Android-Password-Store/CHANGELOG.md
Harsh Shandilya f14a0711a2
Merge branch 'release' into develop
* release:
  build: bump version
  CHANGELOG: bump for 1.13.1
  CHANGELOG: add #1170
  Minimal support for MIME secret encoding (#1170)
  Workaround AndroidX lifecycle requirements in OpenKeychain auth (#1168)
  CHANGELOG: add note about F-Droid DDG support
  autofill-parser: add DuckDuckGo's F-Droid signature
  autofill-parser: add support for multiple signatures for a single package
  CHANGELOG: add entry for auto sync rollback
  Revert "Add option to automatically sync repository on app launch (#1137)"

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-10-23 22:00:10 +05:30

15 KiB

Changelog

All notable changes to this project will be documented in this file.

Unreleased

Changed

  • Accessibility autofill has been removed completely due to being buggy, insecure and lacking in features. Upgrade to Android 8 or preferably later to gain access to our advanced Autofill implementation.

1.13.1 - 2020-10-23

Fixed

  • OpenKeychain authentication would fail with LifecycleOwner com.zeapo.pwdstore.git.GitServerConfigActivity@f578da1 is attempting to register while current state is RESUMED. LifecycleOwners must call register before they are STARTED.

Added

  • Add support for domain-level autofill in DuckDuckGo's F-Droid builds.
  • Support gopass MIME secret encoding

Changed

  • The newly added automatic synchronisation feature has been rolled back due to multiple issues with its implementation.

1.13.0 - 2020-10-22

Fixed

  • Some classes of errors would be swallowed by an unhelpful 'Invalid remote: origin' message
  • Repositories created within APS would contain invalid .gpg-id files with no ability to fix them from the app
  • Button labels were invisible in Autofill phishing warning screen
  • Unsupported authentication modes would appear briefly in the server config screen

Added

  • Add GPG key selection step to onboarding flow
  • Allow configuring an app-wide HTTP(S) proxy
  • Add option to automatically sync repository on app launch
  • Add a quickfix for invalid HTTPS URLs that contain a custom port

1.12.1 - 2020-10-13

Fixed

  • Certain operations like folder creation with GPG keys would fail with java.lang.IllegalStateException.
  • ECDSA key exchanges failed resulting in users being unable to clone repositories.

1.12.0 - 2020-09-24

Added

  • Allow sorting by recently used
  • Add Bromite, Ungoogled Chromium and Kiwi to supported browsers list for Autofill
  • Add ability to view the Git commit log
  • Allow generating ECDSA and ED25519 keys for SSH
  • Add support for multiple/fallback authentication methods for SSH
  • Add warning when the custom SSH port in a URL could potentially be ignored

Changed

  • A descriptive error message is shown if no username is specified in the Git server settings
  • Remove explicit protocol choice from Git server settings, it is now inferred from your URL
  • 'Show hidden folders' is now 'Show hidden files and folders'
  • Generated SSH keys are now stored in the Android Keystore if available, and encrypted at rest otherwise
  • Allow using device's screen lock credentials to secure generated SSH key
  • Update onboarding UI
  • Update translations

Fixed

  • Git server protocol and authentication mode are only updated when explicitly saved
  • Remember HTTPS password during a sync operation
  • Unable to use show/hide password option for password/passphrase after first attempt was wrong
  • TOTP values shown might some times be stale and considered invalid by sites
  • Symlinks are no longer clobbered by the app (only available on Android 8 and above)
  • Workaround lack of SSH connection reuse capabilities on some Git hosts like Bitbucket

1.11.3 - 2020-08-27

Fixed

  • Delete stored HTTPS password on connection errors (such as failed authentication)

1.11.2 - 2020-08-24

Fixed

  • Saving a password after creating it fails to finish commit operation
  • HTTPS authentication did not prompt users for password

1.11.1 - 2020-08-21

Fixed

  • App failed to start on Android 7 and below

1.11.0 - 2020-08-18

Added

  • Allow changing the branch used for Git operations
  • Allow setting a subdirectory key when creating folders
  • Allow adding digits/symbols in XkPasswd generated passwords using a mask-like value (dds gives you two digits and a symbol, and so on)

Changed

  • The Git repository URL can now be specified directly
  • Slightly reduce APK size
  • Always show the parent path in entries
  • Passwords will no longer be copied to the clipboard by default
  • Notify user if there was nothing to push

Fixed

  • Allow creating nested directories directly
  • I keep saying this but for real: error message for wrong SSH/HTTPS password is properly fixed now
  • Fix crash when OpenKeychain is not installed
  • Clone operation won't leave user on an empty password list upon failure
  • Cloning a new repository to external storage wouldn't work
  • UI froze for some people when deleting existing files from the external directory

1.10.3 - 2020-07-30

Fixed

  • Worked around a dependency bug that would crash the Autofill service when triggered on an OTP field

1.10.2 - 2020-07-30

Fixed

  • Properly handle cases where files contain only TOTP secrets and no password
  • Correctly hide TOTP import button when TOTP secret/OTPAUTH URL is already present in extra content
  • SMS OTP Autofill no longer crashes when invoked and correctly asks for the required permission on first use

1.10.1 - 2020-07-23

Fixed

  • Using long key IDs in .gpg-id no longer leads to a crash
  • Long key IDs and fingerprints are now correctly forwarded to OpenKeychain

Added

  • Support for multiple GPG IDs in .gpg-id
  • Creating an entry in an empty store now lets you select keys to initialize .gpg-id with

1.10.0 - 2020-07-22

Changed

  • A brand new icon to go with our biggest update ever!
  • Light theme is now a consistent white across the board with ample contrast
  • XkPassword generator is now easier to use with less configuration options
  • Edit screen now has better protection and guidance for invalid names
  • Improved biometric authentication UX on app start
  • Improved password list UI

