Yopass

v14.0.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 6d Secrets & Credentials

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

encryption-decryption password-sharing sharing-secrets

Affected surfaces

auth

ReleasePort's take

Moderate signal

editorial:auto 6d

Version 14.0.0 introduces streaming encryption for file uploads with constant memory usage and adds disk and S3 storage backends.

Why it matters: Enables handling of large files without increasing memory footprint; new storage options broaden deployment flexibility in cloud environments.

Summary

AI summary

Streaming file uploads enable constant memory usage for large files, adding disk and S3 storage backends.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Adds streaming encryption and upload for file handling with constant memory usage. Adds streaming encryption and upload for file handling with constant memory usage. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Medium	Adds disk and S3 storage backend options alongside default database storage. Adds disk and S3 storage backend options alongside default database storage. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Medium	Introduces Yopass Business License with SSO, audit logging, custom branding, and configurable upload limits. Introduces Yopass Business License with SSO, audit logging, custom branding, and configurable upload limits. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Medium	Adds PUBLIC_URL environment variable to control base URL in shareable secret links. Adds PUBLIC_URL environment variable to control base URL in shareable secret links. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Medium	Changes secret keys to be base62-encoded, producing shorter URLs. Changes secret keys to be base62-encoded, producing shorter URLs. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Medium	Adds /version API endpoint exposing build-time version information. Adds /version API endpoint exposing build-time version information. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Adds Japanese (ja) locale translation. Adds Japanese (ja) locale translation. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Adds Italian (it) locale translation. Adds Italian (it) locale translation. Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix	Medium	Fixes mobile horizontal overflow on the secret result page. Fixes mobile horizontal overflow on the secret result page. Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix	Medium	Fixes QR code crash caused by React error from Rolldown CJS interop. Fixes QR code crash caused by React error from Rolldown CJS interop. Source: llm_adapter@2026-05-28 Confidence: high	—

Full changelog

This is the biggest release of Yopass since the very beginning.

Streaming File Uploads 🚀

File handling has been completely rewritten to use streaming encryption and upload. Memory
usage is now constant regardless of file size, making it practical to share large files. New
storage backend options — disk and S3 — are available in addition to the default database
storage.

Yopass Business License

Yopass now includes a business tier with features for organizations that need tighter control
over their secret sharing infrastructure. Yopass has been free and open source for over a decade and will remain open source. The business license is how I ensure it stays actively maintained and developed for the long term.

SSO Authentication — Restrict access to your Yopass instance using OIDC/SSO, ensuring only
authenticated users can create secrets
Audit Logging — Full audit trail of secret creation and retrieval events for compliance and
security monitoring
Custom Branding — Theme your Yopass instance to match your organization's identity
Custom upload limits — Ability increase file limits above 1MB.

A license can be purchased at https://yopass.se

What's New

Public URL support — Set PUBLIC_URL to control the base URL used in shareable secret links,
useful when running behind a reverse proxy (#3480)
Shorter secret IDs — Secret keys are now base62-encoded instead of UUID v4, resulting in
shorter and cleaner URLs (#3390)
/version endpoint — The server now exposes a /version API endpoint with build-time version
injection via ldflags (#3404)
Japanese translation — Added ja locale (#3435)
Italian translation — Added it locale (#3476)

Bug Fixes

Fixed mobile horizontal overflow on the secret result page (#3391)
Fixed QR code crash (React error #130) caused by Rolldown CJS interop (#3403)

New Contributors

@piotr-jagiello — Lambda/CDK build fix
@kota-sakahara — Japanese translation
@ilGianfri — Italian translation and PUBLIC_URL support

Full changelog: https://github.com/jhaals/yopass/compare/13.1.0...14.0.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Yopass

Get notified when new releases ship.

About Yopass

Secure sharing of secrets, passwords and files.

All releases →