On Tue, 12 Nov 2024 05:14:05 +0100,
A Tammy <openbsd.ports@aisha.cc> wrote:
> On 11/11/24 4:29 PM, Bjorn Ketelaars wrote:
> > Diff below brings vaultwarden to 1.32.4. From
> > https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4: This
> > release has fixed some CVE Reports reported by a third party security
> > auditor and we recommend everybody to update to the latest version as
> > soon as possible. The contents of these reports will be disclosed
> > publicly in the future.
> > 
> > Run tested on amd64.
> > 
> > OK?
> 
> 
> Ha, fast!
> Was just about to send it myself, I saw the CVE :(
> (++ for running vaultwarden over VPN)
>

Should it be backported to -stable as well? Base on the reading of the diff
it is CVE near autorization which scary.

If yes, should we backport last vaultwarden-web to -stable as well?

-- 
wbr, Kirill