Vaultwarden security update Feb 10 2026 (github.com)
from megaman@discuss.tchncs.de to selfhosted@lemmy.world on 12 Feb 17:18
https://discuss.tchncs.de/post/54784609

GHSA-h265-g7rm-h337 (Publication in process, waiting for CVE assignment) This vulnerability would allow an authenticated attacker that is part of an organization to access items from collections to which the attacker does not belong

#selfhosted

threaded - newest

tofu@lemmy.nocturnal.garden on 12 Feb 17:36 next collapse

Already updated yesterday šŸ¤“ All hail the mighty renovate

motruck@lemmy.zip on 12 Feb 21:56 next collapse

Renovate? Hrmmmm

tofu@lemmy.nocturnal.garden on 12 Feb 22:04 collapse

Hrmmm?

Natanox@discuss.tchncs.de on 13 Feb 07:21 collapse

Renovate?

qaz@lemmy.world on 13 Feb 07:26 next collapse

Itā€™s a bot to create PRā€™s with dependency updates

Natanox@discuss.tchncs.de on 13 Feb 07:31 collapse

Might be a stupid question, but how are PRā€™s connected to your server deployment?

tofu@lemmy.nocturnal.garden on 13 Feb 20:35 collapse

Copying my other comment. It opens PRs to change the tag from the docker image.

I have all my compose stacks in git. Theyā€™re deployed from their git repos with Komodo.

Renovate is a bot that checks git repos for dependencies (mostly container images in this case) and checks if thereā€™s a newer version available. If yes, it creates a merge request to update the version. I review the requests and merge, then the updated compose stack gets deployed with Komodo. Itā€™s a great semi automatic way to handle updates without giving up control.

Thereā€™s a nice how to here: nickcunningh.am/ā€¦/how-to-automate-version-updatesā€¦

tofu@lemmy.nocturnal.garden on 13 Feb 09:28 collapse

I have all my compose stacks in git. Theyā€™re deployed from their git repos with Komodo.

Renovate is a bot that checks git repos for dependencies (mostly container images in this case) and checks if thereā€™s a newer version available. If yes, it creates a merge request to update the version. I review the requests and merge, then the updated compose stack gets deployed with Komodo. Itā€™s a great semi automatic way to handle updates without giving up control.

Thereā€™s a nice how to here: nickcunningh.am/ā€¦/how-to-automate-version-updatesā€¦

osanna@thebrainbin.org on 14 Feb 05:08 next collapse

one thing I'm not willing to self host is vault/bitwarden. My whole life is based in my password manager. I imagine Bitwarden inc has a lot better security than me, and if I lose access to it I'm stuffed.

nopermissions@lemmy.ml on 14 Feb 10:02 next collapse

Had this exact thing happen to me. I was hosting vaultwarden on a raspberry pi and then it fell over. My client devices had caged versions of my vault, but I couldnā€™t make changes to it. I quickly moved over to Bitwarden and itā€™s been fantastic.

osanna@thebrainbin.org on 14 Feb 11:44 collapse

yup, BW is awesome. and mostly free. I use BW too, but not self hosted.

Auli@lemmy.ca on 14 Feb 11:53 next collapse

What are they going to get an encrypted blob.

keyez@lemmy.world on 15 Feb 01:09 collapse

Bitwarden was the second thing I ever self hosted. On a local server on a UPS and hasnā€™t really been an issue across 7 years. Every so often I save an encrypted JSON on my main laptop to use with keepass if thereā€™s ever an issue where the server is down for a while.

oyzmo@piefed.social on 15 Feb 05:38 collapse

Vaulwarden is the best šŸ˜ selfhosted for 3 years, no problems. Got all my devices on my tail/headscale network, and only addresses allowed to my server are lan and tailscale šŸ¤“