Vaultwarden - Package Updates
-
[1.18.4]
- Update vaultwarden to 1.32.4
- Full Changelog
- Added more compatibility fixes for the native mobile apps, datetimes are now formatted without too many decimals.
- Email Template changes to the send emergency access invite. If you have modified this template, make sure to update it with the new changes.
- Update README by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5153
-
[1.18.5]
- Update vaultwarden to 1.32.5
- Full Changelog
- Added SSH-Key storage support. Currently only usable with Bitwarden Desktop v2024.12.0 and newer.
- Fix if logic error by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5171
- More authrequest fixes by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/5176
- Add dynamic CSS support by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/4940
- fix hibp username encoding and pw hint check by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5180
- Remove auth-request deletion by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5184
- fix password hint check by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5189
-
[1.18.5]
- Update vaultwarden to 1.32.5
- Full Changelog
- Added SSH-Key storage support. Currently only usable with Bitwarden Desktop v2024.12.0 and newer.
- Fix if logic error by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5171
- More authrequest fixes by @dani-garcia in https://github.com/dani-garcia/vaultwarden/pull/5176
- Add dynamic CSS support by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/4940
- fix hibp username encoding and pw hint check by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5180
- Remove auth-request deletion by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5184
- fix password hint check by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5189
@Package-Updates This update is very important! It fixes a CVE
From the Github directly:
This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future. -
[1.18.6]
- Update vaultwarden to 1.32.6
- Full Changelog
- Fix push not working by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5214
- Fix editing members which have access-all rights by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5213
- Update Rust and crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5248
- Update Alpine to version 3.21 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5256
- Fix another sync issue with native clients by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5259
- Update crates by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5268
- Some Backend Admin fixes and updates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5272
- @chuangjinglu made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5224
-
[1.18.7]
- Update vaultwarden to 1.32.7
- Full Changelog
- feat: mask _smtp_img_src in support string by @tessus in https://github.com/dani-garcia/vaultwarden/pull/5281
- Some refactoring, optimizations and security fixes by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5291
- Allow adding connect-src entries by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5293
- Use updated fern instead of patch by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5298
-
[1.19.0]
- Update vaultwarden to 1.33.0
- Full Changelog
- GHSA-f7r5-w49x-gxm3
- GHSA-h6cc-rc6q-23j4
- GHSA-j4h8-vch3-f797
- Updated web-vault to v2025.1.1
- Added partial manage role support for collections
- Manager role is converted to a Custom role with either Manage All Collections or per collection.
- The OCI containers and binaries are signed via GitHub Attestations
- Add
inline-menu-positioning-improvementsfeature flag by @Ephemera42 in https://github.com/dani-garcia/vaultwarden/pull/5313 - Fix issues when uri match is a string by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5332
- Add TOTP delete endpoint by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5327
- fix group issue in send_invite by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5321
- Update crates and GHA by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5346
- Refactor the uri match fix and fix ssh-key sync by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5339
- Add partial role support for manager only using web-vault v2024.12.0 by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5219
- Fix issue with key-rotate by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5348
- fix manager role in admin users overview by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5359
- Prevent new users/members to be stored in db when invite fails by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5350
- Update crates and web-vault to v2025.1.0 by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5368
- Allow building with Rust v1.84.0 or newer by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5371
- rename membership and adopt newtype pattern by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5320
- build: raise msrv (1.83.0) rust toolchain (1.84.0) by @tessus in https://github.com/dani-garcia/vaultwarden/pull/5374
- Fix an issue with login with device by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5379
- refactor: replace static with const for global constants by @Integral-Tech in https://github.com/dani-garcia/vaultwarden/pull/5260
- Add Attestations for containers and artifacts by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5378
- Fix version detection on bake by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5382
- Simplify container image attestation by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5387
- improve admin invite by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5403
- Add manage role for collections and groups by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5386
- update web-vault to v2025.1.1 and add /api/devices by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5422
- Security fixes by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5438
- only validate SMTP_FROM if necessary by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5442
-
[1.19.1]
- Update vaultwarden to 1.33.1
