Age | Commit message (Collapse) | Author |
|
Upstream Changes:
- Config values can now be defined in a file, use `<CONFIG_NAME>_FILE` to point to it.
- For example, if you save the admin token to `/etc/bitwarden_rs/token`, you can use `ADMIN_TOKEN_FILE=/etc/bitwarden_rs/token` and it will read the file and set the token to it's contents.
- Users can be enabled/disabled from the admin panel.
- Implemented manager role.
- Now the .env file parsing won't fail silently.
- Fixes to the email format and processing, added option to enable debugging via `SMTP_DEBUG`, and added options to ignore certificate issues.
- The user's last active device date is shown on the admin page.
- Now cipher updates are validated when they provide a revision date, which will prevent multiple clients from overwriting each other's changes.
- Updated web vault to 2.17.1.
- Improved icon downloading in some edge cases.
- Fixed key rotation during password change.
- Make sure organization policies don't affect users that aren't a part of it or aren't confirmed.
- Make sure removing a user from an org doesn't also remove them from accessing other orgs.
- Return 404 when an icon is missing instead of a fallback, allowing the clients to use their own fallback icon.
- Add missing admin endpoints for deleting ciphers.
- Updated dependencies.
|
|
|
|
- Revert Path adding a warning at the top of the env template, because this warning is now included in upstream
Upstream Changes:
- Multiple database support, now you can compile with `cargo build --features sqlite,mysql,postgresql` or any combination of them.
- Now the initial database connection doesn't fail instantly when there's an error, but retries for up to 15 times by default, adjustable with the `DB_CONNECTION_RETRIES` option.
- Sessions are properly invalidated now when changing email, password or kdf parameters.
- Items are not shown to organization admins in their user view when they don't have their collection selected. Note that they still appear in the organization view.
- Allow multiple SMTP auth mechanisms.
- Favorite status in organization items is now tracked at the user level.
- Fix admin page when `DOMAIN` is not configured, or configured incorrectly.
- Update web vault to 2.16.1
- Add vendored_openssl feature, to statically link OpenSSL, disabled by default.
- Updated dependencies and synced global domains file with upstream.
|
|
Upstream Changes (1.16.3):
- Fixed mysql and postgresql releases not building correctly
- Added support for restricting org creation to certain users: [Examples](https://github.com/dani-garcia/bitwarden_rs/blob/570d6c8bf97d6c554a9f5265c9cc9aa4e8482f24/.env.template#L121-L127)
- Syncronized global_domains.json with upstream
Upstream Changes (1.16.2):
- Fixed issue unlocking vault in the desktop client.
- Added back arm32v6 tag, because docker fails to select that image in ARMv6 devices.
- Fixed websocket notifications when sending an item to the trash.
|
|
Upstream Changes:
- Log timestamps with milliseconds by default and added option LOG_TIMESTAMP_FORMAT to customize the format
|
|
Upstream Changes:
- Add support for hiding passwords in a collection
- Allow postgres:// DATABASE_URL
- Add option to set name during HELO in email settings
- Add startup script to support init operations
- Use local time in email notifications for new device logins
- Updated dependencies and included web vault
- Removed unstable dependencies in preparation for rocket stable
- Docker multiarch support
|
|
Upstream Changes:
- Fixed error when cloning attachments with ciphers, note that attachments are not cloned
- Fixed version check when a commit hasn't been made since the last release
- Added openssl extern crate to fix some builds
- Updated admin page, added attachments count per user and users count per organization and fixed issue with DNS not resolving
|
|
Upstream Changes:
- Added support for soft deletion of items (trash functionality)
- Redesigned admin page:
- Separated into multiple pages
- Icon to indicate users verified emails, and counter of the number of items they have
- Added diagnostics page
- Updated web vault to 2.14
- Added IP address to the logs on TOTP failure, alowing fail2ban use
- Some email and domain whitelist fixes
- Fixed issue deleting notes in PostgreSQL
- Updated dependencies and other bug fixes
|
|
|
|
Works around https://github.com/dani-garcia/bitwarden_rs/issues/962
|
|
Upstream Changes:
- Fixed bug with sync error in mobile clients.
- Update web vault to 2.13.2.
- Fix websockets missing id.
- Improvements to docker health check, including subdirectory support.
- Allow changing the build version with BWRS_VERSION env variable during cargo build.
