File vaultwarden.changes of Package vaultwarden
-------------------------------------------------------------------
Mon Aug 11 09:54:58 UTC 2025 - Julian Röder <obs@masgalor.de>
- Update to version 1.34.3
fix css to hide login with passkey by @stefan0xC in #5890
fix css for locked screen by @stefan0xC in #5905
Some small admin updates by @BlackDex in #5909
Fix and improvements to password policies by @Timshel in #5923
make css for login-page position independent by @stefan0xC in #5906
allow signup for invited users by @stefan0xC in #5967
fix account recovery withdrawal by @stefan0xC in #5968
Fix an issue with yubico keys not validating by @BlackDex in #5991
Misc Updates and favicon fixes by @BlackDex in #5993
Update flags version and enable manual error reporting by @dani-garcia in #5994
Use existing reqwest client for AWS S3 requests by @txase in #5917
Fix v2025.6.x clients and newer to delete items by @BlackDex in #6004
fix hiding email as 2fa provider by @stefan0xC in #6026
Hide login form custom fields by @Timshel in #6054
fix: resolve group permission conflicts with multiple groups by @DasCanard in #6017
fix account key rotation by @stefan0xC in #6105
-------------------------------------------------------------------
Tue May 27 12:01:19 UTC 2025 - Julian Röder <obs@masgalor.de>
- Update to version 1.34.1
* Implemented new registration flow with email verification
* Added support for some feature flags (mutual TLS, attachment export, AnonAddy/SimpleLogin self host)
* Update crates & fix CVE-2025-25188 by @dfunkt in #5576
* Fix db issues with Option<> values and upd crates by @BlackDex in #5594
* allow CLI to upload send files with truncated filenames by @stefan0xC in #5618
* Use subtle to replace deprecated ring::constant_time::verify_slices_are_equal by @Timshel in #5680
* Add support for mutual-tls feature flag by @bennettmsherman in #5698
* Add AnonAddy/SimpleLogin self host feature flag by @PseudoResonance in #5694
* Implement new registration flow with email verification by @dani-garcia in #5215
* Some fixes for the new web-vault and updates by @BlackDex in #5703
* Fix invited user registration without SMTP by @Timshel in #5712
* Updates and general fixes by @BlackDex in #5762
* On member invite and edit access_all is not sent anymore by @Timshel in #5673
* respond with cipher json when deleting attachments by @stefan0xC in #5823
* feat: add feature flag export-attachments by @tessus in #5784
* Fix Yubico toggle by @Timshel in #5833
* Fix minimum Android version for self-host email alias feature flags by @PseudoResonance in #5802
* feat: add ip address in logs when email 2fa token is invalid or not available by @tessus in #5779
* Add totp menu feature flag by @moodejb123 in #5850
* Remove Hide Business scss rules by @Timshel in #5855
* Toggle providers using class by @Timshel in #5832
* Remove old client version check by @Timshel in #5874
* web-client now request email 2fa by @Timshel in #5871
* Update admin interface by @BlackDex in #5880
* Sync with Upstream by @BlackDex in #5798
-------------------------------------------------------------------
Mon Feb 10 09:35:25 UTC 2025 - Julian Röder <obs@masgalor.de>
- Update to version 1.33.2
* fix CVE-2025-24898 by @dfunkt in #5538
* add bulk-access endpoint for collections by @stefan0xC in #5542
* Fix icon redirect not working on desktop by @BlackDex in #5536
* Show assigned collections on member edit by @BlackDex in #5556
-------------------------------------------------------------------
Mon Feb 3 14:05:14 UTC 2025 - Julian Röder <obs@masgalor.de>
- Update to version 1.33.1
* Add inline-menu-positioning-improvements feature flag by @Ephemera42 in #5313
* Fix issues when uri match is a string by @BlackDex in #5332
* Add TOTP delete endpoint by @Timshel in #5327
* fix group issue in send_invite by @stefan0xC in #5321
* Refactor the uri match fix and fix ssh-key sync by @BlackDex in #5339
* Add partial role support for manager only using web-vault v2024.12.0 by @BlackDex in #5219
* Fix issue with key-rotate by @BlackDex in #5348
* fix manager role in admin users overview by @stefan0xC in #5359
* Prevent new users/members to be stored in db when invite fails by @BlackDex in #5350
* rename membership and adopt newtype pattern by @stefan0xC in #5320
* Fix an issue with login with device by @BlackDex in #5379
