See this post from another website for more context.
Important: Make a backup first, at least one user mentioned the update breaking their install
A new version (1.32.0) of Vaultwarden is out with security fixes:
This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible.
CVE-2024-39924 Fixed via #4715
CVE-2024-39925 Fixed via #4837
CVE-2024-39926 Fixed via #4737
Totally agreed, but there are pros and cons.
File - harder to steal but once stolen hacker can bruteforce it as much as it wants. Web service - with proper rate limits (and additional IP whitelist so you can only sync on VPN/local network) - its harder to bruteforce. (But yes, you (sometimes) have also full copy locally in the local client, but …)
If it was only for me I probably would also go with KeePass as you will not update the same db at the same time, but with with multiple users it’s getting unmanageable.
I just got triggered as those CVEs are not that bad due to the nature that the app encrypts stuff on the client side so web server is more like shared file storage, while your answer suggested to switch to a solution that doesn’t work for a lot of people (as we already tried that).