Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert setcap, update rust and crates #3403

Merged
merged 1 commit into from
Apr 2, 2023

Conversation

BlackDex
Copy link
Collaborator

@BlackDex BlackDex commented Mar 31, 2023

Resolves #3387

@BlackDex BlackDex force-pushed the update-dockerfile-and-rust branch from e34a387 to 89b2d90 Compare March 31, 2023 14:43
@jjlin
Copy link
Contributor

jjlin commented Mar 31, 2023

For the record, I disagree with the characterization that it's "better" not to have #3170 just because a handful of users who are fixated with dropping all possible capabilities (even though they haven't presented any practical downside to keeping NET_BIND_SERVICE) feels strongly about it. Having stronger feelings and being more vocal doesn't make them more right.

@BlackDex
Copy link
Collaborator Author

I'm not saying that it makes something more right or wrong when people are complaining about something strongly or not strongly or whatever.

But, in hindsight I do agree that we should not lower the security of the container just because we should have set ROCKET_PORT to 8000 or something from the beginning.

The issue I have with this being there, is that it might be an entry point for someone to add a custom binary, or maybe even abuse a binary already in the image to start that on a lower port.

I think we need to prevent stuff like that. And new users can be educated on how to start a Vaultwarden container.

@jjlin
Copy link
Contributor

jjlin commented Mar 31, 2023

IMO, that argument is even more hypothetical than the "hypothetical" users that #3170 is supposed to benefit, but if that's your opinion, that's fine.

@BlackDex
Copy link
Collaborator Author

IMO, that argument is even more hypothetical than the "hypothetical" users that #3170 is supposed to benefit, but if that's your opinion, that's fine.

Well besides that, i also think we should not make breaking changes like this.And apparently this was a breaking change for people running k8s or a bit more secure environments. And I would prefer a secure environment above a less secure environment.

Please don't feel personally attacked by this, because that isn't the case.

@jjlin
Copy link
Contributor

jjlin commented Mar 31, 2023

If the real reasoning is to minimize breaking changes, then just say that. The rest is security theater. Modern versions of Docker already allow any process to bind to low ports regardless of NET_BIND_SERVICE, but I don't see these guys passing --sysctl net.ipv4.ip_unprivileged_port_start=1024...

@BlackDex
Copy link
Collaborator Author

Both arguments apply. Not just one or the other.
I don't think it's security theater.
Also arguing that Docker already has this feature built in is a bad argument, since docker isn't the only container platform.

Anyways, main reasons are breaking change and security.

@BlackDex BlackDex force-pushed the update-dockerfile-and-rust branch 3 times, most recently from 576e8bc to df267a8 Compare April 2, 2023 10:24
docker/Dockerfile.j2 Outdated Show resolved Hide resolved
- Revert dani-garcia#3170 as discussed in dani-garcia#3387
  In hindsight it's better to not have this feature
- Update Dockerfile.j2 for easy version changes.
  Just change it in one place instead of multiple
- Updated to Rust to latest patched version
- Updated crates to latest available
- Pinned mimalloc to an older version, as it breaks on musl builds
@BlackDex BlackDex force-pushed the update-dockerfile-and-rust branch from df267a8 to fc43608 Compare April 2, 2023 13:20
@dani-garcia dani-garcia merged commit 0b28ab3 into dani-garcia:main Apr 2, 2023
@BlackDex BlackDex deleted the update-dockerfile-and-rust branch April 2, 2023 16:26
spantaleev added a commit to mother-of-all-self-hosting/ansible-role-vaultwarden that referenced this pull request Apr 3, 2023
Stackclash referenced this pull request in Stackclash/home-cluster May 25, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [vaultwarden/server](https://togithub.com/dani-garcia/vaultwarden) |
minor | `1.27.0` -> `1.28.1` |

---

### Release Notes

<details>
<summary>dani-garcia/vaultwarden</summary>

###
[`v1.28.1`](https://togithub.com/dani-garcia/vaultwarden/releases/tag/1.28.1)

[Compare
Source](https://togithub.com/dani-garcia/vaultwarden/compare/1.28.0...1.28.1)

