Commit graph

  • 6fa0e432a2
    Merge 4b90b47dec into 169aa5efcc Tom 2026-07-10 22:31:41 +00:00
  • 4b90b47dec Fix privilege escalation: restrict role-type changes to Admins/Owners in edit_member tom27052006 2026-07-11 00:31:18 +02:00
  • 80741f30d9
    Merge 834a194816 into 169aa5efcc Rohmilchkaese 2026-07-10 00:20:39 +00:00
  • a2451a6ee3
    Merge branch 'main' into feature/custom-role-permissions Tom 2026-07-09 18:42:33 +02:00
  • 84b8de124e Keep per-collection manage working for Custom members tom27052006 2026-07-09 16:20:37 +02:00
  • 011e5c005b Add the Custom role to the admin panel tom27052006 2026-07-09 16:20:36 +02:00
  • b571efcadd Migrate legacy Manager members to the Custom type tom27052006 2026-07-09 16:20:16 +02:00
  • b2047fd640
    Merge 2d68adcfed into 169aa5efcc Don Kendall 2026-07-09 14:32:29 +02:00
  • 80a0965569
    Merge d79de9559c into 169aa5efcc KyattsuNoTsume 2026-07-09 16:46:08 +08:00
  • 45cf471412
    Merge f750116afa into 169aa5efcc Denis Pisarev 2026-07-09 16:46:08 +08:00
  • 97d23cce40
    Merge dd4759f717 into 169aa5efcc Iacopo Sbalchiero 2026-07-09 16:46:08 +08:00
  • 6216a42c49
    Merge 88ab51443a into 169aa5efcc Zaid Marji 2026-07-09 16:46:08 +08:00
  • 2155ea6232
    Merge bb9449bf35 into 169aa5efcc Matt Van Horn 2026-07-09 16:46:08 +08:00
  • 1c76505ae3
    Merge a1d83ea29f into 169aa5efcc Timshel 2026-07-09 16:46:07 +08:00
  • f71f677710
    Merge 89bcfe67f8 into 169aa5efcc Raphaël Roumezin 2026-07-09 07:20:13 +00:00
  • 89bcfe67f8
    Merge branch 'main' of https://github.com/dani-garcia/vaultwarden into feat/webauthn_login Raphaël Roumezin 2026-07-09 09:20:10 +02:00
  • fb7d40014b
    Merge 912c31324c into 169aa5efcc Stefan Melmuk 2026-07-09 08:36:37 +03:00
  • d164f87877
    Merge bec8ce5331 into 169aa5efcc rwjack 2026-07-09 12:19:51 +10:00
  • c3dc75f6c6
    Merge 3c584be7d0 into 169aa5efcc MengYX 2026-07-09 11:05:23 +10:00
  • 12a5a8deaa
    Merge 283467f90e into 169aa5efcc svrforum 2026-07-09 11:05:19 +10:00
  • 7d28ffe94c
    Merge c09ee802c0 into 169aa5efcc niniconi 2026-07-09 06:27:43 +05:30
  • 73c5ab01c8
    Merge 055cb61888 into 169aa5efcc maximilize 2026-07-09 00:35:18 +01:00
  • 3984b36516
    Merge 9351e91de0 into 169aa5efcc maximilize 2026-07-08 23:22:32 +02:00
  • bf89de40d3
    Merge 082acbe5d4 into 169aa5efcc Kowalski Dragon 2026-07-08 23:03:53 +02:00
  • 851796a60b
    Merge 17eb54e0c5 into 169aa5efcc Timshel 2026-07-08 22:58:09 +02:00
  • 9eb767774e
    Merge 342610a5ef into 169aa5efcc Timshel 2026-07-08 22:11:12 +02:00
  • 169aa5efcc
    Misc updates and fixes (#7406) main Mathijs van Veluw 2026-07-08 22:10:29 +02:00
  • 64d28ab66e
    improve CI (#6991) Denis Pisarev 2026-07-08 22:08:20 +02:00
  • 89a25c4e12
    Merge branch 'main' of https://github.com/dani-garcia/vaultwarden into feat/webauthn_login Raphaël Roumezin 2026-07-08 13:59:48 +02:00
  • 8a65c6631a Security: gate group delete/member-removal on collection access tom27052006 2026-07-08 19:39:49 +02:00
  • a711aa1274
    Update MSRV to v1.94.1 BlackDex 2026-07-08 19:26:08 +02:00
  • f7df02b483
    Misc updates and fixes BlackDex 2026-07-08 19:13:15 +02:00
  • 81b76d9782 Persist manage_* permission flags on invite tom27052006 2026-07-08 18:29:52 +02:00
  • 1dcd3ea26f Block collection access via group assignment in edit_member and send_invite tom27052006 2026-07-08 15:51:57 +02:00
