Changelog for
vaultwarden-1.31.0-lp156.2.1.x86_64.rpm :
* Tue Jul 09 2024 Julian Röder
- Update to version 1.31.0
* Initial support for the beta releases of the new native mobile apps
* Removed support for WebSocket traffic on port 3012
* Fix comment in events.rs by AATTKrappRamiro in #4408
* Improve JWT RSA key initialization and avoid saving public key by AATTdani-garcia in #4085
* Remove custom WebSocket code by AATTBlackDex in #4001
* refactor: replace panic with a graceful exit by AATTtessus in #4402
* Small improvements around email change by AATTTimshel in #4415
* Change timestamp data type. by AATTgzfrozen in #4355
* Fix #3624: fix manager permission within groups by AATTmatlink in #3754
* automatically use email address as 2fa provider by AATTstefan0xC in #4317
* fix: typos by AATTtestwill in #4440
* Use async verify for Yubikey by AATTdani-garcia in #4448
* Implement custom DNS resolver by AATTdani-garcia in #3988
* Pass in collection ids to notifier when sharing cipher. by AATTkristof-mattei in #4517
* improve access to collections via groups by AATTstefan0xC in #4441
* fix emergency access invites by AATTstefan0xC in #4337
* Some fixes for the new mobile apps by AATTdani-garcia in #4526
* Improve Commentary Aesthetics by AATTrich-purnell in #4549
* also delete organization_api_key when deleting organizations by AATTstefan0xC in #4557
* Fix public api for domains with path prefix by AATTFDHoho007 in #4500
* differentiate external groups by organization id by AATTstefan0xC in #4586
* Remove old knowndevice route by AATTTimshel in #4578
* Change API and structs to camelCase by AATTdani-garcia in #4386
* Fix cipher creation on new android app by AATTdani-garcia in #4670
* Remove mimalloc workaround by AATTdfunkt in #4606
* Change some missing PascalCase keys by AATTdani-garcia in #4671
* Fix collections and native app issue by AATTBlackDex in #4685
* Fix duplicate folder creations during import by AATTBlackDex in #4702
* Remove duplicate registry step by AATTdfunkt in #4703
* add group support for Cipher::get_collections() by AATTstefan0xC in #4592
* Switch registry cache compression algorithm to zstd by AATTdfunkt in #4704
* Some fixes for emergency access by AATTBlackDex in #4715
* Mon Mar 04 2024 Julian Röder - Update to version 1.30.5
* Fix env template to ensure compatibility with systemd\'s EnvironmentFile parsing by AATTseiuneko in #4315
* fix: web API call for jquery 3.7.1 by AATTcalvin-li-developer in #4400
* Update crates to fix new builds by AATTBlackDex in #4308
* Fri Feb 02 2024 Julian Röder - Update to version 1.30.3
* fix push device registration by AATTstefan0xC in #4297
* Wed Jan 31 2024 Julian Röder - Update to version 1.30.2
* Prevent generating an error during ws close by AATTBlackDex in #4127
* Several small fixes for open issues by AATTBlackDex in #4143
* Decrease JWT Refresh/Auth token by AATTBlackDex in #4163
* Fix Single Org Policy check by AATTBlackDex in #4207
* Allow customizing the featureStates by AATTPKizzle in #4168
* Fix #3413: push to users accessing the collections using groups by AATTmatlink in #3757
* US or EU Data Region Selection by AATTtoto-xoxo in #3752
* enforce 2FA policy on removal of second factor and login by AATTstefan0xC in #3803
* improve emergency access when not enabled by AATTstefan0xC in #4227
* Fix bulk collection deletion by AATTBlackDex in #4257
* fix: use black text for update badge (better contrast) by AATTtessus in #4245
* prevent side effects if groups are disabled by AATTstefan0xC in #4265
* Return 404 when user public_key is empty by AATTTimshel in #4271
* Improve file limit handling by AATTdani-garcia in #4242
* Fix attachment upload size check by AATTBlackDex in #4282
* err on invalid feature flag by AATTstefan0xC in #4263
* register missing push devices at login by AATTstefan0xC in #3792
* Update env template file by AATTgzfrozen in #4276
* Mon Nov 20 2023 Julian Röder - Update to version 1.30.1
* Disable autofill-v2 by AATTBlackDex in #4056
* Add Protected Actions Check by AATTBlackDex in #4067
* Update crates by AATTBlackDex in #4074
* Tue Nov 07 2023 Julian Röder - Update to version 1.30.0
* Added passkey support, allowing the browser extensions to store and use your passkeys.
