What's Changed

This is a minor bugfix release that addresses autofill issues in the browser extension autofill, which no longer worked for some websites such as Reddit and Microsoft login pages. This was caused by a regression introduced in 0.27.1.

🚀 New Features

• Update Android boot screen to have a transparent icon and translated UI tweaks by @lanedirt in #1820

🐞 Bug Fixes

• Fix browser extension autofill issues introduced due to changes in 0.27.1 by @lanedirt in #1822

Full Changelog: 0.27.1...0.27.2

What's Changed

This minor release includes bug fixes and small improvements. We’ve improved the reliability of browser extension form detection and 2FA autofill, updated translations, and resolved several reported issues.

Feel free to join our Discord community if you want to stay up-to-date on the project, have any questions or run into any issues.

🚀 New Features

• Improve 2FA autofill field detection in browser extension by @lanedirt in #1789
• Add haptic feedback to mobile app primary actions by @lanedirt in #1803
• Add TOTP copy option to mobile app items list long press context menu by @lanedirt in #1805
• Make browser extension passkey auth flow look at full domain including subdomain by @lanedirt in #1807
• Add password visibility toggle to native mobile app password unlock view by @lanedirt in #1810
• New Crowdin updates by @lanedirt in #1781

🐞 Bug Fixes

• Make admin light/dark mode toggle show target state instead of current state by @lanedirt in #1794
• Browser extension save credential prompt does not always show during login redirect by @lanedirt in #1796
• Prevent multiple taps in mobile app from causing duplicate navigation by @lanedirt in #1798
• Add toggle to expand session name in mobile app active sessions screen by @lanedirt in #1814
• Tweak mobile app confirm modal UI to support longer text due to translations by @lanedirt in #1815
• Improve biometric unlock error flow in Android in case it fails due to changed fingerprints/faces by @lanedirt in #1816

🧩 Dependencies Updates

• Bump the npm_and_yarn group across 5 directories with 1 update by @dependabot[bot] in #1787
• Bump minimatch from 3.1.2 to 3.1.5 in /apps/browser-extension in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1790
• Bump the npm_and_yarn group across 5 directories with 2 updates by @dependabot[bot] in #1792
• Bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in #1811
• Bump the npm_and_yarn group across 2 directories with 2 updates by @dependabot[bot] in #1813
• Bump the nuget group with 1 update by @dependabot[bot] in #1817

Full Changelog: 0.27.0...0.27.1

What's Changed

Welcome to AliasVault v0.27.0 🎉

This release focuses on improving the day-to-day usage of AliasVault: it adds various new features to the browser extension like automatically saving credentials while you browse and enabling autofill of 2FA TOTP tokens. This release also contains several bugfixes and misc. tweaks to the other AliasVault apps.

Highlighted new features/improvements

Browser extension:

• Automatically prompt to save credentials and/or update URL when (manually) logging in to a new website.
  • Note: This feature was silently added in 0.26.4, has since been improved and is now enabled by default.
• You can now autofill 2FA TOTP tokens via the browser extension
• Edit 2FA TOTP tokens after creation and view secret QR code (applies to all apps)
• Improve browser extension day-to-day usage:
  • When opening the extension, it now immediately shows any matching credentials for the current website
  • Typing in a search query, opening a credential, and then clicking back: now remembers search query
  • Improved autofill field detection to work more accurate on even more websites

Other:

• Add 2FA TOTP codes in mobile app via new built-in QR code scanner
• Improve search across all apps
• Improve self-hosted installation, fixing issues where services were not starting automatically on fresh installs
• Fixes many reported bugs in web app, browser extension and mobile apps

🚀 New Features

• Add 2FA TOTP filter option to item filter dropdown by @lanedirt in #1725
• Add autofill for TOTP 2FA tokens in browser extension by @lanedirt in #1728
• Add browser extension save login prompt "add url to existing credential" option by @lanedirt in #1730
• Update 2FA TOTP display to add space in between digit groups by @lanedirt in #1736
• Tweak browser extension and mobile app sync indicator to only show when actual sync happens by @lanedirt in #1738
• Open matched credential in browser extension by default for current tab when opening popup by @lanedirt in #1741
• #1744 Update development guide docs to include Rust/WASM by @daniloguimaraes in #1745
• Tweak browser extension search so it finds results regardless of order of words by @lanedirt in #1755
• Remember search query in browser extension and mobile app when pressing back on item details page by @lanedirt in #1753
• Improve browser extension autofill field detection by @lanedirt in #1757
• Update browser extension formDetector logic to better support input fields with CSS transitions by @lanedirt in #1764
• Allow to copy/share credential URL from mobile app when long-pressing by @lanedirt in #1766
• Allow viewing and editing of stored TOTP/2FA secrets by @lanedirt in #1768
• Add support for autofilling 2FA/TOTP code in iOS via "select text to insert" autofill flow by @lanedirt in #1773
• Enable "save login to aliasvault" prompt in browser extension by default by @lanedirt in #1785

