pkgsrc.se | The NetBSD package collection

./security/vaultwarden, Bitwarden compatible backend server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.33.2nb1, Package name: vaultwarden-1.33.2nb1, Maintainer: hauke

This is a Bitwarden server API implementation written in Rust,
compatible with upstream Bitwarden clients. It is well-suited for
self-hosted deployment, where running the official resource-heavy
service might not be ideal.

Package options: sqlite, web-vault

Master sites:

https://github.com/dani-garcia/ (Download)

Filesize: 623.278 KB

Version history: (Expand)

(2025-03-30) Updated to version: vaultwarden-1.33.2nb1
(2025-02-24) Updated to version: vaultwarden-1.33.2
(2024-12-01) Updated to version: vaultwarden-1.32.5
(2024-01-18) Updated to version: vaultwarden-1.30.1
(2023-10-25) Updated to version: vaultwarden-1.28.1nb1
(2023-07-20) Updated to version: vaultwarden-1.28.1

CVS history: (Expand)

2025-03-30 14:56:14 by Hauke Fath | Files touched by this commit (2)

Log message:
Make package build with mysql or pgsql support.

2025-02-24 09:59:37 by Adam Ciarcinski | Files touched by this commit (6) | Package updated

Log message:
vaultwarden: updated to 1.33.2

1.33.2

Update workflows and enhance security
Update crates & fix CVE-2025-24898
add bulk-access endpoint for collections
Fix icon redirect not working on desktop
Show assigned collections on member edit

1.33.1

This release has some minor issues fixed like:

Icon's not working on the Desktop clients
Invites not always working
DUO settings not able to configure
Manager rights
Mobile client sync issues fixed

1.33.0

Security Fixes

This release contains security fixes for the following advisories.
And we strongly advice to update as soon as possible.

GHSA-f7r5-w49x-gxm3
This vulnerability is only possible if you do not have an ADMIN_TOKEN configured \ 
and open links or pages you should not trust anyway. Ensure you have an \ 
ADMIN_TOKEN configured to keep your admin environment save.
GHSA-h6cc-rc6q-23j4
This vulnerability is only possible if someone was able to gain access to your \ 
Vaultwarden Admin Backend. The attacker could then change some settings to use \ 
sendmail as mail agent but adjust the settings in such a way that it would use a \ 
shell command. It then also needed to craft a special favicon image which would \ 
have the commands embedded to run during for example sending a test email.
GHSA-j4h8-vch3-f797
This vulnerability affects all users who have multiple Organizations and users \ 
which are able to create a new organization or have admin or owner rights on at \ 
least one organization. The attacker does need to know the Organization UUID of \ 
the Organization it want's to attack or compromise though.

Notable changes

Updated web-vault to v2025.1.1
Added partial manage role support for collections
Manager role is converted to a Custom role with either Manage All Collections or \ 
per collection.
Admins and Owners probably want to check and verify if the rights are still correct.
The OCI containers and binaries are signed via GitHub Attestations
This allows you to verify an OCI image or even the vaultwarden binary located \ 
within the OCI image.

2024-12-05 15:33:00 by Jonathan Perkin | Files touched by this commit (1)

Log message:
vaultwarden: Ensure openssl is linked correctly.

Some minor cleanups while here.

2024-12-01 01:04:58 by pin | Files touched by this commit (6) | Package updated

Log message:
security/vaultwarden: update to 1.32.5

Update from 1.30.1
Too much to list here, please see https://github.com/dani-garcia/vaultwarden/releases

Next time, please ask for help when having issues with a Rust package :)

2024-11-30 21:37:53 by Thomas Klausner | Files touched by this commit (1)

Log message:
vaultwarden: mark as BROKEN

This version does not support rust 1.80.

2024-01-18 21:12:55 by Hauke Fath | Files touched by this commit (2)

Log message:
Update checksums after adding patch comments.
Wrap long line in Makefile.

No functional changes.

