Software-update: Vaultwarden 1.32.0

Bitwarden is een wachtwoordmanager die regelmatig op Tweakers voorbij komt. Het is opensource en heeft ook de mogelijkheid om het op een eigen server te draaien. Ontwikkelaar Daniel García heeft een onofficiële in Rust ontwikkelde implementatie van Bitwarden gemaakt, in eerste instantie onder de naam Bitwarden_rs maar sinds een paar jaar als Vaultwarden. Het gaat alleen om de serverkant van de wachtwoordmanager, voor de clients kan de officiële software van Bitwarden worden gebruikt. Vaultwarden is lichter in gebruik en heeft ook functionaliteit waarvoor bij Bitwarden moet worden betaald, waaronder het gebruik van organisaties. Versie 1.32.0 van Vaultwarden is uitgekomen en hierin zijn enkele belangrijke beveiligingsproblemen verholpen.

Security Fixes

This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible.

CVE-2024-39924 Fixed via #4715CVE-2024-39925 Fixed via #4837CVE-2024-39926 Fixed via #4737

CVE-2024-39924 Fixed via #4715

CVE-2024-39925 Fixed via #4837

CVE-2024-39926 Fixed via #4737

Other changes

Updated web-vault to v2024.6.2Fixed issues with password reset enrollment by rolling back a web-vault commit

Updated web-vault to v2024.6.2

Fixed issues with password reset enrollment by rolling back a web-vault commit

What's Changed

use a custom plan of enterprise tier to fix limits in #4726chore: Dockerfile to Remove port 3012 in #4725Fix bug where secureNotes is empty in #4730Improved HTTP client in #4740Update admin interface in #4737Fix for RSA Keys which are read only in #4744Fix Email 2FA login on native app in #4762Update crates & fix crate vulnerability in #4771Fix Dockerfile linter warnings in #4763allow re-invitations of existing users in #4768Allow to override log level for specific target in #4305Add support for MFA with Duo's Universal Prompt in #4637Allow to increase the note size to 100_000 in #4772Update Rust, Crates and GHA in #4783Duo: use the formatted db email in #4779Update rust-toolchain.toml to 1.80.0 in #4784fix issue with adding ciphers to organizations on native ios app in #4800Rewrite the Push Notifications section in the configuration template in #4805Secure send file uploads in #4810make access_all optional in #4812Remove lowercase conversion for featureStates in #4820Fix mail::send_incomplete_2fa_login panic issue in #4792Update crates, web-vault and fixes in #4823Updated web-vault to v2024.6.2b in #4826Update Rust to 1.80.1 in #4831Fix data disclosure on organization endpoints in #4837

use a custom plan of enterprise tier to fix limits in #4726

chore: Dockerfile to Remove port 3012 in #4725

Fix bug where secureNotes is empty in #4730

Improved HTTP client in #4740

Update admin interface in #4737

Fix for RSA Keys which are read only in #4744

Fix Email 2FA login on native app in #4762

Update crates & fix crate vulnerability in #4771

Fix Dockerfile linter warnings in #4763

allow re-invitations of existing users in #4768

Allow to override log level for specific target in #4305

Add support for MFA with Duo's Universal Prompt in #4637

Allow to increase the note size to 100_000 in #4772

Update Rust, Crates and GHA in #4783

Duo: use the formatted db email in #4779

Update rust-toolchain.toml to 1.80.0 in #4784

fix issue with adding ciphers to organizations on native ios app in #4800

Rewrite the Push Notifications section in the configuration template in #4805

Secure send file uploads in #4810

make access_all optional in #4812

Remove lowercase conversion for featureStates in #4820

Fix mail::send_incomplete_2fa_login panic issue in #4792

Update crates, web-vault and fixes in #4823

Updated web-vault to v2024.6.2b in #4826

Update Rust to 1.80.1 in #4831

Fix data disclosure on organization endpoints in #4837

Source: Tweakers.net