⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images are deprecated and will stop being updated after 1.23.0.

• Updated web vault to 2.21.1.
• Enforce 2FA policy in organizations.
• Protect send routes against a possible path traversal attack.
• Disable show_password_hint by default, it still can be enabled in the admin panel or with environment variables.
• Disable user verification enforcement in Webauthn, which would make some users unable to login.
• Fix issue that wouldn't correctly delete Webauthn Key.
• Added Edge extension support for Webauthn.

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images are deprecated and will stop being updated after 1.23.0.

• Fix alpine builds

⚠️ Reminder: If you are still using the bitwardenrs/server* Docker images, you need to migrate to the new vaultwarden image. Check #1642 for an explanation. The old images are deprecated and will stop being updated after 1.23.0.

• Added sends_allowed option to disable Send functionality.
• Added support for hiding the senders email address.
• Added Send options policy.
• Added support for password reprompt.
• Switched to the new attachment download API.
• Send download links use a token system to limit their downloads.
• Updates to the icon fetching.
• Support for webauthn.
• The admin page now shows which variables are overridden.
• Updated dependencies and docker base images.
• Now RSA keys are generated with the included openssl instead of calling to the openssl binary.
• The web vault doesn't require accepting the terms are conditions now, which weren't applicable for a self hosted server.

Update 20201-04-30: This release has been pushed again to fix an issue with the Docker builds building an older revision of the project.

Project renamed to vaultwarden

Due to user confusion and to avoid any possible trademark/brand issues with the official server, this project is going to be renamed to vaultwarden. This rename might mean you will need to make some changes to your setup.

Docker users

• If you are using any of the docker images, you will have to migrate to the new image under the vaultwarden organization:

  vaultwarden/server

The new image is equivalent to the old one except for the name, so the upgrade is as simple as removing the old container and creating a new one with the new image, making sure the rest of parameters are the same. For example, if you used the default docker run command mentioned in the readme, and upgrade would be done like this:

# Stop and remove the old container
docker stop bitwarden
docker rm bitwarden

# Start new container with the data mounted, make sure the path is the same as the previous one
docker run -d --name vaultwarden -v /bw-data/:/data/ -p 80:80 vaultwarden/server:latest

Note that the old images aren't gone yet, just deprecated. They will keep being updated for another two releases after this one to avoid breakage, but it's recommended to migrate to the new image as soon as possible.

If you are still using the old database specific images (server-mysql and server-postgresql), they are also deprecated since the main server image supports all three databases at the same time, more info on release 1.17.0.

If you are using the startup scripts mounted inside the container (/etc/bitwarden_rs.sh and /etc/bitwarden_rs.d/*), they will now load with the vaultwarden name first and the bitwarden_rs name as a fallback for compatibility, but it's recommended to rename them as well.

Git users

If you are using the git repository, we've used this opportunity to rename the master branch to main, so make sure to have that in mind. The rest of the process is the same and GitHub will redirect the old remote URL to the new one, simply note that the binary generated by cargo is now named vaultwarden instead of bitwarden_rs.

Changelog

• Add support for enabling auto-deletion of trash items after X days, disabled by default
  • Set TRASH_AUTO_DELETE_DAYS to a positive value to enable this functionality
  • You can also configure how often this process runs, using cron sintax with the variable TRASH_PURGE_SCHEDULE
• Updates to the icon fetching, making it more reliable in detecting icon types
• Updated admin page, improving version checks and SQLite backup feature

• Implemented Send functionality
• Updated web vault to 2.19.0
• CORS fixes
• Updated diagnostics page with more info
• Updated dependencies

• Updated the admin interface:
  • Added diagnostic and debug information.
  • Added option to sort users by date.
  • Added ability to modify a user's type in an organization and to delete the whole organization.
• Added support for the Personal Ownership policy, which when enabled disables the use of the personal vault to non-admin users of an organization.
• Improved shutdown behavior on Docker images, now should handle SIGTERM better.
• Basic experimental support for LDAP import using the official Directory Connector.
  • Note that users can't be created by this tool, it only can add or remove them from an organization.
  • Autoimported users join the organization with user level and they need to be confirmed by an admin or owner from the web vault. If SMTP is enabled, users will need to accept the email invitation beforehand.
  • Important: enabling the checkbox "Overwrite existing organization users..." in the Directory Connector can cause already existing users from the organization to be removed when syncing if they aren't present in the LDAP server, while the official server differenciates between manually added and autoimported users, and won't delete the manually added ones. This only applies to the user level, and not to managers, admins or owners, and will probably be changed in the future to align with upstream.
• Updated web vault to 2.18.1.
• Docker images are now built with docker buildx, which results in correct platform metadata.
• Added opencontainers.org labels to Docker images.
• Synced global domains data with upstream.

