pBZs_Py-1_0

Passbolt v4.12.0 introduces the final update in the version 4 series. This release completes the groundwork for version 5 and allows integrators to test the migration directly from the UI ahead of the stable release.

As always, this version also addresses community-reported issues, including fixes for UI inconsistencies and multi-selection shortcuts that were not working across all environments.

As a final update of the v4 series, system administrators are invited to upgrade their version of PHP to meet Passbolt v5’s minimum requirements: PHP 8.2. We posted a guide in our Weblog to help you with the process:
Preparing for Passbolt v5: PHP 8.2 Requirement.

Thank you to the community for your feedback and patience — we’re almost there!

[4.12.0] - 2025-03-12

Added

• PB-39395 As an administrator I can contain permissions when upgrading folders to v5 format
• PB-39394 As an administrator I can contain permissions when upgrading resources to v5 format
• PB-38850 As an administrator I cannot rotate entities while two metadata keys are active
• PB-37699 As an administrator I can upgrade folders to v5 format
• PB-37363 As an administrator I can rotate metadata keys encrypting folders metadata
• PB-36582 As an administrator I cannot reuse a previously deleted metadata key

Fixed

• PB-39512 Fix during metadata upgrade process, the resource_type_id field is now updated in the database
• PB-39399 Adds missing fields to metadata private keys in index response
• PB-39393 Fix limit value is null in pagination header response for rotate & upgrade endpoints
• PB-38770 Fix email subject for delete resource email when resource is v5
• PB-38791 Fix 500 error on the duo MFA setup & verify page when duo service is unavailable
• PB-38771 Fix unable to expire the metadata key due to expired datetime format

Maintenance

• PB-39629 Set next minimum PHP version to 8.2 as passbolt v5 will not support lower PHP versions

Rusty Cage

Release song: https://www.youtube.com/watch?v=pBZs_Py-1_0

Passbolt v4.12.0 introduces the final update in the version 4 series. This release completes the groundwork for version 5 and allows integrators to test the migration directly from the UI ahead of the stable release.

As always, this version also addresses community-reported issues, including fixes for UI inconsistencies and multi-selection shortcuts that were not working across all environments.

As a final update of the v4 series, system administrators are invited to upgrade their version of PHP to meet Passbolt v5’s minimum requirements: PHP 8.2. Stay tuned—we’ll post a guide on the forum and social media to help you with the process.

Thank you to the community for your feedback and patience—we’re almost there!

[4.12.0-rc.1] - 2025-03-06

Added

• PB-39395 As an administrator I can contain permissions when upgrading folders to v5 format
• PB-39394 As an administrator I can contain permissions when upgrading resources to v5 format
• PB-38850 As an administrator I cannot rotate entities while two metadata keys are active
• PB-37699 As an administrator I can upgrade folders to v5 format
• PB-37363 As an administrator I can rotate metadata keys encrypting folders metadata
• PB-36582 As an administrator I cannot reuse a previously deleted metadata key

Fixed

• PB-39512 Fix during metadata upgrade process, the resource_type_id field is now updated in the database
• PB-39399 Adds missing fields to metadata private keys in index response
• PB-39393 Fix limit value is null in pagination header response for rotate & upgrade endpoints
• PB-38770 Fix email subject for delete resource email when resource is v
• PB-38791 Fix 500 error on the duo MFA setup & verify page when duo service is unavailable
• PB-38771 Fix unable to expire the metadata key due to expired datetime format

Maintenance

• PB-39629 Set next minimum PHP version to 8.2 as passbolt v5 will not support lower PHP versions

Rebel Rebel

Release song: https://youtu.be/U16Xg_rQZkA?si=cVcmovGWluuo8oYj

Passbolt is pleased to announce the immediate availability of version v4.11.1. This version is a targeted security release of the API focusing on fixing the security issue reported by a security researcher.

We would like to express our appreciation to the community for their assistance in making Passbolt more secure. Further details can be found in the incident report.

[4.11.1] - 2025-02-17

Security

• PB-39045 Fix empty fullBaseUrl leading to Host header injection attack

Fortunate Son

Release song: https://www.youtube.com/watch?v=3RmQTYLD398

Passbolt v4.11.0 introduces beta support for encrypted metadata in the administration settings, laying groundwork for the upcoming v5 release and its new resource format. This beta feature allows developers and integrators to explore and adapt their systems ahead of the transition.

