feat(container): update vaultwarden/server ( 1.32.7 → 1.33.0 )

[renovate]

This PR contains the following updates:

Package	Update	Change
vaultwarden/server	minor	1.32.7 -> 1.33.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

dani-garcia/vaultwarden (vaultwarden/server)

v1.33.0

Compare Source

Security Fixes

This release contains security fixes for the following advisories.
And we strongly advice to update as soon as possible.

• GHSA-f7r5-w49x-gxm3
  This vulnerability is only possible if you do not have an ADMIN_TOKEN configured and open links or pages you should not trust anyway. Ensure you have an ADMIN_TOKEN configured to keep your admin environment save.
• GHSA-h6cc-rc6q-23j4
  This vulnerability is only possible if someone was able to gain access to your Vaultwarden Admin Backend. The attacker could then change some settings to use sendmail as mail agent but adjust the settings in such a way that it would use a shell command. It then also needed to craft a special favicon image which would have the commands embedded to run during for example sending a test email.
• GHSA-j4h8-vch3-f797
  This vulnerability affects all users who have multiple Organizations and users which are able to create a new organization or have admin or owner rights on at least one organization. The attacker does need to know the Organization UUID of the Organization it want's to attack or compromise though.

Notable changes

• Updated web-vault to v2025.1.1
• Added partial manage role support for collections
• Manager role is converted to a Custom role with either Manage All Collections or per collection.
  Admins and Owners probably want to check and verify if the rights are still correct.
• The OCI containers and binaries are signed via GitHub Attestations
  This allows you to verify an OCI image or even the vaultwarden binary located within the OCI image.

These vulnerabilities affects

What's Changed

• Add inline-menu-positioning-improvements feature flag by @​Ephemera42 in https://github.com/dani-garcia/vaultwarden/pull/5313
• Fix issues when uri match is a string by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5332
• Add TOTP delete endpoint by @​Timshel in https://github.com/dani-garcia/vaultwarden/pull/5327
• fix group issue in send_invite by @​stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5321
• Update crates and GHA by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5346
• Refactor the uri match fix and fix ssh-key sync by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5339
• Add partial role support for manager only using web-vault v2024.12.0 by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5219
• Fix issue with key-rotate by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5348
• fix manager role in admin users overview by @​stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5359
• Prevent new users/members to be stored in db when invite fails by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5350
• Update crates and web-vault to v2025.1.0 by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5368
• Allow building with Rust v1.84.0 or newer by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5371
• rename membership and adopt newtype pattern by @​stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5320
• build: raise msrv (1.83.0) rust toolchain (1.84.0) by @​tessus in https://github.com/dani-garcia/vaultwarden/pull/5374
• Fix an issue with login with device by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5379
• refactor: replace static with const for global constants by @​Integral-Tech in https://github.com/dani-garcia/vaultwarden/pull/5260
• Add Attestations for containers and artifacts by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5378
• Fix version detection on bake by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5382
• Simplify container image attestation by @​dfunkt in https://github.com/dani-garcia/vaultwarden/pull/5387
• improve admin invite by @​stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5403
• Add manage role for collections and groups by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5386
• update web-vault to v2025.1.1 and add /api/devices by @​stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5422
• Security fixes by @​BlackDex in https://github.com/dani-garcia/vaultwarden/pull/5438
• only validate SMTP_FROM if necessary by @​stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/5442

New Contributors

• @​Ephemera42 made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5313
• @​Integral-Tech made their first contribution in https://github.com/dani-garcia/vaultwarden/pull/5260

Full Changelog: dani-garcia/vaultwarden@1.32.7...1.33.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.