* improve admin invite by @stefan0xC in #5403
* Add manage role for collections and groups by @BlackDex in #5386
* Security fixes by @BlackDex in #5438
* only validate SMTP_FROM if necessary by @stefan0xC in #5442
* hide already approved (or declined) auth_requests by @stefan0xC in #5467
* let invited members access OrgMemberHeaders by @stefan0xC in #5461
* Make sure the icons are displayed correctly in desktop clients by @WinLinux1028 in #5469
* Fix passwordRevisionDate format by @BlackDex in #5477
* add and use new event types by @stefan0xC in #5482
* Fix Duo Field Names for Web Client by @ratiner in #5491
* Allow all manager to create collections again by @BlackDex in #5488
-------------------------------------------------------------------
Fri Dec 20 12:10:46 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.32.7
* feat: mask _smtp_img_src in support string by @tessus in #5281
* Some refactoring, optimizations and security fixes by @BlackDex in #5291
* Allow adding connect-src entries by @BlackDex in #5293
* Use updated fern instead of patch by @BlackDex in #5298
-------------------------------------------------------------------
Sat Dec 14 15:43:34 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.32.6
* Fix push not working by @BlackDex in #5214
* Fix editing members which have access-all rights by @BlackDex in #5213
* chore: fix some comments by @chuangjinglu in #5224
* Fix another sync issue with native clients by @BlackDex in #5259
* Some Backend Admin fixes and updates by @BlackDex in #5272
-------------------------------------------------------------------
Tue Nov 19 09:13:27 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.32.5
* Fix undisclosed CVE.
* Fix if logic error by @BlackDex in #5171
* More authrequest fixes by @dani-garcia in #5176
* Add dynamic CSS support by @BlackDex in #4940
* fix hibp username encoding and pw hint check by @BlackDex in #5180
* Remove auth-request deletion by @BlackDex in #5184
* fix password hint check by @stefan0xC in #5189
* don't infer manage permission for groups by @stefan0xC in #5190
* Some more authrequest changes by @dani-garcia in #5188
* Support SSH keys on desktop 2024.12 by @dani-garcia in #5187
* Fix Org Import duplicate collections by @BlackDex in #5200
-------------------------------------------------------------------
Mon Nov 11 11:14:12 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.32.4
* Fix undisclosed CVE
* Added more compatibility fixes for the native mobile apps, datetimes are now formatted without too many decimals.
* Email Template changes to the send emergency access invite.
-------------------------------------------------------------------
Mon Oct 28 08:17:14 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.32.3
* Fix iOS sync by converting field types to int by @BlackDex in #5081
* Fix field type to actually be hidden by @BlackDex in #5082
* Fix org invite url being html encoded by @BlackDex in #5100
* Fix collection management and match some json output by @BlackDex in #5095
* Add extension-refresh feature flag by @dfunkt in #5106
* Hide user name on invite status by @BlackDex in #5110
-------------------------------------------------------------------
Mon Oct 14 06:51:20 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.32.2
* Updates and collection management fixes by @BlackDex in #5072
* Fix --version from failing without config by @BlackDex in #5055
-------------------------------------------------------------------
Tue Oct 8 08:04:27 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.32.1
* Fix Duo Redirect not using path by @BlackDex in #4862
* Fix manager in web-vault v2024.6.2 for collections by @BlackDex in #4860
* Update email footer padding values by @dfunkt in #4838
* Remove unecessary email normalization by @Timshel in #4840
* Fix Vaultwarden Admin page error messages by @BlackDex in #4869
* remove overzealous sanity check by @stefan0xC in #4879
* Fix Login with device by @BlackDex in #4878
* Remove version from server config info by @zacknewman in #4885
* Allow Org Master-Pw policy enforcement by @BlackDex in #4899
* Allow enforcing Single Org with pw reset policy by @BlackDex in #4903
* Add a CLI feature to backup the SQLite DB by @BlackDex in #4906
* Add orgUserHasExistingUser parameters to org invite by @Timshel in #4827
* Fix sync with new native clients by @BlackDex in #4932
