Vaultwarden - Package Updates

girish

[1.7.0]

• Project renamed from BitwardenRS to Vaultwarden
• Renaming announcement
• Update Vaultwarden to 2.21.0
• Add support for enabling auto-deletion of trash items after X days, disabled by default
• Updates to the icon fetching, making it more reliable in detecting icon types

nebulon

[1.7.1]

• Update Vaultwarden to 1.22.1
• Added sends_allowed option to disable Send functionality.
• Added support for hiding the senders email address.
• Added Send options policy.
• Added support for password reprompt.
• Switched to the new attachment download API.
• Send download links use a token system to limit their downloads.
• Updates to the icon fetching.
• Support for webauthn.
• The admin page now shows which variables are overridden.
• Updated dependencies and docker base images.
• Now RSA keys are generated with the included openssl instead of calling to the openssl binary.
• The web vault doesn't require accepting the terms are conditions now, which weren't applicable for a self hosted server.

nebulon

[1.7.2]

• Update Vaultwarden to 1.22.2
• Updated web vault to 2.21.1.
• Enforce 2FA policy in organizations.
• Protect send routes against a possible path traversal attack.
• Disable show_password_hint by default, it still can be enabled in the admin panel or with environment variables.
• Disable user verification enforcement in Webauthn, which would make some users unable to login.
• Fix issue that wouldn't correctly delete Webauthn Key.
• Added Edge extension support for Webauthn.

girish

[1.7.3]

• Fix logging of client IP address
• Set IP_HEADER config var

nebulon

[1.7.4]

• Update Vaultwarden to 1.23.0
• Update web vault to 2.23.0

girish

[1.7.5]

• Update Vaultwarden to 1.23.1
• Full changelog
• Add email notifications for incomplete 2FA logins by @jjlin in #2067
• Fix conflict resolution logic for read_only and hide_passwords flags by @jjlin in #2073
• Fix missing encrypted key after emergency access reject by @jjlin in #2078
• Macro recursion decrease and other optimizations by @BlackDex in #2084
• Enabled trust-dns and some updates. by @BlackDex in #2125
• Update web vault to 2.25.0

girish

[1.7.6]

• Update base image to 3.2.0
• Better apache config to not cause hostname warnings

nebulon

[1.8.1]

• Update Vaultwarden to 1.24.0
• Full changelog
• Add support for API keys by @jjlin in #2245
• Basic ratelimit for user login (including 2FA) and admin login by @dani-garcia in #2165
• Upgrade Feature-Policy to Permissions-Policy by @iamdoubz in #2228
• Set Expires header when caching responses by @RealOrangeOne in #2182
• Increase length limit for email token generation by @jjlin in #2257
• Small changes to icon log messages. by @BlackDex in #2170
• Bump rust version to mitigate CVE-2022-21658 by @dscottboggs in #2255
• Fixed #2151 by @BlackDex in #2169
• Fixed issue #2154 by @BlackDex in #2194
• Fix issue with Bitwarden CLI. by @BlackDex in #2197
• Fix emergency access invites for new users by @BlackDex in #2217
• Sync global_domains.json by @jjlin in #2156

nebulon

[1.8.2]

• Update web vault to 2.24.0
• Full changelog
• various bug fixes

girish

[1.8.3]

• Update Web vault to 2.28.0

girish

[1.8.4]

• Update Web Vault to 2.28.1

girish

[1.9.0]

• Update Vaultwarden to 2.25.0
• Full changelog
• Updated included web vault to v2.28.1
• Update Rocket to 0.5 and async, and compile on stable by @dani-garcia in #2276
• Update async to prepare for main merge + several updates by @BlackDex in #2292
• Add IP address to missing/invalid password message for Sends by @jaen in #2313
• Add support for custom .env file path by @TinfoilSubmarine in #2315
• Added autofocus to pw field on admin login page by @taylorwmj in #2328
• Update login API code and update crates to fix CVE by @BlackDex in #2354

girish

[1.9.1]

• Update Vaultwarden to 1.25.1
• Full changelog
• Updated included web vault to version 2022.6.2 by @dani-garcia
• Sync global_domains.json by @jjlin in #2555
• Add TMP_FOLDER to .env.template by @fox34 in #2489
• Allow FireFox relay in CSP. by @BlackDex in #2565
• Fix hidden ciphers within organizational view. by @BlackDex in #2567
• Add password_hints_allowed config option by @jjlin in #2586
• Fall back to move_copy_to if persist_to fails while saving uploaded files. by @ruifung in #2605

nebulon

[1.9.2]

• Update Vaultwarden to 1.25.2
• Full changelog
• Fix persistent folder check within containers by @BlackDex in #2631
• Mitigate attachment/send upload issues by @BlackDex in #2650
• Fix issue with CSP and icon redirects by @BlackDex in #2624
• Update build workflow for CI by @BlackDex in #2632

girish

[1.10.0]

• Update Vaultwarden to 1.26.0
• Full changelog
• Updated web vault to v2022.10.0
• Fix uploads from mobile clients (and dep updates) by @BlackDex in #2675
• Update deps and Alpine image by @BlackDex in #2665
• Add support for send v2 API endpoints by @BlackDex in #2756
• External Links | Optimize behavior by @Fvbor in #2693
• Add Org user revoke feature by @BlackDex in #2698
• Change the handling of login errors. by @BlackDex in #2729
• Added support for web-vault v2022.9 by @BlackDex in #2732
• add not_found catcher for 404 errors by @stefan0xC in #2768
• Fix issue 2737, unable to create org by @BlackDex in #2738

nebulon

[1.10.1]

• Update Web Vault to 2022.10.2

nebulon

[1.10.2]

• Update application logo
• Use new SMTP setting variables to avoid deprecation warning

girish

[1.11.0]

• Update Vaultwarden to 1.27.0
• Full changelog
• Group support | applied .diff by @MFijak in #2846
• Add Organizational event logging feature by @BlackDex in #2868
• Updated web vault to 2022.12.0 by @dani-garcia
• Update diesel to 2.0.2 by @dani-garcia in #2724
• Limit Cipher Note encrypted string size by @BlackDex in #2945
• fix invitations of new users when mail is disabled by @stefan0xC in #2773
• attach images in email by @stefan0xC in #2784
• allow registration without invite link by @stefan0xC in #2799
• Fix master password hint update not working. by @BlackDex in #2834

nebulon

[1.12.0]

• Update Vaultwarden to 1.28.0
• Full changelog
• The project has changed license to the AGPLv3. If you're hosting a Vaultwarden instance, you now have a requirement to distribute the Vaultwarden source code to your users if they request it. The source code, and any changes you have made, need to be under the same AGPLv3 license. If you simply use our code without modifications, just pointing them to this repository is enough.
• Added support for Argon2 key derivation on the clients. To enable it for your account, make sure all your clients are using version v2023.2.0 or greater, then go to account settings > security > keys, and change the algorithm from PBKDF2 to Argon2id.
• Added support for Argon2 key derivation for the admin page token. To update your admin token to use it, check the wiki

nebulon

[1.12.1]

• Update Vaultwarden to 1.28.1
• Full changelog
• Decode knowndevice X-Request-Email as base64url with no padding by @jjlin in https://github.com/dani-garcia/vaultwarden/pull/3376
• Fix abort on password reset mail error by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/3390
• support /users/<uuid>/invite/resend admin api by @nikolaevn in https://github.com/dani-garcia/vaultwarden/pull/3397
• always return KdfMemory and KdfParallelism by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/3398
• Fix sending out multiple websocket notifications by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/3405
• Revert setcap, update rust and crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/3403