1613003d00
Security fixes (1.35.5): 3 CVEs — org vault purge by unconfirmed owner (GHSA-937x-3j8m-7w7p), cross-org group binding unauthorized access (GHSA-569v-845w-g82p), refresh tokens not invalidated on stamp rotation (GHSA-6j4w-g4jh-xjfx). 2FA remember tokens now max 30 days. 1.35.6: Fix 2FA remember tokens broken in 1.35.5. 1.35.7: Fix 2FA for Android. Risk: SAFE (patch bump, no breaking changes) DB backup: yes (job: pre-upgrade-vaultwarden-1776280439, SQLite, 7 MiB) Config changes applied: none Flagged for manual review: none Co-Authored-By: Service Upgrade Agent <noreply@viktorbarzin.me> |
||
|---|---|---|
| .. | ||
| modules/vaultwarden | ||
| main.tf | ||
| secrets | ||
| terragrunt.hcl | ||
| tiers.tf | ||