dani-garcia/vaultwarden

← Alle Releases
1.35.4 vor 11 Tagen dani-garcia dani-garcia Auf GitHub ansehen

Security Fixes

This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.
- GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
- GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
- GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.

These are private for now, pending CVE assignment.

What's Changed

  • Update Rust and Crates and GHA by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6843
  • hide remember 2fa token by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6852
  • fix(send_invite): invite links by @proofofcopilot in https://github.com/dani-garcia/vaultwarden/pull/6824
  • Misc organization fixes by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6867

New Contributors

  • @proofofcopilot made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/6824

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4