* Fix collection update from native client by @BlackDex in #4937
* fix invitation link via /admin by @stefan0xC in #4950
* Fix Pw History null dates by @BlackDex in #4966
* fix 2fa policy check on registration by @stefan0xC in #4956
* Actually use Device Type for mails by @dfunkt in #4916
* remove backtics from postgresql migrations by @stefan0xC in #4968
* Fix Device Type column for 2FA migration by @BlackDex in #4971
* Fix encrypted lastUsedDate by @BlackDex in #4972
* Fix keyword collision in Rust 2024 and add new api/config value by @dani-garcia in #4975
-------------------------------------------------------------------
Tue Aug 13 07:11:09 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.32.0
* use a custom plan of enterprise tier to fix limits by @stefan0xC in #4726
* Fix bug where secureNotes is empty by @cobyge in #4730
* Improved HTTP client by @dani-garcia in #4740
* Update admin interface by @BlackDex in #4737
* Fix for RSA Keys which are read only by @BlackDex in #4744
* Fix Email 2FA login on native app by @BlackDex in #4762
* allow re-invitations of existing users by @stefan0xC in #4768
* Allow to override log level for specific target by @Timshel in #4305
* Add support for MFA with Duo's Universal Prompt by @0x0fbc in #4637
* Allow to increase the note size to 100_000 by @BlackDex in #4772
* Duo: use the formatted db email by @Timshel in #4779
* fix issue with adding ciphers to organizations on native ios app by @stefan0xC in #4800
* Rewrite the Push Notifications section in the configuration template by @dfunkt in #4805
* Secure send file uploads by @BlackDex in #4810
* make access_all optional by @stefan0xC in #4812
* Remove lowercase conversion for featureStates by @dfunkt in #4820
* Fix mail::send_incomplete_2fa_login panic issue by @dfunkt in #4792
* Fix data disclosure on organization endpoints by @BlackDex in #4837
-------------------------------------------------------------------
Tue Jul 9 07:26:24 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.31.0
* Initial support for the beta releases of the new native mobile apps
* Removed support for WebSocket traffic on port 3012
* Fix comment in events.rs by @KrappRamiro in #4408
* Improve JWT RSA key initialization and avoid saving public key by @dani-garcia in #4085
* Remove custom WebSocket code by @BlackDex in #4001
* refactor: replace panic with a graceful exit by @tessus in #4402
* Small improvements around email change by @Timshel in #4415
* Change timestamp data type. by @gzfrozen in #4355
* Fix #3624: fix manager permission within groups by @matlink in #3754
* automatically use email address as 2fa provider by @stefan0xC in #4317
* fix: typos by @testwill in #4440
* Use async verify for Yubikey by @dani-garcia in #4448
* Implement custom DNS resolver by @dani-garcia in #3988
* Pass in collection ids to notifier when sharing cipher. by @kristof-mattei in #4517
* improve access to collections via groups by @stefan0xC in #4441
* fix emergency access invites by @stefan0xC in #4337
* Some fixes for the new mobile apps by @dani-garcia in #4526
* Improve Commentary Aesthetics by @rich-purnell in #4549
* also delete organization_api_key when deleting organizations by @stefan0xC in #4557
* Fix public api for domains with path prefix by @FDHoho007 in #4500
* differentiate external groups by organization id by @stefan0xC in #4586
* Remove old knowndevice route by @Timshel in #4578
* Change API and structs to camelCase by @dani-garcia in #4386
* Fix cipher creation on new android app by @dani-garcia in #4670
* Remove mimalloc workaround by @dfunkt in #4606
* Change some missing PascalCase keys by @dani-garcia in #4671
* Fix collections and native app issue by @BlackDex in #4685
* Fix duplicate folder creations during import by @BlackDex in #4702
* Remove duplicate registry step by @dfunkt in #4703
* add group support for Cipher::get_collections() by @stefan0xC in #4592
* Switch registry cache compression algorithm to zstd by @dfunkt in #4704
* Some fixes for emergency access by @BlackDex in #4715
-------------------------------------------------------------------
Mon Mar 4 07:46:34 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.30.5
* Fix env template to ensure compatibility with systemd's EnvironmentFile parsing by @seiuneko in #4315
* fix: web API call for jquery 3.7.1 by @calvin-li-developer in #4400
