Security Fixes

This release contains security fixes for the following advisory. We strongly advice to update as soon as possible if you believe it could affect you.

• GHSA-h265-g7rm-h337 (Publication in process, waiting for CVE assignment) This vulnerability would allow an authenticated attacker that is part of an organization to access items from collections to which the attacker does not belong.

What’s Changed

• Fix User API Key login by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6712
• use email instead of empty name for webauhn by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6733
• hide password hints via CSS by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6726
• fix email as 2fa with auth requests by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6736
• Update crates, web-vault, js, workflows by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6749
• refactor: improve tooltips in diagnostics page by @tessus in https://github.com/dani-garcia/vaultwarden/pull/6765
• Empty AccountKeys when no private key by @Timshel in https://github.com/dani-garcia/vaultwarden/pull/6761
• fix error message for purging auth requests by @stefan0xC in https://github.com/dani-garcia/vaultwarden/pull/6776
• Misc updates, crates, rust, js, gha, vault by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6799
• Update crates and web-vault by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6810
• Fix org-details issue by @BlackDex in https://github.com/dani-garcia/vaultwarden/pull/6811

Full Changelog: https://github.com/dani-garcia/vaultwarden/compare/1.35.2…1.35.3