* Fixed crashes when trying to create/edit a cipher in the mobile applications.
* Fix Login With Device without MasterPassword by AATTBlackDex in #3831
* Fix typos by AATTtuhanayim in #3959
* csp: rename anonaddy.com to addy.io by AATTstefan0xC in #3950
* filter handlebars logs by AATTstefan0xC in #3859
* Remove unnecessary variable clone by AATTmvalois in #3981
* Fix small issues by AATTBlackDex in #3964
* Adds LastActive on /admin/users API route by AATTmvalois in #3951
* Reopen log file on SIGHUP by AATTtobiasmboelz in #3909
* Fix External ID not set during DC Sync by AATTBlackDex in #3804
* New config option disable email change by AATTadmav in #3986
* 2FA Confirmation Code Email subject line change to fix triggering Google spam blocker by AATTaureateflux in #3572
* Implement cipher key encryption by AATTdani-garcia in #3990
* Fix issue with MariaDB/MySQL migrations by AATTBlackDex in #3994
* feat: Working passkeys storage by AATTGeekCornerGH in #4025
* Fix importing Bitwarden exports by AATTBlackDex in #4030
* Fri Sep 01 2023 Julian Röder - Update to version 1.29.2
* Fix UserOrg status during LDAP Import by AATTBlackDex in #3740
* Implement \"login with device\" by AATTquexten in #3592
* Optimized Favicon downloading by AATTBlackDex in #3751
* add UserDecryptionOptions to login response by AATTstefan0xC in #3813
* add new secretsmanager plan for web-v2023.8.x by AATTstefan0xC in #3797
* Allow Authorization header for Web Sockets by AATTBlackDex in #3806
* Update admin interface by AATTBlackDex in #3730
* Wed Aug 02 2023 Julian Röder - Update to version 1.29.1
* Fix Org API Key generation on PosgreSQL by AATTBlackDex in #3678
* feat: Add support for forwardemail by AATTGeekCornerGH in #3686
* Fix some external_id issues by AATTBlackDex in #3690
* Remove debug code during attachment download by AATTBlackDex in #3704
* Wed Jul 12 2023 Julian Röder - Update to version 1.29.0
* WebSocket notifications now work via the default HTTP port. No need for WEBSOCKET_ENABLED and a separate port anymore. Support for the old websockets port 3012 will remain for the time being.
* Mobile Client push notification support, see #3304 thanks AATTGeekCornerGH!
* Storing passkeys is supported, though the clients are not yet released. So, it might be we need to make some changes once they are released.