* Update crates to fix new builds by @BlackDex in #4308
-------------------------------------------------------------------
Fri Feb 2 08:34:36 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.30.3
* fix push device registration by @stefan0xC in #4297
-------------------------------------------------------------------
Wed Jan 31 07:51:46 UTC 2024 - Julian Röder <obs@masgalor.de>
- Update to version 1.30.2
* Prevent generating an error during ws close by @BlackDex in #4127
* Several small fixes for open issues by @BlackDex in #4143
* Decrease JWT Refresh/Auth token by @BlackDex in #4163
* Fix Single Org Policy check by @BlackDex in #4207
* Allow customizing the featureStates by @PKizzle in #4168
* Fix #3413: push to users accessing the collections using groups by @matlink in #3757
* US or EU Data Region Selection by @toto-xoxo in #3752
* enforce 2FA policy on removal of second factor and login by @stefan0xC in #3803
* improve emergency access when not enabled by @stefan0xC in #4227
* Fix bulk collection deletion by @BlackDex in #4257
* fix: use black text for update badge (better contrast) by @tessus in #4245
* prevent side effects if groups are disabled by @stefan0xC in #4265
* Return 404 when user public_key is empty by @Timshel in #4271
* Improve file limit handling by @dani-garcia in #4242
* Fix attachment upload size check by @BlackDex in #4282
* err on invalid feature flag by @stefan0xC in #4263
* register missing push devices at login by @stefan0xC in #3792
* Update env template file by @gzfrozen in #4276
-------------------------------------------------------------------
Mon Nov 20 09:17:57 UTC 2023 - Julian Röder <obs@masgalor.de>
- Update to version 1.30.1
* Disable autofill-v2 by @BlackDex in #4056
* Add Protected Actions Check by @BlackDex in #4067
* Update crates by @BlackDex in #4074
-------------------------------------------------------------------
Tue Nov 7 07:54:16 UTC 2023 - Julian Röder <obs@masgalor.de>
- Update to version 1.30.0
* Added passkey support, allowing the browser extensions to store and use your passkeys.
* Fixed crashes when trying to create/edit a cipher in the mobile applications.
* Fix Login With Device without MasterPassword by @BlackDex in #3831
* Fix typos by @tuhanayim in #3959
* csp: rename anonaddy.com to addy.io by @stefan0xC in #3950
* filter handlebars logs by @stefan0xC in #3859
* Remove unnecessary variable clone by @mvalois in #3981
* Fix small issues by @BlackDex in #3964
* Adds LastActive on /admin/users API route by @mvalois in #3951
* Reopen log file on SIGHUP by @tobiasmboelz in #3909
* Fix External ID not set during DC Sync by @BlackDex in #3804
* New config option disable email change by @admav in #3986
* 2FA Confirmation Code Email subject line change to fix triggering Google spam blocker by @aureateflux in #3572
* Implement cipher key encryption by @dani-garcia in #3990
* Fix issue with MariaDB/MySQL migrations by @BlackDex in #3994
* feat: Working passkeys storage by @GeekCornerGH in #4025
* Fix importing Bitwarden exports by @BlackDex in #4030
-------------------------------------------------------------------
Fri Sep 1 07:13:56 UTC 2023 - Julian Röder <obs@masgalor.de>
- Update to version 1.29.2
* Fix UserOrg status during LDAP Import by @BlackDex in #3740
* Implement "login with device" by @quexten in #3592
* Optimized Favicon downloading by @BlackDex in #3751
* add UserDecryptionOptions to login response by @stefan0xC in #3813
* add new secretsmanager plan for web-v2023.8.x by @stefan0xC in #3797
* Allow Authorization header for Web Sockets by @BlackDex in #3806
* Update admin interface by @BlackDex in #3730
-------------------------------------------------------------------
Wed Aug 2 06:51:32 UTC 2023 - Julian Röder <obs@masgalor.de>
- Update to version 1.29.1
* Fix Org API Key generation on PosgreSQL by @BlackDex in #3678
* feat: Add support for forwardemail by @GeekCornerGH in #3686
* Fix some external_id issues by @BlackDex in #3690
* Remove debug code during attachment download by @BlackDex in #3704
-------------------------------------------------------------------
Wed Jul 12 20:21:39 UTC 2023 - Julian Röder <obs@masgalor.de>
- Update to version 1.29.0
* WebSocket notifications now work via the default HTTP port. No need for WEBSOCKET_ENABLED and a separate port anymore.