🐞 Bug Fixes

• Fix mobile app unlock flow causing auto-locked vault to show empty vault contents error by @lanedirt in #1727
• Fix self-hosted SMTP service incorrectly marked as soft stopped on fresh install by @lanedirt in #1759
• Fix folder sort in web app to be case insensitive by @lanedirt in #1761
• Make iOS quick autofill show full domain that proposed credential is associated with by @lanedirt in #1769
• When creating a new item when inside a folder in mobile app, preselect that folder by @lanedirt in #1771
• iOS autofill credential selection screen search should work same as main app search by @lanedirt in #1775
• Mobile unlock doesn't work if only password unlock is enabled by @lanedirt in #1780
• Fix error when logging into mobile app when no device passcode is set by @lanedirt in #1783

🧩 Dependencies Updates

• Bump tar from 7.5.7 to 7.5.9 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1733
• Bump nokogiri from 1.18.9 to 1.19.1 in /docs in the bundler group across 1 directory by @dependabot[bot] in #1746
• Bump the npm_and_yarn group across 2 directories with 1 update by @dependabot[bot] in #1751
• Bump minimatch from 3.1.2 to 3.1.4 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1779

New Contributors

• @daniloguimaraes made their first contribution in #1745

Full Changelog: 0.26.6...0.27.0

What's Changed

Additional bugfix release that resolves an issue that could occur when opening the web app in Firefox. This was caused by the recent .NET 9 to .NET 10 upgrade in 0.26.4.

The previous 0.26.5 release already fixed this issue for Chromium browsers, but introduced a regression for Firefox. This additional release now fixes the issue for all browsers.

Note: This update applies to the server only. There are no changes to the client applications.

🐞 Bug Fixes

• Web app in Firefox does not load (gets stuck in reload loop) due to incorrect importmap order by @lanedirt in #1743

What's Changed

Bugfix release that resolves an issue introduced in version 0.26.4 after upgrading dependencies from .NET 9 to .NET 10. The problem primarily affected self-hosted environments.

Note: This update applies to the server only. There are no changes to the client applications.

🐞 Bug Fixes

• Tweak web app cache busting to prevent potential loading errors and reload loops by @lanedirt in #1732

What's Changed

This release brings various new quality-of-life tweaks to all apps, many which were suggested by the community. It also contains several bugfixes and new localization language options for both the apps and identity generator.

Highlighted new features/improvements

• Automatically prompt to save credentials in the browser extension when manually logging in to a new website.
  • Note: This feature is currently disabled by default to allow for further testing. You can enable it manually via: "Extension Settings → Autofill Settings → Save Login Prompt". If the prompt does not appear for you on a specific website, or if you encounter any other issues, please open an issue on GitHub so we can further improve compatibility.
• Add option to manually change sort order of custom fields in web app, browser extension and mobile app by dragging the field
• Added Danish language option to all apps and identity generator.
• Upgrade all server apps from .NET 9 to latest .NET 10 (Web app, API, Admin, Services)
• Increase password generator max length from 64 chars to 256 chars

This release also fixes multiple bugs and adds stability tweaks, see more details below.

