During a penetration test for a customer, we briefly assessed Vaultwarden, an open-source online password safe. In June 2024, the German Federal Office for Information Security (BSI) published results1 of a static and dynamic test of the Vaultwarden server component. Therefore, only a partial source code audit was performed during our assessment. However, a quick look was needed to find some g ...
Hopefully, it was previously announced to update as soon as possible before disclosing the vulnerabilty. Good job by security experts and Vaultwarden team!
Yes it was, the release notes explicitly specify it for 1.32.4 and 1.32.5