Support for the old websockets port 3012 will remain for the time being.
* Mobile Client push notification support, see #3304 thanks @GeekCornerGH!
* Storing passkeys is supported, though the clients are not yet released. So, it might be we need to make some changes once they are released.
* check if reset password policy is enabled by @stefan0xC in #3427
* Several config and admin interface fixes by @BlackDex in #3436
* Fixed missing footer_text and a few inconsistencies in email templates by @kennymc-c in #3439
* inline static rsa keys by @vilgotf in #3475
* Change String to &str for all Rocket functions and some other fixes by @BlackDex in #3491
* Sync global_domains.json (Pinterest) by @jjlin in #3532
* Prevent 401 on main admin page by @BlackDex in #3547
* Fix collection change ws notifications by @BlackDex in #3546
* Implement Push Notifications sync by @GeekCornerGH in #3304
* Implement the Organization API Key support for the new Directory Connector v2022 by @BlackDex in #3568
* Add mobile push device filter to non-null push uuid by @quexten in #3578
* Add group import on invite by @farodin91 in #3606
* Fix send access regression by @BlackDex in #3608
* Support for storing passkeys in the vault by @GeekCornerGH in #3593
* add user to collection during creation by @farodin91 in #3609
* Added-External_id for Collections by @fashberg in #3623
* fix missing password check while manual reset password enrollment by @sirux88 in #3632
* Fix org creation regresion by @BlackDex in #3659
-------------------------------------------------------------------
Mon Apr 3 09:48:53 UTC 2023 - Julian Röder <obs@masgalor.de>
- Update to version 1.28.1
* Decode knowndevice X-Request-Email as base64url with no padding by @jjlin in #3376
* Fix abort on password reset mail error by @BlackDex in #3390
* support /users/<uuid>/invite/resend admin api by @nikolaevn in #3397
* always return KdfMemory and KdfParallelism by @stefan0xC in #3398
* Fix sending out multiple websocket notifications by @BlackDex in #3405
-------------------------------------------------------------------
Mon Mar 27 06:45:43 UTC 2023 - Julian Röder <obs@masgalor.de>
- Update to version 1.28.0
* Remove patched multer-rs by @manofthepeace in #2968
* Removed unsafe-inline JS from CSP and other fixes by @BlackDex in #3058
* Validate YUBICO_SERVER string (#3003) by @BlackDex in #3059
* Log message to stderr if LOG_FILE is not writable by @pjsier in #3061
* Update WebSocket Notifications by @BlackDex in #3076
* Optimize config loading messages by @BlackDex in #3092
* Percent-encode org_name in links by @am97 in #3093
* Fix failing large note imports by @BlackDex in #3087
* Change text/plain API responses to application/json by @jjlin in #3124
* Resolve uninlined_format_args clippy warnings by @BlackDex in #3065
* Fix remaining inline format by @BlackDex in #3130
* Optimize CipherSyncData for very large vaults by @BlackDex in #3133
* Add avatar color support by @BlackDex in #3134
* Add MFA icon to org member overview by @BlackDex in #3135
* Minor refactoring concering user.setpassword by @sirux88 in #3139
* Validate note sizes on key-rotation. by @BlackDex in #3157
* Update KDF Configuration and processing by @BlackDex in #3163
* Admin password reset by @sirux88 in #3116
* "Spell-Jacking" mitigation ~ prevent sensitive data leak … by @dlehammer in #3145
* don't nullify key when editing emergency access by @stefan0xC in #3215
* Fix trailing slash not getting removed from domain by @BlockListed in #3228
* Generate distinct log messages for regex vs. IP blacklisting. by @kpfleming in #3231
* allow editing/unhiding by group by @farodin91 in #3108
* Fix Javascript issue on non sqlite databases by @BlackDex in #3167
* add argon2 kdf fields by @tessus in #3210
* add support for system mta though sendmail by @soruh in #3147
* Validate all needed fields for client API login by @BlackDex in #3251
* Fix Organization delete when groups are configured by @BlackDex in #3252
* Fix Collection Read Only access for groups by @Misterbabou in #3254
* Make the admin session lifetime adjustable by @mittler-works in #3262
* Add function to fetch user by email address by @mittler-works in #3263
* Fix vault item display in org vault view by @jjlin in #3277
