Vaultwarden 1.36.0 patches vulnerabilities
Security fixes
This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.
SSO Login CSRF - [GHSA-pfp2-jhgq-6hg5,](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-pfp2-jhgq-6hg5) [GHSA-w6h6-8r66-hcv7](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-w6h6-8r66-hcv7)
User/Organization Enumeration - [GHSA-hxqh-ff5p-wfr3](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-hxqh-ff5p-wfr3)
SSO existing-user binding - [GHSA-j4j8-gpvj-7fqr](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4j8-gpvj-7fqr)
[GHSA-6x5c-84vm-5j56](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-6x5c-84vm-5j56)
SSRF via Icon Endpoint - [GHSA-72vh-x5jq-m82g](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-72vh-x5jq-m82g)
Some crate's updated and other minor security enhancements
These are private for now, pending CVE assignment.
https://github.com/dani-garcia/vaultwarden/releases/tag/1.36.0
Original Reddit discussion: https://www.reddit.com/r/selfhosted/comments/1t2qd26/vaultwarden_1360_patches_vulnerabilities/
This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.
SSO Login CSRF - [GHSA-pfp2-jhgq-6hg5,](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-pfp2-jhgq-6hg5) [GHSA-w6h6-8r66-hcv7](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-w6h6-8r66-hcv7)
User/Organization Enumeration - [GHSA-hxqh-ff5p-wfr3](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-hxqh-ff5p-wfr3)
SSO existing-user binding - [GHSA-j4j8-gpvj-7fqr](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4j8-gpvj-7fqr)
[GHSA-6x5c-84vm-5j56](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-6x5c-84vm-5j56)
SSRF via Icon Endpoint - [GHSA-72vh-x5jq-m82g](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-72vh-x5jq-m82g)
Some crate's updated and other minor security enhancements
These are private for now, pending CVE assignment.
https://github.com/dani-garcia/vaultwarden/releases/tag/1.36.0
Original Reddit discussion: https://www.reddit.com/r/selfhosted/comments/1t2qd26/vaultwarden_1360_patches_vulnerabilities/