Keepassxc: KeePassXC 2.5.3 crashes on launch on macOS 10.15.4

Additional info: the traceback is as follows:

Process:               KeePassXC [5529]
Path:                  /Applications/KeePassXC.app/Contents/MacOS/KeePassXC
Identifier:            KeePassXC
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        bash [5523]
Responsible:           Terminal [2020]
User ID:               501

Date/Time:             2020-03-03 21:58:47.824 +0100
OS Version:            Mac OS X 10.15.4 (19E242d)
Report Version:        12
Anonymous UUID:        6E05C5B7-3DDF-F9BE-1403-DAAE1D80F66B

Sleep/Wake UUID:       3FBD8310-DB6C-4000-B866-CCB1B8D6A053

Time Awake Since Boot: 23000 seconds
Time Since Wake:       1200 seconds

System Integrity Protection: enabled

Crashed Thread:        Unknown

Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace CODESIGNING, Code 0x1

kernel messages:

Backtrace not available

Unknown thread crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x0000000000000000  rcx: 0x0000000000000000  rdx: 0x0000000000000000
  rdi: 0x0000000000000000  rsi: 0x0000000000000000  rbp: 0x0000000000000000  rsp: 0x00007ffedfc28af8
   r8: 0x0000000000000000   r9: 0x0000000000000000  r10: 0x0000000000000000  r11: 0x0000000000000000
  r12: 0x0000000000000000  r13: 0x0000000000000000  r14: 0x0000000000000000  r15: 0x0000000000000000
  rip: 0x000000011ac8a000  rfl: 0x0000000000000200  cr2: 0x0000000000000000

Logical CPU:     0
Error Code:      0x00000000
Trap Number:     0


Binary images description not available


External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 26249
    thread_create: 0
    thread_set_state: 0

Model: MacBookAir6,1, BootROM 119.0.0.0.0, 2 processors, Dual-Core Intel Core i7, 1.7 GHz, 8 GB, SMC 2.12f143
Graphics: kHW_IntelHD5000Item, Intel HD Graphics 5000, spdisplays_builtin
Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1600 MHz, 0x80AD, 0x483943434E4E4E384A544D4C41522D4E544D
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1600 MHz, 0x80AD, 0x483943434E4E4E384A544D4C41522D4E544D
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x117), Broadcom BCM43xx 1.0 (7.77.111.1 AirPortDriverBrcmNIC-1600.4)
Bluetooth: Version 7.0.4f3, 3 services, 27 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
Serial ATA Device: APPLE SSD TS0128F, 121.33 GB
USB Device: USB 3.0 Bus
USB Device: BRCM20702 Hub
USB Device: Bluetooth USB Host Controller
Thunderbolt Bus: MacBook Air, Apple Inc., 23.6

This is an issue with the beta update. It does not verify properly signed apps.

Interesting, I haven’t seen that reported anywhere else such as the Apple Developer Forums or the MacAdmins Slack. Nor is it listed as a known issue in the Developer Notes. Let’s hope it’s fixed before release.

As an update, it is not fixed in Beta 4, which was released since I raised the issue.

Please try a snapshot build from https://snapshot.keepassxc.org.

@phoerious The latest snapshot can be opened, although it is not signed.

Then it's probably a Qt bug or something.

I doubt it's Qt. This is related to signed application not being verifiable. See this line in the trace: Exception Type: EXC_CRASH (Code Signature Invalid)

Maybe the certificate isn't accepted or so.

FYI, same happens here on normal Mojave 10.14.6

Process:               KeePassXC [895]
Path:                  /Applications/KeePassXC.app/Contents/MacOS/KeePassXC
Identifier:            org.keepassx.keepassxc
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           KeePassXC [895]
User ID:               501

Date/Time:             2020-03-04 21:03:24.429 +0100
OS Version:            Mac OS X 10.14.6 (18G4017)
Report Version:        12
Anonymous UUID:        4336434E-009E-9B9B-3EE1-FAFCCCF6C984

