Today we are releasing KeePassXC 2.5.4, the fourth maintenance update for KeePassXC 2.5.

The update primarily resolves a compatibility issue with macOS 10.15.4 and 10.14.6. The most recent macOS security patches changed the way code signatures are checked resulting in a KeePassXC crash at startup. We published a quick workaround at the end of last month, for which we had to sacrifice TouchID support in order to allow you guys to continue using KeePassXC. This update ships with a full resolution of the code signing issue and brings back TouchID.

A minor side effect of the new update is a changed bundle and App ID. This is not much of a problem, but previously granted accessibility permissions for Auto-Type may have to be granted again after installing this update. Permissions for the “old” version can be safely revoked.

To make this release all about code signing, we also retired SHA1 as our Windows Authenticode signature hash algorithm and moved on to SHA256. PGP signatures have always been SHA256 and remain unchanged.

On top of all that, we backported two small fixes from the development preview of our next major release, which are listed in the changelog below.

The new release can be downloaded from our downloads page, our Ubuntu PPA, and Snapcraft.

Please report any bugs you encounter at our GitHub issue tracker. We are also available on Matrix and IRC in case you have any other issues with the new release (see Contact).


This is the full changelog for KeePassXC 2.5.4:

  • Return keyboard focus after saving database edits [#4287]
  • Windows: Use bare minimum settings in portable version [#4131]
  • Windows: Use SHA256 code signing [#4129]
  • macOS: Fix code signing incompatibility in latest macOS release [#4564]