Releases: dani-garcia/vaultwarden
Releases · dani-garcia/vaultwarden
1.30.4
What's Changed
- Update crates to fix new builds by @BlackDex in #4308
- Add Kubernetes environment detection by @BlackDex in #4290
- Update GHA Workflows by @BlackDex in #4309
- Update Rust, crates and web-vault by @BlackDex in #4328
- Change the codegen-units for low resources by @BlackDex in #4336
- Fix env templateto ensure compatibility with systemd's EnvironmentFile parsing by @seiuneko in #4315
- Update crates, GHA and a Python script by @BlackDex in #4357
New Contributors
Full Changelog: 1.30.3...1.30.4
Contributors
BlackDex and seiuneko
Assets 2
1.30.3
This is a minor release to fix some issues with push notification device registration and docker healthcheck.
What's Changed
- fix push device registration by @stefan0xC in #4297
- Fix healthcheck when using .env file by @BlackDex in #4299
Full Changelog: 1.30.2...1.30.3
Contributors
stefan0xC and BlackDex
Assets 2
1.30.2
What's Changed
- Prevent generating an error during ws close by @BlackDex in #4127
- Update Rust, Crates, Profile and Actions by @BlackDex in #4126
- Several small fixes for open issues by @BlackDex in #4143
- Fix the version string by @BlackDex in #4153
- Decrease JWT Refresh/Auth token by @BlackDex in #4163
- Update crates by @BlackDex in #4173
- Add additional build target which optimizes for size by @gladiac in #4096
- Update web-vault to v2023.12.0 by @BlackDex in #4201
- Update Rust and Crates by @BlackDex in #4211
- Fix Single Org Policy check by @BlackDex in #4207
- Allow customizing the featureStates by @PKizzle in #4168
- Fix #3413: push to users accessing the collections using groups by @matlink in #3757
- US or EU Data Region Selection by @toto-xoxo in #3752
- enforce 2FA policy on removal of second factor and login by @stefan0xC in #3803
- improve emergency access when not enabled by @stefan0xC in #4227
- Update crates and fix icon issue by @BlackDex in #4237
- Bump h2 from 0.3.23 to 0.3.24 by @dependabot in #4260
- Fix bulk collection deletion by @BlackDex in #4257
- fix: use black text for update badge (better contrast) by @tessus in #4245
- prevent side effects if groups are disabled by @stefan0xC in #4265
- Update crates, web-vault to 2024.1.2 and GHA by @BlackDex in #4275
- Return 404 when user public_key is empty by @Timshel in #4271
- Improve file limit handling by @dani-garcia in #4242
- Fix attachment upload size check by @BlackDex in #4282
- err on invalid feature flag by @stefan0xC in #4263
- register missing push devices at login by @stefan0xC in #3792
- Update env template file by @gzfrozen in #4276
New Contributors
- @gladiac made their first contribution in #4096
- @PKizzle made their first contribution in #4168
- @matlink made their first contribution in #3757
- @toto-xoxo made their first contribution in #3752
- @Timshel made their first contribution in #4271
- @gzfrozen made their first contribution in #4276
Full Changelog: 1.30.1...1.30.2
1.30.1
This is a minor release to fix some issues with the Login with device feature, and restore the alpine docker tag that was missing on the latest release.
What's Changed
- Fix missing alpine tag during buildx bake by @BlackDex in #4043
- Disable autofill-v2 by @BlackDex in #4056
- Add Protected Actions Check by @BlackDex in #4067
- Update crates by @BlackDex in #4074
Full Changelog: 1.30.0...1.30.1
Contributors
BlackDex
Assets 2
1.30.0
Major changes and New Features
- Added
passkeysupport, allowing the browser extensions to store and use yourpasskeys, make sure the extension is updated to version2023.10.0or newer for passkey support. - Updated web vault to 2023.10.0.
- Fixed crashes in ARMv6 devices
- Fixed crashes when trying to create/edit a cipher in the mobile applications.
