topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2940 Commits
3 Branches
77 Tags
20 MiB
 
 
 
 
 
 
Tree: 101d9aefa3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '101d9aefa3'
${ noResults }
vaultwarden/.github/PR_BODY_UPDATE-2.md

1.0 KiB
Raw Blame History

Temporary license allowlist: MPL-2.0 and CDLA-Permissive-2.0 were added to deny.toml on branch experiment/webauthn-upgrade to unblock CI while coordinated upgrades/replacements are attempted. This is timeboxed and tracked in issues/FEASIBILITY-WEBAUTHN-WEBPKI.md and issues/TRACK-2025-11-09-RSA-PASTE.md. See the experiment artifacts in docker/audit/output/.

Tasks

  • Owner: Security lead — confirm timebox and approve temporary allowlist (by 2025-11-17)
  • Owner: Maintainer — attempt webauthn-rs upgrade or replacement; report feasibility (see issues/FEASIBILITY-WEBAUTHN-WEBPKI.md)
  • Owner: Maintainer — coordinate reqwest/hyper-rustls/openidconnect upgrades to remove webpki-roots (see docker/audit/output/* and reqwest/webpki trees)
  • Owner: Maintainer — verify cargo-deny clean runs on CI after each change
  • Owner: Maintainer — remove temporary allowlist and update deny.toml when all issues resolved

Triage summary

See issues/LICENSE-TRIAGE-2025-11-10.md for a short summary of the top offenders and remediation options.