* Security: Prevent loading of openssl.cnf
Prevent loading openssl.cnf from the originating vcpkg folder tree to avoid DLL injections. This patch force sets the OPENSSL_CONF and OPENSSL_MODULES env vars to an invalid directory. This prevents openssl from attempting to load a cnf file which can contain settings to load arbitrary DLL files into KeePassXC memory space.
Thank you to zdi-disclosures for reporting this finding!
* Fix font size for all platforms
* Fix font size for TOTP in preview panel
* Styles: drop Windows-specific palette overrides
* Fix encoding of EditEntryWidgetMain.ui
* Fix tab width
The 'openHelpButton' in the Auto-Type configuration widget is now
enabled whenever the main 'Enable Auto-Type for this entry' checkbox is
checked, regardless of whether a custom sequence is defined.
Previously, the help button's state depended on the custom sequence
being enabled, which was inconsistent and confusing. The help is now
available whenever the main Auto-Type feature is enabled, providing
assistance for both default and window-specific sequences.
* Fix test failure introduced by ab31a748fa (#10993)
* Fix tray hiding test failure
Introduced by 43904d87b7 (#10928), but somehow hasn't posed an issue until now.
---------
Co-authored-by: Jonathan White <support@dmapps.us>
Fixes#11998
Avoids UI lockups by removing several unnecessary mutex blocks and avoiding redundant key detection calls.
Detect Yubikeys dynamically when challenging:
Prevents issue where correct key cannot be found if the internal state was reset prior to saving
This can occur if a user has multiple tabs open and multiple keys connected. Then switches to a locked tab without their DB key inserted which resets detection state.
Side Benefit - ensures proper cascade between USB and PC/SC interfaces so users can switch between the two modes seamlessly.
This fixes a compiler error I got,
when trying to build with Botan 3.10.
A static_cast to RSA_PrivateKey was not possible,
as the base class is virtual.
Fix by using a dynamic_cast instead.
Signed-off-by: Markus Theil <theil.markus@gmail.com>
* This condition will only happen when KeePassXC is installed by MECM or similar deployment tool. This prevents accidental launch on exit if the packager forgot to set LAUNCHAPPONEXIT=0 in the msiexec call. Allowing launch on exit in these conditions would potentially allow a non-privileged user to assume the role of SYSTEM through the KeePassXC application.
* Fixes weakness reported by HackAndPwn, thank you!
Fix the issue where CSV export/import creates nested root groups when the database has a custom root group name.
Added comprehensive tests to verify the fix works for both custom and default root group names, and preserves existing behavior for single-level groups.
Implement heuristic approach for CSV import root group detection:
- Analyzes all CSV rows before processing to find consistent first path components
- Only skips the first component if it appears in 80% or more of paths
- Handles absolute paths (starting with "/") by ignoring them in analysis
- Preserves existing behavior when no clear common root is found
Co-authored-by: droidmonkey <2809491+droidmonkey@users.noreply.github.com>
Addendum to #12689
The previous default of 240 seconds was too low. If we enable the lock
timeout by default, we should also set a more lenient default timeout by
default.
The menubar theme detection on macOS has always been wonky, and with Liquid Glass it has become entirely useless. This removes the icon theme switch and uses the monochrome light icon as a mask until we find a better solution. This should look okay in most cases, unless the user has a very bright wallpaper.