| Age | Commit message (Collapse) | Author |
|---|
|
- fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
|
|
|
|
* Fix for RSA Keys which are read only
Sometimes an RSA Key file could be read only.
We currently failed because we also wanted to write.
Added an extra check if the file exists already and is not 0 in size.
If it does already exists and is larger then 0, then open in read only
mode.
Fixes #4644
* Updated code to work atomically
- Changed the code to work atomically
- Also show the alert generated from `Io`
* Fix spelling
|
|
- Updated datatables
- Set Cookie Secure flag if the connection is https
- Prevent possible XSS via Organization Name
Converted all `innerHTML` and `innerText` to the Safe Sink version `textContent`
- Removed `jsesc` function as handlebars escapes all these chars already and more by default
|
|
* Improved HTTP client
* Change config compat to use auto, rename blacklist
* Fix wrong doc references
|
|
|
|
|
|
* use a custom plan of enterprise tier to fix limits
* set maxStorageGb limit to max signed int value
|
|
- Add missing `Headers` parameter for some functions
This allowed any request from allowing these endpoints by not validating the user correctly.
- Changed the functions to retreive the emergency access record by
using the user uuid which calls the endpoint, instead of validating afterwards.
This is more secure and prevents the need of an if check.
|
|
- Updated the crates
Removed the patch for mimalloc
- Updated the web-vault to v2024.5.1b
The reason for not updating to v2024.6.x is that there are several items
not working correctly or need some more research.
|
|
- faster builds than with gzip (the default)
|
|
* add group support for Cipher::get_collections()
join group infos assigned to a collection to check
whether user has been given access to all collections via any group
or they have access to a specific collection via any group membership
* fix Collection::is_writable_by_user()
prevent side effects if groups are disabled
* differentiate the /collection endpoints
* return cipherDetails on post_collections_update()
* add collections_v2 endpoint
|
|
|
|
During import you are able to select an existing folder, or with
Bitwarden exports it can contain existing folders already. In either
case it didn't matter, we always created new folders.
Bitwarden uses the same UUID of the selected or existing folders if they
are already there.
This PR fixes this by using the same behaviour.
Fixes #4700
|
|
Collections were not visible in the organization view.
This was because the `flexibleCollections` was set to `true`
Found an issue with loading some old created Secure Notes which had `{}` or `{"type":null}` as there `data` value.
This isn't allowed. When detected, replace it with `{"type":0}`
Fixes #4682
Fixes #4590
|
|
|
|
- libatomic linking for armv6 has been fixed in https://github.com/purpleprotocol/mimalloc_rust/commit/992c9da4c5afba7fbf4c5815c43c8f0fbd2a8da6
|
|
|
|
* Change API inputs/outputs and structs to camelCase
* Fix fields and password history
* Use convert_json_key_lcase_first
* Make sends lowercase
* Update admin and templates
* Update org revoke
* Fix sends expecting size to be a string on mobile
* Convert two-factor providers to string
|
|
default (#4661)
|
|
|
|
- Updated all crates including Diesel and the new mysqlclient-sys
- Updated the MSRV to v1.78 as that is what Diesel mandates
- Added the mimalloc crate as a patch for now to fix armv6 static builds
This probably makes #4606 possible
- Updated web-vault to v2024.5.1
- Updated GitHub Actions
Fixed an issue with the localhost images for extracting the musl binaries.
|
|
* Update rust and remove unused header values
* Missed one unused var
|
|
- Updated JS/CSS dependencies
- Fixed a small issue regarding DNS IP detection
fixes #3946
fixes #3947
|
|
|
|
|
|
- needed to add double quotes, otherwise it was parsed as 3.2 instead of 3.20
|
|
|
|
- Update crates including rocket and rocket_ws
|
|
|
|
|
|
Move some ARGs closer to the build stage (potentially improving caching)
Remove redundant COPY commands
Remove redundant RUN command
Move CARGO_HOME's "&&" operator to the first line (improves consistency)
|
|
|
|
* Update Rust and crates
- Updated Rust to v1.78.0
- Updated crates
* Update web-vault to v2024.5.0
|
|
|
|
* fix emergency access invites with no mail
when mail is disabled instead of accepting emergency access for all
invited users automatically, we only accept if the user already exists
on registration of a new account any open emergency access invitations
will be accepted, if mail is disabled
also prevent invited emergency access contacts to register if emergency
access is disabled (this is only relevant for when mail is enabled, if
mail is disabled they should have an Invitation entry)
* delete emergency access invitations
if an invited user is deleted in the /admin panel their emergency
access invitation will remain in the database which causes
the to_json_grantee_details fn to panic
* improve missing emergency access grantees
instead of returning an empty emergency access contact the entry should
not be added to the list. also the error handling can be improved a bit.
|
|
* refactor get_org_collections_details
* improve access to collection check
* fix get_org_collection_detail too
|
|
|
|
There was a PR (#4370) to add i686/i386 support for Vaultwarden.
That specific PR was not a viable way of adding this.
This PR adds extra architectures for Debian based containers which we
will not support by default. Those images will not be build and pushed
to our container registries.
Added the following architectures:
- linux/386
- linux/ppc64le
- linux/s390x
Again, there will be no major support for these architectures, but it
will allow people who use these architectures to build a Debian based
binary more easily
|
|
|
|
* Update Crate and Rust
- Updated all crates
- Updated Rust to the latest patch version
* Updated GitHub Actions
|
|
Key rotation was changed since 2024.1.x.
Multiple other items were added to be rotated like password-reset and emergency-access data to be part of just one POST instead of having multiple.
See: https://github.com/dani-garcia/bw_web_builds/pull/157
|
|
- Updated all crates including reqwest
- Fixed some clippy lints reported by nightly Rust
|
|
* update web-vault to v2024.3.0
* update web-vault to v2024.3.1
|
|
|
|
- Updated Rust to v1.77.0
- Updated several crates
The `reqwest` update included `trust-dns` > `hickory-dns` changes.
Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate.
- Fixed a new clippy warning
|
|
- Updated sqlite crate
- Updated chrono crate
The latter needed a lot of changes done, mostly `Duration` to `TimeDelta`.
And some changes on how to use Naive.
|
|
Signed-off-by: guoguangwu <[email protected]>
|
|
|
|
* Fix #3624: fix manager permission within groups
* Query returns UUID only
* Fix issue when user is manager and in a group having access to all collections
* optimize condition check
* fix(groups): renaming and optimizations
* fix: wrong organization group membership detection
* Simplify group membership check
Co-authored-by: Stefan Melmuk <[email protected]>
* Remove unused statement
* improve check if the user has access via groups
instead of returning the two lists of member ids and later checking if
they contain the uuid of the current user, we really only care if
the current user has full access via a group or if they have
access to a given collection via a group
* improve comments for get_org_collections_details
* small refactor to make it easier to review
* fix(groups): query full access via group only when necessary
Co-authored-by: Mathijs van Veluw <[email protected]>
* chore(fmt): apply rustfmt
---------
Co-authored-by: Stefan Melmuk <[email protected]>
Co-authored-by: Stefan Melmuk <[email protected]>
Co-authored-by: Mathijs van Veluw <[email protected]>
|