Sleep/Wake UUID:       2FBBDEAC-0362-4F2F-8A8F-4351BB9A16D8

Time Awake Since Boot: 1400 seconds
Time Since Wake:       490 seconds

System Integrity Protection: enabled

Crashed Thread:        0

Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace CODESIGNING, Code 0x1

kernel messages:

VM Regions Near 0 (cr2):
--> 
    __TEXT                 0000000108f23000-00000001092b5000 [ 3656K] r-x/r-x SM=COW  

Thread 0 Crashed:
0                                   0x000000010d980000 _dyld_start + 0

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x0000000000000000  rcx: 0x0000000000000000  rdx: 0x0000000000000000
  rdi: 0x0000000000000000  rsi: 0x0000000000000000  rbp: 0x0000000000000000  rsp: 0x00007ffee6cdcbc0
   r8: 0x0000000000000000   r9: 0x0000000000000000  r10: 0x0000000000000000  r11: 0x0000000000000000
  r12: 0x0000000000000000  r13: 0x0000000000000000  r14: 0x0000000000000000  r15: 0x0000000000000000
  rip: 0x000000010d980000  rfl: 0x0000000000000200  cr2: 0x0000000000000000

Logical CPU:     0
Error Code:      0x00000000
Trap Number:     0


Binary Images:
       0x108f23000 -        0x1092b4fff + (0) <16AE8CED-0E4C-3291-AE43-913B0D7192FF> 
       0x10d97f000 -        0x10d9e970f + (655.1.1) <C192CA31-D059-3770-9882-D864FEFA0C96> 

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 848
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=4552K resident=0K(0%) swapped_out_or_unallocated=4552K(100%)
Writable regions: Total=8404K written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=8404K(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
STACK GUARD                       56.0M        1 
Stack                             8192K        1 
__DATA                             372K        4 
__LINKEDIT                         468K        2 
__TEXT                            4084K        2 
shared memory                        8K        2 
===========                     =======  ======= 
TOTAL                             68.8M       12 

Model: MacBookPro11,3, BootROM 158.0.0.0.0, 4 processors, Intel Core i7, 2.6 GHz, 16 GB, SMC 2.19f12
Graphics: kHW_IntelIrisProItem, Intel Iris Pro, spdisplays_builtin
Graphics: kHW_NVidiaGeForceGTX750MItem, NVIDIA GeForce GT 750M, spdisplays_pcie_device, 2 GB
Memory Module: BANK 0/DIMM0, 8 GB, DDR3, 1600 MHz, 0x80AD, 0x484D54343147533641465238412D50422020
Memory Module: BANK 1/DIMM0, 8 GB, DDR3, 1600 MHz, 0x80AD, 0x484D54343147533641465238412D50422020
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x134), Broadcom BCM43xx 1.0 (7.77.61.3 AirPortDriverBrcmNIC-1305.9)
Bluetooth: Version 6.0.14d6, 3 services, 27 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
Serial ATA Device: APPLE SSD SM0512F, 500.28 GB
USB Device: USB 3.0 Bus
USB Device: Apple Internal Keyboard / Trackpad
USB Device: BRCM20702 Hub
USB Device: Bluetooth USB Host Controller
Thunderbolt Bus: MacBook Pro, Apple Inc., 17.1

I just downloaded our release and tested it on Catalina, works for me. Certificate is valid until 2022.

I just updated my other MacBook Pro to MacOS 10.15.4 beta 4 (note, not beta 3), and noted more carefully what happened, in case it helps someone:

• Computer rebooted as part of the update
• Ran KeePassXC, and it crashed. Got the crash report popup.
• Tried again just in case, same thing happened.
• Opened the snapshot .dmg file from the nightly build release (e26063a), which I'd saved from yesterday, when I had this problem on my other machine.
• It popped up the usual Finder window with the app icon and a link to Applications.
• Dragged the KP icon to the Applications folder.
• Got a popup complaining, "macOS cannot verify that this app is free from malware", with the options "Move to Trash" and "Cancel".
• Clicked Cancel. It kept popping up again, every time I clicked Cancel.
• Opened System Prefs > Security & Privacy > General
  There was a message and button waiting there, "Open Anyway". Clicked it.
• Clicked Cancel on the other one.
• That popup came up again, but now with a different msg and options
  "macOS cannot verify the developer of “KeePassXC.app”. Are you
  sure you want to open it?"
• clicked newly-available Open
• It still doesn't run, but no more popups, either.
• Also on System Prefs there's no prompt on the Security & Privacy page, which I still had open.
• Clicked on Dock KP icon to run it.
• Success, it opens.

