Set "Bypass admin page security" as read-only #1909

New Issue

MrUnknownDE · 2026-04-06T02:39:30+02:00

MrUnknownDE commented

2026-04-06 02:39:30 +02:00

Originally created by @BlackDex on 11/14/2022

It was possible to disable the admin security via the admin interface. This is kinda insecure as mentioned in #2761.

This PR set this value as read-only and admin's need to set the correct ENV variable. Currently saved settings which do override this are still valid though. If an admin want's this removed, they either need to reset the config, or change the value in the config.json file.

Fixes #2761

*Originally created by @BlackDex on 11/14/2022* It was possible to disable the admin security via the admin interface. This is kinda insecure as mentioned in #2761. This PR set this value as read-only and admin's need to set the correct ENV variable. Currently saved settings which do override this are still valid though. If an admin want's this removed, they either need to reset the config, or change the value in the `config.json` file. Fixes #2761

MrUnknownDE closed this issue

2026-04-06 02:39:30 +02:00

MrUnknownDE referenced this issue

2026-04-06 03:33:21 +02:00

Fix limitation on sharing ciphers with attachments #2377

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1909