| Age | Commit message (Collapse) | Author |
|---|
|
Upstream Changes:
- Implemented Send functionality
- Updated web vault to 2.19.0
- CORS fixes
- Updated diagnostics page with more info
- Updated dependencies
1.19.0
Upstream Changes:
- Updated the admin interface:
- Added diagnostic and debug information.
- Added option to sort users by date.
- Added ability to modify a user's type in an organization and to delete the whole organization.
- Added support for the Personal Ownership policy, which when enabled disables the use of the personal vault to non-admin users of an organization.
- Basic experimental support for LDAP import using the official Directory Connector.
- Note that users can't be created by this tool, it only can add or remove them from an organization.
- Autoimported users join the organization with user level and they need to be confirmed by an admin or owner from the web vault. If SMTP is enabled, users will need to accept the email invitation beforehand.
- Important: enabling the checkbox "Overwrite existing organization users..." in the Directory Connector can cause already existing users from the organization to be removed when syncing if they aren't present in the LDAP server, while the official server differenciates between manually added and autoimported users, and won't delete the manually added ones. This only applies to the user level, and not to managers, admins or owners, and will probably be changed in the future to align with upstream.
- Updated web vault to 2.18.1.
- Synced global domains data with upstream.
|
|
Upstream Changes:
- Config values can now be defined in a file, use `<CONFIG_NAME>_FILE` to point to it.
- For example, if you save the admin token to `/etc/bitwarden_rs/token`, you can use `ADMIN_TOKEN_FILE=/etc/bitwarden_rs/token` and it will read the file and set the token to it's contents.
- Users can be enabled/disabled from the admin panel.
- Implemented manager role.
- Now the .env file parsing won't fail silently.
- Fixes to the email format and processing, added option to enable debugging via `SMTP_DEBUG`, and added options to ignore certificate issues.
- The user's last active device date is shown on the admin page.
- Now cipher updates are validated when they provide a revision date, which will prevent multiple clients from overwriting each other's changes.
- Updated web vault to 2.17.1.
- Improved icon downloading in some edge cases.
- Fixed key rotation during password change.
- Make sure organization policies don't affect users that aren't a part of it or aren't confirmed.
- Make sure removing a user from an org doesn't also remove them from accessing other orgs.
- Return 404 when an icon is missing instead of a fallback, allowing the clients to use their own fallback icon.
- Add missing admin endpoints for deleting ciphers.
- Updated dependencies.
|
|
|
|
- Revert Path adding a warning at the top of the env template, because this warning is now included in upstream
Upstream Changes:
- Multiple database support, now you can compile with `cargo build --features sqlite,mysql,postgresql` or any combination of them.
- Now the initial database connection doesn't fail instantly when there's an error, but retries for up to 15 times by default, adjustable with the `DB_CONNECTION_RETRIES` option.
- Sessions are properly invalidated now when changing email, password or kdf parameters.
- Items are not shown to organization admins in their user view when they don't have their collection selected. Note that they still appear in the organization view.
- Allow multiple SMTP auth mechanisms.
- Favorite status in organization items is now tracked at the user level.
- Fix admin page when `DOMAIN` is not configured, or configured incorrectly.
- Update web vault to 2.16.1
- Add vendored_openssl feature, to statically link OpenSSL, disabled by default.
- Updated dependencies and synced global domains file with upstream.
|
|
Upstream Changes (1.16.3):
- Fixed mysql and postgresql releases not building correctly
- Added support for restricting org creation to certain users: [Examples](https://github.com/dani-garcia/bitwarden_rs/blob/570d6c8bf97d6c554a9f5265c9cc9aa4e8482f24/.env.template#L121-L127)
- Syncronized global_domains.json with upstream
Upstream Changes (1.16.2):
- Fixed issue unlocking vault in the desktop client.
- Added back arm32v6 tag, because docker fails to select that image in ARMv6 devices.
- Fixed websocket notifications when sending an item to the trash.
|
|
Upstream Changes:
- Log timestamps with milliseconds by default and added option LOG_TIMESTAMP_FORMAT to customize the format
|
|
Upstream Changes:
- Add support for hiding passwords in a collection
- Allow postgres:// DATABASE_URL
- Add option to set name during HELO in email settings
- Add startup script to support init operations
- Use local time in email notifications for new device logins
- Updated dependencies and included web vault
- Removed unstable dependencies in preparation for rocket stable
- Docker multiarch support
|
|
Upstream Changes:
- Fixed error when cloning attachments with ciphers, note that attachments are not cloned
- Fixed version check when a commit hasn't been made since the last release
- Added openssl extern crate to fix some builds
- Updated admin page, added attachments count per user and users count per organization and fixed issue with DNS not resolving
|
|
Upstream Changes:
- Added support for soft deletion of items (trash functionality)
- Redesigned admin page:
- Separated into multiple pages
- Icon to indicate users verified emails, and counter of the number of items they have
- Added diagnostics page
- Updated web vault to 2.14
- Added IP address to the logs on TOTP failure, alowing fail2ban use
- Some email and domain whitelist fixes
- Fixed issue deleting notes in PostgreSQL
- Updated dependencies and other bug fixes
|
|
|
|
Works around https://github.com/dani-garcia/bitwarden_rs/issues/962
|
|
Upstream Changes:
- Fixed bug with sync error in mobile clients.