Still crashes on beta5. Is the problem understood by now?

I could not reproduce it and the certificate the binary was signed with is valid until 2022.

Hm, so you can run it under macOS 10.15.4 beta{3,4,5} without problems? I tried on three different Macs and it crashes consistently on all three when I try to start it.

"macOS cannot verify that this app is free from malware" sounds like there's something wrong with the stapled notarisation ticket.

Edit: forget it, the steps described above are for the snapshot build, which isn't signed, so these inconveniences are all to be expected.

Crash on launch reproduced here. KPxc 2.5.3 public release on Catalina 10.15.4 Beta 3 and 4.
Log looks like grahampugh's.

And the same happens on 10.13.6 with SecUpd 2020-002 beta5.

Just for completeness: same result on 10.14.6 with SecUpd 2020-002 beta5.

I tried a 2.5.3 release install from scratch on a fresh 10.15.4 Beta (19E258a) system and got this...

Snapshot build?

No. Please read carefully.

2.5.3 release

Downloaded here btw.:
https://github.com/keepassxreboot/keepassxc/releases/download/2.5.3/KeePassXC-2.5.3.dmg

For info: It’s likely that macOS 10.15.4 will be released this week or next week at the latest, when looking at the pattern of previous years (unless current events delay this). That means KeePassXC will not function on a productive version of macOS unless a release is organised soon. I have personally moved over to KeePassX since I have to work on a beta system.

As others have intimated, it’s somewhat likely that this is a Notarisation issue.

Moved to KeePassX for now also.

It is beyond ironic that macOS prefers you to run unsigned software than software that is signed AND notorized by them! Don't run keepassx, just use our snapshot build at https://snapshot.keepassxc.org

beta 6 is out, still the same issue.

@phoerious can you resign and notarize 2.5.3 and post for testing?

I downloaded and was able to run the latest 2.6.0 snapshot. That's good but now I can't stop worrying that this pre-release version will trash my vault data. Any chance of a 2.5.4 using a correct code validation?

You don't have to worry about corruption, we have not changed how the database is written from 2.5.4 to 2.6.0. I am running the snapshot myself for a couple of weeks.

MacOS 10.15.4 officially dropped today, so KeePassXC now officially does not work on the latest macOS.

Cheers,
Graham

Sent from my iPhone

On 24 Mar 2020, at 21:02, dpbaker57 notifications@github.com wrote:


I downloaded and was able to run the latest 2.6.0 snapshot. That's good but now I can't stop worrying that this pre-release version will trash my vault data. Any chance of a 2.5.4 using a correct code validation?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

KeyPassXC 2.5.1 and 2.5.2 function on MacOS 10.15.4

same problem here, 2.5.3 crashes on latest MacOS 10.15.4

Same problem

I'm seeing the same issue on macOS 10.15.4.

We are aware of the problem and are trying to find a solution. Please stop posting "me too". Thanks!

The crash comes due to Apple deciding to change their code signing policies in a f*ing minor release. For some reason the entitlements set on our application cause a crash when we disable the sandbox, which we need to do in order for the browser extension to work (and some other stuff I believe). Until now, a workaround was to specify the sandbox=false entitlement twice, but now Apple decided that they don't accept duplicate entitlement keys anymore, hence this crash now. I can sign the app, but it crashes and I cannot notarise it anymore (the previous binary is properly notarised, but doesn't work anymore, regardless).

At the moment, I do not see a way to have both a fully functional app and an app that I can notarise and that doesn't crash. This is so incredibly silly and frustrating. Apple keeps doing stuff like this again and again. I cannot understand how this has ever become a serious platform.