#### What's Changed

- Decode knowndevice `X-Request-Email` as base64url with no padding by
[@&#8203;jjlin](https://togithub.com/jjlin) in
[https://github.com/dani-garcia/vaultwarden/pull/3376](https://togithub.com/dani-garcia/vaultwarden/pull/3376)
- Fix abort on password reset mail error by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3390](https://togithub.com/dani-garcia/vaultwarden/pull/3390)
- support `/users/<uuid>/invite/resend` admin api by
[@&#8203;nikolaevn](https://togithub.com/nikolaevn) in
[https://github.com/dani-garcia/vaultwarden/pull/3397](https://togithub.com/dani-garcia/vaultwarden/pull/3397)
- always return KdfMemory and KdfParallelism by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3398](https://togithub.com/dani-garcia/vaultwarden/pull/3398)
- Fix sending out multiple websocket notifications by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3405](https://togithub.com/dani-garcia/vaultwarden/pull/3405)
- Revert setcap, update rust and crates by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3403](https://togithub.com/dani-garcia/vaultwarden/pull/3403)

#### New Contributors

- [@&#8203;nikolaevn](https://togithub.com/nikolaevn) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3397](https://togithub.com/dani-garcia/vaultwarden/pull/3397)

**Full Changelog**:
dani-garcia/vaultwarden@1.28.0...1.28.1

###
[`v1.28.0`](https://togithub.com/dani-garcia/vaultwarden/releases/tag/1.28.0)

[Compare
Source](https://togithub.com/dani-garcia/vaultwarden/compare/1.27.0...1.28.0)

#### Major changes

- The project has changed license to the
[**AGPLv3**](https://togithub.com/dani-garcia/vaultwarden/blob/main/LICENSE.txt).
If you're hosting a Vaultwarden instance, you now have a requirement to
distribute the Vaultwarden source code to your users if they request it.
The source code, and any changes you have made, need to be under the
same AGPLv3 license. If you simply use our code without modifications,
just pointing them to this repository is enough.
- Added support for **Argon2** key derivation on the clients. To enable
it for your account, make sure all your clients are using version
v2023.2.0 or greater, then go to account settings > security > keys, and
change the algorithm from PBKDF2 to Argon2id.
- Added support for **Argon2** key derivation for the admin page token.
To update your admin token to use it, [check the
wiki](https://togithub.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token)
- New **alternative registries** for the docker images are available (In
**BETA** for now):
- **Github Container Registry**: https://ghcr.io/dani-garcia/vaultwarden
    -   **Quay**: https://quay.io/vaultwarden/server

