Releases: dani-garcia/vaultwarden
1.32.7
Security Fixes
This release contains a security fix for the following CVE GHSA-g65h-982x-4m5m.
This vulnerability affects any installations that have the ORG_GROUPS_ENABLED
setting enabled, and we urge anyone doing so to update as soon as possible.
What's Changed
- feat: mask _smtp_img_src in support string by @tessus in #5281
- Some refactoring, optimizations and security fixes by @BlackDex in #5291
- Allow adding connect-src entries by @BlackDex in #5293
- Use updated fern instead of patch by @BlackDex in #5298
Full Changelog: 1.32.6...1.32.7
1.32.6
What's Changed
- Fix push not working by @BlackDex in #5214
- Fix editing members which have access-all rights by @BlackDex in #5213
- chore: fix some comments by @chuangjinglu in #5224
- Update Rust and crates by @BlackDex in #5248
- Update Alpine to version 3.21 by @dfunkt in #5256
- Fix another sync issue with native clients by @BlackDex in #5259
- Update crates by @dfunkt in #5268
- Some Backend Admin fixes and updates by @BlackDex in #5272
New Contributors
- @chuangjinglu made their first contribution in #5224
Full Changelog: 1.32.5...1.32.6
1.32.5
Security Fixes
This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.
Notable changes
- Added SSH-Key storage support. Currently only usable with Bitwarden Desktop v2024.12.0 and newer.
You need to enable this feature by addingssh-key-vault-item,ssh-agent
to theEXPERIMENTAL_CLIENT_FEATURE_FLAGS
config option. See .env.template
What's Changed
- Fix if logic error by @BlackDex in #5171
- More authrequest fixes by @dani-garcia in #5176
- Add dynamic CSS support by @BlackDex in #4940
- fix hibp username encoding and pw hint check by @BlackDex in #5180
- Remove auth-request deletion by @BlackDex in #5184
- fix password hint check by @stefan0xC in #5189
- don't infer manage permission for groups by @stefan0xC in #5190
- Some more authrequest changes by @dani-garcia in #5188
- Support SSH keys on desktop 2024.12 by @dani-garcia in #5187
- Fix Org Import duplicate collections by @BlackDex in #5200
Full Changelog: 1.32.4...1.32.5
1.32.4
Security Fixes
This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.
Notable changes
- Added more compatibility fixes for the native mobile apps, datetimes are now formatted without too many decimals.
- Email Template changes to the send emergency access invite. If you have modified this template, make sure to update it with the new changes.
What's Changed
Full Changelog: 1.32.3...1.32.4
1.32.3
Notable changes
- Email template for org invites was updated again. The URL got HTML Encoded which resulted in a sometimes non-working URL (#5100)
- Fixed SMTP issues with some providers which send erroneous response to
QUIT
messages (Like QQ) (Thanks to @paolobarbolini) - Fixed a long standing collection management issue where collections were not able to be managed via the Password Manager overview
What's Changed
- Fix iOS sync by converting field types to int by @BlackDex in #5081
- Fix field type to actually be hidden by @BlackDex in #5082
- Fix org invite url being html encoded by @BlackDex in #5100
- Update Rust to 1.82.0 by @dfunkt in #5099
- Fix collection management and match some json output by @BlackDex in #5095
- Add
extension-refresh
feature flag by @dfunkt in #5106 - Hide user name on invite status by @BlackDex in #5110
- Add documentation for the
extension-refresh
feature flag by @dfunkt in #5112 - Update crates and fix Mail issue by @BlackDex in #5125
Full Changelog: 1.32.2...1.32.3
1.32.2
1.32.1
Notable changes
- Fixed syncing/login with native mobile clients
- Added CLI option to backup SQLite database
- Email Template changes regarding invites, 2FA Incomplete logins, and new logins
What's Changed
- Update GitHub Action Workflows by @BlackDex in #4849
- Fix Duo Redirect not using path by @BlackDex in #4862
- Fix manager in web-vault v2024.6.2 for collections by @BlackDex in #4860
- Update email footer padding values by @dfunkt in #4838
- Remove unecessary email normalization by @Timshel in #4840
