Skip to content

Release history

PasswordPusher releases

Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.

Back to tool Latest release

All releases

44 shown

No immediate action
v2.7.1 Maintenance

Dependency bump + apipie upgrade

Open
Review required
v2.7.0 New feature
Dependencies

Local asset loading

Open
No immediate action
v2.6.6 New feature

Language updates + share message

Open
v2.6.5 Maintenance

Minor fixes and improvements.

Full changelog

:memo: What’s Changed

  • Fix incorrectly handled tests (#4432) @ozovalihasan

:arrow_up: Dependencies updates

:busts_in_silhouette: List of contributors

@dependabot[bot], @ozovalihasan and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.6.4 Breaking risk
Breaking changes
  • Deprecate `PWP__TIMEZONE` environment variable – its functionality is now handled by JavaScript based on the user's browser settings.
Full changelog

PWP__TIMEZONE was previously used to show times & dates in a specific timezone. This is now done via Javascript based on the users browser settings. Much better, more reliable and localized.

:memo: What’s Changed

  • Enforce: Maximum 2000 audit logs possible for a push (#4180) @pglombardo
  • Deprecate PWP__TIMEZONE environment variable (#4431) @pglombardo

:arrow_up: Dependencies updates

  • :arrow_up: Bump multi_json from 1.20.1 to 1.21.0 (#4433) @dependabot[bot]
  • :arrow_up: Bump aws-partitions from 1.1243.0 to 1.1244.0 (#4434) @dependabot[bot]
  • :arrow_up: Bump rubyzip from 3.2.2 to 3.3.0 (#4435) @dependabot[bot]

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.6.3 New feature
Notable features
  • Added local_time support to Data Explorer
Full changelog

:memo: What’s Changed

:rocket: Features

  • Add local_time support to Data Explorer (#4430) @pglombardo

:arrow_up: Dependencies updates

  • :arrow_up: Bump aws-partitions from 1.1242.0 to 1.1243.0 (#4429) @dependabot[bot]

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.6.2 Bug fix

Fixed Devise mailer templates by removing javascript_importmap_tags.

Full changelog

:memo: What’s Changed

  • Fix: Remove javascript_importmap_tags from Devise mailer templates (#4428) @pglombardo

:arrow_up: Dependencies updates

  • :arrow_up: Bump aws-partitions from 1.1241.0 to 1.1242.0 (#4427) @dependabot[bot]
  • :arrow_up: Bump bootsnap from 1.24.0 to 1.24.1 (#4426) @dependabot[bot]

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.6.1 Mixed
Notable features
  • Assets auto-precompile when PWP__THEME is configured
  • Narrower devise login layout
Full changelog

:memo: What’s Changed

PWP_PRECOMPILE is no longer used or needed. If you set a custom theme with PWP__THEME, assets will automatically be precompile (required for custom themes) on container boot.

:rocket: Features

  • Deprecate PWP_PRECOMPILE; auto-precompile on PWP__THEME (#4425) @pglombardo
  • Narrower devise login layout (#4424) @pglombardo

:arrow_up: Dependencies updates

  • :arrow_up: Bump nokogiri from 1.19.2 to 1.19.3 (#4422) @dependabot[bot]
  • :arrow_up: Bump aws-sdk-kms from 1.123.0 to 1.124.0 (#4423) @dependabot[bot]

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.6.0 New feature
Notable features
  • Custom CSS page in Administration Center
  • Optimized theme building for production deploys
Full changelog

:memo: What’s Changed

This release adds a new Custom CSS page to the Administration Center. No more ugly half-broken custom.css Docker file overlays (yay!).

:rocket: Features

  • Optimize: Build only active theme in production (#4421) @pglombardo
  • Fix CSS build for production deploys & remove unused assets (#4420) @pglombardo

:arrow_up: Dependencies updates

  • :arrow_up: Bump google-apis-storage_v1 from 0.61.0 to 0.62.0 (#4414) @dependabot[bot]
  • :arrow_up: Bump bootsnap from 1.23.0 to 1.24.0 (#4415) @dependabot[bot]
  • :arrow_up: Bump google-apis-iamcredentials_v1 from 0.26.0 to 0.27.0 (#4416) @dependabot[bot]
  • :arrow_up: Bump puma from 8.0.0 to 8.0.1 (#4417) @dependabot[bot]
  • :arrow_up: Bump pagy from 43.5.1 to 43.5.3 (#4418) @dependabot[bot]
  • :arrow_up: Bump aws-partitions from 1.1240.0 to 1.1241.0 (#4419) @dependabot[bot]

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.5.4 New feature
Notable features
  • Features hash in API v2 version endpoint
  • Docker Compose port exposure defaults
Full changelog

:memo: What’s Changed

:rocket: Features

  • Add features hash to API v2 version endpoint (#4413) @pglombardo
  • Docker Compose: Only expose port 443; Others optional (#4390) @pglombardo

:busts_in_silhouette: List of contributors

@pglombardo

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.5.3 Bug fix

Minor fixes and improvements.

Full changelog

:memo: What’s Changed

  • Fix importmap runtime asset resolution for controllers and Popper (#4412) @pglombardo
  • Use Stimulus eager loading for importmap controllers (#4411) @pglombardo

:busts_in_silhouette: List of contributors

@pglombardo

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.5.1 Bug fix

Minor fixes and improvements.