• Config values can now be defined in a file, use <CONFIG_NAME>_FILE to point to it.
  • For example, if you save the admin token to /etc/bitwarden_rs/token, you can use ADMIN_TOKEN_FILE=/etc/bitwarden_rs/token and it will read the file and set the token to it's contents.
• Users can be enabled/disabled from the admin panel.
• Implemented manager role.
• Now the .env file parsing won't fail silently.
• Fixes to the email format and processing, added option to enable debugging via SMTP_DEBUG, and added options to ignore certificate issues.
• The user's last active device date is shown on the admin page.
• Now cipher updates are validated when they provide a revision date, which will prevent multiple clients from overwriting each other's changes.
• Updated web vault to 2.17.1.
• Improved icon downloading in some edge cases.
• Fixed key rotation during password change.
• Make sure organization policies don't affect users that aren't a part of it or aren't confirmed.
• Make sure removing a user from an org doesn't also remove them from accessing other orgs.
• Return 404 when an icon is missing instead of a fallback, allowing the clients to use their own fallback icon.
• Add missing admin endpoints for deleting ciphers.
• Updated dependencies.

New docker multi database support and MySQL/PostgreSQL support for ARM 🎉

Only one image: bitwardenrs/server

It contains support for SQLite, MySQL and PostgreSQL all in one! Supports AMD64, ARMv6, ARMv7 and ARMv8 (Aarch64), and all architectures support all database backends!.

Note, the old separate images for MySQL and PostgreSQL will be kept updated for the time being, but it's recommended to migrate when possible.

Which tag to use:

• bitwardenrs/server:latest: Tracks the latest released version (i.e., tagged with a version number). Recommended for most users, and generally the most stable.
• bitwardenrs/server:testing: Tracks the latest commits to the source repository. Recommended for users who want early access to the newest features or enhancements. Generally pretty stable, but occasional issues are unavoidable.
• bitwardenrs/server:x.y.z: Represents a specific released version. Prefer to use latest to keep up-to-date.

Note about ARMv6

• Docker seems to have some issues with architecture detection on ARMv6, so if you have trouble in that case, use these tags instead: bitwardenrs/server:arm32v6, bitwardenrs/server:testing-arm32v6, bitwardenrs/server:x.y.z-arm32v6

Alpine base

• bitwardenrs/server:alpine, bitwardenrs/server:testing-alpine, bitwardenrs/server:x.y.z-alpine: Functionally the same as the above images, but based on Alpine instead of Debian, which results in a smaller image. Only supported for SQLite and the AMD64 and ARMv7 architectures.

Changelog

• Docker alpine image now also works for armv7.
• Docker MySQL and PostgreSQL images now also work on armv6, armv7 and armv8-64.
• Multiple database support, now you can compile with cargo build --features sqlite,mysql,postgresql or any combination of them.
• Now the initial database connection doesn't fail instantly when there's an error, but retries for up to 15 times by default, adjustable with the DB_CONNECTION_RETRIES option.
• Sessions are properly invalidated now when changing email, password or kdf parameters.
• Items are not shown to organization admins in their user view when they don't have their collection selected. Note that they still appear in the organization view.
• Allow multiple SMTP auth mechanisms.
• Favorite status in organization items is now tracked at the user level.
• Fix admin page when DOMAIN is not configured, or configured incorrectly.
• Update web vault to 2.16.1
• Add vendored_openssl feature, to statically link OpenSSL, disabled by default.
• Updated dependencies and synced global domains file with upstream.

• Fixed mysql and postgresql releases not building correctly
• Added support for restricting org creation to certain users: Examples
• Syncronized global_domains.json with upstream

• Fixed issue unlocking vault in the desktop client.
• Added back arm32v6 tag, because docker fails to select that image in ARMv6 devices.
• Fixed websocket notifications when sending an item to the trash.