1.25.1

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images will not receive any new updates any longer.

What's Changed

• Updated included web vault to version 2022.6.2 by @dani-garcia
• Sync global_domains.json by @jjlin in #2555
• Add TMP_FOLDER to .env.template by @fox34 in #2489
• Allow FireFox relay in CSP. by @BlackDex in #2565
• Fix hidden ciphers within organizational view. by @BlackDex in #2567
• Add password_hints_allowed config option by @jjlin in #2586
• Fall back to move_copy_to if persist_to fails while saving uploaded files. by @ruifung in #2605
• Swap Websocket crate from ws to tungstenite, which is more maintained, supports async, and removes around 20 old duplicate versions of used crates by @dani-garcia
• Fix armv6 issue with bullseye images by @BlackDex in #2491
• Add a persistent volume check. by @BlackDex in #2501, #2507
• Adding "UserEnabled" and "CreatedAt" member to the json output of a User by @Lowaiz in #2523
• Bump lettre to 0.10.0-rc.7 by @paolobarbolini in #2531
• Small email sending code improvements by @paolobarbolini in #2532
• A little depreciation change by @binlab in #2556
• Fix identicons not always working by @BlackDex in #2571
• Small change in log-level for better debugging by @BlackDex in #2577
• Address inconsistency v{version} with and without a v in the version with most recent updates. by @nneul in #2595
• Bump openssl-src from 111.21.0+1.1.1p to 111.22.0+1.1.1q by @dependabot in #2599
• Add more clippy checks for better code/readability by @BlackDex in #2611
• Update deps, misc fixes and updates, small improvements on favicons and fix file-uploads by @BlackDex in #2543, #2568, #2619

New Contributors

• @fox34 made their first contribution in #2489
• @Lowaiz made their first contribution in #2523
• @binlab made their first contribution in #2556
• @nneul made their first contribution in #2595
• @dependabot made their first contribution in #2599
• @ruifung made their first contribution in #2605

Full Changelog: 1.25.0...1.25.1

1.25.0

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images will not receive any new updates any longer.

What's Changed

• Updated included web vault to v2.28.1
• Update Rocket to 0.5 and async, and compile on stable by @dani-garcia in #2276
• Update async to prepare for main merge + several updates by @BlackDex in #2292
• Add IP address to missing/invalid password message for Sends by @jaen in #2313
• Add support for custom .env file path by @TinfoilSubmarine in #2315
• Added autofocus to pw field on admin login page by @taylorwmj in #2328
• Update login API code and update crates to fix CVE by @BlackDex in #2354
• Several updates and fixes by @BlackDex in #2379
• disable legacy X-XSS-Protection feature by @Wonderfall in #2380
• Fix building mimalloc on armv6 by @BlackDex in #2397
• Remove u2f implementation by @BlackDex in #2398
• Sync global_domains.json by @jjlin in #2400
• Add /api/{alive,now,version} endpoints by @jjlin in #2433
• Improve sync speed and updated dep. versions by @BlackDex in #2429
• Database connection init by @jjlin in #2440
• Fix upload limits and disable color logs by @BlackDex in #2480
• Update Rust version in Dockerfile by @BlackDex in #2481

New Contributors

• @jaen made their first contribution in #2313
• @TinfoilSubmarine made their first contribution in #2315
• @taylorwmj made their first contribution in #2328
• @Wonderfall made their first contribution in #2380

Full Changelog: 1.24.0...1.25.0

1.24.0

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images will not receive any new updates any longer.

What's Changed

• Add support for external icon services by @jjlin in #2158
  • Add config option to set the HTTP redirect code for external icons by @jjlin in #2188
  • Add support for legacy HTTP 301/302 redirects for external icons by @jjlin in #2218
• Support all DB's for Alpine and Debian by @BlackDex in #2172
• Add support for API keys by @jjlin in #2245
• Basic ratelimit for user login (including 2FA) and admin login by @dani-garcia in #2165
• Upgrade Feature-Policy to Permissions-Policy by @iamdoubz in #2228
• Set Expires header when caching responses by @RealOrangeOne in #2182
• Increase length limit for email token generation by @jjlin in #2257
• Small changes to icon log messages. by @BlackDex in #2170
• Bump rust version to mitigate CVE-2022-21658 by @dscottboggs in #2255
• Fixed #2151 by @BlackDex in #2169
• Fixed issue #2154 by @BlackDex in #2194
• Fix issue with Bitwarden CLI. by @BlackDex in #2197
• Fix emergency access invites for new users by @BlackDex in #2217
• Sync global_domains.json by @jjlin in #2156
• Sync global_domains.json by @jjlin in #2171

New Contributors

• @iamdoubz made their first contribution in #2228
• @dscottboggs made their first contribution in #2255

Full Changelog: 1.23.1...1.24.0

1.23.1

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images will not receive any new updates any longer.

