Merge pull request #3659 from BlackDex/fix-org-creation

Fix org creation regresion
2025-09-10 18:55:57 +03:00 · 2023-07-06 10:39:59 +02:00 · 2023-07-06 10:14:04 +02:00 · 2023-07-05 18:45:08 +02:00 · 2023-07-04 18:08:52 -04:00 · 2023-07-04 20:56:05 +02:00
190 changed files with 24197 additions and 12782 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -3,13 +3,18 @@ target
 # Data folder
 data
 # Misc
 .env
 .env.template
 .gitattributes
 .gitignore
 rustfmt.toml
 # IDE files
 .vscode
 .idea
 .editorconfig
 *.iml
 # Documentation
@@ -19,9 +24,17 @@ data
 *.yml
 *.yaml
-# Docker folders
+# Docker
 hooks
 tools
 Dockerfile
 .dockerignore
 docker/**
 !docker/healthcheck.sh
 !docker/start.sh
 # Web vault
 web-vault
 # Vaultwarden Resources
 resources
--- a/.env.template
+++ b/.env.template
@@ -1,8 +1,14 @@
 # shellcheck disable=SC2034,SC2148
 ## Vaultwarden Configuration File
 ## Uncomment any of the following lines to change the defaults
 ##
 ## Be aware that most of these settings will be overridden if they were changed
 ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
 ##
 ## By default, Vaultwarden expects for this file to be named ".env" and located
 ## in the current working directory. If this is not the case, the environment
 ## variable ENV_FILE can be set to the location of this file prior to starting
 ## Vaultwarden.
 ## Main data folder
 # DATA_FOLDER=data
@@ -24,11 +30,21 @@
 ## Define the size of the connection pool used for connecting to the database.
 # DATABASE_MAX_CONNS=10
 ## Database connection initialization
 ## Allows SQL statements to be run whenever a new database connection is created.
 ## This is mainly useful for connection-scoped pragmas.
 ## If empty, a database-specific default is used:
 ## - SQLite: "PRAGMA busy_timeout = 5000; PRAGMA synchronous = NORMAL;"
 ## - MySQL: ""
 ## - PostgreSQL: ""
 # DATABASE_CONN_INIT=""
 ## Individual folders, these override %DATA_FOLDER%
 # RSA_KEY_FILENAME=data/rsa_key
 # ICON_CACHE_FOLDER=data/icon_cache
 # ATTACHMENTS_FOLDER=data/attachments
 # SENDS_FOLDER=data/sends
 # TMP_FOLDER=data/tmp
 ## Templates data folder, by default uses embedded templates
 ## Check source code to see the format
@@ -56,6 +72,13 @@
 # WEBSOCKET_ADDRESS=0.0.0.0
 # WEBSOCKET_PORT=3012
 ## Enables push notifications (requires key and id from https://bitwarden.com/host)
 # PUSH_ENABLED=true
 # PUSH_INSTALLATION_ID=CHANGEME
 # PUSH_INSTALLATION_KEY=CHANGEME
 ## Don't change this unless you know what you're doing.
 # PUSH_RELAY_BASE_URI=https://push.bitwarden.com
 ## Controls whether users are allowed to create Bitwarden Sends.
 ## This setting applies globally to all users.
 ## To control this on a per-org basis instead, use the "Disable Send" org policy.
@@ -65,11 +88,34 @@
 ## This setting applies globally to all users.
 # EMERGENCY_ACCESS_ALLOWED=true
 ## Controls whether event logging is enabled for organizations
 ## This setting applies to organizations.
 ## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings.
 # ORG_EVENTS_ENABLED=false
 ## Number of days to retain events stored in the database.
 ## If unset (the default), events are kept indefinitely and the scheduled job is disabled!
 # EVENTS_DAYS_RETAIN=
 ## BETA FEATURE: Groups
 ## Controls whether group support is enabled for organizations
 ## This setting applies to organizations.
 ## Disabled by default because this is a beta feature, it contains known issues!
 ## KNOW WHAT YOU ARE DOING!
 # ORG_GROUPS_ENABLED=false
 ## Job scheduler settings
 ##
 ## Job schedules use a cron-like syntax (as parsed by https://crates.io/crates/cron),
 ## and are always in terms of UTC time (regardless of your local time zone settings).
 ##
 ## The schedule format is a bit different from crontab as crontab does not contains seconds.
 ## You can test the the format here: https://crontab.guru, but remove the first digit!
 ## SEC  MIN   HOUR   DAY OF MONTH    MONTH   DAY OF WEEK
 ## "0   30   9,12,15     1,15       May-Aug  Mon,Wed,Fri"
 ## "0   30     *          *            *          *     "
 ## "0   30     1          *            *          *     "
 ##
 ## How often (in ms) the job scheduler thread checks for jobs that need running.
 ## Set to 0 to globally disable scheduled jobs.
 # JOB_POLL_INTERVAL_MS=30000
@@ -87,12 +133,16 @@
 # INCOMPLETE_2FA_SCHEDULE="30 * * * * *"
 ##
 ## Cron schedule of the job that sends expiration reminders to emergency access grantors.
-## Defaults to hourly (5 minutes after the hour). Set blank to disable this job.