- Fix Vaultwarden Admin page error messages by @BlackDex in #4869
- Update issue template by @BlackDex in #4876
- remove overzealous sanity check by @stefan0xC in #4879
- Fix Login with device by @BlackDex in #4878
- Switch to Whitelisting in .dockerignore by @Timshel in #4856
- Remove
version
from server config info by @zacknewman in #4885 - Update issue template by @BlackDex in #4882
- Update crates (GHSA-wq9x-qwcq-mmgf) by @BlackDex in #4889
- Updated security readme by @BlackDex in #4892
- Allow custom umask setting by @BlackDex in #4896
- Allow Org Master-Pw policy enforcement by @BlackDex in #4899
- Allow enforcing Single Org with pw reset policy by @BlackDex in #4903
- Add a CLI feature to backup the SQLite DB by @BlackDex in #4906
- Update web-vault, crates and gha by @BlackDex in #4909
- Add orgUserHasExistingUser parameters to org invite by @Timshel in #4827
- Update Rust version & crates by @dfunkt in #4928
- Fix sync with new native clients by @BlackDex in #4932
- Fix collection update from native client by @BlackDex in #4937
- fix invitation link via /admin by @stefan0xC in #4950
- Fix Pw History null dates by @BlackDex in #4966
- fix 2fa policy check on registration by @stefan0xC in #4956
- Actually use Device Type for mails by @dfunkt in #4916
- remove backtics from postgresql migrations by @stefan0xC in #4968
- Fix Device Type column for 2FA migration by @BlackDex in #4971
- Fix encrypted lastUsedDate by @BlackDex in #4972
- Fix keyword collision in Rust 2024 and add new api/config value by @dani-garcia in #4975
- Add extra linting by @BlackDex in #4977
New Contributors
- @zacknewman made their first contribution in #4885
Full Changelog: 1.32.0...1.32.1
1.32.0
Security Fixes
This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible.
- CVE-2024-39924 Fixed via #4715
- CVE-2024-39925 Fixed via #4837
- CVE-2024-39926 Fixed via #4737
Other changes
- Updated web-vault to v2024.6.2
- Fixed issues with password reset enrollment by rolling back a web-vault commit
What's Changed
- use a custom plan of enterprise tier to fix limits by @stefan0xC in #4726
- chore: Dockerfile to Remove port 3012 by @calvin-li-developer in #4725
- Fix bug where secureNotes is empty by @cobyge in #4730
- Improved HTTP client by @dani-garcia in #4740
- Update admin interface by @BlackDex in #4737
- Fix for RSA Keys which are read only by @BlackDex in #4744
- Fix Email 2FA login on native app by @BlackDex in #4762
- Update crates & fix crate vulnerability by @dfunkt in #4771
- Fix Dockerfile linter warnings by @dfunkt in #4763
- allow re-invitations of existing users by @stefan0xC in #4768
- Allow to override log level for specific target by @Timshel in #4305
- Add support for MFA with Duo's Universal Prompt by @0x0fbc in #4637
- Allow to increase the note size to 100_000 by @BlackDex in #4772
- Update Rust, Crates and GHA by @BlackDex in #4783
- Duo: use the formatted db email by @Timshel in #4779
- Update rust-toolchain.toml to 1.80.0 by @dfunkt in #4784
- fix issue with adding ciphers to organizations on native ios app by @stefan0xC in #4800
- Rewrite the Push Notifications section in the configuration template by @dfunkt in #4805
- Secure send file uploads by @BlackDex in #4810
- make access_all optional by @stefan0xC in #4812
- Remove lowercase conversion for featureStates by @dfunkt in #4820
- Fix mail::send_incomplete_2fa_login panic issue by @dfunkt in #4792
- Update crates, web-vault and fixes by @BlackDex in #4823
- Updated web-vault to v2024.6.2b by @BlackDex in #4826
- Update Rust to 1.80.1 by @dfunkt in #4831
- Fix data disclosure on organization endpoints by @BlackDex in #4837
New Contributors
Full Changelog: 1.31.0...1.32.0
1.31.0
Major changes and New Features
- Initial support for the beta releases of the new native mobile apps
- Removed support for WebSocket traffic on port 3012, as it's been integrated on the main HTTP port for a few releases
- Updated included web vault to 2024.5.1
General mention
Bitwarden has changed the push API endpoints which affects the EU region endpoint users.