Can you please make a point release that's not signed ?

10.15.4 is out and being auto-installed as we speak.

Expecting random users to install a snapshot that also works way different (e.g. I had to manually search my entire database to find my github password as CMD-F doesn't work in the snapshot) is simply not a realistic solution.

I had previously used MacPass (https://macpassapp.org/). It still works on macOS 10.15.4. It's touted as a _KeePass-compatible password manager for macOS_ so it likely works with existing files. It works on several I've tried to use.

At the moment, I do not see a way to have both a fully functional app and an app that I can notarise and that doesn't crash.

A commenter above mentioned that KeyPassXC 2.5.1 and 2.5.2 function on MacOS 10.15.4: are they using different entitlements?

I believe 2.5.3 was the first release we notorized.

I uploaded a new build with the suffix "-2" which fixes this problem. It may, however, come at the cost of TouchID, which I cannot check due to lack of suitable hardware. Please test if TouchID still works and if it doesn't, then there is most likely very little I can do about it.

@phoerious thanks a lot for the quick fix. I can confirm the latest 2.5.3-2 just prompts for the usual software downloaded from the internet confirmation and then opens normally.
I don't have either a TouchID device to test that functionality, sorry.

Oh! So it looks like I'm not the only one with this issue. This reminds me of trying to do... anything... with PowerShell. Anyways! Does your "-2" suffix release get pulled with a brew cask upgrade? Because mine's still hard dying. :(

https://github.com/keepassxreboot/keepassxc/releases/download/2.5.3/KeePassXC-2.5.3-2.dmg
Posting the link

Not unless somebody updates the formula.

Fair! Sorry dude. For what it's worth... great app! You've made lots of people's lives much better with it. And then, _when those people can't use it_... D:

KeePassXC-2.5.3-2 confirm is working again but TouchID doesn't work (don't care). Thank you for the excellent work! Just donated. Stay safe.

Also, is 2.6.0 snapshot safe to use? Looks great, would love to use it daily.

I use it, but I wouldn't recommend it for primetime to everybody. Definitely keep a backup (keep one anyway).

If TouchID doesn't work, then it's definitely an Apple bug. I wonder if I can report that somewhere.

Thanks for making the update. The app does seem to work and although TouchID doesn't operate, it would be great to get this pushed to the official release - TouchID is no biggie for me (neither is browser integration since I haven't got that working yet anyway!).

@phoerious Will you upload 2.5.3-2 to the main website (https://keepassxc.org) so people can just go there and download it?

I can confirm. 2.5.3-2 starts again and is usable.

• browser integration works

But there are some bugs:

• un/locking doesn't work properly.
  -- after auto locking on minimize and reopen: I see all my passwords but can not click anything. The title bar says "Locked"
• TouchId doesn't work. No prompt for it.
  I think both are related to each other.
• the settings window doesn't open sometimes when calling it in the top menu (not from the icon bar - there it works)

From time to time I open https://keepassxc.org/download#mac , and seeing mentioned 2.5.3 as last release, I did not care about clicking the download link - If I had done that, 2.5.3-2 had shown up. If you release a brand new 2.5.3, you should make that CLEAR in your download page. Thank you for your time.

The link on the website is already updated and points to the -2 binary.

It is unfortunate that the version number of this new version is the same as the old version. This prevents management systems from picking up that there is a change, and so the updated app won't be pushed to clients to fix this problem. Any chance of a version bump to 2.5.4 or 2.5.3.1?

I don't want to rebuild all other platforms and our version check doesn't work for macOS users anyway when they can't start KeePassXC.

Just ran into this issue after update to MacOS 10.15.4. Luckily there are alternatives to keepassxc. Otherwise I would not have been able to sign-in on any page or program before I found this issue! Also Mac Update doesn't show an update up to now.
Such a bug needs a visible and detectable update!
Beside this, you are doing a great job!

I tried to install the new version but this message appear and I can't launch the app.

