chore(deps): update dependency dani-garcia/vaultwarden to v1.35.4 #4197

renovate-bot · 2026-02-24T02:29:20Z

renovate-bot commented

2026-02-24 02:29:20 +00:00

This PR contains the following updates:

Package	Update	Change
dani-garcia/vaultwarden	patch	`1.35.3` → `1.35.4`

Release Notes

dani-garcia/vaultwarden (dani-garcia/vaultwarden)

`v1.35.4`

Compare Source

Security Fixes

This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.

GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.

These are private for now, pending CVE assignment.

What's Changed

Update Rust and Crates and GHA by @BlackDex in #6843
hide remember 2fa token by @stefan0xC in #6852
fix(send_invite): invite links by @proofofcopilot in #6824
Misc organization fixes by @BlackDex in #6867

New Contributors

@proofofcopilot made their first contribution in #6824

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [dani-garcia/vaultwarden](https://github.com/dani-garcia/vaultwarden) | patch | `1.35.3` → `1.35.4` | --- ### Release Notes <details> <summary>dani-garcia/vaultwarden (dani-garcia/vaultwarden)</summary> ### [`v1.35.4`](https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.4) [Compare Source](https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4) #### Security Fixes This release contains security fixes for the following advisories. We strongly advice to update as soon as possible. - [GHSA-w9f8-m526-h7fh](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-w9f8-m526-h7fh). This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID. - [GHSA-h4hq-rgvh-wh27](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27). This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them. - [GHSA-r32r-j5jq-3w4m](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-r32r-j5jq-3w4m). This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned. These are private for now, pending CVE assignment. #### What's Changed - Update Rust and Crates and GHA by [@BlackDex](https://github.com/BlackDex) in [#6843](https://github.com/dani-garcia/vaultwarden/pull/6843) - hide remember 2fa token by [@stefan0xC](https://github.com/stefan0xC) in [#6852](https://github.com/dani-garcia/vaultwarden/pull/6852) - fix(send\_invite): invite links by [@proofofcopilot](https://github.com/proofofcopilot) in [#6824](https://github.com/dani-garcia/vaultwarden/pull/6824) - Misc organization fixes by [@BlackDex](https://github.com/BlackDex) in [#6867](https://github.com/dani-garcia/vaultwarden/pull/6867) #### New Contributors - [@proofofcopilot](https://github.com/proofofcopilot) made their first contribution in [#6824](https://github.com/dani-garcia/vaultwarden/pull/6824) **Full Changelog**: <https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added the automerge image labels 2026-02-24 02:29:20 +00:00

renovate-bot added 1 commit 2026-02-24 02:29:23 +00:00

chore(deps): update dependency dani-garcia/vaultwarden to v1.35.4

renovate/stability-days Updates have not met minimum release age requirement

Details

render-manifests-merge / render-manifests-merge (pull_request) Has been skipped

Details

lint-test-helm / lint-helm (pull_request) Successful in 1m0s

Details

render-manifests-automerge / render-manifests-automerge (pull_request) Successful in 1m49s

Details

0ebd38de7a

renovate-bot scheduled this pull request to auto merge when all checks succeed 2026-02-24 02:29:30 +00:00

renovate-bot merged commit 49e3454be3 into main

2026-02-24 02:29:37 +00:00

renovate-bot referenced this issue from a commit

2026-02-24 02:29:38 +00:00

chore(deps): update dependency dani-garcia/vaultwarden to v1.35.4 (#4197)

renovate-bot deleted branch renovate/unified-dani-garciavaultwarden

2026-02-24 02:29:47 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#4197