So if you use the push functionality and use the EU region you need to make some changes.
You have to update push.bitwarden.eu
to api.bitwarden.eu
.
This is also an issue with any previous version of Vaultwarden.
What's Changed
- chore: remove repetitive words by @one230six in #4422
- Fix comment in events.rs by @KrappRamiro in #4408
- Improve JWT RSA key initialization and avoid saving public key by @dani-garcia in #4085
- Remove custom WebSocket code by @BlackDex in #4001
- refactor: replace panic with a graceful exit by @tessus in #4402
- Small improvements around email change by @Timshel in #4415
- Change timestamp data type. by @gzfrozen in #4355
- Fix #3624: fix manager permission within groups by @matlink in #3754
- automatically use email address as 2fa provider by @stefan0xC in #4317
- fix: typos by @testwill in #4440
- Update chrono and sqlite by @BlackDex in #4436
- Update Rust and crates by @BlackDex in #4445
- Use async verify for Yubikey by @dani-garcia in #4448
- update web-vault to v2024.3.1 (new vertical layout) by @stefan0xC in #4468
- Update crates and some Clippy fixes by @BlackDex in #4475
- Update Key Rotation web-vault v2024.3.x by @BlackDex in #4446
- Update Crate and Rust by @BlackDex in #4522
- Implement custom DNS resolver by @dani-garcia in #3988
- Add extra (unsupported) container build arch's by @BlackDex in #4524
- Pass in collection ids to notifier when sharing cipher. by @kristof-mattei in #4517
- improve access to collections via groups by @stefan0xC in #4441
- fix emergency access invites by @stefan0xC in #4337
- Some fixes for the new mobile apps by @dani-garcia in #4526
- Update Rust, crates and web-vault by @BlackDex in #4558
- Improve Commentary Aesthetics by @rich-purnell in #4549
- Optimize Dockerfiles by @dfunkt in #4532
- also delete organization_api_key when deleting organizations by @stefan0xC in #4557
- Fix public api for domains with path prefix by @FDHoho007 in #4500
- Update crates by @BlackDex in #4587
- Fix web-vault version in Docker(files/Settings) by @dfunkt in #4575
- Update Alpine to version 3.20 by @dfunkt in #4583
- differentiate external groups by organization id by @stefan0xC in #4586
- Remove old knowndevice route by @Timshel in #4578
- Update admin interface dependencies by @BlackDex in #4581
- Update rust and remove unused header values by @dani-garcia in #4645
- Update crates, web-vault and GHA by @BlackDex in #4648
- Fix some nightly build errors by @dani-garcia in #4657
- Fix some more nightly errors and remove lint that will become an error by default by @dani-garcia in #4661
- Change API and structs to camelCase by @dani-garcia in #4386
- Fix cipher creation on new android app by @dani-garcia in #4670
- Remove mimalloc workaround by @dfunkt in #4606
- Change some missing PascalCase keys by @dani-garcia in #4671
- Fix collections and native app issue by @BlackDex in #4685
- Fix duplicate folder creations during import by @BlackDex in #4702
- Remove duplicate registry step by @dfunkt in #4703
- add group support for Cipher::get_collections() by @stefan0xC in #4592
- Switch registry cache compression algorithm to zstd by @dfunkt in #4704
- Update crates and web-vault by @BlackDex in #4714
- Some fixes for emergency access by @BlackDex in #4715
New Contributors
- @one230six made their first contribution in #4422
- @KrappRamiro made their first contribution in #4408
- @testwill made their first contribution in #4440
- @kristof-mattei made their first contribution in #4517
- @rich-purnell made their first contribution in #4549
- @dfunkt made their first contribution in #4532
- @FDHoho007 made their first contribution in #4500
Full Changelog: 1.30.5...1.31.0
1.30.5
What's Changed
- fix: web API call for jquery 3.7.1 by @calvin-li-developer in #4400
New Contributors
- @calvin-li-developer made their first contribution in #4400
Full Changelog: 1.30.4...1.30.5