* check if reset password policy is enabled by AATTstefan0xC in #3427
* Several config and admin interface fixes by AATTBlackDex in #3436
* Fixed missing footer_text and a few inconsistencies in email templates by AATTkennymc-c in #3439
* inline static rsa keys by AATTvilgotf in #3475
* Change String to &str for all Rocket functions and some other fixes by AATTBlackDex in #3491
* Sync global_domains.json (Pinterest) by AATTjjlin in #3532
* Prevent 401 on main admin page by AATTBlackDex in #3547
* Fix collection change ws notifications by AATTBlackDex in #3546
* Implement Push Notifications sync by AATTGeekCornerGH in #3304
* Implement the Organization API Key support for the new Directory Connector v2022 by AATTBlackDex in #3568
* Add mobile push device filter to non-null push uuid by AATTquexten in #3578
* Add group import on invite by AATTfarodin91 in #3606
* Fix send access regression by AATTBlackDex in #3608
* Support for storing passkeys in the vault by AATTGeekCornerGH in #3593
* add user to collection during creation by AATTfarodin91 in #3609
* Added-External_id for Collections by AATTfashberg in #3623
* fix missing password check while manual reset password enrollment by AATTsirux88 in #3632
* Fix org creation regresion by AATTBlackDex in #3659
* Mon Apr 03 2023 Julian Röder - Update to version 1.28.1
* Decode knowndevice X-Request-Email as base64url with no padding by AATTjjlin in #3376
* Fix abort on password reset mail error by AATTBlackDex in #3390
* support /users//invite/resend admin api by AATTnikolaevn in #3397
* always return KdfMemory and KdfParallelism by AATTstefan0xC in #3398
* Fix sending out multiple websocket notifications by AATTBlackDex in #3405
* Mon Mar 27 2023 Julian Röder - Update to version 1.28.0
* Remove patched multer-rs by AATTmanofthepeace in #2968
* Removed unsafe-inline JS from CSP and other fixes by AATTBlackDex in #3058
* Validate YUBICO_SERVER string (#3003) by AATTBlackDex in #3059
* Log message to stderr if LOG_FILE is not writable by AATTpjsier in #3061
* Update WebSocket Notifications by AATTBlackDex in #3076
* Optimize config loading messages by AATTBlackDex in #3092
* Percent-encode org_name in links by AATTam97 in #3093
* Fix failing large note imports by AATTBlackDex in #3087
* Change text/plain API responses to application/json by AATTjjlin in #3124
* Resolve uninlined_format_args clippy warnings by AATTBlackDex in #3065
* Fix remaining inline format by AATTBlackDex in #3130
* Optimize CipherSyncData for very large vaults by AATTBlackDex in #3133
* Add avatar color support by AATTBlackDex in #3134
* Add MFA icon to org member overview by AATTBlackDex in #3135
* Minor refactoring concering user.setpassword by AATTsirux88 in #3139
* Validate note sizes on key-rotation. by AATTBlackDex in #3157
* Update KDF Configuration and processing by AATTBlackDex in #3163
* Admin password reset by AATTsirux88 in #3116
* \"Spell-Jacking\" mitigation ~ prevent sensitive data leak … by AATTdlehammer in #3145
* don\'t nullify key when editing emergency access by AATTstefan0xC in #3215
* Fix trailing slash not getting removed from domain by AATTBlockListed in #3228
* Generate distinct log messages for regex vs. IP blacklisting. by AATTkpfleming in #3231
* allow editing/unhiding by group by AATTfarodin91 in #3108
* Fix Javascript issue on non sqlite databases by AATTBlackDex in #3167
* add argon2 kdf fields by AATTtessus in #3210
* add support for system mta though sendmail by AATTsoruh in #3147
* Validate all needed fields for client API login by AATTBlackDex in #3251
* Fix Organization delete when groups are configured by AATTBlackDex in #3252
* Fix Collection Read Only access for groups by AATTMisterbabou in #3254
* Make the admin session lifetime adjustable by AATTmittler-works in #3262
* Add function to fetch user by email address by AATTmittler-works in #3263
* Fix vault item display in org vault view by AATTjjlin in #3277
* Add confirmation for removing 2FA and deauthing sessions in admin panel by AATTJCBird1012 in #3282
* Some Admin Interface updates by AATTBlackDex in #3288
