Notable changes
- Implemented support for SSO with OpenID Connect, https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect
- Updated web vault to 2025.12.0
- Added support for future mobile apps with versions 2026.1.0+
- This is the first vaultwarden release using immutable releases and release attestation!
What's Changed
- Fix multi delete slowdown by @BlackDex in #6144
- Perform same checks when setting kdf by @Timshel in #6141
- SSO using OpenID Connect by @Timshel in #3899
- Delete SSO.md by @dani-garcia in #6152
- Update webauthn-rs to 0.5.x by @zUnixorn in #5934
- a little cleanup after SSO merge by @stefan0xC in #6153
- Fix link to point to the wiki by @Timshel in #6157
- Fix Email 2FA for mobile apps by @dfunkt in #6156
- Update Rust to 1.89.0 by @dfunkt in #6150
- Fix several more multi select push issues by @BlackDex in #6151
- Fix minor typo by @ncguk in #6165
- Update crates, fixes some yanked crates by @BlackDex in #6167
- Fix WebauthN issue with Software Keys by @BlackDex in #6168
- Fix Playwright test conf and update deps by @Timshel in #6176
- Misc updates by @BlackDex in #6185
- fix typo in description of helo_name by @Flottegurke in #6194
- Fix Playwright by @Timshel in #6206
- Switch to GHA's concurrency control by @dfunkt in #6164
- Make database connection pool dynamic by @Samoth69 in #6166
- Re-add
ifcheck to release workflow by @dfunkt in #6227 - Fix Webauthn/Passkey 2FA migration/validation issues by @BlackDex in #6190
- refactor(config): update template, add validation by @tessus in #6229
- Show SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION in admin by @Timshel in #6235
- Update crates, gha and web-vault by @BlackDex in #6234
- Fix panic around sso_master_password_policy by @Timshel in #6233
- make webauthn more optional by @stefan0xC in #6160
- Fix 2fa recovery endpoint by @BlackDex in #6240
- update trivy-action to v0.33.0 by @stefan0xC in #6248
- update web vault to v2025.9.1 and allow new policy by @stefan0xC in #6340
- prevent changing collections when hide_passwords is true by @stefan0xC in #6278
- Fix
sso_userdropped onUser::saveby @Timshel in #6262 - Change OIDC dummy identifier by @Timshel in #6263
- add new billing warnings endpoint by @stefan0xC in #6369
- Add auth_request pending endpoint by @Timshel in #6368
- Fix Org identifier by @Timshel in #6364
- add mail address change warning for invited accounts by @stefan0xC in #6377
- add missing media-src directive by @stefan0xC in #6381
- add seat limit for the invite dialog by @stefan0xC in #6371
- [Playwright] Improvements around node by @Timshel in #6321
- Use Diesels MultiConnections Derive by @BlackDex in #6279
- Improve protected actions by @dani-garcia in #6411
- Fix issue with key-rotation and emergency-access by @BlackDex in #6421
- Optimizations and build speedup by @BlackDex in #6339
- Use an older version of mariadb to prevent a panic by @BlackDex in #6453
- Playwright against abitrary web-vault by @Timshel in #6380
- Fix KDF Change with new web-vault by @BlackDex in #6458
- Fix: admin theme emoji alignment by @joepduin in #6459
- remove invalid emergency access dummy value by @stefan0xC in #6463
- Add
pm-25373-windows-biometrics-v2feature flag by @Ephemera42 in #6468 - Switch to multiple runners per arch by @dfunkt in #6472
- Fix icon redirect caching by @BlackDex in #6487
- Fix around singleorg policy by @Timshel in #6247
- fix email as 2fa provider by @stefan0xC in #6473
- Update crates and Rust version by @BlackDex in #6485
- Add option to prefer IPv6 resolving by @BlackDex in #6494
- Some small admin js/css updates by @BlackDex in #6501
- Update crates and workflows and some fixes by @BlackDex in #6508
- Fixed a typo in the default TTL value by @k725 in #6528
- Iterate over tags on release by @Timshel in #6518
- Org.put_policy type not in body anymore by @Timshel in #6514
- Android want response property in camelCase by @Timshel in #6513
- Fix admin invite with SSO by @Timshel in #6498
- Improve sso auth flow by @Timshel in #6205
- fix email as 2fa for sso by @stefan0xC in #6495
- Fix release workflow by @BlackDex in #6532
- Further fixes for the release workflow by @dfunkt in #6533
- add empty /api/tasks endpoint by @stefan0xC in #6557
- Revert to gzip compression by @dfunkt in #6566
- support UriMatchDefaults policy by @stefan0xC in #6570
- Add new accountKeys and masterPasswordUnlock fields by @dani-garcia in #6572
- Update crates and Rust by @BlackDex in #6551
- Add UserDecryption on /sync too by @dani-garcia in #6574
- Update web-vault to v2025.12.0 by @BlackDex in #6577
- Fix posting cipher with readonly collections by @BlackDex in #6578
- Update crates by @BlackDex in #6585
- Simplify binary extraction by @dfunkt in #6554
- Remove unnecessary output sharing between jobs by @dfunkt in #6555
- Add wrapped named variants to UserDecryptionOptions by @dani-garcia in #6598
New Contributors
- @zUnixorn made their first contribution in #5934
- @ncguk made their first contribution in #6165
- @Flottegurke made their first contribution in #6194
- @Samoth69 made their first contribution in #6166
- @joepduin made their first contribution in #6459
- @k725 made their first contribution in #6528
Full Changelog: 1.34.3...1.35.0