I check if the app is badly download but the DIGEST for the new version and the SHA256 of my file is the same :

xefir@Tordy:~/Nextcloud/Logitech/Tools$ shasum -a 256 KeePassXC-2.5.3-2.dmg
e278f02466e3fb294c5c676d7b0ba3c60302d0b08273b8088ff39ca2e97e79af KeePassXC-2.5.3-2.dmg

Have you an idea ?

EDIT : For non French users, the message says :
"KeepassXC.app is damaged and can't be open. You should move it to the Trash folder."

@bottee We do not maintain MacUpdate. It's up to them to update their downloads.

@Xefir Make sure you download the version ending in -2.

PGP signature and SHA-256 digest belong to a different version. So, I can't check the ...- 2.dmg version.

It's the latest version with the -2.

I download this app : https://github.com/keepassxreboot/keepassxc/releases/download/2.5.3/KeePassXC-2.5.3-2.dmg
And this DIGEST : https://github.com/keepassxreboot/keepassxc/releases/download/2.5.3/KeePassXC-2.5.3-2.dmg.DIGEST

I separated the Sierra builds from the Mojave+ builds on the downloads page, should be clearer now.

Okay, for those that has the same error message has me, the solution is simple : reboot.
No joke here, it works now.
Thank you for the time and the work you done :)

Hi,
homebrew version KeePassXC-2.5.3 constantly crashes on start after today's security update (Mojave). I uninstalled homebrew version (Reboot changed nothing by my side) and installed KeePassXC-2.5.3-2 from website. It runs normally. I suppose -2 version should now be pushed to homebrew.

And thanks to the whole team, this app is in my top 5 ;)

KeePassXC-2.5.3-2 works for me on macOS Catalina 10.15.4. Thanks for sorting this!

Or you can switch to MacPass (https://github.com/MacPass/MacPass). Nice side effect: looks better. :)

I switched FROM MacPass... I liked KeePassXC's cross-platform-ness, and the built-in browser integration.

KeePassXC-2.5.3-2 works for me on macOS Catalina 10.15.4. Thanks for sorting this!

same here - ACK

Damn sorry to have been part of the duplicated issues 🙇
Just to know, on which timeline do you plan to update the brew cask (if you planned it :))? to know if I can wait or should us the pkg 🙇

Just to know, on which timeline do you plan to update the brew cask (if you planned it :))? to know if I can wait or should us the pkg 🙇

https://github.com/Homebrew/homebrew-cask/pull/79282

We do not maintain homebrew.

Thanks for the quick action on this issue - I just ran into it after upgrading to 10.15.4. Sad to see Apple releasing breaking changes onto the developer community with little to no notice. Looking forward to this being resolved fully in near future.

~Unfortunately, I still cannot get 2.5.3-2 to work. I downloaded the DMG installer from the link on the main KeePassXC website (verified there is the -2). After installing (dragging to "Applications"), I get a constant notification~

~"KeePassXC" is damaged and can't be opened. You should move it to the the Trash.~

~Clicking cancel just causes this message to appear in a loop. I tried some of the other recommendations here (reboot, change security settings, etc.), and no dice.~

EDIT: Got the 2.5.3-2 with macOS Catalina 10.15.4 (19E266). The issue described above appears to be related to Firefox running a keepassxc-proxy process (browser integration). If Firefox was open during the attempt to install KeePassXC 2.5.3-2, the constant "damaged" error above appeared with no resolution. Closing Firefox completely and ensuring there were no keepassxc-proxy processes running allowed the install to complete successfully.

I would suspect this is similar to other browsers as well, so hopefully this helps any others bumping into this issue.

Any update? seems like macOS doesn't like the "libecomlodr.dylib" but even removing this file I still cannot start KeePass

You can make it work (if you don't care about the code signature, do this at your own risk) by simply signing the binary yourself:
sudo codesign -f -s - /Applications/KeePassXC.app/Contents/MacOS/KeePassXC

That will get it up and running (mostly - the app itself will launch and operate normally, but the browser integration doesn't...I theorize that the keepassxc-proxy binary might also be necessary for that to work, but I didn't bother experimenting, I'm used to copy-pasting password anyway and needed to get back to other things)

EDIT: just download the new version :)

Download 2.5.3-2 from our releases page.