This release also resolves a security issue where an attacker could modify the Passbolt URL in certain emails if an administrator’s configuration was invalid. Additionally, role-based access control is now enforced for the “Copy to Clipboard” feature in the browser extension. Vulnerabilities in dependencies—though not directly impacting Passbolt—have been addressed as well.

As one of the final updates in the v4 series, this version prepares administrators for v5. While v4.11.0 does not require PHP 8.2, v5 will. We recommend beginning to plan or upgrade PHP to ensure a smooth transition. If a server migration is needed, please consult the online documentation.

Thank you to the community for your feedback and support.

[4.11.0] - 2025-01-30

Added

• PB-35761 As an administrator I receive an email if zero_knowledge_key_share is set to true and a new user completed the setup
• PB-36558 As an administrator I can mark metadata_keys as expired
• PB-35986 As an administrator I can share missing metadata private keys for users that needs them
• PB-35925 As an administrator I can see if users are missing access to metadata keys
• PB-37069 As an administration I can run a command to share metadata private keys with users that need them
• PB-37068 As a user I can see if I am missing metadata keys
• PB-36600 As an administrator I should be notified when an administrator expires a metadata key
• PB-35418 As an administrator I should receive an email notification when a metadata key is deleted
• PB-37361 As an administrator I can rotate metadata keys encrypting resources metadata
• PB-37697 As an administrator I can upgrade resources to v5 format
• PB-35927 As an administrator I can define an allow_v4_v5_upgrade metadata type settings
• PB-35923 As an administrator I cannot add a new metadata key if there is only 2 that are active
• PB-34463 As an administrator I cannot reuse metadata keys as the account recovery key
• PB-35929 Update edit resource to support allow_v4_v5_upgrade settings
• PB-35932 Update edit folders to support allow_v4_v5_upgrade settings

Fixed

• PB-37719 Fix resource types index controller should not return deleted resource types per default
• PB-36925 Cast configure usage to avoid fatal type error on missing fullBaseUrl
• PB-36576 Fix as a user I cannot create or edit a tag with an expired or deleted metadata key
• PB-37097 Fix prevent to use v5 resource_type_ids if v5 flag is off
• PB-36930 Fix some email sentences not translated and markers errors in translation
• PB-37096 Fix healthcheck relying on symfony/process should fail gracefully in case of process run exception (GITHUB #531)
• PB-36989 Fix namespace composer warnings
• PB-37343 Fixes postgres dump by adding PGPASSWORD env since .pgpass is not generated on the passbolt installation
• PB-38026 As an administrator running the cleanup command I should not see issues on soft deleted groups
• PB-38261 Fix always failing IsNotAccountRecoveryFingerprintRule for metadata keys
• PB-38262 Fix always failing metadata key creation when zero-knowledge is disabled, and no metadata keys are present

Security

• PB-37974 Upgrade CakePHP to v4.5.9
• PB-38166 Passbolt app router should not fall back on Host header if full-base url is not set

Maintenance

• PB-35785 Upgrade psalm/phpstan to latest version as applicable
• PB-35119 Fix tests failing when full base url is not-https
• PB-37000 Fix bug of wrong relation for Rbacs to Log.Actions.
• PB-37072 Fix LatestVersionApplicationHealthcheck test failing due to github not reachable
• PB-37071 Fix PHPUnit 10 deprecations
• PB-36237 Fix frequently failing TOTP setup/verify tests
• PB-38184 Fix synk vulnerability for nesbot/carbon PHP Remote File Inclusion

Strange Fruit

Release song: https://youtu.be/649wWWkW_1o?si=rSKbGFqR8irz0OOG

Passbolt API version v4.10.1 fixes a critical issue introduced in v4.10.0 where mobile applications were not showing any passwords after the passbolt API update.

We would like to express our appreciation to the community for raising the issue. Thank you for your support & understanding.

