On Fri, 14 Feb 2025 16:18:54 +0100, Theo Buehler <t...@theobuehler.org> wrote: > > On Fri, Feb 14, 2025 at 04:13:12PM +0100, Kirill A. Korinsky wrote: > > On Fri, 14 Feb 2025 06:44:59 +0100, > > Bjorn Ketelaars <b...@openbsd.org> wrote: > > > > > > Simple diff for bringing vaultwarden to 1.33.2. Changes [0]: > > > - Update workflows and enhance security > > > - Update crates & fix CVE-2025-24898 > > > - add bulk-access endpoint for collections > > > - Fix icon redirect not working on desktop > > > - Show assigned collections on member edit > > > > > > Build- and run-tested on amd64 current. > > > > > > OK? > > > > > > > Thanks for update, OK kirill@ > > > > I also had backported it to 7.6 as: > > Is it really necessary to backport this? Nothing in the vaultwarden > directory calls select_next_proto() so CVE-2025-24898 is a non-issue. >
Good point. I hadn't checked the code base and made an assumption that they won't just point in changelog some CVE which aren't related. But they did. Heh. -- wbr, Kirill