2024-01-18 15:09:27 by Hauke Fath | Files touched by this commit (5) | Package updated

Log message:
Update security/vaultwarden to v1.30.1

Thanks go to the FreeBSD security/vaultwarden maintainer - I still
don't know how to update the package without their dependency list...

The openssl lib update patch is also from there.

From upstream's changelog:

    Fix missing alpine tag during buildx bake by @BlackDex in #4043
    Disable autofill-v2 by @BlackDex in #4056
    Add Protected Actions Check by @BlackDex in #4067
    Update crates by @BlackDex in #4074

    Added passkey support, allowing the browser extensions to store
    and use your passkeys, make sure the extension is updated to
    version 2023.10.0 or newer for passkey support.
    Updated web vault to 2023.10.0.
    Fixed crashes in ARMv6 devices
    Fixed crashes when trying to create/edit a cipher in the mobile applications.

    Update Rust and Crates by @BlackDex in #3808
    update web-vault to v2023.8.2 by @stefan0xC in #3821
    Fix Login With Device without MasterPassword by @BlackDex in #3831
    Update GitHub Workflow by @BlackDex in #3910
    Fix arm builds by @BlackDex in #3911
    Fix typos by @tuhanayim in #3959
    csp: rename anonaddy.com to addy.io by @stefan0xC in #3950
    filter handlebars logs by @stefan0xC in #3859
    Remove unnecessary variable clone by @mvalois in #3981
    README.md: Fix grammar nit by @AndreasHGK in #3965
    Fix small issues by @BlackDex in #3964
    Adds LastActive on /admin/users API route by @mvalois in #3951
    Reopen log file on SIGHUP by @tobiasmboelz in #3909
    Fix External ID not set during DC Sync by @BlackDex in #3804
    New config option disable email change by @admav in #3986
    2FA Confirmation Code Email subject line change to fix triggering
    Google spam blocker by @aureateflux in #3572
    Implement cipher key encryption by @dani-garcia in #3990
    Container building changes by @BlackDex in #3958
    Fix issue with MariaDB/MySQL migrations by @BlackDex in #3994
    feat: Working passkeys storage by @GeekCornerGH in #4025
    ci: add trivy workflow by @mightyBroccoli in #3997
    Fix importing Bitwarden exports by @BlackDex in #4030

    Fix .env.template file by @BlackDex in #3734
    Fix UserOrg status during LDAP Import by @BlackDex in #3740
    Update images to Bookworm and PQ15 and Rust v1.71 by @BlackDex in #3573
    Implement "login with device" by @quexten in #3592
    chore: Bump web vault to v2023.7.1 and bump Rust by @GeekCornerGH in #3769
    Optimized Favicon downloading by @BlackDex in #3751
    add UserDecryptionOptions to login response by @stefan0xC in #3813
    add new secretsmanager plan for web-v2023.8.x by @stefan0xC in #3797
    Allow Authorization header for Web Sockets by @BlackDex in #3806
    Update admin interface by @BlackDex in #3730

    Fix Org API Key generation on PosgreSQL by @BlackDex in #3678
    feat: Add support for forwardemail by @GeekCornerGH in #3686
    Fix some external_id issues by @BlackDex in #3690
    Remove debug code during attachment download by @BlackDex in #3704

    WebSocket notifications now work via the default HTTP port. No
    need for WEBSOCKET_ENABLED and a separate port anymore.
    The proxy examples still need to be updated for this. Support for
    the old websockets port 3012 will remain for the time being.
    Mobile Client push notification support, see #3304 thanks @GeekCornerGH!
    Web-Vault updated to v2023.5.0 (v2023.5.1 does not add any improvements for us)
    The latest Bitwarden Directory Connector can be used now (v2022.11.0)
    Storing passkeys is supported, though the clients are not yet
    released. So, it might be we need to make some changes once they
    are released.
    See: #3593, thanks @GeekCornerGH!

2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)

Log message:
*: bump for openssl 3