1.28.0
·
372 commits
to main
since this release
3646f14
This commit was signed with the committer’s verified signature.
dani-garcia
Daniel García
Major changes
- The project has changed license to the AGPLv3. If you're hosting a Vaultwarden instance, you now have a requirement to distribute the Vaultwarden source code to your users if they request it. The source code, and any changes you have made, need to be under the same AGPLv3 license. If you simply use our code without modifications, just pointing them to this repository is enough.
- Added support for Argon2 key derivation on the clients. To enable it for your account, make sure all your clients are using version v2023.2.0 or greater, then go to account settings > security > keys, and change the algorithm from PBKDF2 to Argon2id.
- Added support for Argon2 key derivation for the admin page token. To update your admin token to use it, check the wiki
- New alternative registries for the docker images are available (In BETA for now):
- Github Container Registry: https://ghcr.io/dani-garcia/vaultwarden
- Quay: https://quay.io/vaultwarden/server
What's Changed
- Remove patched multer-rs by @manofthepeace in #2968
- Removed unsafe-inline JS from CSP and other fixes by @BlackDex in #3058
- Validate YUBICO_SERVER string (#3003) by @BlackDex in #3059
- Log message to stderr if LOG_FILE is not writable by @pjsier in #3061
- Update WebSocket Notifications by @BlackDex in #3076
- Optimize config loading messages by @BlackDex in #3092
- Percent-encode org_name in links by @am97 in #3093
- Fix failing large note imports by @BlackDex in #3087
- Change
text/plainAPI responses toapplication/jsonby @jjlin in #3124 - Remove
shrink-to-fit=nofrom viewport-meta-tag by @redwerkz in #3126 - Update dependencies and MSRV by @BlackDex in #3128
- Resolve uninlined_format_args clippy warnings by @BlackDex in #3065
- Update Rust to v1.66.1 to patch CVE by @BlackDex in #3136
- Fix remaining inline format by @BlackDex in #3130
- Use more modern meta tag for charset encoding by @redwerkz in #3131
- fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory by @GeekCornerGH in #3132
- Optimize CipherSyncData for very large vaults by @BlackDex in #3133
- Add avatar color support by @BlackDex in #3134
- Add MFA icon to org member overview by @BlackDex in #3135
- Minor refactoring concering user.setpassword by @sirux88 in #3139
- Validate note sizes on key-rotation. by @BlackDex in #3157
- Update KDF Configuration and processing by @BlackDex in #3163
- Remove
arm32v6-specific tag by @jjlin in #3164 - Re-License Vaultwarden to AGPLv3 by @BlackDex in #2561
- Admin password reset by @sirux88 in #3116
- "Spell-Jacking" mitigation ~ prevent sensitive data leak … by @dlehammer in #3145
- Allow listening on privileged ports (below 1024) as non-root by @jjlin in #3170
- don't nullify key when editing emergency access by @stefan0xC in #3215
- Fix trailing slash not getting removed from domain by @BlockListed in #3228
- Generate distinct log messages for regex vs. IP blacklisting. by @kpfleming in #3231
- allow editing/unhiding by group by @farodin91 in #3108
- Fix Javascript issue on non sqlite databases by @BlackDex in #3167
- add argon2 kdf fields by @tessus in #3210
- add support for system mta though sendmail by @soruh in #3147
- Updated Rust and crates by @BlackDex in #3234
- docs: add build status badge in readme by @R3DRUN3 in #3245
- Validate all needed fields for client API login by @BlackDex in #3251
- Fix Organization delete when groups are configured by @BlackDex in #3252
- Fix Collection Read Only access for groups by @Misterbabou in #3254
- Make the admin session lifetime adjustable by @mittler-works in #3262
- Add function to fetch user by email address by @mittler-works in #3263
- Fix vault item display in org vault view by @jjlin in #3277
- Add confirmation for removing 2FA and deauthing sessions in admin panel by @JCBird1012 in #3282
- Some Admin Interface updates by @BlackDex in #3288
- Fix the web-vault v2023.2.0 API calls by @BlackDex in #3281
- Fix confirmation for removing 2FA and deauthing sessions in admin panel by @dpinse in #3290
- Admin token Argon2 hashing support by @BlackDex in #3289
- Add HEAD routes to avoid spurious error messages by @jjlin in #3307
- Fix web-vault Member UI show/edit/save by @BlackDex in #3315
- Upd Crates, Rust, MSRV, GHA and remove Backtrace by @BlackDex in #3310
- Add support for
/api/devices/knowndevicewith HTTP header params by @jjlin in #3329 - Update Rust, MSRV and Crates by @BlackDex in #3348
- Merge ClientIp with Headers. by @BlackDex in #3332
- add endpoints to bulk delete collections/groups by @stefan0xC in #3354
- Add support for Quay.io and GHCR.io as registries by @BlackDex in #3363
- Some small fixes and updates by @BlackDex in #3366
- Update web vault to v2023.3.0 by @dani-garcia
New Contributors
- @manofthepeace made their first contribution in #2968
- @pjsier made their first contribution in #3061
- @am97 made their first contribution in #3093
- @redwerkz made their first contribution in #3126
- @sirux88 made their first contribution in #3139
- @dlehammer made their first contribution in #3145
- @BlockListed made their first contribution in #3228
- @kpfleming made their first contribution in #3231
- @farodin91 made their first contribution in #3108
- @soruh made their first contribution in #3147
- @R3DRUN3 made their first contribution in #3245
- @Misterbabou made their first contribution in #3254
- @mittler-works made their first contribution in #3262
- @JCBird1012 made their first contribution in #3282
- @dpinse made their first contribution in #3290
Full Changelog: 1.27.0...1.28.0
Contributors
jjlin, tessus, and 19 other contributors
Assets 2
15
Join discussion