+## Defaults to hourly (3 minutes after the hour). Set blank to disable this job.
-# EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE="0 5 * * * *"
+# EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE="0 3 * * * *"
 ##
 ## Cron schedule of the job that grants emergency access requests that have met the required wait time.
-## Defaults to hourly (5 minutes after the hour). Set blank to disable this job.
+## Defaults to hourly (7 minutes after the hour). Set blank to disable this job.
-# EMERGENCY_REQUEST_TIMEOUT_SCHEDULE="0 5 * * * *"
+# EMERGENCY_REQUEST_TIMEOUT_SCHEDULE="0 7 * * * *"
 ##
 ## Cron schedule of the job that cleans old events from the event table.
 ## Defaults to daily. Set blank to disable this job. Also without EVENTS_DAYS_RETAIN set, this job will not start.
 # EVENT_CLEANUP_SCHEDULE="0 10 0 * * *"
 ## Enable extended logging, which shows timestamps and targets in the logs
 # EXTENDED_LOGGING=true
@@ -102,12 +152,10 @@
 # LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f"
 ## Logging to file
 ## It's recommended to also set 'ROCKET_CLI_COLORS=off'
 # LOG_FILE=/path/to/log
 ## Logging to Syslog
 ## This requires extended logging
 ## It's recommended to also set 'ROCKET_CLI_COLORS=off'
 # USE_SYSLOG=false
 ## Log level
@@ -120,7 +168,7 @@
 ## Enable WAL for the DB
 ## Set to false to avoid enabling WAL during startup.
 ## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
-## this setting only prevents vaultwarden from automatically enabling it on start.
+## this setting only prevents Vaultwarden from automatically enabling it on start.
 ## Please read project wiki page about this setting first before changing the value as it can
 ## cause performance degradation or might render the service unable to start.
 # ENABLE_DB_WAL=true
@@ -218,9 +266,15 @@
 ## A comma-separated list means only those users can create orgs:
 # ORG_CREATION_USERS=admin1@example.com,admin2@example.com
-## Token for the admin interface, preferably use a long random string
+## Token for the admin interface, preferably an Argon2 PCH string
-## One option is to use 'openssl rand -base64 48'
+## Vaultwarden has a built-in generator by calling `vaultwarden hash`
 ## For details see: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
 ## If not set, the admin panel is disabled
 ## New Argon2 PHC string
 ## Note that for some environments, like docker-compose you need to escape all the dollar signs `$` with an extra dollar sign like `$$`
 ## Also, use single quotes (') instead of double quotes (") to enclose the string when needed
 # ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78'
 ## Old plain text string (Will generate warnings in favor of Argon2)
 # ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
 ## Enable this to bypass the admin panel security. This option is only
@@ -232,6 +286,10 @@
 ## Name shown in the invitation emails that don't come from a specific organization
 # INVITATION_ORG_NAME=Vaultwarden
 ## The number of hours after which an organization invite token, emergency access invite token,
 ## email verification token and deletion request token will expire (must be at least 1)
 # INVITATION_EXPIRATION_HOURS=120
 ## Per-organization attachment storage limit (KB)
 ## Max kilobytes of attachment storage allowed per organization.
 ## When this limit is reached, organization members will not be allowed to upload further attachments for ciphers owned by that organization.
@@ -253,9 +311,12 @@
 ## This setting applies globally to all users.
 # INCOMPLETE_2FA_TIME_LIMIT=3
-## Controls the PBBKDF password iterations to apply on the server
+## Number of server-side passwords hashing iterations for the password hash.
-## The change only applies when the password is changed
+## The default for new users. If changed, it will be updated during login for existing users.
-# PASSWORD_ITERATIONS=100000
+# PASSWORD_ITERATIONS=350000
 ## Controls whether users can set password hints. This setting applies globally to all users.
 # PASSWORD_HINTS_ALLOWED=true
 ## Controls whether a password hint should be shown directly in the web page if
 ## SMTP service is not configured. Not recommended for publicly-accessible instances
@@ -267,7 +328,7 @@
 ## It's recommended to configure this value, otherwise certain functionality might not work,
 ## like attachment downloads, email links and U2F.
 ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
-# DOMAIN=https://bw.domain.tld:8443
+# DOMAIN=https://vw.domain.tld:8443
 ## Allowed iframe ancestors (Know the risks!)
 ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
@@ -282,11 +343,14 @@
 ## Note that this applies to both the login and the 2FA, so it's recommended to allow a burst size of at least 2.
 # LOGIN_RATELIMIT_MAX_BURST=10
-## Number of seconds, on average, between admin requests from the same IP address before rate limiting kicks in.