* Add confirmation for removing 2FA and deauthing sessions in admin panel by @JCBird1012 in #3282
* Some Admin Interface updates by @BlackDex in #3288
* Admin token Argon2 hashing support by @BlackDex in #3289
* Add HEAD routes to avoid spurious error messages by @jjlin in #3307
* Fix web-vault Member UI show/edit/save by @BlackDex in #3315
* Add support for /api/devices/knowndevice with HTTP header params by @jjlin in #3329
* Merge ClientIp with Headers. by @BlackDex in #3332
* add endpoints to bulk delete collections/groups by @stefan0xC in #3354
* Add support for Quay.io and GHCR.io as registries by @BlackDex in #3363
-------------------------------------------------------------------
Thu Jan 5 08:34:05 UTC 2023 - Julian Röder <obs@masgalor.de>
- Update to version 1.27.0
* Group support | applied .diff by @MFijak in #2846
* Add Organizational event logging feature by @BlackDex in #2868
* Limit Cipher Note encrypted string size by @BlackDex in #2945
* fix invitations of new users when mail is disabled by @stefan0xC in #2773
* attach images in email by @stefan0xC in #2784
* allow registration without invite link by @stefan0xC in #2799
* Fix master password hint update not working. by @BlackDex in #2834
* Sync global_domains.json by @jjlin in #2840
* verify email on registration by invite by @stefan0xC in #2804
* Add /devices/knowndevice endpoint by @BlackDex in #2893
* fix: removed a double space by @GeekCornerGH in #2894
* Support Org Export for v2022.11 clients by @BlackDex in #2899
* Use constant size generic parameter for random bytes generation by @samueltardieu in #2910
* Set "Bypass admin page security" as read-only by @BlackDex in #2918
* Fully remove DuckDuckGo email service. by @BlackDex in #2919
* Added missing register endpoint to identity by @BlackDex in #2920
* Prevent DNS leak when icon regex is configured by @BlackDex in #2921
* allow managers to set groups of a collection by @stefan0xC in #2933
* Update Vaultwarden Logo's by @BlackDex in #2940
* check if sqlite folder exists by @stefan0xC in #2873
* redirect to admin login page when forward fails by @stefan0xC in #2886
* Cleanups and Fixes for Emergency Access by @BlackDex in #2936
* Fix admin repost warning. by @BlackDex in #2953
* Add dev-only query logging support by @BlackDex in #2954
* Fix managers and groups link by @BlackDex in #2947
* use a custom 404 page by @stefan0xC in #2948
* Increase privacy of masked config by @BlackDex in #2963
* use black favicon for /admin by @tessus in #2970
* Remove ctrlc crate and some updates by @BlackDex in #2971
* Revert collection queries back to left_join by @BlackDex in #2976
* Fix recover-2fa not working. by @BlackDex in #2994
* Disable groups by default and Some optimizations by @BlackDex in #2995
* Fix a panic during Yubikey register/login by @BlackDex in #3006
-------------------------------------------------------------------
Tue Oct 18 07:28:59 UTC 2022 - Julian Röder <obs@masgalor.de>
- Update to version 1.26.0
* Fix uploads from mobile clients (and dep updates) by @BlackDex in #2675
* Add support for send v2 API endpoints by @BlackDex in #2756
* External Links | Optimize behavior by @Fvbor in #2693
* Add Org user revoke feature by @BlackDex in #2698
* Change the handling of login errors. by @BlackDex in #2729
* Added support for web-vault v2022.9 by @BlackDex in #2732
* add not_found catcher for 404 errors by @stefan0xC in #2768
* Fix issue 2737, unable to create org by @BlackDex in #2738
* Rename/Fix revoke/restore endpoints by @BlackDex in #2739
* Update CSP for DuckDuckGo email forwarding by @jjlin in #2812
* check if data folder is a writable directory by @stefan0xC in #2811
* fix: tooltip typo by @djbrownbear in #2746
* Update libraries and Rust version by @BlackDex in #2758
* Fix organization vault export by @BlackDex in #2765
* allow the removal of non-confirmed owners by @stefan0xC in #2772
* v2022.9.2 expects a json response while registering by @stefan0xC in #2803
* make invitation expiration time configurable by @stefan0xC in #2805
* return more descriptive JWT validation messages by @stefan0xC in #2806
* Add CreationDate to cipher response JSON by @jjlin in #2813
- Improve systemd-integration with some distributions.
