1.16.1

• Log timestamps with milliseconds by default and added option LOG_TIMESTAMP_FORMAT to customize the format
• Added back arm32v6 tag in docker images, because docker doesn't select the architecture correctly from the multiarch image (#1064)

This release is also using docker multiarch images, check the Wiki page or the 1.16.0 release notes for info on how to migrate to it.

1.16.0

New docker multiarch support, please read the following if you use the docker images:

The docker images have been modified to make use of the multiarch support, which means there's no need to use architecture specific tags anymore, and those will not be updated in the future.

Make sure you update your images correctly following the table at the end!

Changelog

• Add support for hiding passwords in a collection
• Allow postgres:// DATABASE_URL
• Add option to set name during HELO in email settings
• Add startup script to support init operations
• Use local time in email notifications for new device logins
• Updated dependencies and included web vault
• Removed unstable dependencies in preparation for rocket stable
• Docker multiarch support

Docker multiarch transition guide

Old	New	Comments
bitwardenrs/server	bitwardenrs/server:testing	This follows the latest commits to the repository. Should be pretty stable for most use cases.
bitwardenrs/server:latest
bitwardenrs/server:raspberry
bitwardenrs/server:armv6
bitwardenrs/server:aarch64
bitwardenrs/server:1.xx.x	bitwardenrs/server:latest	This follows the latest tagged release, a bit older than testing but a bit more stable as well. Can also use bitwardenrs/server:1.xx.x for a specific version (without the arch tag), but make sure to check for updates frequently.
bitwardenrs/server:1.xx.x-raspberry
bitwardenrs/server:1.xx.x-armv6
bitwardenrs/server:1.xx.x-aarch64
bitwardenrs/server:alpine	bitwardenrs/server:testing-alpine	Like the new bitwardenrs/server:testing, uses Alpine base.
bitwardenrs/server:1.xx.x-alpine	bitwardenrs/server:alpine	Like the new bitwardenrs/server:latest, uses Alpine base. Can also use bitwardenrs/server:1.xx.x-alpine for a specific version (without the arch tag), but make sure to check for updates frequently.
bitwardenrs/server-[mysql,postgres]	bitwardenrs/server-[mysql,postgres]:testing	Like the new bitwardenrs/server:testing, for the MySQL and Postgres databases.
bitwardenrs/server-[mysql,postgres]:latest
bitwardenrs/server-[mysql,postgres]:1.xx.xx	bitwardenrs/server-[mysql,postgres]:latest	Like the new bitwardenrs/server:latest, for the MySQL and Postgres databases. Can also use bitwardenrs/server-[mysql,postgres]:1.xx.x for a specific version, but make sure to check for updates frequently.

1.15.1

• Fixed error when cloning attachments with ciphers, note that attachments are not cloned
• Fixed version check when a commit hasn't been made since the last release
• Added openssl extern crate to fix some builds
• Updated admin page, added attachments count per user and users count per organization and fixed issue with DNS not resolving

1.15.0

IMPORTANT: This is a required update when using newer clients, otherwise the delete functionality won't work

• Added support for soft deletion of items (trash functionality)
• Redesigned admin page:
• Separated into multiple pages
  • Icon to indicate users verified emails, and counter of the number of items they have
  • Added diagnostics page
• Updated web vault to 2.14
• Added IP address to the logs on TOTP failure, alowing fail2ban use
• Some email and domain whitelist fixes
• Fixed issue deleting notes in PostgreSQL
• Updated dependencies and other bug fixes

1.14.2

• Fixed bug with sync error in mobile clients.
• Update web vault to 2.13.2.
• Fix websockets missing id.
• Improvements to docker health check, including subdirectory support.
• Allow changing the build version with BWRS_VERSION env variable during cargo build.
• Other dependency updates and bug fixes.

1.14.1

• Added support for organization policies
• Added support for cloning ciphers
• Update web vault to version 2.13
• Allow the SMTP login mechanism to be provided without quotes or initial uppercase
• Updated dependencies
• Make panics loggable
• Fix errors when importing into an org or accepting invites

1.14

• Added support for running on subpath, simply add the subpath to the DOMAIN variable: DOMAIN=https://example.com/custom-path
• Attachment size limits, per-user and per-organization, set USER_ATTACHMENT_LIMIT or ORG_ATTACHMENT_LIMIT to a value in kilobytes to apply it.
• Updated U2F library which might solve some U2F certificate errors.
• Added SMTP test button in the admin page.
• Use web vault built by docker autobuild, using the hash to reference the image for extra security

---

• Now accepting y/n, True/False, 1/0 as config options that are booleans.
• Fixed error Unique constraint violation when using Two Factor and Postgres.
• Fixed error with can_signup_user that didn't allow to change the email address.
• Don't error if admin token is empty but disabled
• Now email domains are converted to punycode before sending
• Enable icons to be cached in the clients
• Added option to change invitation org name
• Enabled the sending of invitations from the admin panel, even when disabled
• Dependency updates

1.13.1

• New collapsed log messaging, filtering the useless stuff like static file accesses and removing duplicate error messages. To get a more complete logging, use a LOG_LEVEL value of debug or trace.
• Fix crash when cipher page points to huge file
• Addded config option to change client IP header, IP_HEADER, by default it's X-Client-IP for backwards compat reasons.
• Printed current server time when failing TOTP, for easy debugging
• Protected websockets server against panics
• Add a logout button on the admin page
• Add endpoint to delete specific U2F key
• Updated dependencies

1.13.0

• Implemented email verification, to disable users until the email is verified you can use SIGNUPS_VERIFY=true, default is false. There are also options to change the options for verification mail resending, check the .env.template file.
• Also implemented welcome email, change email confirmation and account deletion confirmation.
• Modified icon parsing to accept favicons using DataURLs
• Updated dependencies

1.12.0

• Improved error message when HIBP key is not set, include a link to the page.
• Added check for both the previous and next timeslots in TOTP, which is more forgiving of time mismatches (1.5 minutes now vs 30 seconds before), can be disabled setting AUTHENTICATOR_DISABLE_TIME_DRIFT=true.
• Made the domain icon blacklist be cached, improving performance.
• Recovery codes are now generated when adding email and Duo 2FA.
• Removed MySQL libraries from SQLite images.
• Added configurable SMTP timeout, and reduced the default to 15 seconds.
• Updated images to be able to be built with Podman.
• Added option to allow signups from specific domains only (SIGNUPS_DOMAINS_WHITELIST=domain.com,example.org).
• Updated web vault to fix twofactorauth.org integration.
• Updated dependencies