  • 3b07e1ed83 Merge remote-tracking branch 'upstream/main' into feature/custom-role-permissions tom27052006 2026-07-08 13:30:22 +02:00
  • 02b6c2c205 Restrict group reads to manage_groups and hide policy contents without manage_policies tom27052006 2026-07-08 13:24:51 +02:00
  • 43fb19f190 Harden custom-role permission checks tom27052006 2026-07-08 08:11:27 +02:00
  • d577e5c030
    Merge 43ad295210 into 4720cdbe86 Timshel 2026-07-07 16:28:30 +00:00
  • 43ad295210 Refactor Sends table Timshel 2026-06-22 16:23:42 +02:00
  • 115712843e Sends email verification Timshel 2026-06-18 19:42:00 +02:00
  • 4720cdbe86
    Add pm-26340-linux-biometrics-v2 feature flag (#7358) pilotstew 2026-07-07 08:59:57 -05:00
  • 5447ee6af2
    SSO use ClientSecretPost if ClientSecretBasic is not available (#7357) Timshel 2026-07-07 15:59:48 +02:00
  • 5c5e8e1a6f
    2026.6.0 send support (#7346) Timshel 2026-07-07 15:59:36 +02:00
  • 7320a1db4b
    PutPolicy now using vnext format (#7296) Timshel 2026-07-07 15:59:26 +02:00
  • a058a35ccd
    [v2026.5.0] Registration request update (#7295) Timshel 2026-07-07 15:59:17 +02:00
  • a16b5afaaa
    Org membership delete remove Invitation (#7284) Timshel 2026-07-07 15:59:06 +02:00
  • fddc16d2b8
    fix(sends): emit hideEmail as non-null boolean in sync response (#7283) kvdb 2026-07-07 15:58:54 +02:00
  • ec7fa137b7
    Admin password recovery endpoint change (#7270) Timshel 2026-07-07 15:58:41 +02:00
  • b25f715364
    Fix enforce blocked (#7246) Timshel 2026-07-07 15:58:34 +02:00
  • 9f45aa77e7 Fix privilege escalation: gate access_all in edit_member tom27052006 2026-07-07 14:12:36 +02:00
  • e72c97c30d Harden custom-role permissions: block indirect collection access via groups; block manage_users revoke/restore of admins; cargo fmt tom27052006 2026-07-07 11:59:44 +02:00
  • 4d6b667ffc Server-side collection/group permission hardening; works without web-vault changes tom27052006 2026-07-02 17:12:23 +02:00
  • 9e4aa5efe7
    feat: Added support for passkey vault unlock feature Raphaël Roumezin 2026-06-30 11:07:00 +02:00
  • df18711b49 Silence struct_excessive_bools lint for Membership tom27052006 2026-07-01 19:39:10 +02:00
  • 1f6d457533 Add custom role permissions: Manage Users, Groups, Policies tom27052006 2026-07-01 19:30:54 +02:00
  • c99ffe3d83 Review fix Timshel 2026-06-29 10:09:52 +02:00
  • 7dbd82a311 add Zenith Hosting badge l1mey112 2026-06-29 16:53:04 +10:00
  • 055cb61888 Don't block the login response on the new-device email max 2026-06-28 21:07:45 +02:00
  • 5261bd7b0d Review fixes Timshel 2026-06-27 23:16:30 +02:00
  • 3b669264bb
    fix(clippy): few refactors Raphael Roumezin 2026-06-27 16:55:05 +02:00
  • 05c9af4d1e
    fix: Allowed Chromium extensions as origins for passwordless login Raphael Roumezin 2026-06-27 16:30:32 +02:00
  • 9351e91de0 Do not fail login when push device registration fails max 2026-06-26 12:53:02 +02:00
  • 224ad8a406 fix: typos Raphaël Roumezin 2026-06-24 13:00:48 +02:00
  • 8cba57a1af feat(config): Add passkey_login_allowed config option Raphaël Roumezin 2026-06-24 11:44:53 +02:00
  • 007ac4f992 fix: Correct attestation options Raphaël Roumezin 2026-06-23 16:01:02 +02:00
  • 7711b02153 feat: passwordless login Raphaël Roumezin 2026-06-23 15:27:37 +02:00
