Vaultwarden - Package Updates
-
[1.20.0]
- Remove apache
- Update base image to 5.0.0
-
[1.21.0]
- Update vaultwarden to 1.34.1
- Full Changelog
- Fix admin diagnostics crash by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5886
- Updated web-vault to v2025.5.0
- Implemented new registration flow with email verification
- Added support for some feature flags (mutual TLS, attachment export, AnonAddy/SimpleLogin self host)
- Update crates & fix CVE-2025-25188 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5576
- Fix db issues with Option<> values and upd crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5594
- allow CLI to upload send files with truncated filenames by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5618
- Update Rust to 1.85.0 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5634
- Use subtle to replace deprecated ring::constant_time::verify_slices_are_equal by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5680
- Add support for mutual-tls feature flag by @bennettmsherman in https://github.com/dani-garcia/vaultwarden/pull/5698
-
[1.22.0]
- add checklist item about registration
-
[1.22.1]
- Update vaultwarden to 1.34.2
- Full Changelog
- Updated web vault to 2025.7.0
- Included experimental support for S3 file backend using OpenDAL. This currently requires compiling from source with the
s3feature flag, check https://github.com/dani-garcia/vaultwarden/pull/5626 for more details. - fix css to hide login with passkey by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5890
- fix css for locked screen by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5905
- Abstract persistent files through Apache OpenDAL by @txase in https://github.com/dani-garcia/vaultwarden/pull/5626
- Fix and improvements to password policies by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5923
- Update Alpine to version 3.22 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5938
- make css for login-page position independent by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5906
- allow signup for invited users by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5967
- fix account recovery withdrawal by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5968
-
[1.22.2]
- Update vaultwarden to 1.34.3
- Full Changelog
- Update crates to trigger rebuild for mysql issue by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6111
- fix hiding of signup link by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6113
-
[1.23.0]
- Update vaultwarden to 1.35.0
- Full Changelog
- Implement support for SSO with OpenID Connect, https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect
- Updated web vault to 2025.12.0
- Added support for future mobile apps with versions 2026.1.0+
- Fix multi delete slowdown by @BlackDex in #6144
- Perform same checks when setting kdf by @Timshel in #6141
- SSO using OpenID Connect by @Timshel in #3899
- Delete SSO.md by @dani-garcia in #6152
- Update webauthn-rs to 0.5.x by @zUnixorn in #5934
- a little cleanup after SSO merge by @stefan0xC in #6153
- Fix link to point to the wiki by @Timshel in #6157
-
[1.23.1]
- Update vaultwarden to 1.35.1
- Full Changelog
- Fixed issue with applications being logged out after upgrading due to changes to refresh token parsing
- Updated web vault to 2025.12.1
- Correctly publish
alpinetag, which was missing in 1.35.0 - Re-add
alpinetag by @dfunkt in #6626 - Try old refresh token if we fail to decode jwt by @dani-garcia in #6629
-
[1.23.2]
- Update vaultwarden to 1.35.2
- Full Changelog
- update web-vault to fix org creation by @stefan0xC in #6646
- return no content with status code 204 by @stefan0xC in #6665
- allow MasterPasswordHash for Android by @stefan0xC in #6673
- improve sso callback path by @stefan0xC in #6676
- Fix web-vault version check and update web-vault by @BlackDex in #6686
-
[1.24.0]
- OIDC auth implemented
-
[1.24.1]
- Fix up postinstall and checklist
-
[1.24.3]
- Update vaultwarden to 1.35.4
- Full Changelog
- GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
- GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
- GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.
- Update Rust and Crates and GHA by @BlackDex in #6843
- hide remember 2fa token by @stefan0xC in #6852
- fix(send_invite): invite links by @proofofcopilot in #6824
- Misc organization fixes by @BlackDex in #6867
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login