update web-vault to v2023.9.1 #141
Conversation
|
If that is the only fix, then I'm not sure we should update this already. |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
stefan0xC
changed the title
|
update to new web-vault release: web-v2023.9.0 Should I add a change to use the system theme by default? Or should we wait for bitwarden to ship this change? |
|
Also I was wondering since bitwarden/clients#6309 was closed, if we should change the Authy recommendation ourselves? |
|
I'll update my PR to 2023.9.1 tomorrow (when I have time to test the changes). If I do should I rename the patch file too? (The update doesn't require updating the patch file.) |
I think that is wise. There are probably a lot of changes. Same for the email generation annonaddy, we probably need to change that too. |
stefan0xC
force-pushed
the
update-to-v2023.8.3
branch
from
6471e21 to
9a2e395
Compare
stefan0xC
changed the title
|
@BlackDex Do you know how old an account would have to be to use a legacy encryption key? I.e. with what And yeah, you're right. The API call (to |
|
@stefan0xC The KDF iteration value was increased here: dani-garcia/vaultwarden#3163 and released in https://github.com/dani-garcia/vaultwarden/releases/tag/1.28.0, so, not that old when we changed this on the server-side at least. Looking at the code from Bitwarden it looks like they updated the default for new accounts in v2023.2.0 (bitwarden/clients@2563fbd) which would make it v1.28 also because we release with that web-vault version. |
|
@stefan0xC, i just did a quick test, and it seems to work just fine with Node18, so it's probably ok to update, also since Bitwarden stated it was an oversight. For the KDF message we need to probably update the |
|
@BlackDex I've tested by creating a new user with the I don't think that a low kdf iteration counts as having a legacy key. If you do have that you will get a warning once you have logged in but that has already been the case since After looking into it a bit I think that we can't have any users using legacy encryption (as defined here) because vaultwarden has always returned a |
|
added dani-garcia/vaultwarden#3950 for the anonaddy rename. |
|
The 2fa recovery link has been hardcoded to https://vault.bitwarden.com/#/recover-2fa in bitwarden/clients#5779 Should we change it back to the previous help link until bitwarden has fixed this for self-hosted installs? edit: I think linking https://bitwarden.com/help/two-step-recovery-code/#use-your-recovery-code would be better (unless there's an easy way to fix this ourselves) |
|
If that is a current bug then yes, since that will affect our users. |
|
I've also reported it upstream: bitwarden/clients#6487 |
|
@BlackDex when will the release be? |
|
Sorry, totally forgot this hehe :) |
|
Also, this will not mean it will also be included right away in Vaultwarden. |
no problem, I will be able to build my build temporarily and wait for the official release. |
|
The web-vault has been released already. So you can use the one from the releases page |
I mean the VW assembly with the new version, created manually (locally docker .built) for myself so far :) |
New web-vault release: web-v2023.8.3
As far as I've compared the changes between web-v2023.8.2...web-v2023.8.3 the main bug fix seems to be making the client compatible with older servers again (that don't send
hasMasterPasswordif you don't use Bitwardens key connector).