-------------------------------------------------------------------
Fri Oct 7 08:14:38 UTC 2022 - Julian Röder <obs@masgalor.de>
- Improve the build environment
* Requirements that were only introduced to satisfy the build service were removed.
Conflitcs and choices are now resolved within the project configuration.
* The rust-setup was optimized to skip unnecessary components and configurations.
-------------------------------------------------------------------
Thu Jul 28 06:34:38 UTC 2022 - Julian Röder <obs@masgalor.de>
- Update to version 1.25.2
* Fix persistent folder check within containers by @BlackDex in #2631
* Mitigate attachment/send upload issues by @BlackDex in #2650
* Fix issue with CSP and icon redirects by @BlackDex in #2624
-------------------------------------------------------------------
Mon Jul 18 07:51:18 UTC 2022 - Julian Röder <obs@masgalor.de>
- Change the buildrecipe to build all binaries on the intended target system, instead of reusing prebuilt binaries.
- Update to version 1.25.1
* Sync global_domains.json by @jjlin in #2555
* Add TMP_FOLDER to .env.template by @fox34 in #2489
* Allow FireFox relay in CSP. by @BlackDex in #2565
* Fix hidden ciphers within organizational view. by @BlackDex in #2567
* Add password_hints_allowed config option by @jjlin in #2586
* Fall back to move_copy_to if persist_to fails while saving uploaded files. by @ruifung in #2605
* Swap Websocket crate from ws to tungstenite, which is more maintained, supports async, and removes around 20 old duplicate versions of used crates by @dani-garcia
* Add a persistent volume check. by @BlackDex in #2501, #2507
* Adding "UserEnabled" and "CreatedAt" member to the json output of a User by @Lowaiz in #2523
* Bump lettre to 0.10.0-rc.7 by @paolobarbolini in #2531
* Small email sending code improvements by @paolobarbolini in #2532
* A little depreciation change by @binlab in #2556
* Fix identicons not always working by @BlackDex in #2571
* Small change in log-level for better debugging by @BlackDex in #2577
* Address inconsistency v{version} with and without a v in the version with most recent updates. by @nneul in #2595
* Bump openssl-src from 111.21.0+1.1.1p to 111.22.0+1.1.1q by @dependabot in #2599
* Add more clippy checks for better code/readability by @BlackDex in #2611
* Update deps, misc fixes and updates, small improvements on favicons and fix file-uploads by @BlackDex in #2543, #2568, #2619
-------------------------------------------------------------------
Fri Jun 3 06:27:20 UTC 2022 - Julian Röder <obs@masgalor.de>
- Update to version 1.25.0
* Update Rocket to 0.5 and async, and compile on stable by @dani-garcia in #2276
* Update async to prepare for main merge + several updates by @BlackDex in #2292
* Add IP address to missing/invalid password message for Sends by @jaen in #2313
* Add support for custom .env file path by @TinfoilSubmarine in #2315
* Added autofocus to pw field on admin login page by @taylorwmj in #2328
* Update login API code and update crates to fix CVE by @BlackDex in #2354
* Several updates and fixes by @BlackDex in #2379
* disable legacy X-XSS-Protection feature by @Wonderfall in #2380
* Fix building mimalloc on armv6 by @BlackDex in #2397
* Remove u2f implementation by @BlackDex in #2398
* Sync global_domains.json by @jjlin in #2400
* Add /api/{alive,now,version} endpoints by @jjlin in #2433
* Improve sync speed and updated dep. versions by @BlackDex in #2429
* Database connection init by @jjlin in #2440
* Fix upload limits and disable color logs by @BlackDex in #2480
-------------------------------------------------------------------
Mon Jan 31 13:59:35 UTC 2022 - Julian Röder <obs@masgalor.de>
- Update to version 1.24.0
* Add support for external icon services by @jjlin in #2158
* Add config option to set the HTTP redirect code for external icons by @jjlin in #2188
* Add support for legacy HTTP 301/302 redirects for external icons by @jjlin in #2218
* Add support for API keys by @jjlin in #2245
* Basic ratelimit for user login (including 2FA) and admin login by @dani-garcia in #2165
* Upgrade Feature-Policy to Permissions-Policy by @iamdoubz in #2228
* Set Expires header when caching responses by @RealOrangeOne in #2182
