Vaultwarden - Package Updates

Package Updates

[1.21.0]

• Update vaultwarden to 1.34.1
• Full Changelog
• Fix admin diagnostics crash by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5886
• Updated web-vault to v2025.5.0
• Implemented new registration flow with email verification
• Added support for some feature flags (mutual TLS, attachment export, AnonAddy/SimpleLogin self host)
• Update crates & fix CVE-2025-25188 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5576
• Fix db issues with Option<> values and upd crates by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5594
• allow CLI to upload send files with truncated filenames by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5618
• Update Rust to 1.85.0 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5634
• Use subtle to replace deprecated ring::constant_time::verify_slices_are_equal by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5680
• Add support for mutual-tls feature flag by @bennettmsherman in https://github.com/dani-garcia/vaultwarden/pull/5698

Package Updates

[1.22.0]

• add checklist item about registration

Package Updates

[1.22.1]

• Update vaultwarden to 1.34.2
• Full Changelog
• Updated web vault to 2025.7.0
• Included experimental support for S3 file backend using OpenDAL. This currently requires compiling from source with the s3 feature flag, check https://github.com/dani-garcia/vaultwarden/pull/5626 for more details.
• fix css to hide login with passkey by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5890
• fix css for locked screen by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5905
• Abstract persistent files through Apache OpenDAL by @txase in https://github.com/dani-garcia/vaultwarden/pull/5626
• Fix and improvements to password policies by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/5923
• Update Alpine to version 3.22 by @dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5938
• make css for login-page position independent by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5906
• allow signup for invited users by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5967
• fix account recovery withdrawal by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5968

Package Updates

[1.22.2]

• Update vaultwarden to 1.34.3
• Full Changelog
• Update crates to trigger rebuild for mysql issue by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6111
• fix hiding of signup link by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6113

Package Updates

[1.23.0]

• Update vaultwarden to 1.35.0
• Full Changelog
• Implement support for SSO with OpenID Connect, https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect
• Updated web vault to 2025.12.0
• Added support for future mobile apps with versions 2026.1.0+
• Fix multi delete slowdown by @BlackDex in #6144
• Perform same checks when setting kdf by @Timshel in #6141
• SSO using OpenID Connect by @Timshel in #3899
• Delete SSO.md by @dani-garcia in #6152
• Update webauthn-rs to 0.5.x by @zUnixorn in #5934
• a little cleanup after SSO merge by @stefan0xC in #6153
• Fix link to point to the wiki by @Timshel in #6157

Package Updates

[1.23.1]

• Update vaultwarden to 1.35.1
• Full Changelog
• Fixed issue with applications being logged out after upgrading due to changes to refresh token parsing
• Updated web vault to 2025.12.1
• Correctly publish alpine tag, which was missing in 1.35.0
• Re-add alpine tag by @dfunkt in #6626
• Try old refresh token if we fail to decode jwt by @dani-garcia in #6629

Package Updates

[1.23.2]

• Update vaultwarden to 1.35.2
• Full Changelog
• update web-vault to fix org creation by @stefan0xC in #6646
• return no content with status code 204 by @stefan0xC in #6665
• allow MasterPasswordHash for Android by @stefan0xC in #6673
• improve sso callback path by @stefan0xC in #6676
• Fix web-vault version check and update web-vault by @BlackDex in #6686

Package Updates

[1.24.0]

• OIDC auth implemented

Package Updates

[1.24.1]

• Fix up postinstall and checklist

Package Updates

[1.24.3]

• Update vaultwarden to 1.35.4
• Full Changelog
• GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
• GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
• GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.
• Update Rust and Crates and GHA by @​BlackDex in #​6843
• hide remember 2fa token by @​stefan0xC in #​6852
• fix(send_invite): invite links by @​proofofcopilot in #​6824
• Misc organization fixes by @​BlackDex in #​6867