Security Fixes
This release contains security fixes for the following advisory. We strongly advice to update as soon as possible if you believe it could affect you.
- GHSA-h265-g7rm-h337 (Publication in process, waiting for CVE assignment)
This vulnerability would allow an authenticated attacker that is part of an organization to access items from collections to which the attacker does not belong.
What's Changed
- Fix User API Key login by @BlackDex in #6712
- use email instead of empty name for webauhn by @stefan0xC in #6733
- hide password hints via CSS by @stefan0xC in #6726
- fix email as 2fa with auth requests by @stefan0xC in #6736
- Update crates, web-vault, js, workflows by @BlackDex in #6749
- refactor: improve tooltips in diagnostics page by @tessus in #6765
- Empty AccountKeys when no private key by @Timshel in #6761
- fix error message for purging auth requests by @stefan0xC in #6776
- Misc updates, crates, rust, js, gha, vault by @BlackDex in #6799
- Update crates and web-vault by @BlackDex in #6810
- Fix org-details issue by @BlackDex in #6811
Full Changelog: 1.35.2...1.35.3