Vaultwarden - Package Updates
Pinned
Vaultwarden
-
You can use this thread to track updates to the Vaultwarden (previously BitwardenRS) package.
Please open issues in a separate topic instead of replying here.
-
[1.1.0]
- Use latest base image 2.0.0
- Run bitwarden as non-root user
- Enable bitwarden logs
-
A package version 1.2.0 was published updating Web Vault to 2.14.0. However, this was a packaging error and the package has been revoked.
-
[1.3.0]
- Update Bitwardenrs to 1.15.0
- Full changelog
- Added support for soft deletion of items (trash functionality)
- Redesigned admin page
- Updated web vault to 2.14
- Added IP address to the logs on TOTP failure, alowing fail2ban use
- Some email and domain whitelist fixes
- Fixed issue deleting notes in PostgreSQL
- Updated dependencies and other bug fixes
-
[1.3.1]
- Update BitwardenRS to 1.15.1
- Full changelog
- Fixed error when cloning attachments with ciphers, note that attachments are not cloned
- Fixed version check when a commit hasn't been made since the last release
- Added openssl extern crate to fix some builds
- Updated admin page, added attachments count per user and users count per organization and fixed issue with DNS not resolving
-
[1.4.0]
- Update BitwardenRS to 1.16.0
- Update web vault to 2.15.1
- Full changelog
- Add support for hiding passwords in a collection
- Add option to set name during HELO in email settings
- Add startup script to support init operations
- Use local time in email notifications for new device logins
- Updated dependencies and included web vault
- Removed unstable dependencies in preparation for rocket stable
-
[1.4.4]
- Update BitwardenRS to 1.17.0
- Update webvault to 2.16.1
- Sessions are properly invalidated now when changing email, password or kdf parameters.
- Items are not shown to organization admins in their user view when they don't have their collection selected. Note that they still appear in the organization view.
- Favorite status in organization items is now tracked at the user level.
- Updated dependencies and synced global domains file with upstream.
-
[1.5.0]
- Update BitwardenRS to 1.18.0
- Full changelog
- Users can be enabled/disabled from the admin panel.
- Implemented manager role.
- Now cipher updates are validated when they provide a revision date, which will prevent multiple clients from overwriting each other's changes.
- Updated web vault to 2.17.1.
-
[1.6.0]
- Update BitwardenRS to 1.19.0
- Update web vault to 2.18.1
- Admin UI: Added diagnostic and debug information.
- Admin UI: Added option to sort users by date.
- Admin UI: Added ability to modify a user's type in an organization and to delete the whole organization.
- Added support for the Personal Ownership policy, which when enabled disables the use of the personal vault to non-admin users of an organization.
- Synced global domains data with upstream.
-
[1.6.3]
- Set
configurePath
in the manifest
- Set
-
[1.7.0]
- Project renamed from BitwardenRS to Vaultwarden
- Renaming announcement
- Update Vaultwarden to 2.21.0
- Add support for enabling auto-deletion of trash items after X days, disabled by default
- Updates to the icon fetching, making it more reliable in detecting icon types
-
[1.7.1]
- Update Vaultwarden to 1.22.1
- Added sends_allowed option to disable Send functionality.
- Added support for hiding the senders email address.
- Added Send options policy.
- Added support for password reprompt.
- Switched to the new attachment download API.
- Send download links use a token system to limit their downloads.
- Updates to the icon fetching.
- Support for webauthn.
- The admin page now shows which variables are overridden.
- Updated dependencies and docker base images.
- Now RSA keys are generated with the included openssl instead of calling to the openssl binary.
- The web vault doesn't require accepting the terms are conditions now, which weren't applicable for a self hosted server.
-
[1.7.2]
- Update Vaultwarden to 1.22.2
- Updated web vault to 2.21.1.
- Enforce 2FA policy in organizations.
- Protect send routes against a possible path traversal attack.
- Disable show_password_hint by default, it still can be enabled in the admin panel or with environment variables.
- Disable user verification enforcement in Webauthn, which would make some users unable to login.
- Fix issue that wouldn't correctly delete Webauthn Key.
- Added Edge extension support for Webauthn.
-
[1.7.3]
- Fix logging of client IP address
- Set IP_HEADER config var