mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-02-05 00:29:40 +03:00
-
OVERLORD released this
2026-01-09 21:22:41 +03:00 | 8 commits to main since this release📅 Originally published on GitHub: Fri, 09 Jan 2026 18:37:04 GMT
🏷️ Git tag created: Fri, 09 Jan 2026 18:22:41 GMTNotable changes
Fixed an issue with the web-vault which prevent creating an organization.
What's Changed
- update web-vault to fix org creation by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6646
- return no content with status code 204 by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6665
- allow MasterPasswordHash for Android by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6673
- improve sso callback path by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6676
- Fix web-vault version check and update web-vault by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6686
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.1...1.35.2
Downloads
-
2025-12-30 00:55:47 +03:00 | 13 commits to main since this release📅 Originally published on GitHub: Tue, 30 Dec 2025 14:21:05 GMT
🏷️ Git tag created: Mon, 29 Dec 2025 21:55:47 GMTNotable changes
- Fixed issue with applications being logged out after upgrading due to changes to refresh token parsing
- Updated web vault to 2025.12.1
- Correctly publish
alpinetag, which was missing in 1.35.0
What's Changed
- Update lockfile by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/6600
- Re-add
alpinetag by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6626 - Misc updates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6627
- Try old refresh token if we fail to decode jwt by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/6629
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.0...1.35.1
Downloads
-
2025-12-28 01:53:01 +03:00 | 17 commits to main since this release📅 Originally published on GitHub: Sat, 27 Dec 2025 23:07:12 GMT
🏷️ Git tag created: Sat, 27 Dec 2025 22:53:01 GMTNotable changes
- Implemented support for SSO with OpenID Connect, https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect
- Updated web vault to 2025.12.0
- Added support for future mobile apps with versions 2026.1.0+
- This is the first vaultwarden release using immutable releases and release attestation!
What's Changed
- Fix multi delete slowdown by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6144
- Perform same checks when setting kdf by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6141
- SSO using OpenID Connect by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/3899
- Delete SSO.md by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/6152
- Update webauthn-rs to 0.5.x by @zUnixorn in https://github.com/dani-garcia/vaultwarden/pull/5934
- a little cleanup after SSO merge by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6153
- Fix link to point to the wiki by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6157
- Fix Email 2FA for mobile apps by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6156
- Update Rust to 1.89.0 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6150
- Fix several more multi select push issues by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6151
- Fix minor typo by @ncguk in https://github.com/dani-garcia/vaultwarden/pull/6165
- Update crates, fixes some yanked crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6167
- Fix WebauthN issue with Software Keys by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6168
- Fix Playwright test conf and update deps by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6176
- Misc updates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6185
- fix typo in description of helo_name by @Flottegurke in https://github.com/dani-garcia/vaultwarden/pull/6194
- Fix Playwright by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6206
- Switch to GHA's concurrency control by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6164
- Make database connection pool dynamic by @Samoth69 in https://github.com/dani-garcia/vaultwarden/pull/6166
- Re-add
ifcheck to release workflow by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6227 - Fix Webauthn/Passkey 2FA migration/validation issues by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6190
- refactor(config): update template, add validation by @tessus in https://github.com/dani-garcia/vaultwarden/pull/6229
- Show SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION in admin by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6235
- Update crates, gha and web-vault by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6234
- Fix panic around sso_master_password_policy by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6233
- make webauthn more optional by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6160
- Fix 2fa recovery endpoint by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6240
- update trivy-action to v0.33.0 by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6248
- update web vault to v2025.9.1 and allow new policy by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6340
- prevent changing collections when hide_passwords is true by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6278
- Fix
sso_userdropped onUser::saveby @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6262 - Change OIDC dummy identifier by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6263
- add new billing warnings endpoint by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6369
- Add auth_request pending endpoint by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6368
- Fix Org identifier by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6364
- add mail address change warning for invited accounts by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6377
