Vaultwarden - Package Updates
-
You can use this thread to track updates to the Vaultwarden (previously BitwardenRS) package.
Please open issues in a separate topic instead of replying here.
-
[1.1.0]
- Use latest base image 2.0.0
- Run bitwarden as non-root user
- Enable bitwarden logs
-
A package version 1.2.0 was published updating Web Vault to 2.14.0. However, this was a packaging error and the package has been revoked.
-
[1.3.0]
- Update Bitwardenrs to 1.15.0
- Full changelog
- Added support for soft deletion of items (trash functionality)
- Redesigned admin page
- Updated web vault to 2.14
- Added IP address to the logs on TOTP failure, alowing fail2ban use
- Some email and domain whitelist fixes
- Fixed issue deleting notes in PostgreSQL
- Updated dependencies and other bug fixes
-
[1.3.1]
- Update BitwardenRS to 1.15.1
- Full changelog
- Fixed error when cloning attachments with ciphers, note that attachments are not cloned
- Fixed version check when a commit hasn't been made since the last release
- Added openssl extern crate to fix some builds
- Updated admin page, added attachments count per user and users count per organization and fixed issue with DNS not resolving
-
[1.4.0]
- Update BitwardenRS to 1.16.0
- Update web vault to 2.15.1
- Full changelog
- Add support for hiding passwords in a collection
- Add option to set name during HELO in email settings
- Add startup script to support init operations
- Use local time in email notifications for new device logins
- Updated dependencies and included web vault
- Removed unstable dependencies in preparation for rocket stable
-
[1.4.1]
- Update BitwardenRS to 1.16.1
- Log timestamps with milliseconds by default and added option LOG_TIMESTAMP_FORMAT to customize the format
-
[1.4.2]
- Update BitwardenRS to 1.16.2
- Fixed issue unlocking vault in the desktop client.
- Added back arm32v6 tag, because docker fails to select that image in ARMv6 devices.
- Fixed websocket notifications when sending an item to the trash.
-
[1.4.3]
- Update BitwardenRS to 1.16.3
- Fixed mysql and postgresql releases not building correctly
- Added support for restricting org creation to certain users: Examples
- Syncronized global_domains.json with upstream
-
[1.4.4]
- Update BitwardenRS to 1.17.0
- Update webvault to 2.16.1
- Sessions are properly invalidated now when changing email, password or kdf parameters.
- Items are not shown to organization admins in their user view when they don't have their collection selected. Note that they still appear in the organization view.
- Favorite status in organization items is now tracked at the user level.
- Updated dependencies and synced global domains file with upstream.
-
[1.5.0]
- Update BitwardenRS to 1.18.0
- Full changelog
- Users can be enabled/disabled from the admin panel.
- Implemented manager role.
- Now cipher updates are validated when they provide a revision date, which will prevent multiple clients from overwriting each other's changes.
- Updated web vault to 2.17.1.
-
[1.6.0]
- Update BitwardenRS to 1.19.0
- Update web vault to 2.18.1
- Admin UI: Added diagnostic and debug information.
- Admin UI: Added option to sort users by date.
- Admin UI: Added ability to modify a user's type in an organization and to delete the whole organization.
- Added support for the Personal Ownership policy, which when enabled disables the use of the personal vault to non-admin users of an organization.
- Synced global domains data with upstream.
-
[1.6.1]
- Update to base image v3
-
[1.6.2]
- Update BitwardenRS to 1.20.0
- Update web vault to 2.19.0
- Implemented Send functionality
- Updated web vault to 2.19.0
- CORS fixes
- Updated diagnostics page with more info
- Updated dependencies
-
[1.6.3]
- Set
configurePathin the manifest
- Set
-
[1.7.0]
- Project renamed from BitwardenRS to Vaultwarden
- Renaming announcement
- Update Vaultwarden to 2.21.0
- Add support for enabling auto-deletion of trash items after X days, disabled by default
- Updates to the icon fetching, making it more reliable in detecting icon types
-
[1.7.1]
- Update Vaultwarden to 1.22.1
- Added sends_allowed option to disable Send functionality.
- Added support for hiding the senders email address.
- Added Send options policy.
- Added support for password reprompt.
- Switched to the new attachment download API.
- Send download links use a token system to limit their downloads.
- Updates to the icon fetching.
- Support for webauthn.
- The admin page now shows which variables are overridden.
- Updated dependencies and docker base images.
- Now RSA keys are generated with the included openssl instead of calling to the openssl binary.
- The web vault doesn't require accepting the terms are conditions now, which weren't applicable for a self hosted server.
-
[1.7.2]
- Update Vaultwarden to 1.22.2
- Updated web vault to 2.21.1.
- Enforce 2FA policy in organizations.
- Protect send routes against a possible path traversal attack.
- Disable show_password_hint by default, it still can be enabled in the admin panel or with environment variables.
- Disable user verification enforcement in Webauthn, which would make some users unable to login.
- Fix issue that wouldn't correctly delete Webauthn Key.
- Added Edge extension support for Webauthn.
-
[1.7.3]
- Fix logging of client IP address
- Set IP_HEADER config var
-
[1.7.4]
- Update Vaultwarden to 1.23.0
- Update web vault to 2.23.0
-
[1.7.5]
- Update Vaultwarden to 1.23.1
- Full changelog
- Add email notifications for incomplete 2FA logins by @jjlin in #2067
- Fix conflict resolution logic for read_only and hide_passwords flags by @jjlin in #2073
- Fix missing encrypted key after emergency access reject by @jjlin in #2078
- Macro recursion decrease and other optimizations by @BlackDex in #2084
- Enabled trust-dns and some updates. by @BlackDex in #2125
- Update web vault to 2.25.0
-
[1.7.6]
- Update base image to 3.2.0
- Better apache config to not cause hostname warnings
-
[1.8.1]
- Update Vaultwarden to 1.24.0
- Full changelog
- Add support for API keys by @jjlin in #2245
- Basic ratelimit for user login (including 2FA) and admin login by @dani-garcia in #2165
- Upgrade Feature-Policy to Permissions-Policy by @iamdoubz in #2228
- Set Expires header when caching responses by @RealOrangeOne in #2182
- Increase length limit for email token generation by @jjlin in #2257
- Small changes to icon log messages. by @BlackDex in #2170
- Bump rust version to mitigate CVE-2022-21658 by @dscottboggs in #2255
- Fixed #2151 by @BlackDex in #2169
- Fixed issue #2154 by @BlackDex in #2194
- Fix issue with Bitwarden CLI. by @BlackDex in #2197
- Fix emergency access invites for new users by @BlackDex in #2217
- Sync global_domains.json by @jjlin in #2156
-
[1.8.2]
- Update web vault to 2.24.0
- Full changelog
- various bug fixes
-
[1.8.3]
- Update Web vault to 2.28.0
-
[1.8.4]
- Update Web Vault to 2.28.1
-
[1.9.0]
- Update Vaultwarden to 2.25.0
- Full changelog
- Updated included web vault to v2.28.1
- Update Rocket to 0.5 and async, and compile on stable by @dani-garcia in #2276
- Update async to prepare for main merge + several updates by @BlackDex in #2292
- Add IP address to missing/invalid password message for Sends by @jaen in #2313
- Add support for custom .env file path by @TinfoilSubmarine in #2315
- Added autofocus to pw field on admin login page by @taylorwmj in #2328
- Update login API code and update crates to fix CVE by @BlackDex in #2354