[4.10.1] - 2024-11-26

Fixed

• PB-37010 Fix v5 resource types should not be returned if v5 flag is disabled
• PB-37011 Fix session keys creation modified date validation to match ISO 8601 format

Baianá

Release song: https://www.youtube.com/watch?v=2YdC0GshApE

Passbolt v4.10.0 is a maintenance update that prepares for the upcoming v5 release, introducing beta support for the v5 resource type format within the v4 user interface and addressing reported issues.

This release is particularly valuable for maintainers of clients or integrations, offering an early preview of the v5 resource type format to aid in planning for future adaptations. While previous content types will remain supported until version 6, the new content types expand functionality, empowering technical teams to manage a broader range of credentials. Stay tuned—a blog article will be released soon to explain how to enable v5 support and begin testing your integrations.

Thank you to our community for your continued support.

[4.10.0] - 2024-11-20

Added

• PB-34458 Add v5 config flag PASSBOLT_V5_ENABLED
• PB-34459 Add metadata plugin
• PB-34450 Update resources table with metadata fields
• PB-34455 Update comments table with data field
• PB-34452 Update folders table with metadata fields
• PB-34454 Create metadata_private_keys table
• PB-34453 Create metadata_session_keys table
• PB-34456 Create metadata_keys table
• PB-34446 Add new resource_types entries for v5 resource types
• PB-34448 Update resource_types table to add deleted field
• PB-34472 Add GET/POST /metadata/settings.json endpoints
• PB-34465 Add MetadataPrivateKey entity
• PB-34466 Add MetadataPrivateKeysTable table
• PB-34460 Add MetadataKey entity
• PB-34462 Add MetadataKeysTable table
• PB-34461 As a logged-in user the settings.json provides information on the metadata plugin
• PB-34464 Cache key info in public key validation service for a single request
• PB-34467 Add POST /metadata/keys.json endpoint
• PB-34471 Add GET /metadata/keys endpoint
• PB-35259 Update support for created_by and modified_by for metadata keys
• PB-35163 Update DELETE /groups/.json to support v5 resource format
• PB-35162 Update DELETE /users/.json endpoint to clean up metadata private & session keys
• PB-35119 Add setup complete controller test (v5 key sharing)
• PB-35119 Start integration of user setup complete with v5 requirements
• PB-35122 Add support for v5 create, update resource entities
• PB-35152 Add DELETE /metadata/session-keys/.json endpoint
• PB-35151 Add POST /metadata/session-keys.json endpoint
• PB-35150 Add GET /metadata/session-keys.json endpoint
• PB-34611 Add DELETE/PUT /resource-types/.json endpoint
• PB-35365 Update POST /share/folders/.json to support v5 logic
• PB-35363 Update GET /folders/.json to support v5 format
• PB-35363 Update GET /folders.json to support v5 format
• PB-35921 Add API endpoint PUT /metadata/session-keys/.json
• PB-35368 As a developer I can run a command to create metadata private key & share it with all users
• PB-35362 Update PUT /folders/.json to support v5 format
• PB-35361 Update POST /folders.json to support v5 format
• PB-35120 Add healthcheck to try to decrypt the server metadata private key entry for the shared key
• PB-35165 Update POST /share/resources/.json to support v5 logic
• PB-35166 Update email notification template to not include metadata (name, uri, etc.)
• PB-35166 Update POST /share/simulate/resources/.json to support v5 logic
• PB-35157 Email changes for resources changes for V5
• PB-35157 Add validation for metadata fields
• PB-35160 Update GET /resources.json endpoint to support v5 format
• PB-35275 Add edit and create individual metadata private key endpoints
• PB-35171 Create a Service and CLI task to migrate v4 to v5 resources
• PB-35272 Add server settings to prevent edition of metadata settings and key
• PB-35260 Add signature verification for metadata private key sharing service
• PB-35277 As an administrator I must receive an email notification when a metadata key is added
• PB-35276 As an administrator I must receive an email notification when the metadata settings are updated
• PB-35751 As an administrators I can update the metadata settings using command line
• PB-35748 As an administrator I can run a command to migrate all the items to v5 format
• PB-35747 As an administrator I can run a command to migrate the folders to v5 format
• PB-35756 Update resource create endpoint to throw an error if allow_usage_of_personal_keys is set to false and personal key is used
• PB-35758 Update folders create/update endpoints to throw an error if allow_usage_of_personal_keys is set to false and personal key is used
• PB-35928 Add allow_v5_v4_downgrade to metadata types settings
• PB-35945 Add static method to cache and reuse MetadataTypesSettingsGetService results
• PB-35946 Add static method to cache and reuse MetadataKeysSettingsGetService results
• PB-35930 Update edit resource to support allow_v5_v4_downgrade settings
• PB-35931 Update edit folders to support allow_v5_v4_downgrade settings
• PB-35937 Add allow_v5_v4_downgrade settings to passbolt update_metadata_types_settings command
• PB-35084 Add the distribution/gpg information in the health-check
• PB-35866 Add OperatingSystemHealthcheck for 32 vs 64 bit
• PB-36228 ResourceCreateController should populate empty metadata_key_id if key type is user_key
• PB-36280 Add created_by and modified_by to metadata keys index service
• PB-34080 As an admin running the passbolt cleanup, I should delete duplicate resources_tags entries
• PB-36516 Add populatedMetadataUserKeyId request data massaging to folder create and update
• PB-36515 Add populatedMetadataUserKeyId request data massaging to resource edit
• PB-36558 Add baseline support for metadata key expiry
• PB-35085 Add TimeSyncHealthcheck for system clock sync status
• PB-36574 As a user I can delete a metadata key that is expired and not in use