* Admin token Argon2 hashing support by AATTBlackDex in #3289
* Add HEAD routes to avoid spurious error messages by AATTjjlin in #3307
* Fix web-vault Member UI show/edit/save by AATTBlackDex in #3315
* Add support for /api/devices/knowndevice with HTTP header params by AATTjjlin in #3329
* Merge ClientIp with Headers. by AATTBlackDex in #3332
* add endpoints to bulk delete collections/groups by AATTstefan0xC in #3354
* Add support for Quay.io and GHCR.io as registries by AATTBlackDex in #3363
* Thu Jan 05 2023 Julian Röder - Update to version 1.27.0
* Group support | applied .diff by AATTMFijak in #2846
* Add Organizational event logging feature by AATTBlackDex in #2868
* Limit Cipher Note encrypted string size by AATTBlackDex in #2945
* fix invitations of new users when mail is disabled by AATTstefan0xC in #2773
* attach images in email by AATTstefan0xC in #2784
* allow registration without invite link by AATTstefan0xC in #2799
* Fix master password hint update not working. by AATTBlackDex in #2834
* Sync global_domains.json by AATTjjlin in #2840
* verify email on registration by invite by AATTstefan0xC in #2804
* Add /devices/knowndevice endpoint by AATTBlackDex in #2893
* fix: removed a double space by AATTGeekCornerGH in #2894
* Support Org Export for v2022.11 clients by AATTBlackDex in #2899
* Use constant size generic parameter for random bytes generation by AATTsamueltardieu in #2910
* Set \"Bypass admin page security\" as read-only by AATTBlackDex in #2918
* Fully remove DuckDuckGo email service. by AATTBlackDex in #2919
* Added missing register endpoint to identity by AATTBlackDex in #2920
* Prevent DNS leak when icon regex is configured by AATTBlackDex in #2921
* allow managers to set groups of a collection by AATTstefan0xC in #2933
* Update Vaultwarden Logo\'s by AATTBlackDex in #2940
* check if sqlite folder exists by AATTstefan0xC in #2873
* redirect to admin login page when forward fails by AATTstefan0xC in #2886
* Cleanups and Fixes for Emergency Access by AATTBlackDex in #2936
* Fix admin repost warning. by AATTBlackDex in #2953
* Add dev-only query logging support by AATTBlackDex in #2954
* Fix managers and groups link by AATTBlackDex in #2947
* use a custom 404 page by AATTstefan0xC in #2948
* Increase privacy of masked config by AATTBlackDex in #2963
* use black favicon for /admin by AATTtessus in #2970
* Remove ctrlc crate and some updates by AATTBlackDex in #2971
* Revert collection queries back to left_join by AATTBlackDex in #2976
* Fix recover-2fa not working. by AATTBlackDex in #2994
* Disable groups by default and Some optimizations by AATTBlackDex in #2995
* Fix a panic during Yubikey register/login by AATTBlackDex in #3006
* Tue Oct 18 2022 Julian Röder - Update to version 1.26.0
* Fix uploads from mobile clients (and dep updates) by AATTBlackDex in #2675
* Add support for send v2 API endpoints by AATTBlackDex in #2756
* External Links | Optimize behavior by AATTFvbor in #2693
* Add Org user revoke feature by AATTBlackDex in #2698
* Change the handling of login errors. by AATTBlackDex in #2729
* Added support for web-vault v2022.9 by AATTBlackDex in #2732
* add not_found catcher for 404 errors by AATTstefan0xC in #2768
* Fix issue 2737, unable to create org by AATTBlackDex in #2738
* Rename/Fix revoke/restore endpoints by AATTBlackDex in #2739
* Update CSP for DuckDuckGo email forwarding by AATTjjlin in #2812
* check if data folder is a writable directory by AATTstefan0xC in #2811
* fix: tooltip typo by AATTdjbrownbear in #2746
* Update libraries and Rust version by AATTBlackDex in #2758
* Fix organization vault export by AATTBlackDex in #2765
* allow the removal of non-confirmed owners by AATTstefan0xC in #2772
* v2022.9.2 expects a json response while registering by AATTstefan0xC in #2803
* make invitation expiration time configurable by AATTstefan0xC in #2805
* return more descriptive JWT validation messages by AATTstefan0xC in #2806
* Add CreationDate to cipher response JSON by AATTjjlin in #2813- Improve systemd-integration with some distributions.