🚀 New Features

• Add feature to offer to save login credentials after login in browser extension by @lanedirt in #1700
• Change order of custom fields via drag-and-drop by @lanedirt in #1675
• Upgrade hosted server apps from .NET 9 to .NET 10 by @lanedirt in #1354
• Add Danish language to identity generator by @lanedirt in #1678
• New Crowdin updates by @lanedirt in #1671
• Add Danish language to all apps by @lanedirt in #1679
• Add password confirm dialog to vault export in web app and mobile app by @lanedirt in #1688
• Add option to automatically close vault unlock success popup in browser extension by @lanedirt in #1690
• Increase password generator length slider to max 256 chars by @lanedirt in #1702
• Do not clear selfhosted URL on iOS mobile app logout by @lanedirt in #1704
• Improve self-hosted admin tables accessibility for mobile devices by @lanedirt in #1706
• Remember 2FA state after popup close/reopen during browser extension login by @lanedirt in #1708
• Reduce web app start screen margins for mobile displays by @lanedirt in #1710
• Add minify to web app index.html by @lanedirt in #1713
• Add public key verification to mobile unlock flow by @lanedirt in #1718

🐞 Bug Fixes

• Add automatic reload to web app when detecting outdated local client side files (needed for dotnet 10 upgrade) by @lanedirt in #1681
• Update passkey create wizard to also work for websites that do not provide rpId (e.g. Mastodon web) by @lanedirt in #1686
• Fix mobile unlock flow which could cause session expired notices in some usecases by @lanedirt in #1691
• Fix browser extension autolock not always firing for Chromium browsers by @lanedirt in #1692
• Improve mobile app error reporting to be more specific for login/unlock sequence by @lanedirt in #1699
• Fix browser extension autofill not showing up if ad-blockers are enabled (e.g. Brave Shield) by @lanedirt in #1716
• Tweak RPO recovery for browser extension and mobile app to prevent login errors by @lanedirt in #1720
• Fix account deletion not working in mobile app for newly created accounts by @lanedirt in #1722

🧩 Dependencies Updates

• Bump faraday from 2.12.1 to 2.14.1 in /docs in the bundler group across 1 directory by @dependabot[bot] in #1670
• Bump qs from 6.14.1 to 6.14.2 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1697

Full Changelog: 0.26.3...0.26.4

What's Changed

This release builds on top of the recent major 0.26.0 update with many additional quality-of-life improvements and stability fixes, many of which were suggested by the community. This release also introduces new localization language options for both the apps and identity generator.

Highlighted new features/improvements

• Added TLS support for email server on cloud-hosted environment which improves security and email deliverability. Also added instructions to docs.aliasvault.net for how to set this up for self-hosted environments.
• Added new importers: RoboForm, Microsoft Edge, Enpass.
• Added Swedish language option to all apps.
• Added French, Swedish and Urdu languages to the identity generator.
• Add option to show all item regardless of folders (new checkbox "folders" in items dropdown)

This release also fixes numerous bugs, see more details below.

🚀 New Features

• Add multi-url import support to all importers (including Bitwarden) by @lanedirt in #1603
• Add RoboForm importer by @lanedirt in #1604
• Add option to show all items regardless of folders by @lanedirt in #1609
• Improve browser extension autofill login form detector by @lanedirt in #1615
• Update web app to use Login as default item type to match other platforms by @lanedirt in #1616
• Execute browser extension sync in background and improve indicator by @lanedirt in #1618
• Improve browser extension and mobile app logging by @lanedirt in #1623
• Add TLS support to SmtpService compatible with Docker by @lanedirt in #1624
• Make save and cancel buttons always visible in web app item add/edit page by @lanedirt in #1630
• Add install.sh restart [container] option to restart a single container by @lanedirt in #1636
• Add French, Swedish and Urdu languages to identity generator by @lanedirt in #1647
• Add Microsoft Edge import option by @lanedirt in #1648
• Add Enpass import option by @lanedirt in #1650
• Add Swedish language option to all apps by @lanedirt in #1654
• Show folder for search results in mobile app by @lanedirt in #1666

🐞 Bug Fixes

• Add border padding around generated QR codes for improved scanning by @lanedirt in #1592
• Make item sort options also visible in mobile app folder view by @lanedirt in #1594
• Fix attachments/totpcodes/passkey mutations in web app to not be committed immediately by @lanedirt in #1597
• Make item sort options show up in mobile app folder views by @lanedirt in #1599
• Always show filter dropdown with link to recently deleted items, even when vault is empty by @lanedirt in #1602
• Fix Android attachment upload by @lanedirt in #1600
• Email preview text sometimes shows html encoded characters by @lanedirt in #1610
• Ignore ports in autofill matching in Android as these are not provided by Android by @lanedirt in #1626
• Fix self-hosted connection failed log messages on IPv6 enabled hosts by @lanedirt in #1628
• Fix favicon extraction in mobile apps by @lanedirt in #1631
• Improve browser extension autofill trigger to work on more websites by @lanedirt in #1632
• Fix bug in import flow to prevent UI resets when importing 500+ credentials and apply favicon reuse by @lanedirt in #1638
• Fix issue where browser extension would logout on network error instead of staying in offline mode by @lanedirt in #1651
• Fix translations in iOS credential selection long press context menu by @lanedirt in #1660
• Improve browser extension autofill for password autotype and single-host local domain names by @lanedirt in #1668

