Update vaultwarden/server Docker tag to v1.35.4 #280

Merged

renovate-bot merged 0 commits from refs/pull/280/head into master 2026-02-27 08:02:29 +00:00

Conversation 0 Commits - Files changed -

renovate-bot commented 2026-02-27 00:03:12 +00:00 (Migrated from gitea.smittenfeld.nl)

Copy link

This PR contains the following updates:

Package	Update	Change
vaultwarden/server	patch	1.35.3 → 1.35.4

---

Release Notes

dani-garcia/vaultwarden (vaultwarden/server)

v1.35.4

Compare Source

Security Fixes

This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.

• GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID.
• GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them.
• GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned.

These are private for now, pending CVE assignment.

What's Changed

• Update Rust and Crates and GHA by @​BlackDex in #​6843
• hide remember 2fa token by @​stefan0xC in #​6852
• fix(send_invite): invite links by @​proofofcopilot in #​6824
• Misc organization fixes by @​BlackDex in #​6867

New Contributors

• @​proofofcopilot made their first contribution in #​6824

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [vaultwarden/server](https://github.com/dani-garcia/vaultwarden) | patch | `1.35.3` → `1.35.4` | --- ### Release Notes <details> <summary>dani-garcia/vaultwarden (vaultwarden/server)</summary> ### [`v1.35.4`](https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.4) [Compare Source](https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4) #### Security Fixes This release contains security fixes for the following advisories. We strongly advice to update as soon as possible. - [GHSA-w9f8-m526-h7fh](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-w9f8-m526-h7fh). This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID. - [GHSA-h4hq-rgvh-wh27](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27). This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them. - [GHSA-r32r-j5jq-3w4m](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-r32r-j5jq-3w4m). This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned. These are private for now, pending CVE assignment. #### What's Changed - Update Rust and Crates and GHA by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;6843](https://github.com/dani-garcia/vaultwarden/pull/6843) - hide remember 2fa token by [@&#8203;stefan0xC](https://github.com/stefan0xC) in [#&#8203;6852](https://github.com/dani-garcia/vaultwarden/pull/6852) - fix(send\_invite): invite links by [@&#8203;proofofcopilot](https://github.com/proofofcopilot) in [#&#8203;6824](https://github.com/dani-garcia/vaultwarden/pull/6824) - Misc organization fixes by [@&#8203;BlackDex](https://github.com/BlackDex) in [#&#8203;6867](https://github.com/dani-garcia/vaultwarden/pull/6867) #### New Contributors - [@&#8203;proofofcopilot](https://github.com/proofofcopilot) made their first contribution in [#&#8203;6824](https://github.com/dani-garcia/vaultwarden/pull/6824) **Full Changelog**: <https://github.com/dani-garcia/vaultwarden/compare/1.35.3...1.35.4> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40LjIiLCJ1cGRhdGVkSW5WZXIiOiI0My40LjIiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOltdfQ==-->

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

peter/homelab-docker-config!280

No description provided.