- Other dependency updates and bug fixes.
|
|
Upstream Changelog:
- Added support for organization policies
- Added support for cloning ciphers
- Update web vault to version 2.13
- Allow the SMTP login mechanism to be provided without quotes or initial uppercase
- Updated dependencies
- Make panics loggable
- Fix errors when importing into an org or accepting invites
|
|
- Add notice to the top of bitwarden_rs.env and update patchfile
- Make package section of PKGBUILD more consistent
Upstream Changelog:
- Added support for running on subpath, simply add the subpath to the DOMAIN variable: DOMAIN=https://example.com/custom-path
- Attachment size limits, per-user and per-organization, set USER_ATTACHMENT_LIMIT or ORG_ATTACHMENT_LIMIT to a value in kilobytes to apply it.
- Updated U2F library which might solve some U2F certificate errors.
- Added SMTP test button in the admin page.
- Now accepting y/n, True/False, 1/0 as config options that are booleans.
- Fixed error Unique constraint violation when using Two Factor and Postgres.
- Fixed error with can_signup_user that didn't allow to change the email address.
- Don't error if admin token is empty but disabled
- Now email domains are converted to punycode before sending
- Enable icons to be cached in the clients
- Added option to change invitation org name
- Enabled the sending of invitations from the admin panel, even when disabled
- Dependency updates
|
|
- apply changes to the systemd config from Siosm
- revert cargo test patches
- make restart reminder on update smaller
- remove unneccessary daemon-reloading (is triggered by pacman anyway)
Upstream Changelog:
- New collapsed log messaging, filtering the useless stuff like static file accesses and removing duplicate error messages. To get a more complete logging, use a LOG_LEVEL value of debug or trace.
- Fix crash when cipher page points to huge file
- Addded config option to change client IP header, IP_HEADER, by default it's X-Client-IP for backwards compat reasons.
- Printed current server time when failing TOTP, for easy debugging
- Protected websockets server against panics
- Add a logout button on the admin page
- Add endpoint to delete specific U2F key
- Updated dependencies
|
|
Upstream Changelog:
- Implemented email verification, to disable users until the email is verified you can use `SIGNUPS_VERIFY=true`, default is false. There are also options to change the options for verification mail resending, check the `.env.template` file.
- Also implemented welcome email, change email confirmation and account deletion confirmation.
- Modified icon parsing to accept favicons using DataURLs
- Updated dependencies
|
|
- revert armv7h workaround
- fit PKGBUILD to the archlinux rust packaging guidelines (https://wiki.archlinux.org/index.php/Rust_package_guidelines) by introducing check() and --locked
Upstream Changelog:
- Improved error message when HIBP key is not set, include a link to the page.
- Added check for both the previous and next timeslots in TOTP, which is more forgiving of time mismatches (1.5 minutes now vs 30 seconds before), can be disabled setting `AUTHENTICATOR_DISABLE_TIME_DRIFT=true`.
- Made the domain icon blacklist be cached, improving performance.
- Recovery codes are now generated when adding email and Duo 2FA.
- Removed MySQL libraries from SQLite images.
- Added configurable SMTP timeout, and reduced the default to 15 seconds.
- Updated images to be able to be built with Podman.
- Added option to allow signups from specific domains only (`SIGNUPS_DOMAINS_WHITELIST=domain.com,example.org`).
- Updated web vault to fix twofactorauth.org integration.
- Updated dependencies
|
|
Upstream Changelog:
- Added initial PostgresSQL support (enabled in the AUR package bitwarden_rs-postgresql)
- Added new icon blacklisting option, to block all non global IPs (ICON_BLACKLIST_NON_GLOBAL_IPS)
- Admin page scripts are loaded locally instead of using a CDN
- Added CORS support
- Added email 2FA
- other Docker image related changes (omitted)
|
|
|
|
|
|
Upstream Changelog:
- Added MySQL support
- Added backup option in the admin panel for the SQLite backend, remember to transfer those copies to separate drives!
- Updated HaveIBeenPwned API to V3, which requires a paid API key: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/
- Added option in admin panel to remove users two factor authentication, in case of loss or bug
- Allowed explicitly defining the SMTP authentication mechanism
- Added notification email when a user logs in on a new device
- Updated web vault to 2.11.0
- Added proxy support for the icon fetching service
- Other bug fixes
|
|
Upstream Changelog
- Fixed broken U2F in Chrome 74+
- Added images to email
- Updated dependencies
|
|
Upstream Changelog
- Duo is now available as a 2FA option, both configurable globally and per-user
- To enable it globally, check the .env template, and then leave the fields empty when enabling it per-user.
