Update vaultwarden/server Docker tag to v1.35.7 #318

Merged

jake merged 1 commit from renovate/vaultwarden-server-1.x into master 2026-04-20 21:00:52 +01:00

Conversation 0 Commits 1 Files changed 1 +1 -1

renovate commented 2026-04-12 18:00:25 +01:00

Collaborator

Copy link

This PR contains the following updates:

Package	Update	Change
vaultwarden/server	patch	1.35.4-alpine → 1.35.7-alpine

---

Release Notes

dani-garcia/vaultwarden (vaultwarden/server)

v1.35.7

Compare Source

What's Changed

• Fix 2FA for Android by @​BlackDex in #​7093

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.6...1.35.7

v1.35.6

Compare Source

Notes

The previous release contained an issue where Two Factor Remember Tokens and Recovery Tokens were not accepted at all.
This has been fixed now in this release.

What's Changed

• Fix MFA Remember by @​BlackDex in #​7085

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.5...1.35.6

v1.35.5

Compare Source

Security Fixes

This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.

• GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault.
• GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization
• GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotation

These are private for now, pending CVE assignment.

Notes

• The admin templates have changed, please update them if you override these via templates.
• Two Factor Remember Tokens are now valid for max 30 days. Old tokens are invalid directly after upgrading.

What's Changed

• apply policies only to confirmed members by @​stefan0xC in #​6892
• Feat(config): add feature flag for Safari account switching by @​DerPlayer2001 in #​6891
• fix: add ForcePasswordReset to api key login by @​montdidier in #​6904
• Add Webauthn related origins flag to known flags. by @​pasarenicu in #​6900
• Add 30s cache to SSO exchange_refresh_token by @​Timshel in #​6866
• Add cxp-import-mobile and cxp-export-mobile: feature flags on mobile by @​phoeagon in #​6853
• Misc updates and fixes by @​BlackDex in #​6910
• Support new desktop origin on CORS by @​dani-garcia in #​6920
• Fix checkout action version by @​dfunkt in #​6921
• Fix apikey login by @​BlackDex in #​6922
• Fix email header base64 padding by @​BlackDex in #​6961
• Update Feature Flags by @​BlackDex in #​6981
• Update crates and GHA by @​BlackDex in #​6980
• Use protected CI environment by @​dani-garcia in #​7004
• Fix 2FA Remember to actually be 30 days by @​BlackDex in #​6929
• Misc Updates by @​BlackDex in #​7027
• Switch to attest action by @​dfunkt in #​7017
• Rotate refresh-tokens on sstamp reset by @​BlackDex in #​7031
• Misc org fixes by @​BlackDex in #​7032
• Fix empty string FolderId by @​BlackDex in #​7048
• Disable deployments for release env by @​dfunkt in #​7033
• Fix Send icons by @​BlackDex in #​7051
• prevent managers from creating collections by @​stefan0xC in #​6890
• Change SQLite backup to use VACUUM INTO query by @​getaaron in #​6989
• Handle SIGTERM and SIGQUIT shutdown signals. by @​0x484558 in #​7008
• Do not display unavailable 2FA options by @​0x484558 in #​7013
• Fix logout push identifiers and send logout before clearing devices by @​qaz741wsd856 in #​7047
• Fix windows build issues by @​idontneedonetho in #​7065
• Crate and GHA updates by @​BlackDex in #​7081

New Contributors

• @​DerPlayer2001 made their first contribution in #​6891
• @​montdidier made their first contribution in #​6904
• @​pasarenicu made their first contribution in #​6900
• @​phoeagon made their first contribution in #​6853
• @​getaaron made their first contribution in #​6989
• @​0x484558 made their first contribution in #​7008
• @​qaz741wsd856 made their first contribution in #​7047
• @​idontneedonetho made their first contribution in #​7065