+## Number of seconds, on average, between admin login requests from the same IP address before rate limiting kicks in.
 # ADMIN_RATELIMIT_SECONDS=300
 ## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
 # ADMIN_RATELIMIT_MAX_BURST=3
 ## Set the lifetime of admin sessions to this value (in minutes).
 # ADMIN_SESSION_LIFETIME=20
 ## Yubico (Yubikey) Settings
 ## Set your Client ID and Secret Key for Yubikey OTP
 ## You can generate it here: https://upgrade.yubico.com/getapikey/
@@ -325,19 +389,23 @@
 # ROCKET_WORKERS=10
 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
-## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
+## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service.
 ## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
 ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
 # SMTP_HOST=smtp.domain.tld
 # SMTP_FROM=vaultwarden@domain.tld
 # SMTP_FROM_NAME=Vaultwarden
-# SMTP_PORT=587          # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and used with Implicit TLS.
+# SMTP_SECURITY=starttls # ("starttls", "force_tls", "off") Enable a secure connection. Default is "starttls" (Explicit - ports 587 or 25), "force_tls" (Implicit - port 465) or "off", no encryption (port 25)
-# SMTP_SSL=true          # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true. Either port 587 or 25 are default.
+# SMTP_PORT=587          # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS).
 # SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. Usually port 465 is used here.
 # SMTP_USERNAME=username
 # SMTP_PASSWORD=password
 # SMTP_TIMEOUT=15
 # Whether to send mail via the `sendmail` command
 # USE_SENDMAIL=false
 # Which sendmail command to use. The one found in the $PATH is used if not specified.
 # SENDMAIL_COMMAND="/path/to/sendmail"
 ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
 ## Possible values: ["Plain", "Login", "Xoauth2"].
 ## Multiple options need to be separated by a comma ','.
@@ -348,6 +416,9 @@
 ## but might need to be changed in case it trips some anti-spam filters
 # HELO_NAME=
 ## Embed images as email attachments
 # SMTP_EMBED_IMAGES=false
 ## SMTP debugging
 ## When set to true this will output very detailed SMTP messages.
 ## WARNING: This could contain sensitive information like passwords and usernames! Only enable this during troubleshooting!
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,2 +1,3 @@
 github: dani-garcia
 liberapay: dani-garcia
 custom: ["https://paypal.me/DaniGG"]
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,8 +8,9 @@ on:
      - "migrations/**"
      - "Cargo.*"
      - "build.rs"
      - "diesel.toml"
      - "rust-toolchain"
      - "rustfmt.toml"
      - "diesel.toml"
  pull_request:
    paths:
      - ".github/workflows/build.yml"
@@ -17,131 +18,185 @@ on:
      - "migrations/**"
      - "Cargo.*"
      - "build.rs"
      - "diesel.toml"
      - "rust-toolchain"
      - "rustfmt.toml"
      - "diesel.toml"
 jobs:
  build:
    runs-on: ubuntu-20.04
    timeout-minutes: 120
    # Make warnings errors, this is to prevent warnings slipping through.
    # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes.
    env:
      RUSTFLAGS: "-D warnings"
      CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
    strategy:
      fail-fast: false
      matrix:
        channel:
-          - nightly
+          - "rust-toolchain" # The version defined in rust-toolchain
-        target-triple:
+          - "msrv" # The supported MSRV
-          - x86_64-unknown-linux-gnu
+
-        include:
+    name: Build and Test ${{ matrix.channel }}
          - target-triple: x86_64-unknown-linux-gnu
            host-triple: x86_64-unknown-linux-gnu
            features: [sqlite,mysql,postgresql] # Remember to update the `cargo test` to match the amount of features
            channel: nightly
            os: ubuntu-20.04
            ext: ""
    name: Building ${{ matrix.channel }}-${{ matrix.target-triple }}
    runs-on: ${{ matrix.os }}
    steps:
      # Checkout the repo
-      - name: Checkout
+      - name: "Checkout"
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      # End Checkout the repo
      # Install musl-tools when needed
      - name: Install musl tools
        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends musl-dev musl-tools cmake
        if: matrix.target-triple == 'x86_64-unknown-linux-musl'
      # End Install musl-tools when needed
      # Install dependencies
-      - name: Install dependencies Ubuntu
+      - name: "Install dependencies Ubuntu"
-        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl sqlite build-essential libmariadb-dev-compat libpq-dev libssl-dev pkgconf
+        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl sqlite build-essential libmariadb-dev-compat libpq-dev libssl-dev pkg-config
        if: startsWith( matrix.os, 'ubuntu' )
      # End Install dependencies
-      # Enable Rust Caching
+      # Determine rust-toolchain version
-      - uses: Swatinem/rust-cache@842ef286fff290e445b90b4002cc9807c3669641 # v1.3.0
+      - name: Init Variables
-      # End Enable Rust Caching
+        id: toolchain
        shell: bash
        run: |
