See this post from another website for more context.
Important: Make a backup first, at least one user mentioned the update breaking their install
A new version (1.32.0) of Vaultwarden is out with security fixes:
This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible.
CVE-2024-39924 Fixed via #4715
CVE-2024-39925 Fixed via #4837
CVE-2024-39926 Fixed via #4737
syncthing also relies on a web server for device discovery, it’s just that you’re probably using someone else’s server instead of hosting your own.
Correct me if I’m wrong, but I also think that Vaultwarden itself doesn’t have access to the unencrypted password database. In that sense it’s E2EE similar to KeePass, the only difference being that KeePass is a desktop app and Vaultwarden a web app.
You can use Syncthing without relays or discovery servers.
The syncthing server only gives metadata (no files, only IPs) between the devices, so they can connect to each other. And it’s self-hostable.