- add missing media-src directive by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6381
- add seat limit for the invite dialog by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6371
- [Playwright] Improvements around node by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6321
- Use Diesels MultiConnections Derive by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6279
- Improve protected actions by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/6411
- Fix issue with key-rotation and emergency-access by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6421
- Optimizations and build speedup by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6339
- Use an older version of mariadb to prevent a panic by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6453
- Playwright against abitrary web-vault by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6380
- Fix KDF Change with new web-vault by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6458
- Fix: admin theme emoji alignment by @joepduin in https://github.com/dani-garcia/vaultwarden/pull/6459
- remove invalid emergency access dummy value by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6463
- Add
pm-25373-windows-biometrics-v2feature flag by @Ephemera42 in https://github.com/dani-garcia/vaultwarden/pull/6468 - Switch to multiple runners per arch by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6472
- Fix icon redirect caching by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6487
- Fix around singleorg policy by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6247
- fix email as 2fa provider by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6473
- Update crates and Rust version by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6485
- Add option to prefer IPv6 resolving by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6494
- Some small admin js/css updates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6501
- Update crates and workflows and some fixes by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6508
- Fixed a typo in the default TTL value by @k725 in https://github.com/dani-garcia/vaultwarden/pull/6528
- Iterate over tags on release by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6518
- Org.put_policy type not in body anymore by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6514
- Android want response property in camelCase by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6513
- Fix admin invite with SSO by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6498
- Improve sso auth flow by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6205
- fix email as 2fa for sso by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6495
- Fix release workflow by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6532
- Further fixes for the release workflow by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6533
- add empty /api/tasks endpoint by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6557
- Revert to gzip compression by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6566
- support UriMatchDefaults policy by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6570
- Add new accountKeys and masterPasswordUnlock fields by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/6572
- Update crates and Rust by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6551
- Add UserDecryption on /sync too by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/6574
- Update web-vault to v2025.12.0 by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6577
- Fix posting cipher with readonly collections by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6578
- Update crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6585
- Simplify binary extraction by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6554
- Remove unnecessary output sharing between jobs by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6555
- Add wrapped named variants to UserDecryptionOptions by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/6598
New Contributors
- @zUnixorn made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5934
- @ncguk made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/6165
- @Flottegurke made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/6194
- @Samoth69 made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/6166
- @joepduin made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/6459
- @k725 made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/6528
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.34.3...1.35.0
Downloads
-
2025-07-30 11:45:51 +03:00 | 95 commits to main since this release📅 Originally published on GitHub: Wed, 30 Jul 2025 09:10:59 GMT
🏷️ Git tag created: Wed, 30 Jul 2025 08:45:51 GMTNotable changes
This release should fix an issue with MySQL/MariaDB database connections when using the Alpine images.
The alpine build image has reverted to use MariaDB Connector/C v3.4.5 which resolved the issue.What's Changed
- Update crates to trigger rebuild for mysql issue by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6111
- fix hiding of signup link by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6113
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.34.2...1.34.3
Downloads
-
2025-07-27 21:27:00 +03:00 | 97 commits to main since this release📅 Originally published on GitHub: Sun, 27 Jul 2025 18:49:05 GMT
🏷️ Git tag created: Sun, 27 Jul 2025 18:27:00 GMTNotable changes
- Updated web vault to 2025.7.0
- Included experimental support for S3 file backend using OpenDAL. This currently requires compiling from source with the
s3feature flag, check https://github.com/dani-garcia/vaultwarden/pull/5626 for more details.