#### What's Changed

- Remove patched multer-rs by
[@&#8203;manofthepeace](https://togithub.com/manofthepeace) in
[https://github.com/dani-garcia/vaultwarden/pull/2968](https://togithub.com/dani-garcia/vaultwarden/pull/2968)
- Removed unsafe-inline JS from CSP and other fixes by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3058](https://togithub.com/dani-garcia/vaultwarden/pull/3058)
- Validate YUBICO_SERVER string
([#&#8203;3003](https://togithub.com/dani-garcia/vaultwarden/issues/3003))
by [@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3059](https://togithub.com/dani-garcia/vaultwarden/pull/3059)
- Log message to stderr if LOG_FILE is not writable by
[@&#8203;pjsier](https://togithub.com/pjsier) in
[https://github.com/dani-garcia/vaultwarden/pull/3061](https://togithub.com/dani-garcia/vaultwarden/pull/3061)
- Update WebSocket Notifications by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3076](https://togithub.com/dani-garcia/vaultwarden/pull/3076)
- Optimize config loading messages by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3092](https://togithub.com/dani-garcia/vaultwarden/pull/3092)
- Percent-encode org_name in links by
[@&#8203;am97](https://togithub.com/am97) in
[https://github.com/dani-garcia/vaultwarden/pull/3093](https://togithub.com/dani-garcia/vaultwarden/pull/3093)
- Fix failing large note imports by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3087](https://togithub.com/dani-garcia/vaultwarden/pull/3087)
- Change `text/plain` API responses to `application/json` by
[@&#8203;jjlin](https://togithub.com/jjlin) in
[https://github.com/dani-garcia/vaultwarden/pull/3124](https://togithub.com/dani-garcia/vaultwarden/pull/3124)
- Remove `shrink-to-fit=no` from viewport-meta-tag by
[@&#8203;redwerkz](https://togithub.com/redwerkz) in
[https://github.com/dani-garcia/vaultwarden/pull/3126](https://togithub.com/dani-garcia/vaultwarden/pull/3126)
- Update dependencies and MSRV by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3128](https://togithub.com/dani-garcia/vaultwarden/pull/3128)
- Resolve uninlined_format_args clippy warnings by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3065](https://togithub.com/dani-garcia/vaultwarden/pull/3065)
- Update Rust to v1.66.1 to patch CVE by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3136](https://togithub.com/dani-garcia/vaultwarden/pull/3136)
- Fix remaining inline format by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3130](https://togithub.com/dani-garcia/vaultwarden/pull/3130)
- Use more modern meta tag for charset encoding by
[@&#8203;redwerkz](https://togithub.com/redwerkz) in
[https://github.com/dani-garcia/vaultwarden/pull/3131](https://togithub.com/dani-garcia/vaultwarden/pull/3131)
- fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory
by [@&#8203;GeekCornerGH](https://togithub.com/GeekCornerGH) in
[https://github.com/dani-garcia/vaultwarden/pull/3132](https://togithub.com/dani-garcia/vaultwarden/pull/3132)
- Optimize CipherSyncData for very large vaults by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3133](https://togithub.com/dani-garcia/vaultwarden/pull/3133)
- Add avatar color support by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3134](https://togithub.com/dani-garcia/vaultwarden/pull/3134)
- Add MFA icon to org member overview by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3135](https://togithub.com/dani-garcia/vaultwarden/pull/3135)
- Minor refactoring concering user.setpassword by
[@&#8203;sirux88](https://togithub.com/sirux88) in
[https://github.com/dani-garcia/vaultwarden/pull/3139](https://togithub.com/dani-garcia/vaultwarden/pull/3139)
- Validate note sizes on key-rotation. by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3157](https://togithub.com/dani-garcia/vaultwarden/pull/3157)
- Update KDF Configuration and processing by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3163](https://togithub.com/dani-garcia/vaultwarden/pull/3163)
- Remove `arm32v6`-specific tag by
[@&#8203;jjlin](https://togithub.com/jjlin) in
[https://github.com/dani-garcia/vaultwarden/pull/3164](https://togithub.com/dani-garcia/vaultwarden/pull/3164)
- Re-License Vaultwarden to AGPLv3 by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/2561](https://togithub.com/dani-garcia/vaultwarden/pull/2561)
- Admin password reset by
[@&#8203;sirux88](https://togithub.com/sirux88) in
[https://github.com/dani-garcia/vaultwarden/pull/3116](https://togithub.com/dani-garcia/vaultwarden/pull/3116)
- "Spell-Jacking" mitigation ~ prevent sensitive data leak … by
[@&#8203;dlehammer](https://togithub.com/dlehammer) in
[https://github.com/dani-garcia/vaultwarden/pull/3145](https://togithub.com/dani-garcia/vaultwarden/pull/3145)
- Allow listening on privileged ports (below 1024) as non-root by
[@&#8203;jjlin](https://togithub.com/jjlin) in
[https://github.com/dani-garcia/vaultwarden/pull/3170](https://togithub.com/dani-garcia/vaultwarden/pull/3170)
- don't nullify key when editing emergency access by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3215](https://togithub.com/dani-garcia/vaultwarden/pull/3215)
- Fix trailing slash not getting removed from domain by
[@&#8203;BlockListed](https://togithub.com/BlockListed) in
