vaultwarden

Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-08-18 18:05:25 +02:00

Autor	SHA1	Nachricht	Datum
soruh	b7c4316c77	Add support for sendmail as a mail transport	2023-02-12 18:54:59 +01:00
Daniel García	0c295d5e6e	Merge pull request #3167 from BlackDex/issue-3166 Fix Javascript issue on non sqlite databases	2023-02-12 18:48:03 +01:00
Daniel García	bc49d1f90d	Merge branch 'main' into issue-3166	2023-02-12 18:47:55 +01:00
Daniel García	6f6d9dee83	Merge pull request #3108 from farodin91/allow-editing/unhiding-by-group allow editing/unhiding by group	2023-02-12 18:47:02 +01:00
Daniel García	cef5dd4a46	Merge branch 'main' into allow-editing/unhiding-by-group	2023-02-12 18:46:53 +01:00
Daniel García	79061c0eb5	Merge pull request #3231 from kpfleming/icon-blacklist-improvements Generate distinct log messages for regex vs. IP blacklisting.	2023-02-12 18:43:26 +01:00
Daniel García	6e2c3fc1cc	Merge branch 'main' into icon-blacklist-improvements	2023-02-12 18:43:19 +01:00
Daniel García	e301fe137f	Merge pull request #3228 from BlockListed/fix-domain-description Fix trailing slash not getting removed from domain	2023-02-12 18:42:55 +01:00
Daniel García	af69c83db2	Merge branch 'main' into fix-domain-description	2023-02-12 18:42:49 +01:00
Daniel García	53fa8da5b1	Merge pull request #3215 from stefan0xC/fix-post-emergency-access don't nullify key when editing emergency access	2023-02-12 18:42:30 +01:00
Daniel García	c58aac585b	Merge branch 'main' into fix-post-emergency-access	2023-02-12 18:42:21 +01:00
Daniel García	8c1117fcbf	Merge pull request #3170 from jjlin/cap_net_bind_service Allow listening on privileged ports (below 1024) as non-root	2023-02-12 18:42:00 +01:00
Daniel García	a6dd4f1206	Merge branch 'main' into cap_net_bind_service	2023-02-12 18:41:45 +01:00
Daniel García	5af1799991	Merge pull request #3145 from dlehammer/spell-jack_mitigation "Spell-Jacking" mitigation ~ prevent sensitive data leak …	2023-02-12 18:39:54 +01:00
Daniel García	a20a641de3	Merge branch 'main' into spell-jack_mitigation	2023-02-12 18:39:27 +01:00
Daniel García	8abd38573b	Merge pull request #3116 from sirux88/admin-password-reset Admin password reset	2023-02-12 18:38:50 +01:00
Daniel García	78abdf0e9d	Merge branch 'main' into admin-password-reset	2023-02-12 18:38:36 +01:00
Daniel García	dc031d8d86	Merge pull request #2561 from BlackDex/re-license Re-License Vaultwarden to AGPLv3	2023-02-12 18:35:35 +01:00
Daniel García	de6330b09d	Merge branch 'main' into re-license	2023-02-12 18:35:09 +01:00
Helmut K. C. Tessarek	68bcc7a4b8	add argon2 kdf fields	2023-02-07 13:52:52 -05:00
BlockListed	c04a1352cb	remove warn when sanitizing domain	2023-02-07 18:49:26 +01:00
BlockListed	5d1c11ceba	fix trailing slash in configuration builder	2023-02-07 18:42:36 +01:00
BlockListed	a2aa7c9bc2	Revert "fix trailing slash not being removed from domain" This reverts commit `679bc7a59b`.	2023-02-07 18:41:24 +01:00
Jan Jansen	b3a351ccb2	allow editing/unhiding by group Fixes #2989 Signed-off-by: Jan Jansen <jan.jansen@gdata.de>	2023-02-07 16:20:36 +01:00
BlockListed	679bc7a59b	fix trailing slash not being removed from domain	2023-02-07 13:03:28 +01:00
BlockListed	a72d0b518f	remove documentation of bug since I'm fixing it	2023-02-07 12:48:48 +01:00
Kevin P. Fleming	6741b25907	Ensure that all results from check_domain_blacklist_reason are cached.	2023-02-07 05:54:06 -05:00
Kevin P. Fleming	24b5784f02	Generate distinct log messages for regex vs. IP blacklisting. When an icon will not be downloaded due to matching a configured blacklist, ensure that the log message indicates the type of blacklist that was matched.	2023-02-07 05:24:23 -05:00
BlockListed	eb9b481eba	improve wording of domain description	2023-02-07 08:49:05 +01:00
BlockListed	64edc49392	change description of domain configuration Vaultwarden send won't work if the domain includes a trailing slash. This should be documented, as it may lead to confusion amoung users.	2023-02-06 23:19:08 +01:00
