If you are running Vaultwarden, you need to update. There is a CVE (github.com)
from otter@lemmy.ca to selfhosted@lemmy.world on 11 Nov 15:53
https://lemmy.ca/post/32782416

This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.

cross-posted from: lemmy.eco.br/post/8758930

If you’re using Vaultwarden, you should update because of security fixes.

#selfhosted

threaded - newest

Oha@lemmy.ohaa.xyz on 11 Nov 16:01 next collapse

Just updated, thanks!

ComradeMiao@lemmy.world on 11 Nov 16:01 next collapse

thanks

MaggiWuerze@feddit.org on 11 Nov 16:59 next collapse

Thanks for posting

gregor@gregtech.eu on 11 Nov 17:25 next collapse

Thanks for the tip

state_electrician@discuss.tchncs.de on 11 Nov 17:38 next collapse

My Vaultwarden is behind a private VPN, but I’ll still update today. Thanks.

EmbarrassedDrum@lemmy.dbzer0.com on 11 Nov 21:51 next collapse

Just the reason why I stopped using Vaultwarden and returned to Bitwarden (EDIT: ditching self hosting the password manager).

I’m not specialized in this, can’t update right away, might not know of all security vulnerabilities I have - better leave it for the professionals.

matcha_addict@lemy.lol on 12 Nov 05:52 collapse

I think what you mean is abandoning self hosting right? Because self hosting Bitwarden would have similar issues if you don’t take the initiative to update.

EmbarrassedDrum@lemmy.dbzer0.com on 12 Nov 07:16 collapse

yes, you’re right. my message was unclear, I see now. While I do self host many other things, I just didn’t want to take the risk regarding my password manager.

popcorp@discuss.tchncs.de on 12 Nov 09:35 collapse

Thanks. I logged in immediately to update the image, but luckily it was already updated by watchtower yesterday.