Download 2.5.3-2 from our releases page.

Is it available in homebrew yet? I guess I can overlay this version on top but I don’t know what kind of mess that will result with homebrew.

Download 2.5.3-2 from our releases page.

Is it available in homebrew yet? I guess I can overlay this version on top but I don’t know what kind of mess that will result with homebrew.

Homebrew/homebrew-cask#79282 has been merged so you can update to 2.5.3-2 using Homebrew.

2.5.3-2 is working for me on 10.15.4. Thanks for the quick resolution! 🎉

For people using brew:

brew cask reinstall keepassxc

I will tune in with a "same here" though providing the message appearing when launching the app via the terminal:

open /Applications/KeePassXC.app
LSOpenURLsWithRole() failed with error -10810 for the file /Applications/KeePassXC.app.

Although KeepassXC was not visible, keepassxc-proxy had been launched and was running.

KeePassXC 2.5.3 installed via homebrew
MacOS 10.15.4

App had previously worked flawlessly under MacOS 10.15.3.

As pointed out above, updating brew then reinstalling the keepassxc cask resulted in keepassxc 2.5.3 working again (having installed _KeePassXC-2.5.3-2.dmg_).

after the reinstall; the version working on macOS 10.15.4

KeePassXC - Version 2.5.3
Revision: f8c962b

Qt 5.14.1
Diagnosemodus ist deaktiviert.

Betriebssystem: macOS 10.15
CPU-Architektur: x86_64
Kernel: darwin 19.4.0

Aktivierte Erweiterungen:

• Auto-Type
• Browser-Integration
• SSH-Agent
• KeeShare (bestätigtes und unbestätigtes Teilen)
• YubiKey
• TouchID

Kryptographische Bibliotheken:
libgcrypt 1.8.5

As a side note for KeePassXC maintainers, one or two days before the installation of Catalina 10.15.4 (i.e. one or two days before KPXC stopped working for me) I tried to select, from the menu, "KeePassXC → Check for Updates". The answer was “2.5.3 is currently the new version available”. In other words, 2.5.3-1 or 2.5.3-2 were not detected by the program itself; and this is a bad behaviour.

--
Maurizio Loreti -- Maurizio.[email protected]

KeePassXC was working for me yesterday
Today it crashes every time when I try to start it

This difference? I have just applied the latest security update to macOS, which means I am now on macOS Hight Sierra 10.13.6 (presumably, yesterday was 10.13.5). Safari was also updated to 13.1.

I suspect one of those updates is what broke KeePassXC

Please read the posts above. There is a download that fixes your issue.

Please read the posts above. There is a download that fixes your issue.
Thanks, I missed that. 2.5.3-2 works for me.

The new version runs but TouchID doesn't work anymore - should I create a new issue for this?

The new version runs but TouchID doesn't work anymore - should I create a new issue for this?

Same for me. TouchID doesn't work anymore.

@kitzler-walli @Shev84 It's a known issue that TouchID does not work when the app is signed and notarised (see https://github.com/keepassxreboot/keepassxc/issues/4398#issuecomment-603705864 above). We will have to wait for the developers to figure out how other apps do it. I would recommend opening a new issue for that.

This issue (crashing app) is now resolved, although the lack of a version bump means people will most likely keep arriving here looking for solutions until 2.5.4 or 2.6.0 are released.

Our problem is that we cannot enable sandboxing, because then our browser extension would stop working, which is far worse than TouchID not working. I don't see any other solution at the moment and it is probably up to Apple to fix their OS.

I don't need browser integration at all - so TouchID is a bigger showstopper for me. Is there a way to compile the app using sandbox?

For people using brew:

brew cask reinstall keepassxc

Hmm I did this but it’s still crashing and is still on version 2.5.3; crashes on invalid code signature.