🧩 Dependencies Updates

• Bump the nuget group with 1 update by @dependabot[bot] in #1612
• Bump bytes from 1.11.0 to 1.11.1 in /core/rust in the cargo group across 1 directory by @dependabot[bot] in #1613
• Bump webpack from 5.101.3 to 5.105.0 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1649

Full Changelog: 0.26.2...0.26.3

What's Changed

This bugfix and feature release further stabilizes the major vault upgrade introduced in 0.26.0 and improves the overall mobile experience. It also includes several usability improvements, UI updates, and expanded language support.

Thanks to the fast feedback from the community, we were able to quickly identify and fix remaining bugs to ensure migrations are now more reliable. Feel free to join our Discord community if you want to stay up-to-date on the project, have any questions or run into any issues.

🚀 New Features

• Add public user registration disabled checks to API endpoints and web client by @lanedirt in #1555
• Add support to block specific unsupported client versions in server API by @lanedirt in #1549
• Update mobile app UI for identity generator settings by @lanedirt in #1567
• Add animations to mobile app login screen by @lanedirt in #1569
• Add item sorting options to browser extension and mobile app by @lanedirt in #1570
• Add Spanish, Romanian and Persian languages to identity generator by @lanedirt in #1572

🐞 Bug Fixes

• Mobile app 0.26.0 data migrations can result in missing TOTP and Passkeys because of stripped transactions by @lanedirt in #1577
• Android and iOS app passkey creation sometimes fails with unique constraint failed error by @lanedirt in #1575
• Browser extension should autofill email in username field as fallback by @lanedirt in #1551
• Add missing translations by @lanedirt in #1554
• Sorting in web app table view does not look at full vault content by @lanedirt in #1558
• Add explicit refresh UI state after successful vault sync by @lanedirt in #1560
• Update Docker builds to use correct target architecture to prevent problems with arm64 by @lanedirt in #1564

🔐 Security Hardening

• Improve iOS and Android authentication flow by @lanedirt in #1565 (reported by @nmochea)

Full Changelog: 0.26.1...0.26.2

What's Changed

Bugfix release which fixes (critical) issue with vault migration in 0.26.0 that caused TOTP codes and passkeys not to be migrated correctly. Also fixes issue where older apps could throw errors after having upgraded your vault.

🚀 New Features

• Improve self-hosted install.sh early script exit so the full script properly stops by @lanedirt in #1530
• Add docker image exists check before install or update by @lanedirt in #1534
• Improve docker image build speed for new releases by @lanedirt in #1532
• New Crowdin updates by @lanedirt in #1528

🐞 Bug Fixes

• Passkeys and totp codes are not correctly migrated in 0.26.0 by @lanedirt in #1540
• 0.25.3 and older clients return errors when trying to load 0.26.0 vault by @lanedirt in #1536
• Make folders show in both grid and table view modes in web app by @lanedirt in #1538

🧩 Dependencies Updates

• Bump tar from 7.5.6 to 7.5.7 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1527

Full Changelog: 0.26.0...0.26.1

What's Changed

Welcome to AliasVault v0.26.0 🎉

This is one of the biggest releases yet with a major architecture upgrade that unlocks long-requested features like custom fields, folders, new item types, history tracking, recently deleted items, and true offline vault access and editing with automatic vault merging.

Alongside these major additions, this release includes security improvements, performance optimizations, and many community-requested fixes.