- Full Changelog
- Icon's not working on the Desktop clients
- Invites not always working
- DUO settings not able to configure
- Manager rights
- Mobile client sync issues fixed
- hide already approved (or declined) auth_requests by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5467
- let invited members access OrgMemberHeaders by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5461
- Make sure the icons are displayed correctly in desktop clients by @WinLinux1028 in https://github.com/dani-garcia/vaultwarden/pull/5469
- Fix passwordRevisionDate format by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5477
- add and use new event types by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5482
- Fix Duo Field Names for Web Client by @ratiner in https://github.com/dani-garcia/vaultwarden/pull/5491
- Allow all manager to create collections again by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5488
- Update Rust to 1.84.1 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5508
- @WinLinux1028 made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5469
- @ratiner made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5491
-
[1.19.2]
- Update vaultwarden to 1.33.2
- Full Changelog
- Update workflows and enhance security by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5537
- Update crates & fix CVE-2025-24898 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5538
- add bulk-access endpoint for collections by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5542
- Fix icon redirect not working on desktop by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5536
- Show assigned collections on member edit by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5556
-
[1.20.0]
- Remove apache
- Update base image to 5.0.0
-
[1.21.0]
- Update vaultwarden to 1.34.1
- Full Changelog
- Fix admin diagnostics crash by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5886
- Updated web-vault to v2025.5.0
- Implemented new registration flow with email verification
- Added support for some feature flags (mutual TLS, attachment export, AnonAddy/SimpleLogin self host)
- Update crates & fix CVE-2025-25188 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5576
- Fix db issues with Option<> values and upd crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5594
- allow CLI to upload send files with truncated filenames by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5618
- Update Rust to 1.85.0 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5634
- Use subtle to replace deprecated ring::constant_time::verify_slices_are_equal by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5680
- Add support for mutual-tls feature flag by @bennettmsherman in https://github.com/dani-garcia/vaultwarden/pull/5698
-
[1.22.0]
- add checklist item about registration
-
[1.22.1]
- Update vaultwarden to 1.34.2
- Full Changelog
- Updated web vault to 2025.7.0
- Included experimental support for S3 file backend using OpenDAL. This currently requires compiling from source with the
s3feature flag, check https://github.com/dani-garcia/vaultwarden/pull/5626 for more details. - fix css to hide login with passkey by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5890
- fix css for locked screen by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5905
- Abstract persistent files through Apache OpenDAL by @txase in https://github.com/dani-garcia/vaultwarden/pull/5626
- Fix and improvements to password policies by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5923
- Update Alpine to version 3.22 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5938
- make css for login-page position independent by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5906
- allow signup for invited users by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5967
- fix account recovery withdrawal by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5968
-
[1.22.2]
- Update vaultwarden to 1.34.3
- Full Changelog
- Update crates to trigger rebuild for mysql issue by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6111
- fix hiding of signup link by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6113
-
[1.23.0]
- Update vaultwarden to 1.35.0
- Full Changelog
- Implement support for SSO with OpenID Connect, https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect
- Updated web vault to 2025.12.0
- Added support for future mobile apps with versions 2026.1.0+
- Fix multi delete slowdown by @BlackDex in #6144
- Perform same checks when setting kdf by @Timshel in #6141
- SSO using OpenID Connect by @Timshel in #3899
- Delete SSO.md by @dani-garcia in #6152
- Update webauthn-rs to 0.5.x by @zUnixorn in #5934
- a little cleanup after SSO merge by @stefan0xC in #6153
- Fix link to point to the wiki by @Timshel in #6157
-
[1.23.1]
- Update vaultwarden to 1.35.1
- Full Changelog
- Fixed issue with applications being logged out after upgrading due to changes to refresh token parsing
- Updated web vault to 2025.12.1
- Correctly publish
alpinetag, which was missing in 1.35.0 - Re-add
alpinetag by @dfunkt in #6626 - Try old refresh token if we fail to decode jwt by @dani-garcia in #6629
-
[1.23.2]
- Update vaultwarden to 1.35.2
- Full Changelog
- update web-vault to fix org creation by @stefan0xC in #6646
- return no content with status code 204 by @stefan0xC in #6665
- allow MasterPasswordHash for Android by @stefan0xC in #6673
- improve sso callback path by @stefan0xC in #6676
- Fix web-vault version check and update web-vault by @BlackDex in #6686
-
[1.24.0]
- OIDC auth implemented
-
[1.24.1]
- Fix up postinstall and checklist
-
[1.24.3]
- Update vaultwarden to 1.35.4
- Full Changelog
- GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
- GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
- GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.
- Update Rust and Crates and GHA by @BlackDex in #6843
- hide remember 2fa token by @stefan0xC in #6852
- fix(send_invite): invite links by @proofofcopilot in #6824
- Misc organization fixes by @BlackDex in #6867
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login