infra

Viktor Barzin 1613003d00 upgrade: vaultwarden 1.35.4 -> 1.35.7 Security fixes (1.35.5): 3 CVEs — org vault purge by unconfirmed owner (GHSA-937x-3j8m-7w7p), cross-org group binding unauthorized access (GHSA-569v-845w-g82p), refresh tokens not invalidated on stamp rotation (GHSA-6j4w-g4jh-xjfx). 2FA remember tokens now max 30 days. 1.35.6: Fix 2FA remember tokens broken in 1.35.5. 1.35.7: Fix 2FA for Android. Risk: SAFE (patch bump, no breaking changes) DB backup: yes (job: pre-upgrade-vaultwarden-1776280439, SQLite, 7 MiB) Config changes applied: none Flagged for manual review: none Co-Authored-By: Service Upgrade Agent <noreply@viktorbarzin.me>	2026-04-15 19:14:21 +00:00
..
vaultwarden	upgrade: vaultwarden 1.35.4 -> 1.35.7	2026-04-15 19:14:21 +00:00

Viktor Barzin 1613003d00 upgrade: vaultwarden 1.35.4 -> 1.35.7

Security fixes (1.35.5): 3 CVEs — org vault purge by unconfirmed owner
(GHSA-937x-3j8m-7w7p), cross-org group binding unauthorized access
(GHSA-569v-845w-g82p), refresh tokens not invalidated on stamp rotation
(GHSA-6j4w-g4jh-xjfx). 2FA remember tokens now max 30 days.
1.35.6: Fix 2FA remember tokens broken in 1.35.5.
1.35.7: Fix 2FA for Android.

Risk: SAFE (patch bump, no breaking changes)
DB backup: yes (job: pre-upgrade-vaultwarden-1776280439, SQLite, 7 MiB)
Config changes applied: none
Flagged for manual review: none

Co-Authored-By: Service Upgrade Agent <noreply@viktorbarzin.me>

2026-04-15 19:14:21 +00:00

vaultwarden

upgrade: vaultwarden 1.35.4 -> 1.35.7

2026-04-15 19:14:21 +00:00