sirux88	0d1753ac74	completly hide reset password policy on email disabled instances	2023-02-05 16:47:23 +01:00
sirux88	a6558f5548	rust lang specific improvements	2023-02-05 16:34:48 +01:00
sirux88	62dfeb80f2	improved security, disabling policy usage on email-disabled clients and some refactoring	2023-02-04 13:29:57 +01:00
sirux88	26cd5d9643	Replaced wrong mysql column type	2023-02-04 09:23:13 +01:00
Stefan Melmuk	e65fbbfc21	don't nullify key when editing emergency access the client does not send the key on every update of an emergency access contact so the field would be emptied on a change of the wait days or access level.	2023-02-01 23:10:09 +01:00
Jeremy Lin	a2162f4d69	Allow listening on privileged ports (below 1024) as non-root This is done by running `setcap cap_net_bind_service=+ep` on the executable in the build stage (doing it in the runtime stage creates an extra copy of the executable that bloats the image). This only works when using the BuildKit-based builder, since the `COPY` instruction doesn't copy capabilities on the legacy builder.	2023-02-01 00:35:33 -08:00
BlackDex	c9ed9aa733	Fix Javascript issue on non sqlite databases When a non sqlite database is used, loading the admin interface fails because the backup button is not generated. This PR is solves it by checking if the elements are valid. Also made some other changes and fixed some eslint errors. Showing `_post` errors is better now. Update jquery to latest version. Fixes #3166	2023-01-26 20:34:25 +01:00
Daniel Hammer	9b20decdc1	"Spell-Jacking" mitigation ~ prevent sensitive data leak from spell checker. @see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords	2023-01-25 22:35:18 +01:00
sirux88	adaefc8628	fixes for current upstream main	2023-01-25 08:09:26 +01:00
sirux88	c6c45c4c49	working implementation	2023-01-25 08:06:21 +01:00
sirux88	95494083f2	added database migration	2023-01-25 08:06:21 +01:00
Jeremy Lin	686474f815	Disable Hadolint check for consecutive `RUN` instructions (DL3059) This check doesn't seem to add enough value to justify the difficulties it tends to create when generating `RUN` instructions from a template.	2023-01-24 13:11:13 -08:00
Jeremy Lin	2c6bd8c9dc	Rename `.buildx` Dockerfiles to `.buildkit` This is a more accurate name, since these Dockerfiles require BuildKit, not Buildx.	2023-01-24 13:11:12 -08:00
Daniel García	9366e31452	Merge pull request #3164 from jjlin/remove-arm32v6-tag Remove `arm32v6`-specific tag	2023-01-24 21:39:25 +01:00
Jeremy Lin	96ff32fb2f	Remove `arm32v6`-specific tag This section of code seems to be breaking the Docker release workflow as of a few days ago, though it's unclear why. This tag only existed to work around an issue with Docker pulling the wrong image for ARMv6 platforms; that issue was resolved in Docker 20.10.0, which has been out for a few years now, so it seems like a reasonable time to drop this tag.	2023-01-24 12:33:25 -08:00
BlackDex	9342fa5744	Re-License Vaultwarden to AGPLv3 This commit prepares Vaultwarden for the Re-Licensing to AGPLv3 Solves #2450	2023-01-24 20:49:11 +01:00
Daniel García	50fc22966c	Updated web vault to 2023.1.1 and rust dependencies	2023-01-24 20:39:09 +01:00
Daniel García	4fab4c74ff	Merge branch 'BlackDex-update-kdf-config'	2023-01-24 20:06:30 +01:00
BlackDex	e38e1a5d5f	Validate note sizes on key-rotation. We also need to validate the note sizes on key-rotation. If we do not validate them before we store them, that could lead to a partial or total loss of the password vault. Validating these restrictions before actually processing them to store/replace the existing ciphers should prevent this. There was also a small bug when using web-sockets. The client which is triggering the password/key-rotation change should not be forced to logout via a web-socket request. That is something the client will handle it self. Refactored the logout notification to either send the device uuid or not on specific actions. Fixes #3152	2023-01-24 20:05:09 +01:00
sirux88	cc91ac6cc0	include key into user.set_password	2023-01-24 20:04:05 +01:00

... 2 3 4 5 6 ...

2493 Commits