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.4...1.35.5

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [vaultwarden/server](https://github.com/dani-garcia/vaultwarden) | patch | `1.35.4-alpine` → `1.35.7-alpine` | --- ### Release Notes <details> <summary>dani-garcia/vaultwarden (vaultwarden/server)</summary> ### [`v1.35.7`](https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.7) [Compare Source](https://github.com/dani-garcia/vaultwarden/compare/1.35.6...1.35.7) #### What's Changed - Fix 2FA for Android by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;7093](https://github.com/dani-garcia/vaultwarden/pull/7093) **Full Changelog**: <https://github.com/dani-garcia/vaultwarden/compare/1.35.6...1.35.7> ### [`v1.35.6`](https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.6) [Compare Source](https://github.com/dani-garcia/vaultwarden/compare/1.35.5...1.35.6) #### Notes The previous release contained an issue where Two Factor Remember Tokens and Recovery Tokens were not accepted at all. This has been fixed now in this release. #### What's Changed - Fix MFA Remember by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;7085](https://github.com/dani-garcia/vaultwarden/pull/7085) **Full Changelog**: <https://github.com/dani-garcia/vaultwarden/compare/1.35.5...1.35.6> ### [`v1.35.5`](https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.5) [Compare Source](https://github.com/dani-garcia/vaultwarden/compare/1.35.4...1.35.5) #### Security Fixes This release contains security fixes for the following advisories. We strongly advice to update as soon as possible. - [GHSA-937x-3j8m-7w7p](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-937x-3j8m-7w7p) Unconfirmed Owner Can Purge Entire Organization Vault. - [GHSA-569v-845w-g82p](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-569v-845w-g82p) Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization - [GHSA-6j4w-g4jh-xjfx](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-6j4w-g4jh-xjfx) Refresh tokens not invalidated on security stamp rotation These are private for now, pending CVE assignment. #### Notes - The admin templates have changed, please update them if you override these via templates. - Two Factor Remember Tokens are now valid for max 30 days. Old tokens are invalid directly after upgrading. #### What's Changed - apply policies only to confirmed members by [@&#8203;stefan0xC](https://github.com/stefan0xC) in [#&#8203;6892](https://github.com/dani-garcia/vaultwarden/pull/6892) - Feat(config): add feature flag for Safari account switching by [@&#8203;DerPlayer2001](https://github.com/DerPlayer2001) in [#&#8203;6891](https://github.com/dani-garcia/vaultwarden/pull/6891) - fix: add ForcePasswordReset to api key login by [@&#8203;montdidier](https://github.com/montdidier) in [#&#8203;6904](https://github.com/dani-garcia/vaultwarden/pull/6904) - Add Webauthn related origins flag to known flags. by [@&#8203;pasarenicu](https://github.com/pasarenicu) in [#&#8203;6900](https://github.com/dani-garcia/vaultwarden/pull/6900) - Add 30s cache to SSO exchange\_refresh\_token by [@&#8203;Timshel](https://github.com/Timshel) in [#&#8203;6866](https://github.com/dani-garcia/vaultwarden/pull/6866) - Add cxp-import-mobile and cxp-export-mobile: feature flags on mobile by [@&#8203;phoeagon](https://github.com/phoeagon) in [#&#8203;6853](https://github.com/dani-garcia/vaultwarden/pull/6853) - Misc updates and fixes by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;6910](https://github.com/dani-garcia/vaultwarden/pull/6910) - Support new desktop origin on CORS by [@&#8203;dani-garcia](https://github.com/dani-garcia) in [#&#8203;6920](https://github.com/dani-garcia/vaultwarden/pull/6920) - Fix `checkout` action version by [@&#8203;dfunkt](https://github.com/dfunkt) in [#&#8203;6921](https://github.com/dani-garcia/vaultwarden/pull/6921) - Fix apikey login by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;6922](https://github.com/dani-garcia/vaultwarden/pull/6922) - Fix email header base64 padding by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;6961](https://github.com/dani-garcia/vaultwarden/pull/6961) - Update Feature Flags by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;6981](https://github.com/dani-garcia/vaultwarden/pull/6981) - Update crates and GHA by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;6980](https://github.com/dani-garcia/vaultwarden/pull/6980) - Use protected CI environment by [@&#8203;dani-garcia](https://github.com/dani-garcia) in [#&#8203;7004](https://github.com/dani-garcia/vaultwarden/pull/7004) - Fix 2FA Remember to actually be 30 days