[https://github.com/dani-garcia/vaultwarden/pull/3228](https://togithub.com/dani-garcia/vaultwarden/pull/3228)
- Generate distinct log messages for regex vs. IP blacklisting. by
[@&#8203;kpfleming](https://togithub.com/kpfleming) in
[https://github.com/dani-garcia/vaultwarden/pull/3231](https://togithub.com/dani-garcia/vaultwarden/pull/3231)
- allow editing/unhiding by group by
[@&#8203;farodin91](https://togithub.com/farodin91) in
[https://github.com/dani-garcia/vaultwarden/pull/3108](https://togithub.com/dani-garcia/vaultwarden/pull/3108)
- Fix Javascript issue on non sqlite databases by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3167](https://togithub.com/dani-garcia/vaultwarden/pull/3167)
- add argon2 kdf fields by [@&#8203;tessus](https://togithub.com/tessus)
in
[https://github.com/dani-garcia/vaultwarden/pull/3210](https://togithub.com/dani-garcia/vaultwarden/pull/3210)
- add support for system mta though sendmail by
[@&#8203;soruh](https://togithub.com/soruh) in
[https://github.com/dani-garcia/vaultwarden/pull/3147](https://togithub.com/dani-garcia/vaultwarden/pull/3147)
- Updated Rust and crates by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3234](https://togithub.com/dani-garcia/vaultwarden/pull/3234)
- docs: add build status badge in readme by
[@&#8203;R3DRUN3](https://togithub.com/R3DRUN3) in
[https://github.com/dani-garcia/vaultwarden/pull/3245](https://togithub.com/dani-garcia/vaultwarden/pull/3245)
- Validate all needed fields for client API login by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3251](https://togithub.com/dani-garcia/vaultwarden/pull/3251)
- Fix Organization delete when groups are configured by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3252](https://togithub.com/dani-garcia/vaultwarden/pull/3252)
- Fix Collection Read Only access for groups by
[@&#8203;Misterbabou](https://togithub.com/Misterbabou) in
[https://github.com/dani-garcia/vaultwarden/pull/3254](https://togithub.com/dani-garcia/vaultwarden/pull/3254)
- Make the admin session lifetime adjustable by
[@&#8203;mittler-works](https://togithub.com/mittler-works) in
[https://github.com/dani-garcia/vaultwarden/pull/3262](https://togithub.com/dani-garcia/vaultwarden/pull/3262)
- Add function to fetch user by email address by
[@&#8203;mittler-works](https://togithub.com/mittler-works) in
[https://github.com/dani-garcia/vaultwarden/pull/3263](https://togithub.com/dani-garcia/vaultwarden/pull/3263)
- Fix vault item display in org vault view by
[@&#8203;jjlin](https://togithub.com/jjlin) in
[https://github.com/dani-garcia/vaultwarden/pull/3277](https://togithub.com/dani-garcia/vaultwarden/pull/3277)
- Add confirmation for removing 2FA and deauthing sessions in admin
panel by [@&#8203;JCBird1012](https://togithub.com/JCBird1012) in
[https://github.com/dani-garcia/vaultwarden/pull/3282](https://togithub.com/dani-garcia/vaultwarden/pull/3282)
- Some Admin Interface updates by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3288](https://togithub.com/dani-garcia/vaultwarden/pull/3288)
- Fix the web-vault v2023.2.0 API calls by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3281](https://togithub.com/dani-garcia/vaultwarden/pull/3281)
- Fix confirmation for removing 2FA and deauthing sessions in admin
panel by [@&#8203;dpinse](https://togithub.com/dpinse) in
[https://github.com/dani-garcia/vaultwarden/pull/3290](https://togithub.com/dani-garcia/vaultwarden/pull/3290)
- Admin token Argon2 hashing support by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3289](https://togithub.com/dani-garcia/vaultwarden/pull/3289)
- Add HEAD routes to avoid spurious error messages by
[@&#8203;jjlin](https://togithub.com/jjlin) in
[https://github.com/dani-garcia/vaultwarden/pull/3307](https://togithub.com/dani-garcia/vaultwarden/pull/3307)
- Fix web-vault Member UI show/edit/save by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3315](https://togithub.com/dani-garcia/vaultwarden/pull/3315)
- Upd Crates, Rust, MSRV, GHA and remove Backtrace by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3310](https://togithub.com/dani-garcia/vaultwarden/pull/3310)
- Add support for `/api/devices/knowndevice` with HTTP header params by
[@&#8203;jjlin](https://togithub.com/jjlin) in
[https://github.com/dani-garcia/vaultwarden/pull/3329](https://togithub.com/dani-garcia/vaultwarden/pull/3329)
- Update Rust, MSRV and Crates by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3348](https://togithub.com/dani-garcia/vaultwarden/pull/3348)
- Merge ClientIp with Headers. by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3332](https://togithub.com/dani-garcia/vaultwarden/pull/3332)
- add endpoints to bulk delete collections/groups by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3354](https://togithub.com/dani-garcia/vaultwarden/pull/3354)
- Add support for Quay.io and GHCR.io as registries by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3363](https://togithub.com/dani-garcia/vaultwarden/pull/3363)
- Some small fixes and updates by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3366](https://togithub.com/dani-garcia/vaultwarden/pull/3366)
- Update web vault to v2023.3.0 by
[@&#8203;dani-garcia](https://togithub.com/dani-garcia)