Full changelog

:memo: What’s Changed

  • Fix custom.css overlays with PWP_PRECOMPILE (#4410) @pglombardo
  • Fix User Account menu by importing Stimulus controllers via importmap (#4409) @pglombardo

:arrow_up: Dependencies updates

  • :arrow_up: Bump aws-sdk-s3 from 1.219.0 to 1.220.0 (#4404) @dependabot[bot]
  • :arrow_up: Bump net-imap from 0.6.3 to 0.6.4 (#4408) @dependabot[bot]
  • :arrow_up: Bump aws-sdk-core from 3.245.0 to 3.246.0 (#4407) @dependabot[bot]

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.5.0 Security relevant
Security fixes
  • Hardened CSP with strict-dynamic and base-uri
Notable features
  • Importmap for JS & CSS bundling
  • Ruby 4.0.3 & Puma 8 upgrade
Full changelog

:memo: What’s Changed

  • Harden CSP with strict-dynamic and base-uri (#4382) @pglombardo

:rocket: Features

  • Change over to importmap for JS & CSS bundling (#4285) @pglombardo

:arrow_up: Dependencies updates

  • Update to Ruby 4.0.3 & Puma 8 (#4403) @pglombardo

:busts_in_silhouette: List of contributors

@pglombardo

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.4.4 Maintenance

Minor fixes and improvements.

Full changelog

:memo: What’s Changed

  • Latest Language String (#4402) @pglombardo

:arrow_up: Dependencies updates

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.4.3 Mixed
Security fixes
  • Auto re-blur of revealed payloads after 20 seconds prevents over-the-shoulder exposure on unlocked workstations
Notable features
  • GitHub issue templates migrated to YAML issue forms
Full changelog

:memo: What’s Changed

When a recipient receives a push, if they leave the tab open, the payload will auto re-blur after 20 seconds. Helps to avoid over the shoulder exposure or unlocked workstations with open pushes.

:rocket: Features

  • Auto re-blur revealed payloads after 20 seconds (#4383) @pglombardo
  • Migrate Github issue templates to YAML issue forms (#4378) thanks @sfaxluke!

:arrow_up: Dependencies updates

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo, @sfaxluke and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.4.0 New feature
Notable features
  • New require_mfa setting to enforce two-factor authentication for all users
  • Updated language strings
View release on GitHub
v2.3.0 New feature
Notable features
  • New APIv2 for programmatic password sharing operations
  • Flash message suppression on delivery pages
  • Updated language strings for expanded language support
Full changelog

:rocket: Features

  • New APIv2 (#4371) @pglombardo
  • Suppress flash messages on delivery pages (#4367) @pglombardo
  • Latest Language Strings (#4372) @pglombardo

:arrow_up: Dependencies updates

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.2.2 Maintenance

Minor fixes and improvements.

Full changelog

:memo: What’s Changed

  • Add a button to show additional options for pushes (#4348) @ozovalihasan
  • Update tests to be run in parallel (#4349) @ozovalihasan

:arrow_up: Dependencies updates

:busts_in_silhouette: List of contributors

@dependabot[bot], @ozovalihasan, @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run:
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

:link: Useful Links

View release on GitHub
v2.2.1 Maintenance

Updated several runtime dependencies to newer versions and added language string support, improving security and i18n for self‑hosted deployments.

View release on GitHub
v2.1.2 Bug fix

Expanded trusted proxy configuration to include all private IP address ranges for improved reverse proxy support.

View release on GitHub
v2.0.2 New feature
Notable features
  • Helm persistent volume support
  • Kubernetes secret configuration
View release on GitHub
v2.0.0 Breaking risk
Breaking changes
  • enable_logins removed entirely
  • Emails now opt-in requiring enable_user_account_emails
  • URL, file, and QR pushes default enabled
View release on GitHub
v1.69.3 Maintenance

Minor fixes and improvements.

Full changelog

:memo: What’s Changed

  • Log First Run Boot Code to STDOUT (#4246) @pglombardo

:arrow_up: Dependencies updates

:busts_in_silhouette: List of contributors

@dependabot[bot], @pglombardo and dependabot[bot]

:motor_boat: Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

:running_man: Run This Version

→ Setup a DNS record to point to your server (e.g. pwpush.example.com) and run:

docker run -d -p "80:80" -p "443:443" --env TLS_DOMAIN=pwpush.example.com pglombardo/pwpush:latest`

and browse to https://pwpush.example.com.

or alternatively

→ Use one of our production ready Docker Compose files with persistent databases.

:link: Useful Links

View release on GitHub
v1.68.3 Maintenance

Updated multiple dependencies and npm packages for security patches and compatibility.

View release on GitHub
v1.68.0 New feature
Notable features
  • Helm Chart updates with Ingress support
  • Ruby 4.0.1 upgrade
View release on GitHub
v1.67.2 Maintenance

Updated dependencies for Google APIs, Faraday, Devise, RDoc, IRB, AWS SDKs, and other libraries to latest versions.

View release on GitHub
v1.67.1 New feature
Security fixes
  • Fixed CSP: removed script unsafe-inline
Notable features
  • Push edit with payload blur reveal UX
  • Character count fix
  • Header styling improvements
View release on GitHub
v1.67.0 New feature
Notable features
  • Edit push expiration, passphrase, and content
  • Devise 5.0 upgrade
View release on GitHub
v1.66.2 Security relevant
Security fixes
  • Timing attack vulnerability in passphrase comparison
View release on GitHub

Beta — feedback welcome: [email protected]