What's Changed
- fix css to hide login with passkey by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5890
- fix css for locked screen by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5905
- Abstract persistent files through Apache OpenDAL by @txase in https://github.com/dani-garcia/vaultwarden/pull/5626
- Some small admin updates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5909
- Fix and improvements to password policies by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5923
- Update Alpine to version 3.22 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5938
- make css for login-page position independent by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5906
- Minor fixes to copy in
.env.templateby @nickgrim in https://github.com/dani-garcia/vaultwarden/pull/5928 - Update crates and web-vault by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5955
- allow signup for invited users by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5967
- fix account recovery withdrawal by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5968
- Fix an issue with yubico keys not validating by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5991
- Misc Updates and favicon fixes by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5993
- Update flags version and enable manual error reporting by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/5994
- Use existing reqwest client for AWS S3 requests by @txase in https://github.com/dani-garcia/vaultwarden/pull/5917
- Fix v2025.6.x clients and newer to delete items by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6004
- chore: fix some minor issues in the comments by @mountdisk in https://github.com/dani-garcia/vaultwarden/pull/5998
- fix hiding email as 2fa provider by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6026
- Update web-vault and admin resources by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6044
- improve the usage section of the README by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6041
- close unmatched left parenthesis in the README by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6046
- Update crates, workflow and issue template by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6056
- Update release.yml by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/6057
- fix hash reference in release.yml by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6058
- Fix digest SHA extraction step by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/6059
- Hide login form custom fields by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6054
- Adjust issue template by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6096
- fix: resolve group permission conflicts with multiple groups by @DasCanard in https://github.com/dani-garcia/vaultwarden/pull/6017
- Update crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6100
- fix account key rotation by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6105
New Contributors
- @txase made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5626
- @nickgrim made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5928
- @mountdisk made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5998
- @DasCanard made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/6017
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.34.1...1.35.0
Downloads
-
2025-05-27 00:20:53 +03:00 | 127 commits to main since this release📅 Originally published on GitHub: Mon, 26 May 2025 21:40:54 GMT
🏷️ Git tag created: Mon, 26 May 2025 21:20:53 GMTWhat's Changed
- Fix admin diagnostics crash by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5886
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.34.0...1.34.1
Downloads
-
2025-05-26 22:30:19 +03:00 | 128 commits to main since this release📅 Originally published on GitHub: Mon, 26 May 2025 19:53:27 GMT
🏷️ Git tag created: Mon, 26 May 2025 19:30:19 GMTNotable changes
- Updated web-vault to v2025.5.0
- Implemented new registration flow with email verification
- Added support for some feature flags (mutual TLS, attachment export, AnonAddy/SimpleLogin self host)
What's Changed
- Update crates & fix CVE-2025-25188 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5576
- Fix db issues with Option<> values and upd crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5594
- allow CLI to upload send files with truncated filenames by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5618
- Update Rust to 1.85.0 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5634
- Use subtle to replace deprecated ring::constant_time::verify_slices_are_equal by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5680
- Add support for mutual-tls feature flag by @bennettmsherman in https://github.com/dani-garcia/vaultwarden/pull/5698
- Add AnonAddy/SimpleLogin self host feature flag by @PseudoResonance in https://github.com/dani-garcia/vaultwarden/pull/5694
- Implement new registration flow with email verification by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/5215
- Some fixes for the new web-vault and updates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5703
- Update Rust, Crates and other deps by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5709
- Update deps and web-vault by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5742
- Fix invited user registration without SMTP by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5712
- Fix mysqlclient-sys building by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5743
- Really fix building by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5745
- Update Rust to 1.86.0 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5744
- Verify templates in CI by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/5748
- Add Docker Templates pre-commit check by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5749
- Fix debian docker building by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5752
- Updates and general fixes by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5762
- On member invite and edit access_all is not sent anymore by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5673
- respond with cipher json when deleting attachments by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5823
- feat: add feature flag export-attachments by @tessus in https://github.com/dani-garcia/vaultwarden/pull/5784
- Fix Yubico toggle by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5833
- Fix minimum Android version for self-host email alias feature flags by @PseudoResonance in https://github.com/dani-garcia/vaultwarden/pull/5802
- feat: add ip address in logs when email 2fa token is invalid or not available by @tessus in https://github.com/dani-garcia/vaultwarden/pull/5779
- Update Rust, Crates and Web-Vault by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5860
- Add totp menu feature flag by @moodejb123 in https://github.com/dani-garcia/vaultwarden/pull/5850
- Remove Hide Business scss rules by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5855
- Toggle providers using class by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5832
- Remove old client version check by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5874
- web-client now request email 2fa by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5871
