Vaultwarden security update Feb 10 2026

GHSA-h265-g7rm-h337 (Publication in process, waiting for CVE assignment) This vulnerability would allow an authenticated attacker that is part of an organization to access items from collections to which the attacker does not belong

https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.3Open link View original on discuss.tchncs.de

109

Comments14

tofu

lemmy.nocturnal.garden

Already updated yesterday 🤓 All hail the mighty renovate

Natanox reply

discuss.tchncs.de

Renovate?

tofu reply

lemmy.nocturnal.garden

I have all my compose stacks in git. They're deployed from their git repos with Komodo.

Renovate is a bot that checks git repos for dependencies (mostly container images in this case) and checks if there's a newer version available. If yes, it creates a merge request to update the version. I review the requests and merge, then the updated compose stack gets deployed with Komodo. It's a great semi automatic way to handle updates without giving up control.

There's a nice how to here: https://nickcunningh.am/blog/how-to-automate-version-updates-for-your-self-hosted-docker-containers-with-gitea-renovate-and-komodo

qaz reply

lemmy.world

It's a bot to create PR's with dependency updates

Natanox reply

discuss.tchncs.de

Might be a stupid question, but how are PR's connected to your server deployment?

tofu reply

lemmy.nocturnal.garden

Copying my other comment. It opens PRs to change the tag from the docker image.

I have all my compose stacks in git. They’re deployed from their git repos with Komodo.

Renovate is a bot that checks git repos for dependencies (mostly container images in this case) and checks if there’s a newer version available. If yes, it creates a merge request to update the version. I review the requests and merge, then the updated compose stack gets deployed with Komodo. It’s a great semi automatic way to handle updates without giving up control.

There’s a nice how to here: https://nickcunningh.am/blog/how-to-automate-version-updates-for-your-self-hosted-docker-containers-with-gitea-renovate-and-komodo

motruck reply

lemmy.zip

Renovate? Hrmmmm

tofu reply

lemmy.nocturnal.garden

Hrmmm?

osanna

thebrainbin.org

one thing I'm not willing to self host is vault/bitwarden. My whole life is based in my password manager. I imagine Bitwarden inc has a lot better security than me, and if I lose access to it I'm stuffed.

Auli reply

lemmy.ca

What are they going to get an encrypted blob.

nopermissions reply

lemmy.ml

Had this exact thing happen to me. I was hosting vaultwarden on a raspberry pi and then it fell over. My client devices had caged versions of my vault, but I couldn’t make changes to it. I quickly moved over to Bitwarden and it’s been fantastic.

osanna reply

thebrainbin.org

yup, BW is awesome. and mostly free. I use BW too, but not self hosted.

keyez reply

lemmy.world

Bitwarden was the second thing I ever self hosted. On a local server on a UPS and hasn't really been an issue across 7 years. Every so often I save an encrypted JSON on my main laptop to use with keepass if there's ever an issue where the server is down for a while.

oyzmo

piefed.social

Vaulwarden is the best 😁 selfhosted for 3 years, no problems. Got all my devices on my tail/headscale network, and only addresses allowed to my server are lan and tailscale 🤓