- Update web vault to 2.13.2.
- Fix websockets missing id.
- Improvements to docker health check, including subdirectory support.
- Allow changing the build version with BWRS_VERSION env variable during cargo build.
- Other dependency updates and bug fixes.
|
|
Upstream Changelog:
- Added support for organization policies
- Added support for cloning ciphers
- Update web vault to version 2.13
- Allow the SMTP login mechanism to be provided without quotes or initial uppercase
- Updated dependencies
- Make panics loggable
- Fix errors when importing into an org or accepting invites
|
|
- Add notice to the top of bitwarden_rs.env and update patchfile
- Make package section of PKGBUILD more consistent
Upstream Changelog:
- Added support for running on subpath, simply add the subpath to the DOMAIN variable: DOMAIN=https://example.com/custom-path
- Attachment size limits, per-user and per-organization, set USER_ATTACHMENT_LIMIT or ORG_ATTACHMENT_LIMIT to a value in kilobytes to apply it.
- Updated U2F library which might solve some U2F certificate errors.
- Added SMTP test button in the admin page.
- Now accepting y/n, True/False, 1/0 as config options that are booleans.
- Fixed error Unique constraint violation when using Two Factor and Postgres.
- Fixed error with can_signup_user that didn't allow to change the email address.
- Don't error if admin token is empty but disabled
- Now email domains are converted to punycode before sending
- Enable icons to be cached in the clients
- Added option to change invitation org name
- Enabled the sending of invitations from the admin panel, even when disabled
- Dependency updates
|
|
- apply changes to the systemd config from Siosm
- revert cargo test patches
- make restart reminder on update smaller
- remove unneccessary daemon-reloading (is triggered by pacman anyway)
Upstream Changelog:
- New collapsed log messaging, filtering the useless stuff like static file accesses and removing duplicate error messages. To get a more complete logging, use a LOG_LEVEL value of debug or trace.
- Fix crash when cipher page points to huge file
- Addded config option to change client IP header, IP_HEADER, by default it's X-Client-IP for backwards compat reasons.
- Printed current server time when failing TOTP, for easy debugging
- Protected websockets server against panics
- Add a logout button on the admin page
- Add endpoint to delete specific U2F key
- Updated dependencies
|
|
Upstream Changelog:
- Implemented email verification, to disable users until the email is verified you can use `SIGNUPS_VERIFY=true`, default is false. There are also options to change the options for verification mail resending, check the `.env.template` file.
- Also implemented welcome email, change email confirmation and account deletion confirmation.
- Modified icon parsing to accept favicons using DataURLs
- Updated dependencies
|
|
- revert armv7h workaround
- fit PKGBUILD to the archlinux rust packaging guidelines (https://wiki.archlinux.org/index.php/Rust_package_guidelines) by introducing check() and --locked
Upstream Changelog:
- Improved error message when HIBP key is not set, include a link to the page.
- Added check for both the previous and next timeslots in TOTP, which is more forgiving of time mismatches (1.5 minutes now vs 30 seconds before), can be disabled setting `AUTHENTICATOR_DISABLE_TIME_DRIFT=true`.
- Made the domain icon blacklist be cached, improving performance.
- Recovery codes are now generated when adding email and Duo 2FA.
- Removed MySQL libraries from SQLite images.
- Added configurable SMTP timeout, and reduced the default to 15 seconds.
- Updated images to be able to be built with Podman.
- Added option to allow signups from specific domains only (`SIGNUPS_DOMAINS_WHITELIST=domain.com,example.org`).
- Updated web vault to fix twofactorauth.org integration.
- Updated dependencies
|
|
Upstream Changelog:
- Added initial PostgresSQL support (enabled in the AUR package bitwarden_rs-postgresql)
- Added new icon blacklisting option, to block all non global IPs (ICON_BLACKLIST_NON_GLOBAL_IPS)
- Admin page scripts are loaded locally instead of using a CDN
- Added CORS support
- Added email 2FA
- other Docker image related changes (omitted)
|
|
|
|
|
|
Upstream Changelog:
- Added MySQL support
- Added backup option in the admin panel for the SQLite backend, remember to transfer those copies to separate drives!