What's Changed
- Update Rust and Crates by @BlackDex in #3808
- update web-vault to v2023.8.2 by @stefan0xC in #3821
- Fix Login With Device without MasterPassword by @BlackDex in #3831
- Update GitHub Workflow by @BlackDex in #3910
- Fix arm builds by @BlackDex in #3911
- Fix typos by @tuhanayim in #3959
- csp: rename anonaddy.com to addy.io by @stefan0xC in #3950
- filter handlebars logs by @stefan0xC in #3859
- Remove unnecessary variable clone by @mvalois in #3981
- README.md: Fix grammar nit by @AndreasHGK in #3965
- Fix small issues by @BlackDex in #3964
- Adds LastActive on /admin/users API route by @mvalois in #3951
- Reopen log file on SIGHUP by @tobiasmboelz in #3909
- Fix External ID not set during DC Sync by @BlackDex in #3804
- New config option disable email change by @admav in #3986
- 2FA Confirmation Code Email subject line change to fix triggering Google spam blocker by @aureateflux in #3572
- Implement cipher key encryption by @dani-garcia in #3990
- Container building changes by @BlackDex in #3958
- Fix issue with MariaDB/MySQL migrations by @BlackDex in #3994
- feat: Working passkeys storage by @GeekCornerGH in #4025
- ci: add trivy workflow by @mightyBroccoli in #3997
- Fix importing Bitwarden exports by @BlackDex in #4030
New Contributors
- @tuhanayim made their first contribution in #3959
- @mvalois made their first contribution in #3981
- @AndreasHGK made their first contribution in #3965
- @tobiasmboelz made their first contribution in #3909
- @admav made their first contribution in #3986
- @aureateflux made their first contribution in #3572
- @mightyBroccoli made their first contribution in #3997
Full Changelog: 1.29.2...1.30.0
1.29.2
Minor release to fix an issue forcing user to set amaster password when logging in even when it's already set
What's Changed
- Fix .env.template file by @BlackDex in #3734
- Fix UserOrg status during LDAP Import by @BlackDex in #3740
- Update images to Bookworm and PQ15 and Rust v1.71 by @BlackDex in #3573
- Implement "login with device" by @quexten in #3592
- chore: Bump web vault to v2023.7.1 and bump Rust by @GeekCornerGH in #3769
- Optimized Favicon downloading by @BlackDex in #3751
- add UserDecryptionOptions to login response by @stefan0xC in #3813
- add new secretsmanager plan for web-v2023.8.x by @stefan0xC in #3797
- Allow Authorization header for Web Sockets by @BlackDex in #3806
- Update admin interface by @BlackDex in #3730
Full Changelog: 1.29.1...1.29.2
Contributors
stefan0xC, BlackDex, and 2 other contributors
Assets 2
1.29.1
Minor release to fix some issues with organization API key generation when using PostgreSQL
What's Changed
- Fix Org API Key generation on PosgreSQL by @BlackDex in #3678
- feat: Add support for forwardemail by @GeekCornerGH in #3686
- Fix some external_id issues by @BlackDex in #3690
- Remove debug code during attachment download by @BlackDex in #3704
Full Changelog: 1.29.0...1.29.1
Contributors
BlackDex and GeekCornerGH
Assets 2
1.29.0
Major changes and New Features
- WebSocket notifications now work via the default HTTP port. No need for
WEBSOCKET_ENABLEDand a separate port anymore.
The proxy examples still need to be updated for this. Support for the old websockets port 3012 will remain for the time being. - Mobile Client push notification support, see #3304 thanks @GeekCornerGH!
- Web-Vault updated to v2023.5.0 (v2023.5.1 does not add any improvements for us)
- The latest Bitwarden Directory Connector can be used now (v2022.11.0)
- Storing passkeys is supported, though the clients are not yet released. So, it might be we need to make some changes once they are released.
See: #3593, thanks @GeekCornerGH!