Improved

• PB-34609 Adds is-deleted filter and resources_count contain to ResourceTypesIndexController.php

Security

• PB-35882 Bump cakephp/twig-view to 1.3.1 to get rid of twig security vulnerability warning
• PB-36609 Bump twig/twig composer package to v3.11.2
• PB-36609 Bump symfony/process composer package to v5.4.46

Fixed

• PB-34189 Fix 500 on GET resources.json when passing 1 as parameter to some filters
• PB-35173 As a logged-in user I should not get a 500 if the folder does not exist
• PB-34481 Fix 500 error on /mfa/verify/{provider}.json on account with no 2FA set up
• PB-35669 Fix GenerateOpenPGPKeyService should default to GNUPGHOME environment variable if set
• PB-35724 Fix GenerateOpenPGPKeyService should generate key with empty passphrase
• PB-35709 Fix theme back to default randomly after refresh or navigation
• PB-35849 Fix API app does not update "Last logged in" time
• PB-35980 Fix has-parent filter returning duplicate resources (GITHUB #523)
• PB-36208 Fix LogFolderWritableHealthcheck help text paths

Maintenance

• PB-34399 Bump singpolyma/openpgp-php package to v0.7
• PB-34305 Upgrade lockfile-lint library on passbolt_api package-lock.json
• PB-34306 Upgrade openpgp library on passbolt_api package-lock.json
• PB-33333 Refactor GroupUpdateControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesDeleteControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesUpdateControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesViewControllerTest to use Fixture Factories
• PB-33332 Refactor resource index controller test
• PB-22603 Refactor resources share service test with factories
• PB-33331 Add missing test cases for RecoverCompleteService
• PB-35433 Fix phpcs config to allow per file fixing in IDE
• PB-33330 Add missing test cases for SetupCompleteService
• PB-33329 Add missing test cases for RecoverAbortService
• PB-35777 Remove cloaking !empty() around method calls
• PB-35856 Fix up editorconfig for composer.json editing
• PB-35918 Bump composer/composer package to 2.8.1
• PB-34234 CI changes to use downstream repo
• PB-36605 Fix testVersionCommand_Compare_With_ChangeLogs failing test
• PB-35763 Refactor resource tags add controller
• PB-36607 Bump cakephp/cakephp composer package version to 4.5.7

Baianá

Release song: https://www.youtube.com/watch?v=2YdC0GshApE

Passbolt v4.10.0 Release Candidate is a maintenance update of preparatory work for the incoming v5 and addresses reported issues. Specifically, it brings the codebase to ease the later encryption of the resource metadata.

Thank you to the community for reporting the issues.