* Fri Oct 07 2022 Julian Röder - Improve the build environment
* Requirements that were only introduced to satisfy the build service were removed. Conflitcs and choices are now resolved within the project configuration.
* The rust-setup was optimized to skip unnecessary components and configurations.
* Thu Jul 28 2022 Julian Röder - Update to version 1.25.2
* Fix persistent folder check within containers by AATTBlackDex in #2631
* Mitigate attachment/send upload issues by AATTBlackDex in #2650
* Fix issue with CSP and icon redirects by AATTBlackDex in #2624
* Mon Jul 18 2022 Julian Röder - Change the buildrecipe to build all binaries on the intended target system, instead of reusing prebuilt binaries.- Update to version 1.25.1
* Sync global_domains.json by AATTjjlin in #2555
* Add TMP_FOLDER to .env.template by AATTfox34 in #2489
* Allow FireFox relay in CSP. by AATTBlackDex in #2565
* Fix hidden ciphers within organizational view. by AATTBlackDex in #2567
* Add password_hints_allowed config option by AATTjjlin in #2586
* Fall back to move_copy_to if persist_to fails while saving uploaded files. by AATTruifung in #2605
* Swap Websocket crate from ws to tungstenite, which is more maintained, supports async, and removes around 20 old duplicate versions of used crates by AATTdani-garcia
* Add a persistent volume check. by AATTBlackDex in #2501, #2507
* Adding \"UserEnabled\" and \"CreatedAt\" member to the json output of a User by AATTLowaiz in #2523
* Bump lettre to 0.10.0-rc.7 by AATTpaolobarbolini in #2531
* Small email sending code improvements by AATTpaolobarbolini in #2532
* A little depreciation change by AATTbinlab in #2556
* Fix identicons not always working by AATTBlackDex in #2571
* Small change in log-level for better debugging by AATTBlackDex in #2577
* Address inconsistency v{version} with and without a v in the version with most recent updates. by AATTnneul in #2595
* Bump openssl-src from 111.21.0+1.1.1p to 111.22.0+1.1.1q by AATTdependabot in #2599
* Add more clippy checks for better code/readability by AATTBlackDex in #2611
* Update deps, misc fixes and updates, small improvements on favicons and fix file-uploads by AATTBlackDex in #2543, #2568, #2619
* Fri Jun 03 2022 Julian Röder - Update to version 1.25.0
* Update Rocket to 0.5 and async, and compile on stable by AATTdani-garcia in #2276
* Update async to prepare for main merge + several updates by AATTBlackDex in #2292
* Add IP address to missing/invalid password message for Sends by AATTjaen in #2313
* Add support for custom .env file path by AATTTinfoilSubmarine in #2315
* Added autofocus to pw field on admin login page by AATTtaylorwmj in #2328
* Update login API code and update crates to fix CVE by AATTBlackDex in #2354
* Several updates and fixes by AATTBlackDex in #2379
* disable legacy X-XSS-Protection feature by AATTWonderfall in #2380
* Fix building mimalloc on armv6 by AATTBlackDex in #2397
* Remove u2f implementation by AATTBlackDex in #2398
* Sync global_domains.json by AATTjjlin in #2400
* Add /api/{alive,now,version} endpoints by AATTjjlin in #2433
* Improve sync speed and updated dep. versions by AATTBlackDex in #2429
* Database connection init by AATTjjlin in #2440
* Fix upload limits and disable color logs by AATTBlackDex in #2480
* Mon Jan 31 2022 Julian Röder - Update to version 1.24.0
* Add support for external icon services by AATTjjlin in #2158
* Add config option to set the HTTP redirect code for external icons by AATTjjlin in #2188
* Add support for legacy HTTP 301/302 redirects for external icons by AATTjjlin in #2218
* Add support for API keys by AATTjjlin in #2245
* Basic ratelimit for user login (including 2FA) and admin login by AATTdani-garcia in #2165