What's Changed
- check if reset password policy is enabled by @stefan0xC in #3427
- WebSockets via Rocket's Upgrade connection by @BlackDex in #3404
- Several config and admin interface fixes by @BlackDex in #3436
- Fixed missing footer_text and a few inconsistencies in email templates by @kennymc-c in #3439
- Small update to Rocket WebSockets by @BlackDex in #3440
- inline static rsa keys by @vilgotf in #3475
- Update Rust and Crates by @BlackDex in #3469
- Change
Stringto&strfor all Rocket functions and some other fixes by @BlackDex in #3491 - Use Rocket
v0.5branch to fix endpoints by @BlackDex in #3502 - Use fully qualified image names in Dockerfile by @gitouche-sur-osm in #3505
- policy data should be
nullnot an empty object by @stefan0xC in #3513 - update web-vault to v2023.4.2 by @stefan0xC in #3522
- Sync global_domains.json (Pinterest) by @jjlin in #3532
- Prevent 401 on main admin page by @BlackDex in #3547
- Update crates and GH Workflow by @BlackDex in #3548
- Fix collection change ws notifications by @BlackDex in #3546
- Update Rust and Crates by @tessus in #3563
- feat: Implement Push Notifications sync by @GeekCornerGH in #3304
- Implement the Organization API Key support for the new Directory Connector v2022 by @BlackDex in #3568
- Add mobile push device filter to non-null push uuid by @quexten in #3578
- Update crates and workflow by @BlackDex in #3603
- Add group import on invite by @farodin91 in #3606
- Fix send access regression by @BlackDex in #3608
- feat: Support for storing passkeys in the vault by @GeekCornerGH in #3593
- add user to collection during creation by @farodin91 in #3609
- Updated docker run command by @DenuxPlays in #3620
- Added-External_id for Collections by @fashberg in #3623
- fix missing password check while manual reset password enrollment by @sirux88 in #3632
- Update crates and small clippy fix by @BlackDex in #3649
- fix version when compiled at a specific commit by @tessus in #3651
- Fix org creation regresion by @BlackDex in #3659
New Contributors
- @kennymc-c made their first contribution in #3439
- @vilgotf made their first contribution in #3475
- @gitouche-sur-osm made their first contribution in #3505
- @quexten made their first contribution in #3578
- @DenuxPlays made their first contribution in #3620
- @fashberg made their first contribution in #3623
Full Changelog: 1.28.1...1.29.0
1.28.1
What's Changed
- Decode knowndevice
X-Request-Emailas base64url with no padding by @jjlin in #3376 - Fix abort on password reset mail error by @BlackDex in #3390
- support
/users/<uuid>/invite/resendadmin api by @nikolaevn in #3397 - always return KdfMemory and KdfParallelism by @stefan0xC in #3398
- Fix sending out multiple websocket notifications by @BlackDex in #3405
- Revert setcap, update rust and crates by @BlackDex in #3403
New Contributors
- @nikolaevn made their first contribution in #3397
Full Changelog: 1.28.0...1.28.1
Contributors
jjlin, stefan0xC, and 2 other contributors
Assets 2
1.28.0
3646f14
This commit was signed with the committer’s verified signature.
dani-garcia
Daniel García
Major changes
- The project has changed license to the AGPLv3. If you're hosting a Vaultwarden instance, you now have a requirement to distribute the Vaultwarden source code to your users if they request it. The source code, and any changes you have made, need to be under the same AGPLv3 license. If you simply use our code without modifications, just pointing them to this repository is enough.
- Added support for Argon2 key derivation on the clients. To enable it for your account, make sure all your clients are using version v2023.2.0 or greater, then go to account settings > security > keys, and change the algorithm from PBKDF2 to Argon2id.