  • d9695088c7
    Add Podman Quadlet instructions to Readme 4liceD 2026-06-23 10:37:15 +02:00
  • af02911b71 SSO use ClientSecretPost if ClientSecretBasic is not available Timshel 2026-06-23 08:24:33 +02:00
  • d79de9559c clippy fixes Kyattsukuro 2026-06-22 15:51:01 +02:00
  • 44cc4426ef revertet changing names of organisation attachment_count Kyattsukuro 2026-05-08 13:40:30 +02:00
  • 2de70aa59c use camel case for attachmentCount, use safer way to get user JSON Kyattsukuro 2026-04-05 13:55:56 +02:00
  • 59ecb5ae7e in enrich_users_json, moved never active notice to template Kyattsukuro 2026-02-04 22:56:49 +01:00
  • a407ea54b0 removed get_sso_user Kyattsukuro 2026-02-04 22:46:25 +01:00
  • c6717ae896 moved SsoUser from get_user_or_404 to get_sso_user Kyattsukuro 2026-02-03 15:04:18 +01:00
  • aa62a27a8d Resolves conflicts: src/static/templates/admin/users.hbs Kyattsukuro 2026-06-22 15:34:41 +02:00
  • 428db6b23a pass formatting checks Kyattsukuro 2025-11-29 19:40:36 +01:00
  • c915f5fc3e return same json object for all user queries Kyattsukuro 2026-05-08 13:01:15 +02:00
  • c0579d05a4 adds sso_identifier to /admin/users Kyattsukuro 2025-11-24 19:41:12 +01:00
  • 409031715f
    Merge branch 'main' into pr/3x8_improve-ci Denis Pisarev 2026-06-22 11:07:13 +02:00
  • 995c96a55a Add pm-26340-linux-biometrics-v2 feature flag pilotstew 2026-06-21 09:28:53 -05:00
  • fb9e70b79f Use default to keep compatibility Timshel 2026-06-21 16:13:37 +02:00
  • 649ed31aa7 enable rocket/mtls feature Simonas Kazlauskas 2026-06-20 16:11:51 +03:00
  • 89dae0f082 fix: pin Debian MariaDB packages to 11.8.6 maxpetrusenkoagent 2026-06-18 16:36:13 -04:00
  • 8450af2094 Prevent creating and editing a Send with email verification Timshel 2026-06-18 19:52:09 +02:00
  • 4900b8fd81
    fix: use request-body OIDC auth Puria Nafisi Azizi 2026-06-18 03:02:12 +02:00
  • 64d943b625 2026.6.0 send support Timshel 2026-06-16 20:48:12 +02:00
  • dc82ad6d6c Pin Debian MariaDB client library maxpetrusenkoagent 2026-06-15 05:04:40 -04:00
  • 2c97b41e87
    fix(sends): emit hideEmail as non-null boolean in sync response Kees van den Broek 2026-06-01 11:04:42 +02:00
  • d0f6d297db Admin password recovery endpoint change Timshel 2026-05-28 14:11:07 +02:00
  • ca446d46b2 Fix enforce blocked Timshel 2026-05-20 19:42:55 +02:00
  • 342610a5ef Fix migration for MariaDB 12.2.2 Timshel 2026-05-27 18:33:07 +02:00
  • 00cc9f79b1 Registration request update Timshel 2026-06-03 15:12:21 +02:00
  • 77283882e1 PutPolicy now using vnext format Timshel 2026-06-03 16:26:48 +02:00
  • 283467f90e Add GET /public/events Bitwarden-compatible Public API endpoint svrforum 2026-06-09 10:56:16 +09:00
  • 1c91b8a8c9 Make get_continuation_token reusable across modules svrforum 2026-06-09 10:56:16 +09:00
  • 989fa9ac0d Add Event::to_json_public for Public API event model svrforum 2026-06-09 10:40:21 +09:00
  • f750116afa
    Merge branch 'main' into pr/3x8_cargo-deny Denis Pisarev 2026-06-08 14:24:12 +02:00
  • 3c584be7d0
    Fix invalid SSH key sync for Bitwarden 2026.5 MengYX 2026-06-06 12:28:27 +08:00
  • d6a3d539ed
    Update Rust, Crates and GHA (#7307) Mathijs van Veluw 2026-06-05 21:52:52 +02:00
  • 660a02db4a
    Update Rust, Crates and GHA BlackDex 2026-06-05 17:39:16 +02:00