by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;6929](https://github.com/dani-garcia/vaultwarden/pull/6929) - Misc Updates by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;7027](https://github.com/dani-garcia/vaultwarden/pull/7027) - Switch to `attest` action by [@&#8203;dfunkt](https://github.com/dfunkt) in [#&#8203;7017](https://github.com/dani-garcia/vaultwarden/pull/7017) - Rotate refresh-tokens on sstamp reset by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;7031](https://github.com/dani-garcia/vaultwarden/pull/7031) - Misc org fixes by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;7032](https://github.com/dani-garcia/vaultwarden/pull/7032) - Fix empty string FolderId by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;7048](https://github.com/dani-garcia/vaultwarden/pull/7048) - Disable deployments for release env by [@&#8203;dfunkt](https://github.com/dfunkt) in [#&#8203;7033](https://github.com/dani-garcia/vaultwarden/pull/7033) - Fix Send icons by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;7051](https://github.com/dani-garcia/vaultwarden/pull/7051) - prevent managers from creating collections by [@&#8203;stefan0xC](https://github.com/stefan0xC) in [#&#8203;6890](https://github.com/dani-garcia/vaultwarden/pull/6890) - Change SQLite backup to use VACUUM INTO query by [@&#8203;getaaron](https://github.com/getaaron) in [#&#8203;6989](https://github.com/dani-garcia/vaultwarden/pull/6989) - Handle `SIGTERM` and `SIGQUIT` shutdown signals. by [@&#8203;0x484558](https://github.com/0x484558) in [#&#8203;7008](https://github.com/dani-garcia/vaultwarden/pull/7008) - Do not display unavailable 2FA options by [@&#8203;0x484558](https://github.com/0x484558) in [#&#8203;7013](https://github.com/dani-garcia/vaultwarden/pull/7013) - Fix logout push identifiers and send logout before clearing devices by [@&#8203;qaz741wsd856](https://github.com/qaz741wsd856) in [#&#8203;7047](https://github.com/dani-garcia/vaultwarden/pull/7047) - Fix windows build issues by [@&#8203;idontneedonetho](https://github.com/idontneedonetho) in [#&#8203;7065](https://github.com/dani-garcia/vaultwarden/pull/7065) - Crate and GHA updates by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;7081](https://github.com/dani-garcia/vaultwarden/pull/7081) #### New Contributors - [@&#8203;DerPlayer2001](https://github.com/DerPlayer2001) made their first contribution in [#&#8203;6891](https://github.com/dani-garcia/vaultwarden/pull/6891) - [@&#8203;montdidier](https://github.com/montdidier) made their first contribution in [#&#8203;6904](https://github.com/dani-garcia/vaultwarden/pull/6904) - [@&#8203;pasarenicu](https://github.com/pasarenicu) made their first contribution in [#&#8203;6900](https://github.com/dani-garcia/vaultwarden/pull/6900) - [@&#8203;phoeagon](https://github.com/phoeagon) made their first contribution in [#&#8203;6853](https://github.com/dani-garcia/vaultwarden/pull/6853) - [@&#8203;getaaron](https://github.com/getaaron) made their first contribution in [#&#8203;6989](https://github.com/dani-garcia/vaultwarden/pull/6989) - [@&#8203;0x484558](https://github.com/0x484558) made their first contribution in [#&#8203;7008](https://github.com/dani-garcia/vaultwarden/pull/7008) - [@&#8203;qaz741wsd856](https://github.com/qaz741wsd856) made their first contribution in [#&#8203;7047](https://github.com/dani-garcia/vaultwarden/pull/7047) - [@&#8203;idontneedonetho](https://github.com/idontneedonetho) made their first contribution in [#&#8203;7065](https://github.com/dani-garcia/vaultwarden/pull/7065) **Full Changelog**: <https://github.com/dani-garcia/vaultwarden/compare/1.35.4...1.35.5> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC44IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

renovate added 1 commit 2026-04-12 18:00:25 +01:00

Update vaultwarden/server Docker tag to v1.35.5 96bb4b2f6e

renovate changed title from Update vaultwarden/server Docker tag to v1.35.5 to Update vaultwarden/server Docker tag to v1.35.6 2026-04-12 22:00:17 +01:00

renovate force-pushed renovate/vaultwarden-server-1.x from 96bb4b2f6e to b860daa01e 2026-04-12 22:00:18 +01:00 Compare

renovate force-pushed renovate/vaultwarden-server-1.x from b860daa01e to 9f1b87d42a 2026-04-14 08:00:28 +01:00 Compare

renovate changed title from Update vaultwarden/server Docker tag to v1.35.6 to Update vaultwarden/server Docker tag to v1.35.7 2026-04-14 08:00:30 +01:00

jake merged commit 9f1b87d42a into master 2026-04-20 21:00:52 +01:00

jake deleted branch renovate/vaultwarden-server-1.x 2026-04-20 21:00:52 +01:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

systems/infrastructure!318

No description provided.