Please open a bug report on GitHub about that.

Our default on Windows is Consolas, not Courier. Markdown in the notes field is an open issue and will be added in a future version: github.com/keepassxrebo...

New macOS DMG and AppImage builds have been posted as 2.7.11-1.

Update: There's an issue with the code signature on macOS, which prevents users from using the browser extension and the CLI tool. We're looking into that and will post a fix later today. github.com/keepassxrebo...

On 17 November 2025, KeePassXC (Version 2.7.9 for Windows 10) has been awarded a security Visa by the French National Cybersecurity Agency (ANSSI) for a First-level Security Certification (CSPN) with report No. ANSSI-CSPN-2025/16.

The most notable new features are: support for more file types in the inline attachment viewer, the ability to edit text file attachments, a new database merge confirmation dialog, support for groups in KeeShare, and an option for automatically generating passwords in new entries.

I hope having this here is enough. This doesn’t look like a large scheme to me at the moment, but still concerning.

A) Thanks for the realisation.
B) You shouldn’t trust us anyway. We’re random dudes from the internet. We have some reputation, but that’s it. Feel free to review our code yourself or follow our development process on GitHub. Whether or not we use LLMs should be irrelevant to your assessment.

Thanks for actually reading our argument. You can make a million cases for why LLMs, tech bros, the AI bubble etc. are societal and environmental problems and you’d be preaching to the choir here. But making a fundamental security issue out of it when it’s objectively not is a weak argument.

Talking about us now instead of with us. Great. Also see previous answer. bsky.app/profile/keep...

And?

We encourage you to become educated on our process and policies: github.com/keepassxrebo...

We’re doing all we can to prevent vulnerabilities, but a blanket ban of AI code is not a rational part of that. You can make a moral argument if you like, but not a security argument.

We’re not being overrun by third-party AI pull requests, so I’m not sure why we’re having this discussion. We’re managing our own time and if problems arise, we will take measures as we see fit. This is not the case at the moment, but thanks for the concerns.

Do what you must, we’re not stopping you. But we’re also not giving in to psychological blackmail only because you don’t like our stance on the issue. This discussion has run its course.

As opposed to explicitly encouraging, or explicitly discouraging, or implicitly discouraging?? We explicitly encourage well-written code submissions backed by test cases. If you read our CONTRIBUTING document you would see that. It's all written very clearly. github.com/keepassxrebo...

It’s whatever you read into it.

Why should we try if we don’t want to? How can you not accept that yes means yes or rather that don’t care means don’t care?

I have reviewed hundreds of human written code submissions. VERY few are without bugs, ridiculous code bloat, and/or edits to unrelated files. I am much more concerned about a malicious human actor participating in our PR process. Look no further than XZ Utils.