Web

Added warnings during upload of an attachment via the ATTACHMENTS pop-up:

The same behavior applies when uploading a file in a New Share.

Removed the password hint field wherever it was used: account registration page, login page, and password change page.

Updated the Custom Vault timeout field to accept values between 5 minutes and 8 hours. Removed the “1 minute” option and added an “8 hours” option to the Vault timeout dropdown.

Limited the number of characters that can be used in the Name field.

Added the ability to view passkey info for a login item

Added documentation for Bravura Safe deployment

Added ability to reset a password without setting an expiration:

A user with the "Manage account recovery" permission (i.e., an Admin or Owner or other user with custom permission) can now access a new Master password reset tab on the Edit member screen. From this tab, you can set the password to be randomized (or not) by checking the Force password reset option, which is checked by default. This option determines whether or not an expiration is set as a result of a password reset performed by this user.

Fixed the ability to log in with SSO when accepting an invitation to a team.

Added policy to bypass personal two-step login when using SSO.

Log in with device added.

Fixed SAML error pages to show meaningful messages when single-sign on failures occur.

Fixed issue where the stated 1.8GB max file size attachment uploads are not respected.

Sync the recent Content-Security-Policy changes from upstream with the SaaS Terraform nginx configuration.

When updating a password (admin or user reset) any error message regarding its length now contains the correct minimum length accepted by the corresponding policy.

The check for data breaches option is now set and disabled by default.

Expanded maximum share file upload size from 500 MB to 1.8 GB.

Changed the X-XSS-Protection header to the recommended value. For any existing deployments, the configuration must be updated manually to set X-XSS-Protection to "0".

Tightened Content-Security-Policy HTTP header; set 'self' for form-action and frame-ancestors as neither inherit from the default policy.

Improved security of Strict-Transport-Security HTTP header to recommended value of 2 years.

Updated Bravura Safe with Bitwarden code matching BW version 2022.12.0.

Set default KDF iterations for new accounts to 600000.

Added HYPR configuration and HYPR two-factor login.

Added server integration for Hypr configuration.

Added server communication to initiate Hypr authorization via app.

New environment variable globalSettings__hypr__sKey required for generating signatures.

The following default policies are applied when creating an Enterprise team.

Labels (badges) were added to the My Safe Items view to indicate which team the record belongs to.

Added ability to deactivate a Team member.

An additional drop-down control was added to the Team view, allowing you to switch between Teams.

Settings was replaced by Teams on the top menu of the application.

My Account menu option was renamed to the Account Settings option in the Logout menu.

Account Settings were slightly reorganized:

Removed the ability to leave the team (Only owners of a team can leave the team).

Fixed an issue where Bravura Safe cannot be unlocked after browser restart.

Fixed an issue where console error occurs when click Exposed Passwords Report report inside a team.

Fixed an issue where the Copy Verification Code button was inactive for owners and admins on the Team page.

Added SSO functionality for Bravura Safe Web.

Added two types of teams, enterprise and normal teams.

Team owners can now change name of their teams.

Added AWS WAF firewall for Bravura Safe Web.

Fixed issue with missing icon in the password history button.

Fixed scrolling in long list of teams

Username generator was added.

The names of the reports have been changed.

Fixed the problem with the "Two-Step Login" policy not hiding from group when "2fa" checkbox is switched off in the Admin IU.

Increased team's default number of seats to 1000000.

Change the option text from "Move Selected" to "Move Selected to Folder".

ALL items in filter panel now switch to bold type when they are selected.

After a team member creates a login item with a TOTP for a team, the Copy verification code quick button is not accessible in the team view.

This issue applies only for users with owner, admin and custom type with Edit Any Collection admin permission and only for Team view.

They can still copy the verification code in Edit item page or from "My Safe" page.

An admin or owner of a team should be able to access and manage all collections in the team. But after configuring This user can access only the selected collections , they only can access those selected collections.

The master password is not prompted when clicking the linkable name of an item with Master password re-prompt enabled

Removed Gravatars option from Settings > Options page.

Renamed organizations to teams.

Fixed an issue where the Folder/Collection name with long text did not wrap.

Renamed Send to Share.

Added expiry dates to cached resources to improve performance and upgrades.

Added support for the following languages:

Drop-down items are now visible in the dark mode.

Fixed "Lock" to properly lock your Safe.