@nmajin you might need brew update
in the terminal you should see
https://github.com/keepassxreboot/keepassxc/releases/download/2.5.3/KeePassXC-2.5.3-2.dmg
being downloaded (notice 2.5.3 -2 .dmg)

@nmajin you might need brew update

in the terminal you should see

https://github.com/keepassxreboot/keepassxc/releases/download/2.5.3/KeePassXC-2.5.3-2.dmg

being downloaded (notice 2.5.3 -2 .dmg)

Darn, should have know. Thanks, all set, works now.

For people using brew:

brew cask reinstall keepassxc

first do a brew uninstall and then brew cleanup

Thanks for the quick response in sorting this out, y'all! Is there a reason this patch can't be released as 2.5.4? Some packaging systems (e.g. AutoPkg + Munki) won't necessarily be able to handle 2.5.3-2 in a predictable way since they assume semantic versioning. Admins can manually import as 2.5.4, but this will later cause a conflict if you later push a release with the same version.

@eenblam the version is not 2.5.3-2 anyway; that is just the name in the .dmg. The version (i.e. CFBundleShortVersionString) remains as 2.5.3, so AutoPkg, Munki, Jamf etc cannot tell the difference.

As I said before, this Issue is not going to go away until the version is bumped. Hopefully the developers will realise this soon.

This is not a patch release. It is the same binary with updated entitlements. A new version would push updates to all platforms despite no code changes whatsoever. Packaging systems are totally able to handle the updated binary. In fact, adding additional numbers for rebuilds of the same upstream version is absolutely common among all major package management systems.

There are many reasons for bumping a version, which may not include the code in the particular repo from which the release is generated. The release is different, and therefore needs a version bump in order for management systems to recognise the change. You are incorrect that Packaging systems are totally able to handle the updated binary. AutoPkg is a very commonly used packaging system and it would not respect the changes you have made without retooling the recipes for this single release. A well-designed packaging tool will take the version of the application (CFBundleShortVersionString) and generate a package version from that. In the case of the current version of KeePassXC, the version string in the DMG no longer matches the version of the application, which is bad practice.

Anyway, I am more speaking pragmatically. There have been almost 40 replies to this issue since you pushed the new version, and I suspect there would be far fewer if you just bumped the version.

Hi guys, I guess you might get less questions and comments about the contents and versioning this release if you put a short message on the download page explaining why this release was necessary, and why you did not bump the version number. My personal assumption is that 2.5.4 was a already assigned to another code change?

Many Linux packaging systems have release/build fields in addition to the version field (such as Gentoo or Fedora), where the release is used to indicate that the packaging of the software has changed, but not the source code. Since the MacOS build here was simply rebuilt from the same source code, it makes sense to me that the release/build field would be updated, but not the version.

@phoerious Thanks for the clarification. I can appreciate that it's isolated to Mac releases, and you have other platforms to account for. We'll be able to remediate this on our end without too much, but it's work that will be duplicated by other Mac admin teams. Thanks again for getting a new release signed and notarized quickly.

Thanks so much folks, it works fine to reinstall as mentioned above
brew cask reinstall keepassxc
Got this problem yesterday when I installed Security Update 2020-002 on MacOS 10.14.6
Another workaround was to sign the package myself, but I rather run the official image.

You are awesome! 👍

The new Version (https://github.com/keepassxreboot/keepassxc/releases/download/2.5.3/KeePassXC-2.5.3-2.dmg) works on macOS 10.15.4

Great! 🎉

The 2.5.3-2 version works, but only after I followed below steps. Perhaps it is also useful to others:

• Open the downloaded .dmg file
• Drag the KeePassXC app to the Desktop. When dragging to Applications I was greeted with the message that KeePassXC was damaged and should be moved to the bin. Pressing Cancel just showed the message again.
• After KeePassXS 2.5.3-2 is on the Desktop, open terminal and remove the com.apple.quarantine attribute from the .app file (steps from here):
  
  
  
  • cd ~/Desktop
  
  
  • sudo xattr -r -d com.apple.quarantine KeePassXC.app
  
  
  • Type the admin password when prompted
  
  
• After the quarantine attribute is removed, the app can be moved to the Applications folder and opened normally.

Locking this topic since the solution is known and we don't need anymore +1's and me too's. Thank you!