this post was submitted on 03 May 2026
54 points (98.2% liked)

Selfhosted

58927 readers
496 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
54
Vaultwarden 1.36.0 patches vulnerabilities (github.com)
submitted 10 hours ago by sanitation@lemmy.radio to c/selfhosted@lemmy.world
5 comments fedilink hide all child comments
 

Security fixes

This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.

SSO Login CSRF - GHSA-pfp2-jhgq-6hg5, GHSA-w6h6-8r66-hcv7
User/Organization Enumeration - GHSA-hxqh-ff5p-wfr3
SSO existing-user binding - GHSA-j4j8-gpvj-7fqr
GHSA-6x5c-84vm-5j56
SSRF via Icon Endpoint - GHSA-72vh-x5jq-m82g
Some crate's updated and other minor security enhancements

These are private for now, pending CVE assignment.

https://github.com/dani-garcia/vaultwarden/releases/tag/1.36.0

Original Reddit discussion: https://www.reddit.com/r/selfhosted/comments/1t2qd26/vaultwarden_1360_patches_vulnerabilities/

top 5 comments
sorted by: hot top controversial new old
[–] excess0680@lemmy.world 1 points 5 minutes ago

Separate from the security fixes, Vaultwarden now lets clients have archiving capabilities. Before this update, I created a separate organization just to archive unused accounts. (Although now I have to deal with “moving” those accounts back to my main collection…)

[–] Natanox@discuss.tchncs.de 5 points 6 hours ago

Uugh, why do I see this at 3 in the morning. Good thing there's Termux.

[–] irmadlad@lemmy.world -1 points 6 hours ago (1 children)

Ooof! I think I have a pretty robust network security deployment. I'm just not convinced 100%, and therefor I am prohibited from deploying any self hosted password manager. Too risky. I know there are 1000s of people who, and kudos to you for being able to sleep at night. Your security must rival the SCIFs.

[–] CameronDev@programming.dev 9 points 4 hours ago (1 children)

What makes you think self hosted password managers are any riskier than a cloud hosted one?

[–] immobile7801@piefed.social 7 points 4 hours ago

Yeah, mines not even exposed to the internet. I'd consider that more secure than cloud based bitwarden.