What's Changed

• Add email notifications for incomplete 2FA logins by @jjlin in #2067
• Fix conflict resolution logic for read_only and hide_passwords flags by @jjlin in #2073
• Fix missing encrypted key after emergency access reject by @jjlin in #2078
• Fix PostgreSQL migration by @jjlin in #2080
• Macro recursion decrease and other optimizations by @BlackDex in #2084
• Enabled trust-dns and some updates. by @BlackDex in #2125
• Update web vault to 2.25.0

Full Changelog: 1.23.0...1.23.1

1.23.0

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images are deprecated and will stop being updated after 1.23.0.

• Added emergency access feature
  • Can be disabled setting EMERGENCY_ACCESS_ALLOWED=false
• Added support for single organization policy
• Fixed incorrect webauthn origin
• Enforce personal ownership policy on imports
• Fixed issue using uppercase characters on emails
• Updated web vault to 2.23.0
• Added organization bulk user management actions (reinvite/confirm/delete)
• Removed limmit that disabled sending ciphers with attachments
• Disabled enforcing of two factor organization policy on users that haven't been accepted yet
• Added tzdata to the alpine containers, to be able to set a different timezone to UTC
• Updated icon fetching to make it work on unicode websites
• Docker images are now built using Github Actions, and the base images have been updated
• Added database connection check to /alive endpoint
• Updated dependencies

1.22.2

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images are deprecated and will stop being updated after 1.23.0.

• Updated web vault to 2.21.1.
• Enforce 2FA policy in organizations.
• Protect send routes against a possible path traversal attack.
• Disable show_password_hint by default, it still can be enabled in the admin panel or with environment variables.
• Disable user verification enforcement in Webauthn, which would make some users unable to login.
• Fix issue that wouldn't correctly delete Webauthn Key.
• Added Edge extension support for Webauthn.

1.22.1

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images are deprecated and will stop being updated after 1.23.0.

• Fix alpine builds

1.22.0

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images are deprecated and will stop being updated after 1.23.0.

• Added sends_allowed option to disable Send functionality.
• Added support for hiding the senders email address.
• Added Send options policy.
• Added support for password reprompt.
• Switched to the new attachment download API.
• Send download links use a token system to limit their downloads.
• Updates to the icon fetching.
• Support for webauthn.
• The admin page now shows which variables are overridden.
• Updated dependencies and docker base images.
• Now RSA keys are generated with the included openssl instead of calling to the openssl binary.
• The web vault doesn't require accepting the terms are conditions now, which weren't applicable for a self hosted server.

1.21.0

Update 20201-04-30: This release has been pushed again to fix an issue with the Docker builds building an older revision of the project.

Project renamed to vaultwarden

Due to user confusion and to avoid any possible trademark/brand issues with the official server, this project is going to be renamed to vaultwarden. This rename might mean you will need to make some changes to your setup.

Docker users

• If you are using any of the docker images, you will have to migrate to the new image under the vaultwarden organization:

  vaultwarden/server

The new image is equivalent to the old one except for the name, so the upgrade is as simple as removing the old container and creating a new one with the new image, making sure the rest of parameters are the same. For example, if you used the default docker run command mentioned in the readme, and upgrade would be done like this:

# Stop and remove the old container
docker stop bitwarden
docker rm bitwarden

# Start new container with the data mounted, make sure the path is the same as the previous one
docker run -d --name vaultwarden -v /bw-data/:/data/ -p 80:80 vaultwarden/server:latest

Note that the old images aren't gone yet, just deprecated. They will keep being updated for another two releases after this one to avoid breakage, but it's recommended to migrate to the new image as soon as possible.

If you are still using the old database specific images (server-mysql and server-postgresql), they are also deprecated since the main server image supports all three databases at the same time, more info on release 1.17.0.

If you are using the startup scripts mounted inside the container (/etc/bitwarden_rs.sh and /etc/bitwarden_rs.d/*), they will now load with the vaultwarden name first and the bitwarden_rs name as a fallback for compatibility, but it's recommended to rename them as well.

Git users

If you are using the git repository, we've used this opportunity to rename the master branch to main, so make sure to have that in mind. The rest of the process is the same and GitHub will redirect the old remote URL to the new one, simply note that the binary generated by cargo is now named vaultwarden instead of bitwarden_rs.

Changelog

• Add support for enabling auto-deletion of trash items after X days, disabled by default
  • Set TRASH_AUTO_DELETE_DAYS to a positive value to enable this functionality
  • You can also configure how often this process runs, using cron sintax with the variable TRASH_PURGE_SCHEDULE
• Updates to the icon fetching, making it more reliable in detecting icon types
• Updated admin page, improving version checks and SQLite backup feature

1.20.0

• Implemented Send functionality
• Updated web vault to 2.19.0
• CORS fixes
• Updated diagnostics page with more info
• Updated dependencies