Software-update: Vaultwarden 1.35.0

Bitwarden is een wachtwoordmanager die regelmatig op Tweakers voorbijkomt. Het is opensource en heeft ook de mogelijkheid om het op een eigen server te draaien. Ontwikkelaar Daniel García heeft een onofficiële in Rust ontwikkelde implementatie van Bitwarden gemaakt, in eerste instantie onder de naam Bitwarden_rs maar sinds een paar jaar als Vaultwarden. Het gaat alleen om de serverkant van de wachtwoordmanager; voor de clients kan de officiële software van Bitwarden worden gebruikt. Vaultwarden is lichter in gebruik en heeft ook functionaliteit waarvoor bij Bitwarden moet worden betaald, waaronder functionaliteit voor het beheer van wachtwoorden op organisatieniveau. Versie 1.35.0 van Vaultwarden is uitgekomen en hier zijn de volgende veranderingen en verbeteringen in aangebracht:

Notable changes

Implemented support for SSO with OpenID ConnectUpdated web vault to 2025.12.0Added support for future mobile apps with versions 2026.1.0+

Implemented support for SSO with OpenID Connect

Updated web vault to 2025.12.0

Added support for future mobile apps with versions 2026.1.0+

What's Changed

Fix multi delete slowdown in #6144Perform same checks when setting kdf in #6141SSO using OpenID Connect in #3899Delete SSO.md in #6152Update webauthn-rs to 0.5.x in #5934a little cleanup after SSO merge in #6153Fix link to point to the wiki in #6157Fix Email 2FA for mobile apps in #6156Update Rust to 1.89.0 in #6150Fix several more multi select push issues in #6151Fix minor typo in #6165Update crates, fixes some yanked crates in #6167Fix WebauthN issue with Software Keys in #6168Fix Playwright test conf and update deps in #6176Misc updates in #6185fix typo in description of helo_name in #6194Fix Playwright in #6206Switch to GHA's concurrency control in #6164Make database connection pool dynamic in #6166Re-add if check to release workflow in #6227Fix Webauthn/Passkey 2FA migration/validation issues in #6190refactor(config): update template, add validation in #6229Show SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION in admin in #6235Update crates, gha and web-vault in #6234Fix panic around sso_master_password_policy in #6233make webauthn more optional in #6160Fix 2fa recovery endpoint in #6240update trivy-action to v0.33.0 in #6248update web vault to v2025.9.1 and allow new policy in #6340prevent changing collections when hide_passwords is true in #6278Fix sso_user dropped on User::save in #6262Change OIDC dummy identifier in #6263add new billing warnings endpoint in #6369Add auth_request pending endpoint in #6368Fix Org identifier in #6364add mail address change warning for invited accounts in #6377add missing media-src directive in #6381add seat limit for the invite dialog in #6371[Playwright] Improvements around node in #6321Use Diesels MultiConnections Derive in #6279Improve protected actions in #6411Fix issue with key-rotation and emergency-access in #6421Optimizations and build speedup in #6339Use an older version of mariadb to prevent a panic in #6453Playwright against abitrary web-vault in #6380Fix KDF Change with new web-vault in #6458Fix: admin theme emoji alignment in #6459remove invalid emergency access dummy value in #6463Add pm-25373-windows-biometrics-v2 feature flag in #6468Switch to multiple runners per arch in #6472Fix icon redirect caching in #6487Fix around singleorg policy in #6247fix email as 2fa provider in #6473Update crates and Rust version in #6485Add option to prefer IPv6 resolving in #6494Some small admin js/css updates in #6501Update crates and workflows and some fixes in #6508Fixed a typo in the default TTL value in #6528Iterate over tags on release in #6518Org.put_policy type not in body anymore in #6514Android want response property in camelCase in #6513Fix admin invite with SSO in #6498Improve sso auth flow in #6205fix email as 2fa for sso in #6495Fix release workflow in #6532Further fixes for the release workflow in #6533add empty /api/tasks endpoint in #6557Revert to gzip compression in #6566support UriMatchDefaults policy in #6570Add new accountKeys and masterPasswordUnlock fields in #6572Update crates and Rust in #6551Add UserDecryption on /sync too in #6574Update web-vault to v2025.12.0 in #6577Fix posting cipher with readonly collections in #6578Update crates in #6585Simplify binary extraction in #6554Remove unnecessary output sharing between jobs in #6555Add wrapped named variants to UserDecryptionOptions in #6598