- Update admin interface by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5880
- Sync with Upstream by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5798
New Contributors
- @bennettmsherman made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5698
- @PseudoResonance made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5694
- @moodejb123 made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5850
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.33.2...1.34.0
Downloads
-
2025-02-09 20:23:28 +03:00 | 162 commits to main since this release📅 Originally published on GitHub: Sun, 09 Feb 2025 17:54:59 GMT
🏷️ Git tag created: Sun, 09 Feb 2025 17:23:28 GMTWhat's Changed
- Update workflows and enhance security by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5537
- Update crates & fix CVE-2025-24898 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5538
- add bulk-access endpoint for collections by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5542
- Fix icon redirect not working on desktop by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5536
- Show assigned collections on member edit by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5556
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.33.1...1.33.2
Downloads
-
2025-02-03 15:50:58 +03:00 | 167 commits to main since this release📅 Originally published on GitHub: Mon, 03 Feb 2025 13:21:44 GMT
🏷️ Git tag created: Mon, 03 Feb 2025 12:50:58 GMTGeneral mention
This release has some minor issues fixed like:
- Icon's not working on the Desktop clients
- Invites not always working
- DUO settings not able to configure
- Manager rights
- Mobile client sync issues fixed
What's Changed
- hide already approved (or declined) auth_requests by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5467
- let invited members access OrgMemberHeaders by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5461
- Make sure the icons are displayed correctly in desktop clients by @WinLinux1028 in https://github.com/dani-garcia/vaultwarden/pull/5469
- Fix passwordRevisionDate format by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5477
- add and use new event types by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5482
- Fix Duo Field Names for Web Client by @ratiner in https://github.com/dani-garcia/vaultwarden/pull/5491
- Allow all manager to create collections again by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5488
- Update Rust to 1.84.1 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5508
New Contributors
- @WinLinux1028 made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5469
- @ratiner made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5491
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.33.0...1.33.1
Downloads
-
2025-01-25 15:06:33 +03:00 | 175 commits to main since this release📅 Originally published on GitHub: Sat, 25 Jan 2025 13:26:58 GMT
🏷️ Git tag created: Sat, 25 Jan 2025 12:06:33 GMTSecurity Fixes
This release contains security fixes for the following advisories.
And we strongly advice to update as soon as possible.- GHSA-f7r5-w49x-gxm3
This vulnerability is only possible if you do not have anADMIN_TOKENconfigured and open links or pages you should not trust anyway. Ensure you have anADMIN_TOKENconfigured to keep your admin environment save. - GHSA-h6cc-rc6q-23j4
This vulnerability is only possible if someone was able to gain access to your Vaultwarden Admin Backend. The attacker could then change some settings to use sendmail as mail agent but adjust the settings in such a way that it would use a shell command. It then also needed to craft a special favicon image which would have the commands embedded to run during for example sending a test email. - GHSA-j4h8-vch3-f797
This vulnerability affects all users who have multiple Organizations and users which are able to create a new organization or have admin or owner rights on at least one organization. The attacker does need to know the Organization UUID of the Organization it want's to attack or compromise though.
Notable changes
- Updated web-vault to v2025.1.1
- Added partial manage role support for collections
- Manager role is converted to a Custom role with either Manage All Collections or per collection.
Admins and Owners probably want to check and verify if the rights are still correct. - The OCI containers and binaries are signed via GitHub Attestations
This allows you to verify an OCI image or even thevaultwardenbinary located within the OCI image.
These vulnerabilities affects
What's Changed
- Add
inline-menu-positioning-improvementsfeature flag by @Ephemera42 in https://github.com/dani-garcia/vaultwarden/pull/5313 - Fix issues when uri match is a string by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5332
- Add TOTP delete endpoint by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5327
- fix group issue in send_invite by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5321
- Update crates and GHA by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5346
- Refactor the uri match fix and fix ssh-key sync by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5339
- Add partial role support for manager only using web-vault v2024.12.0 by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5219
- Fix issue with key-rotate by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5348
- fix manager role in admin users overview by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5359
- Prevent new users/members to be stored in db when invite fails by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5350
- Update crates and web-vault to v2025.1.0 by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5368
- Allow building with Rust v1.84.0 or newer by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5371
- rename membership and adopt newtype pattern by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5320
- build: raise msrv (1.83.0) rust toolchain (1.84.0) by @tessus in https://github.com/dani-garcia/vaultwarden/pull/5374
- Fix an issue with login with device by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5379
- refactor: replace static with const for global constants by @Integral-Tech in https://github.com/dani-garcia/vaultwarden/pull/5260
- Add Attestations for containers and artifacts by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5378
- Fix version detection on bake by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5382
- Simplify container image attestation by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5387
- improve admin invite by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5403
- Add manage role for collections and groups by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5386
- update web-vault to v2025.1.1 and add /api/devices by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5422
- Security fixes by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5438
- only validate SMTP_FROM if necessary by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5442
New Contributors
- @Ephemera42 made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5313
- @Integral-Tech made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5260
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.32.7...1.33.0
Downloads
- GHSA-f7r5-w49x-gxm3