- Updated web vault to 2.10.0
- Added option to control the log level: LOG_LEVEL
- Valid values from more to less noisy are "trace", "debug", "info", "warn", "error" and "off"
- Now there is no need to compile the application a different way to enable syslog support, simply set USE_SYSLOG to true.
- Now DATA_FOLDER affects CONFIG_FILE when set through the environment
- Improved endpoints for Admin API
- Other fixes
|
|
Upstream Changelog
- Secrets are now hidden by default in the admin panel.
- Now the version is shown in the top right corner of the admin page.
- Read only settings are also shown in the admin panel, but not editable.
- Added option to admin panel to force resync users, useful after restoring an old backup.
- Implemented multiple U2F support, with custom names and compromised checks.
- Emails now also include an HTML version next to the plaintext version. It's up to the email clients which one to show now.
- Updated vault to 2.9.0
- Implemented constant time comparison for admin password and two factor remember and recover tokens.
- Added more config options:
- Icon download timeout
- Hide routes mount points, enabled by default
- Disable WAL (not recommended, only for network filesystems that have problems with WAL enabled)
- Disable Admin token (unsafe, only use when behind another authentication scheme).
- Use wrapped TLS for email, when STARTTLS doesn't work.
- Icon downloader domain blacklist, to block anything that might be sensitive, lik other servers in the local network.
- Updated dependencies and fixed minor bugs
|
|
Upstream Changelog:
- Added configuration menu, accessible from the admin panel. This saves the user settings to a JSON file, by default in data/config.json, but configurable with the CONFIG_FILE environment variable.
- Added templating support for emails, can be added to $DATA_FOLDER/templates/email, or $TEMPLATES_FOLDER/email, if configured. Check here for examples.
- Added reload templates option, useful during development. Set RELOAD_TEMPLATES to true to enable.
- The templates use the Handlebars format.
- Improved icon downloader, now we don't use the upstream server anymore.
- Added option to disable icon download, set DISABLE_ICON_DOWNLOAD to true.
- Note that icons already in the cache will still be served. With this, if ICON_CACHE_TTL is set to 0, the cached icons will not expire.
- Admin panel improvements:
- Organization, 2FA status and disabled user badges
- Deauthorize user sessions button
- Now using templates
- Added Feature-Policy header.
- Created recovery code when registering a YubiKey
- Now the .env file is only read from the current directory.
- Other fixes and dependency updates
|
|
temporarily fix SSL Error (https://github.com/dani-garcia/bitwarden_rs/issues/337), revert aarch64 workaround
Upstream Changelog:
- Enabled Yubikey support on AArch64
- Fixed error when editing cipher with attachment
- Fixed error incorrectly hiding cipher when deleting attachment
- Added unofficial server warning
|
|
(https://github.com/dani-garcia/bitwarden_rs/issues/262)
|
|
Upstream Changelog:
- Implemented new admin panel, available at /admin
- To use it, you need to set the ADMIN_TOKEN variable to authenticate
- Note: The old admin_email functionality has been removed
- Added email invite functionality
- Web vault updated to v2.8.0
- Fixed AArch64 build, disables Yubikey support
- Implemented TTLs for the icon cache
- Improved error handling
- Bug fixes
|
|
Upstream Changelog:
- Revamped logging
- Logging to file is now supported, set LOG_FILE=/path/to/log
- Logging to syslog is now supported, for this you need to compile the project with cargo build --features=enable_syslog
- Important: If you are using fail2ban or similar, you may need to update the filters to the new style.
- You can also disable it, by setting EXTENDED_LOGGING=false, but this disables logging to file or syslog
- Updated web vault to 2.7.1
- Implemented key rotation and individual attachment keys
- Added yubico support
- Updated rocket web server to 0.4
- Fixed some logout issues
- Fixed some crashed in mobile apps when using 2FA
|
|
Upstream Changelog:
- Disabled websockets by default, can be enabled by setting WEBSOCKET_ENABLED=true. Note that websockets require some additional setup. More info about that in the README.
- Upgraded sync method to not send equivalent domains when not necessary.
- Bug fixes and documentation changes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|