- Updated HaveIBeenPwned API to V3, which requires a paid API key: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/
- Added option in admin panel to remove users two factor authentication, in case of loss or bug
- Allowed explicitly defining the SMTP authentication mechanism
- Added notification email when a user logs in on a new device
- Updated web vault to 2.11.0
- Added proxy support for the icon fetching service
- Other bug fixes
|
|
Upstream Changelog
- Fixed broken U2F in Chrome 74+
- Added images to email
- Updated dependencies
|
|
Upstream Changelog
- Duo is now available as a 2FA option, both configurable globally and per-user
- To enable it globally, check the .env template, and then leave the fields empty when enabling it per-user.
- Updated web vault to 2.10.0
- Added option to control the log level: LOG_LEVEL
- Valid values from more to less noisy are "trace", "debug", "info", "warn", "error" and "off"
- Now there is no need to compile the application a different way to enable syslog support, simply set USE_SYSLOG to true.
- Now DATA_FOLDER affects CONFIG_FILE when set through the environment
- Improved endpoints for Admin API
- Other fixes
|
|
Upstream Changelog
- Secrets are now hidden by default in the admin panel.
- Now the version is shown in the top right corner of the admin page.
- Read only settings are also shown in the admin panel, but not editable.
- Added option to admin panel to force resync users, useful after restoring an old backup.
- Implemented multiple U2F support, with custom names and compromised checks.
- Emails now also include an HTML version next to the plaintext version. It's up to the email clients which one to show now.
- Updated vault to 2.9.0
- Implemented constant time comparison for admin password and two factor remember and recover tokens.
- Added more config options:
- Icon download timeout
- Hide routes mount points, enabled by default
- Disable WAL (not recommended, only for network filesystems that have problems with WAL enabled)
- Disable Admin token (unsafe, only use when behind another authentication scheme).
- Use wrapped TLS for email, when STARTTLS doesn't work.
- Icon downloader domain blacklist, to block anything that might be sensitive, lik other servers in the local network.
- Updated dependencies and fixed minor bugs
|
|
Upstream Changelog:
- Added configuration menu, accessible from the admin panel. This saves the user settings to a JSON file, by default in data/config.json, but configurable with the CONFIG_FILE environment variable.
- Added templating support for emails, can be added to $DATA_FOLDER/templates/email, or $TEMPLATES_FOLDER/email, if configured. Check here for examples.
- Added reload templates option, useful during development. Set RELOAD_TEMPLATES to true to enable.
- The templates use the Handlebars format.
- Improved icon downloader, now we don't use the upstream server anymore.
- Added option to disable icon download, set DISABLE_ICON_DOWNLOAD to true.
- Note that icons already in the cache will still be served. With this, if ICON_CACHE_TTL is set to 0, the cached icons will not expire.
- Admin panel improvements:
- Organization, 2FA status and disabled user badges
- Deauthorize user sessions button
- Now using templates
- Added Feature-Policy header.
- Created recovery code when registering a YubiKey
- Now the .env file is only read from the current directory.
- Other fixes and dependency updates
|
|
temporarily fix SSL Error (https://github.com/dani-garcia/bitwarden_rs/issues/337), revert aarch64 workaround
Upstream Changelog:
- Enabled Yubikey support on AArch64
- Fixed error when editing cipher with attachment
- Fixed error incorrectly hiding cipher when deleting attachment
- Added unofficial server warning
|
|
(https://github.com/dani-garcia/bitwarden_rs/issues/262)
|
|
Upstream Changelog:
- Implemented new admin panel, available at /admin
- To use it, you need to set the ADMIN_TOKEN variable to authenticate
- Note: The old admin_email functionality has been removed
- Added email invite functionality
- Web vault updated to v2.8.0
- Fixed AArch64 build, disables Yubikey support
- Implemented TTLs for the icon cache
- Improved error handling
- Bug fixes
|
|
Upstream Changelog:
- Revamped logging
- Logging to file is now supported, set LOG_FILE=/path/to/log
- Logging to syslog is now supported, for this you need to compile the project with cargo build --features=enable_syslog
- Important: If you are using fail2ban or similar, you may need to update the filters to the new style.
- You can also disable it, by setting EXTENDED_LOGGING=false, but this disables logging to file or syslog
- Updated web vault to 2.7.1
- Implemented key rotation and individual attachment keys
- Added yubico support
- Updated rocket web server to 0.4
- Fixed some logout issues
- Fixed some crashed in mobile apps when using 2FA
|
|
Upstream Changelog:
- Disabled websockets by default, can be enabled by setting WEBSOCKET_ENABLED=true. Note that websockets require some additional setup. More info about that in the README.
- Upgraded sync method to not send equivalent domains when not necessary.
- Bug fixes and documentation changes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|