1.9.1

• Fixed broken U2F in Chrome 74+
• Added images to email
• Updated dependencies

1.9.0

• Duo is now available as a 2FA option, both configurable globally and per-user
  • To enable it globally, check the .env template, and then leave the fields empty when enabling it per-user.
• Updated web vault to 2.10.0
• Added option to control the log level: LOG_LEVEL
  • Valid values from more to less noisy are "trace", "debug", "info", "warn", "error" and "off"
• Now there is no need to compile the application a different way to enable syslog support, simply set USE_SYSLOG to true.
• Now DATA_FOLDER affects CONFIG_FILE when set through the environment
• Improved endpoints for Admin API
• Other fixes

1.8.0

• Secrets are now hidden by default in the admin panel.
• Now the version is shown in the top right corner of the admin page.
• Read only settings are also shown in the admin panel, but not editable.
• Added option to admin panel to force resync users, useful after restoring an old backup.
• Implemented multiple U2F support, with custom names and compromised checks.
• Emails now also include an HTML version next to the plaintext version. It's up to the email clients which one to show now.
• Updated vault to 2.9.0
• Implemented constant time comparison for admin password and two factor remember and recover tokens.
• Added more config options:
  • Icon download timeout
  • Hide routes mount points, enabled by default
  • Disable WAL (not recommended, only for network filesystems that have problems with WAL enabled)
  • Disable Admin token (unsafe, only use when behind another authentication scheme).
  • Use wrapped TLS for email, when STARTTLS doesn't work.
  • Icon downloader domain blacklist, to block anything that might be sensitive, lik other servers in the local network.
• Updated dependencies and fixed minor bugs

1.7.0

• Added configuration menu, accessible from the admin panel. This saves the user settings to a JSON file, by default in data/config.json, but configurable with the CONFIG_FILE environment variable.
• Added templating support for emails, can be added to $DATA_FOLDER/templates/email, or $TEMPLATES_FOLDER/email, if configured. Check here for examples.
  • Added reload templates option, useful during development. Set RELOAD_TEMPLATES to true to enable.
  • The templates use the Handlebars format.
• Improved icon downloader, now we don't use the upstream server anymore.
• Added option to disable icon download, set DISABLE_ICON_DOWNLOAD to true.
  • Note that icons already in the cache will still be served. With this, if ICON_CACHE_TTL is set to 0, the cached icons will not expire.
• Admin panel improvements:
  • Organization, 2FA status and disabled user badges
  • Deauthorize user sessions button
  • Now using templates
• Added Feature-Policy header.
• Created recovery code when registering a YubiKey
• Now the .env file is only read from the current directory.
• Other fixes and dependency updates

1.6.1

This is minor fix release

• Enabled Yubikey support on AArch64
• Fixed error when editing cipher with attachment
• Fixed error incorrectly hiding cipher when deleting attachment
• Added unofficial server warning

1.6.0

• Implemented new admin panel, available at /admin
  • To use it, you need to set the ADMIN_TOKEN variable to authenticate
  • Note: The old admin_email functionality has been removed
• Added email invite functionality
• Web vault updated to v2.8.0
• Fixed AArch64 build, disables Yubikey support
• Implemented TTLs for the icon cache
• Improved error handling
• Bug fixes

We have started a Wiki! All info that used to be in the Readme should now be there. The wiki is open to everyone, so if you think something is missing or wrong, we'd appreciate your contribution.

1.5.0

• Revamped logging
  • Logging to file is now supported, set LOG_FILE=/path/to/log
  • Logging to syslog is now supported, for this you need to compile the project with cargo build --features=enable_syslog
  • Important: If you are using fail2ban or similar, you may need to update the filters to the new style.
  • You can also disable it, by setting EXTENDED_LOGGING=false, but this disables logging to file or syslog
• Updated web vault to 2.7.1
• Implemented key rotation and individual attachment keys
• Added yubico support
• Updated rocket web server to 0.4
• Fixed some logout issues
• Fixed some crashed in mobile apps when using 2FA

1.4.0

• Disabled websockets by default, can be enabled by setting WEBSOCKET_ENABLED=true. Note that websockets require some additional setup. More info about that in the README.
• Updated web vault to 2.4.0
• Upgraded sync method to not send equivalent domains when not necessary.
• Bug fixes and documentation changes

1.3.0

• Implemented simple admin panel (invite/delete users) as an organization. Read the Configure server administrator section of the README for more info.
• Add WEBSOCKET_ADDRESS config option
• Updated docker web vault to 2.4.0
• Add dockerfile for aarch64
• Updated dependencies
• Bug fixes

1.2.0

• Partial support for websockets notifications (Go to README for instructions)
• Fixed compilation error with OpenSSL 1.1.1
• Return default prelogin values when the user doesn't exist
• Updated docker web vault to 2.3.0
• Implemented client KDF iterations change
• Updated dependencies