chore(deps): update vaultwarden/server docker tag to v1.35.4 #41

srv.renovate · 2026-02-11T12:01:50Z

srv.renovate commented

2026-02-11 12:01:50 +00:00

This PR contains the following updates:

Package	Update	Change
vaultwarden/server	patch	`1.35.2` → `1.35.4`

Release Notes

dani-garcia/vaultwarden (vaultwarden/server)

`v1.35.4`

Compare Source

Security Fixes

This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.

GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.

These are private for now, pending CVE assignment.

What's Changed

Update Rust and Crates and GHA by @BlackDex in #6843
hide remember 2fa token by @stefan0xC in #6852
fix(send_invite): invite links by @proofofcopilot in #6824
Misc organization fixes by @BlackDex in #6867

New Contributors

@proofofcopilot made their first contribution in #6824

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4

`v1.35.3`

Compare Source

Security Fixes

This release contains security fixes for the following advisory. We strongly advice to update as soon as possible if you believe it could affect you.

GHSA-h265-g7rm-h337 (Publication in process, waiting for CVE assignment)
This vulnerability would allow an authenticated attacker that is part of an organization to access items from collections to which the attacker does not belong.

What's Changed

Fix User API Key login by @BlackDex in #6712
use email instead of empty name for webauhn by @stefan0xC in #6733
hide password hints via CSS by @stefan0xC in #6726
fix email as 2fa with auth requests by @stefan0xC in #6736
Update crates, web-vault, js, workflows by @BlackDex in #6749
refactor: improve tooltips in diagnostics page by @tessus in #6765
Empty AccountKeys when no private key by @Timshel in #6761
fix error message for purging auth requests by @stefan0xC in #6776
Misc updates, crates, rust, js, gha, vault by @BlackDex in #6799
Update crates and web-vault by @BlackDex in #6810
Fix org-details issue by @BlackDex in #6811

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.2...1.35.3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [vaultwarden/server](https://github.com/dani-garcia/vaultwarden) | patch | `1.35.2` → `1.35.4` | --- ### Release Notes <details> <summary>dani-garcia/vaultwarden (vaultwarden/server)</summary> ### [`v1.35.4`](https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.4) [Compare Source](https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4) #### Security Fixes This release contains security fixes for the following advisories. We strongly advice to update as soon as possible. - [GHSA-w9f8-m526-h7fh](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-w9f8-m526-h7fh). This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID. - [GHSA-h4hq-rgvh-wh27](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27). This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them. - [GHSA-r32r-j5jq-3w4m](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-r32r-j5jq-3w4m). This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned. These are private for now, pending CVE assignment. #### What's Changed - Update Rust and Crates and GHA by [@BlackDex](https://github.com/BlackDex) in [#6843](https://github.com/dani-garcia/vaultwarden/pull/6843) - hide remember 2fa token by [@stefan0xC](https://github.com/stefan0xC) in [#6852](https://github.com/dani-garcia/vaultwarden/pull/6852) - fix(send\_invite): invite links by [@proofofcopilot](https://github.com/proofofcopilot) in [#6824](https://github.com/dani-garcia/vaultwarden/pull/6824) - Misc organization fixes by [@BlackDex](https://github.com/BlackDex) in [#6867](https://github.com/dani-garcia/vaultwarden/pull/6867) #### New Contributors - [@proofofcopilot](https://github.com/proofofcopilot) made their first contribution in [#6824](https://github.com/dani-garcia/vaultwarden/pull/6824) **Full Changelog**: <https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4> ### [`v1.35.3`](https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.3) [Compare Source](https://github.com/dani-garcia/vaultwarden/compare/1.35.2...1.35.3) #### Security Fixes This release contains security fixes for the following advisory. We strongly advice to update as soon as possible if you believe it could affect you. - [GHSA-h265-g7rm-h337](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h265-g7rm-h337) (Publication in process, waiting for CVE assignment) This vulnerability would allow an authenticated attacker that is part of an organization to access items from collections to which the attacker does not belong. #### What's Changed - Fix User API Key login by [@BlackDex](https://github.com/BlackDex) in [#6712](https://github.com/dani-garcia/vaultwarden/pull/6712) - use email instead of empty name for webauhn by [@stefan0xC](https://github.com/stefan0xC) in [#6733](https://github.com/dani-garcia/vaultwarden/pull/6733) - hide password hints via CSS by [@stefan0xC](https://github.com/stefan0xC) in [#6726](https://github.com/dani-garcia/vaultwarden/pull/6726) - fix email as 2fa with auth requests by [@stefan0xC](https://github.com/stefan0xC) in [#6736](https://github.com/dani-garcia/vaultwarden/pull/6736) - Update crates, web-vault, js, workflows by [@BlackDex](https://github.com/BlackDex) in [#6749](https://github.com/dani-garcia/vaultwarden/pull/6749) - refactor: improve tooltips in diagnostics page by [@tessus](https://github.com/tessus) in [#6765](https://github.com/dani-garcia/vaultwarden/pull/6765) - Empty AccountKeys when no private key by [@Timshel](https://github.com/Timshel) in [#6761](https://github.com/dani-garcia/vaultwarden/pull/6761) - fix error message for purging auth requests by [@stefan0xC](https://github.com/stefan0xC) in [#6776](https://github.com/dani-garcia/vaultwarden/pull/6776) - Misc updates, crates, rust, js, gha, vault by [@BlackDex](https://github.com/BlackDex) in [#6799](https://github.com/dani-garcia/vaultwarden/pull/6799) - Update crates and web-vault by [@BlackDex](https://github.com/BlackDex) in [#6810](https://github.com/dani-garcia/vaultwarden/pull/6810) - Fix org-details issue by [@BlackDex](https://github.com/BlackDex) in [#6811](https://github.com/dani-garcia/vaultwarden/pull/6811) **Full Changelog**: <https://github.com/dani-garcia/vaultwarden/compare/1.35.2...1.35.3> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

srv.renovate added 1 commit 2026-02-11 12:01:51 +00:00

chore(deps): update vaultwarden/server docker tag to v1.35.3 068629adc3

djpbessems was assigned by srv.renovate

2026-02-11 12:01:52 +00:00

srv.renovate changed title from ~~chore(deps): update vaultwarden/server docker tag to v1.35.3~~ to chore(deps): update vaultwarden/server docker tag to v1.35.4

2026-02-24 12:01:49 +00:00

srv.renovate force-pushed renovate/vaultwarden-server-1.x from 068629adc3 to 5022b45cf8

2026-02-24 12:01:49 +00:00

Compare

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/vaultwarden-server-1.x:renovate/vaultwarden-server-1.x

git checkout renovate/vaultwarden-server-1.x

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: djpbessems/Kubernetes.K3s.installLog#41