- Added support for Argon2 key derivation for the admin page token. To update your admin token to use it, check the wiki
- New alternative registries for the docker images are available (In BETA for now):
- Github Container Registry: https://ghcr.io/dani-garcia/vaultwarden
- Quay: https://quay.io/vaultwarden/server
What's Changed
- Remove patched multer-rs by @manofthepeace in #2968
- Removed unsafe-inline JS from CSP and other fixes by @BlackDex in #3058
- Validate YUBICO_SERVER string (#3003) by @BlackDex in #3059
- Log message to stderr if LOG_FILE is not writable by @pjsier in #3061
- Update WebSocket Notifications by @BlackDex in #3076
- Optimize config loading messages by @BlackDex in #3092
- Percent-encode org_name in links by @am97 in #3093
- Fix failing large note imports by @BlackDex in #3087
- Change
text/plainAPI responses toapplication/jsonby @jjlin in #3124 - Remove
shrink-to-fit=nofrom viewport-meta-tag by @redwerkz in #3126 - Update dependencies and MSRV by @BlackDex in #3128
- Resolve uninlined_format_args clippy warnings by @BlackDex in #3065
- Update Rust to v1.66.1 to patch CVE by @BlackDex in #3136
- Fix remaining inline format by @BlackDex in #3130
- Use more modern meta tag for charset encoding by @redwerkz in #3131
- fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory by @GeekCornerGH in #3132
- Optimize CipherSyncData for very large vaults by @BlackDex in #3133
- Add avatar color support by @BlackDex in #3134
- Add MFA icon to org member overview by @BlackDex in #3135
- Minor refactoring concering user.setpassword by @sirux88 in #3139
- Validate note sizes on key-rotation. by @BlackDex in #3157
- Update KDF Configuration and processing by @BlackDex in #3163
- Remove
arm32v6-specific tag by @jjlin in #3164 - Re-License Vaultwarden to AGPLv3 by @BlackDex in #2561
- Admin password reset by @sirux88 in #3116
- "Spell-Jacking" mitigation ~ prevent sensitive data leak … by @dlehammer in #3145
- Allow listening on privileged ports (below 1024) as non-root by @jjlin in #3170
- don't nullify key when editing emergency access by @stefan0xC in #3215
- Fix trailing slash not getting removed from domain by @BlockListed in #3228
- Generate distinct log messages for regex vs. IP blacklisting. by @kpfleming in #3231
- allow editing/unhiding by group by @farodin91 in #3108
- Fix Javascript issue on non sqlite databases by @BlackDex in #3167
- add argon2 kdf fields by @tessus in #3210
- add support for system mta though sendmail by @soruh in #3147
- Updated Rust and crates by @BlackDex in #3234
- docs: add build status badge in readme by @R3DRUN3 in #3245
- Validate all needed fields for client API login by @BlackDex in #3251
- Fix Organization delete when groups are configured by @BlackDex in #3252
- Fix Collection Read Only access for groups by @Misterbabou in #3254
- Make the admin session lifetime adjustable by @mittler-works in #3262
- Add function to fetch user by email address by @mittler-works in #3263
- Fix vault item display in org vault view by @jjlin in #3277
- Add confirmation for removing 2FA and deauthing sessions in admin panel by @JCBird1012 in #3282
- Some Admin Interface updates by @BlackDex in #3288
- Fix the web-vault v2023.2.0 API calls by @BlackDex in #3281
- Fix confirmation for removing 2FA and deauthing sessions in admin panel by @dpinse in #3290
- Admin token Argon2 hashing support by @BlackDex in #3289
- Add HEAD routes to avoid spurious error messages by @jjlin in #3307
- Fix web-vault Member UI show/edit/save by @BlackDex in #3315
- Upd Crates, Rust, MSRV, GHA and remove Backtrace by @BlackDex in #3310
- Add support for
/api/devices/knowndevicewith HTTP header params by @jjlin in #3329 - Update Rust, MSRV and Crates by @BlackDex in #3348
- Merge ClientIp with Headers. by @BlackDex in #3332
- add endpoints to bulk delete collections/groups by @stefan0xC in #3354
- Add support for Quay.io and GHCR.io as registries by @BlackDex in #3363
- Some small fixes and updates by @BlackDex in #3366
- Update web vault to v2023.3.0 by @dani-garcia
New Contributors
- @manofthepeace made their first contribution in #2968
- @pjsier made their first contribution in #3061
- @am97 made their first contribution in #3093
- @redwerkz made their first contribution in #3126
- @sirux88 made their first contribution in #3139
- @dlehammer made their first contribution in #3145
- @BlockListed made their first contribution in #3228
- @kpfleming made their first contribution in #3231
- @farodin91 made their first contribution in #3108
- @soruh made their first contribution in #3147
- @R3DRUN3 made their first contribution in #3245
- @Misterbabou made their first contribution in #3254
- @mittler-works made their first contribution in #3262
- @JCBird1012 made their first contribution in #3282
- @dpinse made their first contribution in #3290
Full Changelog: 1.27.0...1.28.0