* Increase length limit for email token generation by @jjlin in #2257
* Small changes to icon log messages. by @BlackDex in #2170
* Bump rust version to mitigate CVE-2022-21658 by @dscottboggs in #2255
* Fixed #2151 by @BlackDex in #2169
* Fixed issue #2154 by @BlackDex in #2194
* Fix issue with Bitwarden CLI. by @BlackDex in #2197
* Fix emergency access invites for new users by @BlackDex in #2217
* Sync global_domains.json by @jjlin in #2156
* Sync global_domains.json by @jjlin in #2171
- Complete default config file
-------------------------------------------------------------------
Wed Dec 15 08:04:23 UTC 2021 - Julian Röder <obs@masgalor.de>
- Update to version 1.23.1
* Add email notifications for incomplete 2FA logins by @jjlin in #2067
* Fix conflict resolution logic for read_only and hide_passwords flags by @jjlin in #2073
* Fix missing encrypted key after emergency access reject by @jjlin in #2078
* Fix PostgreSQL migration by @jjlin in #2080
* Macro recursion decrease and other optimizations by @BlackDex in #2084
* Enabled trust-dns and some updates. by @BlackDex in #2125
-------------------------------------------------------------------
Thu Oct 21 10:10:34 UTC 2021 - Julian Röder <obs@masgalor.de>
- Update to version 1.23.0
* Added emergency access feature
* Can be disabled setting EMERGENCY_ACCESS_ALLOWED=false
* Added support for single organization policy
* Fixed incorrect webauthn origin
* Enforce personal ownership policy on imports
* Fixed issue using uppercase characters on emails
* Added organization bulk user management actions (reinvite/confirm/delete)
* Removed limmit that disabled sending ciphers with attachments
* Disabled enforcing of two factor organization policy on users that haven't been accepted yet
* Updated icon fetching to make it work on unicode websites
* Added database connection check to /alive endpoint
* Updated dependencies
-------------------------------------------------------------------
Tue Jul 27 07:55:26 UTC 2021 - Julian Röder <obs@masgalor.de>
- Update to version 1.22.2
* Enforce 2FA policy in organizations.
* Protect send routes against a possible path traversal attack.
* Disable show_password_hint by default, it still can be enabled in the admin panel or with environment variables.
* Disable user verification enforcement in Webauthn, which would make some users unable to login.
* Fix issue that wouldn't correctly delete Webauthn Key.
* Added Edge extension support for Webauthn.
-------------------------------------------------------------------
Thu Jul 1 07:54:24 UTC 2021 - Julian Röder <obs@masgalor.de>
- Update to version 1.22.1
* Added sends_allowed option to disable Send functionality.
* Added support for hiding the senders email address.
* Added Send options policy.
* Added support for password reprompt.
* Switched to the new attachment download API.
* Send download links use a token system to limit their downloads.
* Updates to the icon fetching.
* Support for webauthn.
* The admin page now shows which variables are overridden.
* Updated dependencies and docker base images.
* Now RSA keys are generated with the included openssl instead of calling to the openssl binary.
- Remove OpenSSL as dependency as it is no longer needed.
-------------------------------------------------------------------
Wed May 26 21:42:55 UTC 2021 - Julian Röder <obs@masgalor.de>
- Add support for mysql und postgresql
-------------------------------------------------------------------
Mon May 3 08:02:42 UTC 2021 - Julian Röder <obs@masgalor.de>
- Improves package relations on debian-based distributions
-------------------------------------------------------------------
Fri Apr 30 10:12:08 UTC 2021 - Julian Röder <obs@masgalor.de>
- Project renamed to Vaultwarden
- Update to version 1.21.0
* Add support for enabling auto-deletion of trash items after X days, disabled by default
* Set TRASH_AUTO_DELETE_DAYS to a positive value to enable this functionality
* You can also configure how often this process runs, using cron sintax with the variable TRASH_PURGE_SCHEDULE
* Updates to the icon fetching, making it more reliable in detecting icon types
* Updated admin page, improving version checks and SQLite backup feature
