Update docker.io/vaultwarden/server Docker tag to v1.35.4
Automatically upgrading Vaultwarden container with Watchtower and having to problems whatsoever with dependency update facilitated by Mend's Renovate Bot.
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.io/vaultwarden/server | patch | 1.35.3 → 1.35.4 |
Release Notes
dani-garcia/vaultwarden (docker.io/vaultwarden/server)
v1.35.4
Security Fixes
This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.
- GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
- GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
- GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.
These are private for now, pending CVE assignment.
What's Changed
- Update Rust and Crates and GHA by @BlackDex in #6843
- hide remember 2fa token by @stefan0xC in #6852
- fix(send_invite): invite links by @proofofcopilot in #6824
- Misc organization fixes by @BlackDex in #6867
New Contributors
- @proofofcopilot made their first contribution in #6824
Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4