[4.10.0-rc.1] - 2024-11-14

Added

• PB-34458 Add v5 config flag PASSBOLT_V5_ENABLED
• PB-34459 Add metadata plugin
• PB-34450 Update resources table with metadata fields
• PB-34455 Update comments table with data field
• PB-34452 Update folders table with metadata fields
• PB-34454 Create metadata_private_keys table
• PB-34453 Create metadata_session_keys table
• PB-34456 Create metadata_keys table
• PB-34446 Add new resource_types entries for v5 resource types
• PB-34448 Update resource_types table to add deleted field
• PB-34472 Add GET/POST /metadata/settings.json endpoints
• PB-34465 Add MetadataPrivateKey entity
• PB-34466 Add MetadataPrivateKeysTable table
• PB-34460 Add MetadataKey entity
• PB-34462 Add MetadataKeysTable table
• PB-34461 As a logged-in user the settings.json provides information on the metadata plugin
• PB-34464 Cache key info in public key validation service for a single request
• PB-34467 Add POST /metadata/keys.json endpoint
• PB-34471 Add GET /metadata/keys endpoint
• PB-35259 Update support for created_by and modified_by for metadata keys
• PB-35163 Update DELETE /groups/.json to support v5 resource format
• PB-35162 Update DELETE /users/.json endpoint to clean up metadata private & session keys
• PB-35119 Add setup complete controller test (v5 key sharing)
• PB-35119 Start integration of user setup complete with v5 requirements
• PB-35122 Add support for v5 create, update resource entities
• PB-35152 Add DELETE /metadata/session-keys/.json endpoint
• PB-35151 Add POST /metadata/session-keys.json endpoint
• PB-35150 Add GET /metadata/session-keys.json endpoint
• PB-34611 Add DELETE/PUT /resource-types/.json endpoint
• PB-35365 Update POST /share/folders/.json to support v5 logic
• PB-35363 Update GET /folders/.json to support v5 format
• PB-35363 Update GET /folders.json to support v5 format
• PB-35921 Add API endpoint PUT /metadata/session-keys/.json
• PB-35368 As a developer I can run a command to create metadata private key & share it with all users
• PB-35362 Update PUT /folders/.json to support v5 format
• PB-35361 Update POST /folders.json to support v5 format
• PB-35120 Add healthcheck to try to decrypt the server metadata private key entry for the shared key
• PB-35165 Update POST /share/resources/.json to support v5 logic
• PB-35166 Update email notification template to not include metadata (name, uri, etc.)
• PB-35166 Update POST /share/simulate/resources/.json to support v5 logic
• PB-35157 Email changes for resources changes for V5
• PB-35157 Add validation for metadata fields
• PB-35160 Update GET /resources.json endpoint to support v5 format
• PB-35275 Add edit and create individual metadata private key endpoints
• PB-35171 Create a Service and CLI task to migrate v4 to v5 resources
• PB-35272 Add server settings to prevent edition of metadata settings and key
• PB-35260 Add signature verification for metadata private key sharing service
• PB-35277 As an administrator I must receive an email notification when a metadata key is added
• PB-35276 As an administrator I must receive an email notification when the metadata settings are updated
• PB-35751 As an administrators I can update the metadata settings using command line
• PB-35748 As an administrator I can run a command to migrate all the items to v5 format
• PB-35747 As an administrator I can run a command to migrate the folders to v5 format
• PB-35756 Update resource create endpoint to throw an error if allow_usage_of_personal_keys is set to false and personal key is used
• PB-35758 Update folders create/update endpoints to throw an error if allow_usage_of_personal_keys is set to false and personal key is used
• PB-35928 Add allow_v5_v4_downgrade to metadata types settings
• PB-35945 Add static method to cache and reuse MetadataTypesSettingsGetService results
• PB-35946 Add static method to cache and reuse MetadataKeysSettingsGetService results
• PB-35930 Update edit resource to support allow_v5_v4_downgrade settings
• PB-35931 Update edit folders to support allow_v5_v4_downgrade settings
• PB-35937 Add allow_v5_v4_downgrade settings to passbolt update_metadata_types_settings command
• PB-35084 Add the distribution/gpg information in the health-check
• PB-35866 Add OperatingSystemHealthcheck for 32 vs 64 bit
• PB-36228 ResourceCreateController should populate empty metadata_key_id if key type is user_key
• PB-36280 Add created_by and modified_by to metadata keys index service
• PB-34080 As an admin running the passbolt cleanup, I should delete duplicate resources_tags entries
• PB-36516 Add populatedMetadataUserKeyId request data massaging to folder create and update
• PB-36515 Add populatedMetadataUserKeyId request data massaging to resource edit
• PB-36558 Add baseline support for metadata key expiry
• PB-35085 Add TimeSyncHealthcheck for system clock sync status
• PB-36574 As a user I can delete a metadata key that is expired and not in use