* Upgrade Feature-Policy to Permissions-Policy by AATTiamdoubz in #2228
* Set Expires header when caching responses by AATTRealOrangeOne in #2182
* Increase length limit for email token generation by AATTjjlin in #2257
* Small changes to icon log messages. by AATTBlackDex in #2170
* Bump rust version to mitigate CVE-2022-21658 by AATTdscottboggs in #2255
* Fixed #2151 by AATTBlackDex in #2169
* Fixed issue #2154 by AATTBlackDex in #2194
* Fix issue with Bitwarden CLI. by AATTBlackDex in #2197
* Fix emergency access invites for new users by AATTBlackDex in #2217
* Sync global_domains.json by AATTjjlin in #2156
* Sync global_domains.json by AATTjjlin in #2171- Complete default config file
* Wed Dec 15 2021 Julian Röder - Update to version 1.23.1
* Add email notifications for incomplete 2FA logins by AATTjjlin in #2067
* Fix conflict resolution logic for read_only and hide_passwords flags by AATTjjlin in #2073
* Fix missing encrypted key after emergency access reject by AATTjjlin in #2078
* Fix PostgreSQL migration by AATTjjlin in #2080
* Macro recursion decrease and other optimizations by AATTBlackDex in #2084
* Enabled trust-dns and some updates. by AATTBlackDex in #2125
* Thu Oct 21 2021 Julian Röder - Update to version 1.23.0
* Added emergency access feature
* Can be disabled setting EMERGENCY_ACCESS_ALLOWED=false
* Added support for single organization policy
* Fixed incorrect webauthn origin
* Enforce personal ownership policy on imports
* Fixed issue using uppercase characters on emails
* Added organization bulk user management actions (reinvite/confirm/delete)
* Removed limmit that disabled sending ciphers with attachments
* Disabled enforcing of two factor organization policy on users that haven\'t been accepted yet
* Updated icon fetching to make it work on unicode websites
* Added database connection check to /alive endpoint
* Updated dependencies
* Tue Jul 27 2021 Julian Röder - Update to version 1.22.2
* Enforce 2FA policy in organizations.
* Protect send routes against a possible path traversal attack.
* Disable show_password_hint by default, it still can be enabled in the admin panel or with environment variables.
* Disable user verification enforcement in Webauthn, which would make some users unable to login.
* Fix issue that wouldn\'t correctly delete Webauthn Key.
* Added Edge extension support for Webauthn.
* Thu Jul 01 2021 Julian Röder - Update to version 1.22.1
* Added sends_allowed option to disable Send functionality.
* Added support for hiding the senders email address.
* Added Send options policy.
* Added support for password reprompt.
* Switched to the new attachment download API.
* Send download links use a token system to limit their downloads.
* Updates to the icon fetching.
* Support for webauthn.
* The admin page now shows which variables are overridden.
* Updated dependencies and docker base images.
* Now RSA keys are generated with the included openssl instead of calling to the openssl binary.- Remove OpenSSL as dependency as it is no longer needed.
* Wed May 26 2021 Julian Röder - Add support for mysql und postgresql
* Mon May 03 2021 Julian Röder - Improves package relations on debian-based distributions
* Fri Apr 30 2021 Julian Röder - Project renamed to Vaultwarden- Update to version 1.21.0
* Add support for enabling auto-deletion of trash items after X days, disabled by default
* Set TRASH_AUTO_DELETE_DAYS to a positive value to enable this functionality
* You can also configure how often this process runs, using cron sintax with the variable TRASH_PURGE_SCHEDULE
* Updates to the icon fetching, making it more reliable in detecting icon types
* Updated admin page, improving version checks and SQLite backup feature