Fixed

  • Folder names that were very long did not look right
  • Error message for wrong SSH/HTTPS password now looks cleaner
  • Fix authentication failure with usernames that contain the @ character
  • Text input boxes were illegible on dark theme
  • Top-level password names had inconsistent top margin making them look askew
  • Password Store no longer ignores the selected OpenKeychain key
  • Password export now happens in a separate process, preventing possible freezes

Added

  • TOTP support is reintroduced by popular demand. HOTP continues to be unsupported and heavily discouraged.
  • Initial support for detecting and filling OTP fields with Autofill
  • OTP codes can be automatically filled from SMS (requires Android P+ and Google Play Services)
  • Importing TOTP secrets using QR codes
  • Support for ed25519/ECDSA SSH keys
  • Navigate into newly created folders and scroll to newly created passwords
  • Support per-directory keys
  • Full pt-BR localization

1.9.2 - 2020-06-30

Fixed

  • App crashes upon launching the app for the first time

1.9.1 - 2020-06-28

Fixed

  • Remember passphrase option did not work with old-style keys (generated either before 2019 or by passing -m PEM to new versions of OpenSSH)

Added

  • Add GNU IceCatMobile to the list of supported browsers for Autofill

1.9.0 - 2020-06-21

Fixed

  • 'Draw over other apps' permission dialog opens when attempting to use Oreo Autofill
  • Old app shortcuts are now removed when the local repository is deleted

Added

  • Completely revamped decypted password view
  • Add support for better, more secure Keyex's and MACs with a brand new SSH backend
  • Allow manually marking domains for subdomain-level association. This will allow you to keep separate passwords for site1.example.com and site2.example.com and have them show as such in Autofill.
  • Provide better messages for OpenKeychain errors
  • Rename passwords and categories

Changed

  • BREAKING: Remove support for HOTP/TOTP secrets - Please use FIDO keys or a dedicated app like Aegis or andOTP
  • Reduce Autofill false positives on username fields by removing "name" from list of heuristic terms
  • Reduced app size
  • Improve IME experience with server config screen
  • Removed edit password option from long-press menu.
  • Batch deletion now does not require manually confirming for each password
  • Better commit messages on password deletion

1.8.1 - 2020-05-24

Fixed

  • Don't strip leading slash from repository paths

1.8.0 - 2020-05-23

Added

  • Allow user to abort password move when it is replacing an existing file
  • Allow setting a default username for Autofill
  • Add no authentication mode for working with public repositories

Changed

  • More UI related tweaks, changes and improvements
  • Improved error messages and internal logic for server configuration

Fixed

  • Add the following fields to encrypted username detection: user, account, email, name, handle, id, identity.
  • Improved detection of broken or incomplete git repositories
  • Better UX flow for storage permissions

1.7.2 - 2020-04-29

Added

  • Settings option to enable debug logging

Changed

  • SSH Keygen UI was improved
  • Default key length for SSH Keygen is now 4096 bits
  • Settings items were rearranged and cleaned up
  • Autofill icons in dark mode are now more legible

Fixed

  • Failure to detect if repository was not cloned which broke Git operations
  • Search results were inaccurate if root directory's name started with a dot (.)
  • Saving git username and email did not provide user-facing confirmation

1.7.1 - 2020-04-23

Fixed

  • Autofill message does not show OK button when many browsers are installed
  • Autofill message does not get marked as shown when dismissed
  • App crashes when using type-independent sort
  • Storage permission not requested when using existing external repository

1.7.0 - 2020-04-21

Added

  • Oreo Autofill support
  • Securely remember HTTPS password/SSH key passphrase

Fixed

  • Text input box theming
  • Password repository held in non-hidden storage no longer fails
  • Remove ambiguous and confusing URL field in server config menu and heavily improve UI for ease of use.

1.6.0 - 2020-03-20

Added

  • Copy implicit username (password filename) by long pressing
  • Create xkpasswd style passwords
  • Swipe on password list to synchronize repository

Fixed

  • Resolve memory leaks on password decryption
  • Can't delete folders containing a password

1.5.0 - 2020-02-21

Added

  • Fast scroller with alphabetic hints
  • UI button to create new folders
  • Option to directly start searching when opening the app
  • Option to always search from root folder regardless of the currently open folder

Changed

  • Logging is now enabled in release builds
  • Searching now shows folders as well as the passwords inside them

Fixed

  • OpenKeychain errors cause app crash

1.4.0 - 2020-01-24

Added

  • Add save-and-copy button
  • Dark theme
  • Setting to save OpenKeychain auth id
  • Add number of passwords to folders

Changed

  • Updated UI design and iconograph
  • Biometric authentication
  • Use new OpenKeychain integration library

Fixed

  • Snackbars showing behind keyboards

1.3.2 - 2018-12-23

Changed

  • Improve French translation.

Fixed

  • Extra field is multi-line.

1.3.1 - 2018-10-18

Fixed

  • Fix default sort order bug.

1.3.0 - 2018-10-16

Added

  • Allow app to be installed on external media (SD card).
  • Change password sort order.
  • Display HOTP code if present.
  • Open search view on keyboard press.

Changed

  • Use adaptive icon.
  • Password entry is more secure.
  • Clean paths on password list view.
  • Improve Chinese translation.
  • Don't show hidden files and directories.

Fixed

  • Fix clipboard clearing.
  • Wrap long passwords.

1.2.0.75 - 2018-05-31

Added

  • Add Arabic translation.
  • Warn user that remembering SSH passphrase is currently insecure.

Changed

  • Update Japanese assets.

Fixed

  • Fix elements overlapping.