#### New Contributors

- [@&#8203;manofthepeace](https://togithub.com/manofthepeace) made their
first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/2968](https://togithub.com/dani-garcia/vaultwarden/pull/2968)
- [@&#8203;pjsier](https://togithub.com/pjsier) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3061](https://togithub.com/dani-garcia/vaultwarden/pull/3061)
- [@&#8203;am97](https://togithub.com/am97) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3093](https://togithub.com/dani-garcia/vaultwarden/pull/3093)
- [@&#8203;redwerkz](https://togithub.com/redwerkz) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3126](https://togithub.com/dani-garcia/vaultwarden/pull/3126)
- [@&#8203;sirux88](https://togithub.com/sirux88) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3139](https://togithub.com/dani-garcia/vaultwarden/pull/3139)
- [@&#8203;dlehammer](https://togithub.com/dlehammer) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3145](https://togithub.com/dani-garcia/vaultwarden/pull/3145)
- [@&#8203;BlockListed](https://togithub.com/BlockListed) made their
first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3228](https://togithub.com/dani-garcia/vaultwarden/pull/3228)
- [@&#8203;kpfleming](https://togithub.com/kpfleming) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3231](https://togithub.com/dani-garcia/vaultwarden/pull/3231)
- [@&#8203;farodin91](https://togithub.com/farodin91) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3108](https://togithub.com/dani-garcia/vaultwarden/pull/3108)
- [@&#8203;soruh](https://togithub.com/soruh) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3147](https://togithub.com/dani-garcia/vaultwarden/pull/3147)
- [@&#8203;R3DRUN3](https://togithub.com/R3DRUN3) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3245](https://togithub.com/dani-garcia/vaultwarden/pull/3245)
- [@&#8203;Misterbabou](https://togithub.com/Misterbabou) made their
first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3254](https://togithub.com/dani-garcia/vaultwarden/pull/3254)
- [@&#8203;mittler-works](https://togithub.com/mittler-works) made their
first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3262](https://togithub.com/dani-garcia/vaultwarden/pull/3262)
- [@&#8203;JCBird1012](https://togithub.com/JCBird1012) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3282](https://togithub.com/dani-garcia/vaultwarden/pull/3282)
- [@&#8203;dpinse](https://togithub.com/dpinse) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3290](https://togithub.com/dani-garcia/vaultwarden/pull/3290)

**Full Changelog**:
dani-garcia/vaultwarden@1.27.0...1.28.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on saturday" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/RickCoxDev/home-cluster).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS43OS4xIiwidXBkYXRlZEluVmVyIjoiMzUuNzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
oliverlorenz pushed a commit to oliverlorenz/ansible-role-matterbridge that referenced this pull request Jun 21, 2024
Fix incorrect tag

Do not mount timezone files

Rocky Linux 9 does not have an `/etc/timezone` file,
which begs the question: why even do this?

Upgrade (1.27.0 -> 1.28.0)

Fixes mother-of-all-self-hosting/mash-playbook#25

Switch from docker.io to ghcr.io

Upgrade (1.28.0 -> 1.28.1) and drop NET_BIND_SERVICE workaround

Related to:

- mother-of-all-self-hosting/mash-playbook#25
- dani-garcia/vaultwarden#3387
- dani-garcia/vaultwarden#3403

Upgrade (1.28.1 -> 1.29.0) and remove dedicated WebSocket port

As per dani-garcia/vaultwarden#3404,
we no longer need a dedicated websocket port.

Upgrade (1.29.0 -> 1.29.1)

Add missing Project source code URL annotation

Upgrade (1.29.1 -> 1.29.2)

Split vaultwarden_container_additional_networks into vaultwarden_container_additional_networks_auto and vaultwarden_container_additional_networks_custom

Add a variable dedicated to the --hostname parameter of the service unit file, default value is vaultwarden_hostname

Simplify labels

Upgrade (1.29.2 -> 1.30.0)

Upgrade (1.30.0 -> 1.30.1)

Stop the container gracefully, instead of outright killing it

Add vaultwarden_systemd_wanted_systemd_services_list and split required services list into multiple vars

Upgrade (1.30.1 -> 1.30.2)

Upgrade (1.30.2 -> 1.30.3)

copied to own repository
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants