Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update security/vaultwarden to v1.28.1
Note the license change from gnu-gpl-v3 to gnu-agpl-v3.
There is at this time no update to the current 1.29.0, because
o upstream is pulling in a non-release crate from github during build, again, and
o pkgsrc has no workable way to create an updated
"cargo-depends.mk". The make CARGO_ARGS="build --release" build
described in the pkgsrc guide 21.4.4 does not work, and I ended up
cribbing the cargo list from the FreeBSD package (thanks, guys!).
Upstream's change list:
1.28.1
What's Changed
Decode knowndevice X-Request-Email as base64url with no padding by @jjlin in \
#3376
Fix abort on password reset mail error by @BlackDex in #3390
support /users/<uuid>/invite/resend admin api by @nikolaevn in #3397
always return KdfMemory and KdfParallelism by @stefan0xC in #3398
Fix sending out multiple websocket notifications by @BlackDex in #3405
Revert setcap, update rust and crates by @BlackDex in #3403
1.28.0
Major changes
The project has changed license to the AGPLv3. If you're hosting a
Vaultwarden instance, you now have a requirement to distribute the
Vaultwarden source code to your users if they request it. The
source code, and any changes you have made, need to be under the
same AGPLv3 license. If you simply use our code without
modifications, just pointing them to this repository is enough.
Added support for Argon2 key derivation on the clients. To enable
it for your account, make sure all your clients are using version
v2023.2.0 or greater, then go to account settings > security >
keys, and change the algorithm from PBKDF2 to Argon2id.
Added support for Argon2 key derivation for the admin page
token. To update your admin token to use it, check the wiki
New alternative registries for the docker images are available (In BETA for now):
Github Container Registry: https://ghcr.io/dani-garcia/vaultwarden
Quay: https://quay.io/vaultwarden/server
What's Changed
Remove patched multer-rs by @manofthepeace in #2968
Removed unsafe-inline JS from CSP and other fixes by @BlackDex in #3058
Validate YUBICO_SERVER string (#3003) by @BlackDex in #3059
Log message to stderr if LOG_FILE is not writable by @pjsier in #3061
Update WebSocket Notifications by @BlackDex in #3076
Optimize config loading messages by @BlackDex in #3092
Percent-encode org_name in links by @am97 in #3093
Fix failing large note imports by @BlackDex in #3087
Change text/plain API responses to application/json by @jjlin in #3124
Remove shrink-to-fit=no from viewport-meta-tag by @redwerkz in #3126
Update dependencies and MSRV by @BlackDex in #3128
Resolve uninlined_format_args clippy warnings by @BlackDex in #3065
Update Rust to v1.66.1 to patch CVE by @BlackDex in #3136
Fix remaining inline format by @BlackDex in #3130
Use more modern meta tag for charset encoding by @redwerkz in #3131
fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory by \
@GeekCornerGH in #3132
Optimize CipherSyncData for very large vaults by @BlackDex in #3133
Add avatar color support by @BlackDex in #3134
Add MFA icon to org member overview by @BlackDex in #3135
Minor refactoring concering user.setpassword by @sirux88 in #3139
Validate note sizes on key-rotation. by @BlackDex in #3157
Update KDF Configuration and processing by @BlackDex in #3163
Remove arm32v6-specific tag by @jjlin in #3164
Re-License Vaultwarden to AGPLv3 by @BlackDex in #2561
Admin password reset by @sirux88 in #3116
"Spell-Jacking" mitigation ~ prevent sensitive data leak \u2026 by \
@dlehammer in #3145
Allow listening on privileged ports (below 1024) as non-root by @jjlin in #3170
don't nullify key when editing emergency access by @stefan0xC in #3215
Fix trailing slash not getting removed from domain by @BlockListed in #3228
Generate distinct log messages for regex vs. IP blacklisting. by @kpfleming \
in #3231
allow editing/unhiding by group by @farodin91 in #3108
Fix Javascript issue on non sqlite databases by @BlackDex in #3167
add argon2 kdf fields by @tessus in #3210
add support for system mta though sendmail by @soruh in #3147
Updated Rust and crates by @BlackDex in #3234
docs: add build status badge in readme by @R3DRUN3 in #3245
Validate all needed fields for client API login by @BlackDex in #3251
Fix Organization delete when groups are configured by @BlackDex in #3252
Fix Collection Read Only access for groups by @Misterbabou in #3254
Make the admin session lifetime adjustable by @mittler-works in #3262
Add function to fetch user by email address by @mittler-works in #3263
Fix vault item display in org vault view by @jjlin in #3277
Add confirmation for removing 2FA and deauthing sessions in admin panel by \
@JCBird1012 in #3282
Some Admin Interface updates by @BlackDex in #3288
Fix the web-vault v2023.2.0 API calls by @BlackDex in #3281
Fix confirmation for removing 2FA and deauthing sessions in admin panel by \
@dpinse in #3290
Admin token Argon2 hashing support by @BlackDex in #3289
Add HEAD routes to avoid spurious error messages by @jjlin in #3307
Fix web-vault Member UI show/edit/save by @BlackDex in #3315
Upd Crates, Rust, MSRV, GHA and remove Backtrace by @BlackDex in #3310
Add support for /api/devices/knowndevice with HTTP header params by @jjlin \
in #3329
Update Rust, MSRV and Crates by @BlackDex in #3348
Merge ClientIp with Headers. by @BlackDex in #3332
add endpoints to bulk delete collections/groups by @stefan0xC in #3354
Add support for Quay.io and GHCR.io as registries by @BlackDex in #3363
Some small fixes and updates by @BlackDex in #3366
Update web vault to v2023.3.0 by @dani-garcia
1.27.0
New features
Event logs for organizations
With this feature enabled, actions occurring inside an organization
will be recorded in a log, viewable by organization admins and
owners. Check the official documentation to learn more:
https://bitwarden.com/help/event-logs/ (Note that the Public API is
not yet implemented, so the events are only viewable in the Web Vault)
To enable this feature, set ORG_EVENTS_ENABLED=true. By default all
events will be stored indefinitely, if you want to limit that, you can
use the EVENTS_DAYS_RETAIN option. You can also tune the cleanup
schedule with EVENT_CLEANUP_SCHEDULE. Group support (beta)
Enables the creation and use of groups inside an organization. At the
moment this is in beta because there are some known issues
(#2989). Still, the more this feature is tested, the faster we will be
able to stabilize it.
To enable this feature, set ORG_GROUPS_ENABLED=true, make sure to make
proper backups of your instance before hand.
What's Changed
Group support | applied .diff by @MFijak in #2846
Add Organizational event logging feature by @BlackDex in #2868
Updated web vault to 2022.12.0 by @dani-garcia
Update diesel to 2.0.2 by @dani-garcia in #2724
Limit Cipher Note encrypted string size by @BlackDex in #2945
fix invitations of new users when mail is disabled by @stefan0xC in #2773
attach images in email by @stefan0xC in #2784
allow registration without invite link by @stefan0xC in #2799
Fix master password hint update not working. by @BlackDex in #2834
Sync global_domains.json by @jjlin in #2840
verify email on registration by invite by @stefan0xC in #2804
Take ROCKET_ADDRESS into account in the Docker healthcheck by @jjlin in #2844
Update github workflows by @BlackDex in #2852
feat: Bump web-vault to v2022.10.1 by @GeekCornerGH in #2859
Update Rust version, deps and workflow by @BlackDex in #2888
Add /devices/knowndevice endpoint by @BlackDex in #2893
fix: removed a double space by @GeekCornerGH in #2894
Support Org Export for v2022.11 clients by @BlackDex in #2899
Use constant size generic parameter for random bytes generation by \
@samueltardieu in #2910
Update config comment to reflect rfc8314. by @skid9000 in #2911
Set "Bypass admin page security" as read-only by @BlackDex in #2918
Fully remove DuckDuckGo email service. by @BlackDex in #2919
Added missing register endpoint to identity by @BlackDex in #2920
Prevent DNS leak when icon regex is configured by @BlackDex in #2921
Update settings description by @karbobc in #2928
allow managers to set groups of a collection by @stefan0xC in #2933
Update Vaultwarden Logo's by @BlackDex in #2940
check if sqlite folder exists by @stefan0xC in #2873
redirect to admin login page when forward fails by @stefan0xC in #2886
Cleanups and Fixes for Emergency Access by @BlackDex in #2936
Update dependencies for Rust and Admin interface. by @BlackDex in #2941
Fix admin repost warning. by @BlackDex in #2953
Add dev-only query logging support by @BlackDex in #2954
Fix managers and groups link by @BlackDex in #2947
use a custom 404 page by @stefan0xC in #2948
Increase privacy of masked config by @BlackDex in #2963
Improve comments by @tessus in #2969
use black favicon for /admin by @tessus in #2970
Remove ctrlc crate and some updates by @BlackDex in #2971
Fix org export (again) by @BlackDex in #2973
Revert collection queries back to left_join by @BlackDex in #2976
Fix recover-2fa not working. by @BlackDex in #2994
Disable groups by default and Some optimizations by @BlackDex in #2995
Fix a panic during Yubikey register/login by @BlackDex in #3006