Fix multi delete slowdown in #6144

Perform same checks when setting kdf in #6141

SSO using OpenID Connect in #3899

Delete SSO.md in #6152

Update webauthn-rs to 0.5.x in #5934

a little cleanup after SSO merge in #6153

Fix link to point to the wiki in #6157

Fix Email 2FA for mobile apps in #6156

Update Rust to 1.89.0 in #6150

Fix several more multi select push issues in #6151

Fix minor typo in #6165

Update crates, fixes some yanked crates in #6167

Fix WebauthN issue with Software Keys in #6168

Fix Playwright test conf and update deps in #6176

Misc updates in #6185

fix typo in description of helo_name in #6194

Fix Playwright in #6206

Switch to GHA's concurrency control in #6164

Make database connection pool dynamic in #6166

Re-add if check to release workflow in #6227

Fix Webauthn/Passkey 2FA migration/validation issues in #6190

refactor(config): update template, add validation in #6229

Show SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION in admin in #6235

Update crates, gha and web-vault in #6234

Fix panic around sso_master_password_policy in #6233

make webauthn more optional in #6160

Fix 2fa recovery endpoint in #6240

update trivy-action to v0.33.0 in #6248

update web vault to v2025.9.1 and allow new policy in #6340

prevent changing collections when hide_passwords is true in #6278

Fix sso_user dropped on User::save in #6262

Change OIDC dummy identifier in #6263

add new billing warnings endpoint in #6369

Add auth_request pending endpoint in #6368

Fix Org identifier in #6364

add mail address change warning for invited accounts in #6377

add missing media-src directive in #6381

add seat limit for the invite dialog in #6371

[Playwright] Improvements around node in #6321

Use Diesels MultiConnections Derive in #6279

Improve protected actions in #6411

Fix issue with key-rotation and emergency-access in #6421

Optimizations and build speedup in #6339

Use an older version of mariadb to prevent a panic in #6453

Playwright against abitrary web-vault in #6380

Fix KDF Change with new web-vault in #6458

Fix: admin theme emoji alignment in #6459

remove invalid emergency access dummy value in #6463

Add pm-25373-windows-biometrics-v2 feature flag in #6468

Switch to multiple runners per arch in #6472

Fix icon redirect caching in #6487

Fix around singleorg policy in #6247

fix email as 2fa provider in #6473

Update crates and Rust version in #6485

Add option to prefer IPv6 resolving in #6494

Some small admin js/css updates in #6501

Update crates and workflows and some fixes in #6508

Fixed a typo in the default TTL value in #6528

Iterate over tags on release in #6518

Org.put_policy type not in body anymore in #6514

Android want response property in camelCase in #6513

Fix admin invite with SSO in #6498

Improve sso auth flow in #6205

fix email as 2fa for sso in #6495

Fix release workflow in #6532

Further fixes for the release workflow in #6533

add empty /api/tasks endpoint in #6557

Revert to gzip compression in #6566

support UriMatchDefaults policy in #6570

Add new accountKeys and masterPasswordUnlock fields in #6572

Update crates and Rust in #6551

Add UserDecryption on /sync too in #6574

Update web-vault to v2025.12.0 in #6577

Fix posting cipher with readonly collections in #6578

Update crates in #6585

Simplify binary extraction in #6554

Remove unnecessary output sharing between jobs in #6555

Add wrapped named variants to UserDecryptionOptions in #6598

Source: Tweakers.net