Highlights of this release

1. New vault architecture (enables major features)

   • We listened to all your feedback in the last months and designed a new architecture to support all of these ideas. Thanks to this major architecture upgrade, AliasVault now supports the following new powerful features:
     • New item types (credit card, secure note)
     • Folder support (allowing you to group credentials)
     • Custom fields (store exactly what you need with easy copy/paste)
     • Field history tracking (see previous values for usernames/passwords)
     • Recently deleted items (with option to restore)

2. Full offline mode (browser extension + mobile)

   • You now have full access to your vault even without a server connection.
     • View and edit your vault completely offline
     • Changes sync automatically once you're back online
     • Built-in conflict merging in all apps and devices
     • Field-level merge logic (e.g. username changed on device A, password on device B → both are preserved)
     • Last-write-wins per field when conflicts occur

3. New language options

   • AliasVault is now also available in Romanian, which means AliasVault is now available in a total of (14) languages! A big thank you to all of our translators who continue to work very hard in adding translations for all the new (reworked) features. Do you want to help improve translations and/or make AliasVault available in your native language? Check out the AliasVault project on Crowdin and apply.
   • Added Italian as a language option to the built-in identity generator. Do you want to help make your language available to the identity generator for the alias feature? Check out this guide.

4. General improvements

   • Introduced a new cross-platform core library written in Rust, improving:
     • Sync merging reliability
     • Autofill matching accuracy
     • Shared logic consistency across all clients
   • When creating a new passkey, the wizard will now suggest existing credentials to save the passkey into (instead of creating a second duplicate entry)
   • Add new NordPass importer
   • Update all existing importers to also import credit cards and secure notes separately + folders (if there are any),

5. Bugfixes

   • Fixed issues where large vaults could throw errors when trying to open them in the browser extension
   • Favicon logos are now deduplicated, meaning duplicate credentials for the same website now share the same favicon, resulting in a smaller vault size
   • Fixed bug where changing username in self-hosted admin panel could result in login issues
   • Security hardening fixes

Read more details about this release on our blog:
https://www.aliasvault.net/news/aliasvault-0.26.0-released.

Note: as with any large update, if you encounter an issue, please report it on GitHub or join the AliasVault Discord: we actively monitor and respond quickly.

🚀 New Features

• Update datamodel to use fields based approach by @lanedirt in #1428
• UI tweaks by @lanedirt in #1466
• Cleanup translations by @lanedirt in #1470
• Usability tweaks by @lanedirt in #1476
• Update docker build to include new Rust core libraries by @lanedirt in #1484
• Add Romanian language option to all apps by @lanedirt in #1486
• Update importers to detect folders and optionally new item types by @lanedirt in #1482
• Tweak iOS autofill link in settings to go directly to correct settings screen by @lanedirt in #1503
• Fix issue where large vaults could throw quota limitation errors in browser extension by @lanedirt in #1508
• Add NordPass import method by @lanedirt in #1511
• Update installation guide by @NightFurySL2001 in #1509
• Add random string generator for email aliases when login item has no alias fields by @lanedirt in #1515
• Add confirm warning to admin when stopping services by @lanedirt in #1521

🐞 Bug Fixes

• Authentication activity could appear incomplete for some users by @lanedirt in #1490
• Firefox browser extension closes when trying to upload an attachment by @lanedirt in #1492
• Add JS bundler to web app to prevent loading errors by @lanedirt in #1494
• Fix bug where mobile app would crash because of certain SVG icon formats by @lanedirt in #1510
• Fix Android passkey creation error for certain apps like Whatsapp by @lanedirt in #1512
• Fix duplicate key value error on credential save by @lanedirt in #1514
• Fix bug where emails did not load when using a capital letter in the alias email address by @lanedirt in #1519

🔐 Security Hardening

• Disable iOS/Android native backups for AliasVault app data by @lanedirt in #1499 (reported by @nmochea)
• Fix hosted self-XSS in Notes field (reported by @dedrknex))

🧩 Dependencies Updates

• Bump react-server-dom-webpack from 19.0.2 to 19.0.3 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1431
• Bump uri from 1.0.3 to 1.0.4 in /docs in the bundler group across 1 directory by @dependabot[bot] in #1444
• Bump qs from 6.13.0 to 6.14.1 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1445
• Bump react-router from 7.6.0 to 7.12.0 in /apps/browser-extension in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1452
• Bump undici from 6.21.3 to 6.23.0 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1460
• Bump tar from 7.5.3 to 7.5.6 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1469
• Bump lodash from 4.17.21 to 4.17.23 in /apps/mobile-app in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1479
• Bump esbuild from 0.24.2 to 0.25.0 in /apps/server/AliasVault.Client in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1498

New Contributors

• @NightFurySL2001 made their first contribution in #1509

Full Changelog: 0.25.2...0.26.0