Vaultwarden - Package Updates

girish

You can use this thread to track updates to the Vaultwarden (previously BitwardenRS) package.

Please open issues in a separate topic instead of replying here.

girish

[1.1.0]

• Use latest base image 2.0.0
• Run bitwarden as non-root user
• Enable bitwarden logs

girish

A package version 1.2.0 was published updating Web Vault to 2.14.0. However, this was a packaging error and the package has been revoked.

girish

[1.3.0]

• Update Bitwardenrs to 1.15.0
• Full changelog
• Added support for soft deletion of items (trash functionality)
• Redesigned admin page
• Updated web vault to 2.14
• Added IP address to the logs on TOTP failure, alowing fail2ban use
• Some email and domain whitelist fixes
• Fixed issue deleting notes in PostgreSQL
• Updated dependencies and other bug fixes

girish

[1.3.1]

• Update BitwardenRS to 1.15.1
• Full changelog
• Fixed error when cloning attachments with ciphers, note that attachments are not cloned
• Fixed version check when a commit hasn't been made since the last release
• Added openssl extern crate to fix some builds
• Updated admin page, added attachments count per user and users count per organization and fixed issue with DNS not resolving

nebulon

[1.4.0]

• Update BitwardenRS to 1.16.0
• Update web vault to 2.15.1
• Full changelog
• Add support for hiding passwords in a collection
• Add option to set name during HELO in email settings
• Add startup script to support init operations
• Use local time in email notifications for new device logins
• Updated dependencies and included web vault
• Removed unstable dependencies in preparation for rocket stable

nebulon

[1.4.1]

• Update BitwardenRS to 1.16.1
• Log timestamps with milliseconds by default and added option LOG_TIMESTAMP_FORMAT to customize the format

nebulon

[1.4.2]

• Update BitwardenRS to 1.16.2
• Fixed issue unlocking vault in the desktop client.
• Added back arm32v6 tag, because docker fails to select that image in ARMv6 devices.
• Fixed websocket notifications when sending an item to the trash.

nebulon

[1.4.3]

• Update BitwardenRS to 1.16.3
• Fixed mysql and postgresql releases not building correctly
• Added support for restricting org creation to certain users: Examples
• Syncronized global_domains.json with upstream

nebulon

[1.4.4]

• Update BitwardenRS to 1.17.0
• Update webvault to 2.16.1
• Sessions are properly invalidated now when changing email, password or kdf parameters.
• Items are not shown to organization admins in their user view when they don't have their collection selected. Note that they still appear in the organization view.
• Favorite status in organization items is now tracked at the user level.
• Updated dependencies and synced global domains file with upstream.

girish

[1.5.0]

• Update BitwardenRS to 1.18.0
• Full changelog
• Users can be enabled/disabled from the admin panel.
• Implemented manager role.
• Now cipher updates are validated when they provide a revision date, which will prevent multiple clients from overwriting each other's changes.
• Updated web vault to 2.17.1.

nebulon

[1.6.0]

• Update BitwardenRS to 1.19.0
• Update web vault to 2.18.1
• Admin UI: Added diagnostic and debug information.
• Admin UI: Added option to sort users by date.
• Admin UI: Added ability to modify a user's type in an organization and to delete the whole organization.
• Added support for the Personal Ownership policy, which when enabled disables the use of the personal vault to non-admin users of an organization.
• Synced global domains data with upstream.

nebulon

[1.6.1]

• Update to base image v3

nebulon

[1.6.2]

• Update BitwardenRS to 1.20.0
• Update web vault to 2.19.0
• Implemented Send functionality
• Updated web vault to 2.19.0
• CORS fixes
• Updated diagnostics page with more info
• Updated dependencies

girish

[1.6.3]

• Set configurePath in the manifest

girish

[1.7.0]

• Project renamed from BitwardenRS to Vaultwarden
• Renaming announcement
• Update Vaultwarden to 2.21.0
• Add support for enabling auto-deletion of trash items after X days, disabled by default
• Updates to the icon fetching, making it more reliable in detecting icon types

nebulon

[1.7.1]

• Update Vaultwarden to 1.22.1
• Added sends_allowed option to disable Send functionality.
• Added support for hiding the senders email address.
• Added Send options policy.
• Added support for password reprompt.
• Switched to the new attachment download API.
• Send download links use a token system to limit their downloads.
• Updates to the icon fetching.
• Support for webauthn.
• The admin page now shows which variables are overridden.
• Updated dependencies and docker base images.
• Now RSA keys are generated with the included openssl instead of calling to the openssl binary.
• The web vault doesn't require accepting the terms are conditions now, which weren't applicable for a self hosted server.

nebulon

[1.7.2]

• Update Vaultwarden to 1.22.2
• Updated web vault to 2.21.1.
• Enforce 2FA policy in organizations.
• Protect send routes against a possible path traversal attack.
• Disable show_password_hint by default, it still can be enabled in the admin panel or with environment variables.
• Disable user verification enforcement in Webauthn, which would make some users unable to login.
• Fix issue that wouldn't correctly delete Webauthn Key.
• Added Edge extension support for Webauthn.