5 releases 82 tags

RSS feed

• 1.35.4 c555f7d198

  Compare

  1.35.4 Stable

  kerem released this 2026-02-24 00:23:41 +03:00 | 37 commits to main since this release

  No known key found for this signature in database

  GPG key ID: FC8A7D14C3CD543A

  📅 Originally published on GitHub: Mon, 23 Feb 2026 21:43:25 GMT
  🏷️ Git tag created: Mon, 23 Feb 2026 21:23:41 GMT

  Security Fixes

  This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.

  • GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
  • GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
  • GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.

  These are private for now, pending CVE assignment.

  What's Changed

  • Update Rust and Crates and GHA by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6843
  • hide remember 2fa token by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6852
  • fix(send_invite): invite links by @proofofcopilot in https://github.com/dani-garcia/vaultwarden/pull/6824
  • Misc organization fixes by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6867

  New Contributors

  • @proofofcopilot made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/6824

  Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads