From: A Tammy <openbsd.ports@aisha.cc>
Subject: Re: UPDATE security/vaultwarden-1.32.5
To: Bjorn Ketelaars <bket@openbsd.org>, ports@openbsd.org, "Kirill A. Korinsky" <kirill@korins.ky>
Date: Wed, 20 Nov 2024 09:23:30 -0500



On 11/20/24 9:12 AM, Kirill A. Korinsky wrote:
> On Wed, 20 Nov 2024 06:26:25 +0100,
> Bjorn Ketelaars <bket@openbsd.org> wrote:
>>
>> Diff below updates vaultwarden to 1.32.5. From
>> https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5: This
>> release further fixed some CVE Reports reported by a third party
>> security auditor and we recommend everybody to update to the latest
>> version as soon as possible. The contents of these reports will be
>> disclosed publicly in the future.
>>
>> Not sure how many of these CVE fixes to expect.


Yea I've not been having fun with these. I'm glad I run this in a
wireguard mesh.


>>
>> Run tested on amd64.
>>
>> I think it makes sense to backport this update to -stable as well.


Yes, we should definitely backport it to stable as well.

>>
>> OK for committing to -current and -stable / comments?
>>
> 
> Tested on 7.6 with:
>  - vaultwarden-web.
>  - iPhone client.
>  - chrome plugin.
> 


I tested it out on stable and works fine with android client, web and
firefox plugin.

OK aisha


> Works.
> 
> OK for me.
>