Improved

• PB-34609 Adds is-deleted filter and resources_count contain to ResourceTypesIndexController.php

Security

• PB-35882 Bump cakephp/twig-view to 1.3.1 to get rid of twig security vulnerability warning
• PB-36609 Bump twig/twig composer package to v3.11.2
• PB-36609 Bump symfony/process composer package to v5.4.46

Fixed

• PB-34189 Fix 500 on GET resources.json when passing 1 as parameter to some filters
• PB-35173 As a logged-in user I should not get a 500 if the folder does not exist
• PB-34481 Fix 500 error on /mfa/verify/{provider}.json on account with no 2FA set up
• PB-35669 Fix GenerateOpenPGPKeyService should default to GNUPGHOME environment variable if set
• PB-35724 Fix GenerateOpenPGPKeyService should generate key with empty passphrase
• PB-35709 Fix theme back to default randomly after refresh or navigation
• PB-35849 Fix API app does not update "Last logged in" time
• PB-35980 Fix has-parent filter returning duplicate resources (GITHUB #523)
• PB-36208 Fix LogFolderWritableHealthcheck help text paths

Maintenance

• PB-34399 Bump singpolyma/openpgp-php package to v0.7
• PB-34305 Upgrade lockfile-lint library on passbolt_api package-lock.json
• PB-34306 Upgrade openpgp library on passbolt_api package-lock.json
• PB-33333 Refactor GroupUpdateControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesDeleteControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesUpdateControllerTest to use Fixture Factories
• PB-33332 Refactor ResourcesViewControllerTest to use Fixture Factories
• PB-33332 Refactor resource index controller test
• PB-22603 Refactor resources share service test with factories
• PB-33331 Add missing test cases for RecoverCompleteService
• PB-35433 Fix phpcs config to allow per file fixing in IDE
• PB-33330 Add missing test cases for SetupCompleteService
• PB-33329 Add missing test cases for RecoverAbortService
• PB-35777 Remove cloaking !empty() around method calls
• PB-35856 Fix up editorconfig for composer.json editing
• PB-35918 Bump composer/composer package to 2.8.1
• PB-34234 CI changes to use downstream repo
• PB-36605 Fix testVersionCommand_Compare_With_ChangeLogs failing test
• PB-35763 Refactor resource tags add controller
• PB-36607 Bump cakephp/cakephp composer package version to 4.5.7

Rebelion

Release song: https://www.youtube.com/watch?v=W8PTWqE2SVw

Passbolt is pleased to announce the immediate availability of version v4.9.1.

Passbolt v4.9.1 is a maintenance update that fixes issues reported by the community.
Among other fixes, this version addresses a compatibility issue with the PostgreSQL database, where users encountered
difficulties sharing passwords with users or groups when different cases were involved in their names.

Additionally, system administrator tools have been improved to better handle the purge of action logs on large datasets.

We would like to express our appreciation to the community for their assistance in improving Passbolt!

[4.9.1] - 2024-08-13

Fixed

• PB-34220 As a user I can search by users and groups case insensitively on PostgreSQL

Improved

• PB-34246 As an administrator purging the action logs table, I can set a limit option (100k per default)
• PB-34247 Adds a set of actions to be purged by the passbolt action_logs_purge command
• PB-33939 As an administrator when running bin/cake passbolt -h, I should see all the passbolt commands listed

Maintenance

• PB-32991 Optimizes CI pipeline run time on api repositories
• PB-34219 Adds validation to retention days option in the action_logs_purge command
• PB-33333 Refactor various tests to use fixture factories