          if [[ "${{ matrix.channel }}" == 'rust-toolchain' ]]; then
            RUST_TOOLCHAIN="$(cat rust-toolchain)"
          elif [[ "${{ matrix.channel }}" == 'msrv' ]]; then
            RUST_TOOLCHAIN="$(grep -oP 'rust-version.*"(\K.*?)(?=")' Cargo.toml)"
          else
            RUST_TOOLCHAIN="${{ matrix.channel }}"
          fi
          echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}"
      # End Determine rust-toolchain version
-      # Uses the rust-toolchain file to determine version
+      # Only install the clippy and rustfmt components on the default rust-toolchain
-      - name: 'Install ${{ matrix.channel }}-${{ matrix.host-triple }} for target: ${{ matrix.target-triple }}'
+      - name: "Install rust-toolchain version"
-        uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6
+        uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d # master @ 2023-03-28 - 06:32 GMT+2
        if: ${{ matrix.channel == 'rust-toolchain' }}
        with:
-          profile: minimal
+          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
          target: ${{ matrix.target-triple }}
          components: clippy, rustfmt
      # End Uses the rust-toolchain file to determine version
      # Install the any other channel to be used for which we do not execute clippy and rustfmt
      - name: "Install MSRV version"
        uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d # master @ 2023-03-28 - 06:32 GMT+2
        if: ${{ matrix.channel != 'rust-toolchain' }}
        with:
          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
      # End Install the MSRV channel to be used
      # Enable Rust Caching
      - uses: Swatinem/rust-cache@2656b87321093db1cb55fbd73183d195214fdfd1 # v2.5.0
      # End Enable Rust Caching
      # Show environment
      - name: "Show environment"
        run: |
          rustc -vV
          cargo -vV
      # End Show environment
      # Run cargo tests (In release mode to speed up future builds)
      # First test all features together, afterwards test them separately.
-      - name: "`cargo test --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }}`"
+      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
-        uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1
+        id: test_sqlite_mysql_postgresql_mimalloc
-        with:
+        if: $${{ always() }}
-          command: test
+        run: |
-          args: --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }}
+          cargo test --release --features sqlite,mysql,postgresql,enable_mimalloc
-      # Test single features
+
-      # 0: sqlite
+      - name: "test features: sqlite,mysql,postgresql"
-      - name: "`cargo test --release --features ${{ matrix.features[0] }} --target ${{ matrix.target-triple }}`"
+        id: test_sqlite_mysql_postgresql
-        uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1
+        if: $${{ always() }}
-        with:
+        run: |
-          command: test
+          cargo test --release --features sqlite,mysql,postgresql
-          args: --release --features ${{ matrix.features[0] }} --target ${{ matrix.target-triple }}
+
-        if: ${{ matrix.features[0] != '' }}
+      - name: "test features: sqlite"
-      # 1: mysql
+        id: test_sqlite
-      - name: "`cargo test --release --features ${{ matrix.features[1] }} --target ${{ matrix.target-triple }}`"
+        if: $${{ always() }}
-        uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1
+        run: |
-        with:
+          cargo test --release --features sqlite
-          command: test
+
-          args: --release --features ${{ matrix.features[1] }} --target ${{ matrix.target-triple }}
+      - name: "test features: mysql"
-        if: ${{ matrix.features[1] != '' }}
+        id: test_mysql
-      # 2: postgresql
+        if: $${{ always() }}
-      - name: "`cargo test --release --features ${{ matrix.features[2] }} --target ${{ matrix.target-triple }}`"
+        run: |
-        uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1
+          cargo test --release --features mysql
-        with:
+
-          command: test
+      - name: "test features: postgresql"
-          args: --release --features ${{ matrix.features[2] }} --target ${{ matrix.target-triple }}
+        id: test_postgresql
-        if: ${{ matrix.features[2] != '' }}
+        if: $${{ always() }}
        run: |
          cargo test --release --features postgresql
      # End Run cargo tests
      # Run cargo clippy, and fail on warnings (In release mode to speed up future builds)
-      - name: "`cargo clippy --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }}`"
+      - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc"
-        uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1
+        id: clippy
-        with:
+        if: ${{ always() && matrix.channel == 'rust-toolchain' }}
-          command: clippy
+        run: |
-          args: --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }} -- -D warnings
+          cargo clippy --release --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
      # End Run cargo clippy
-      # Run cargo fmt
+      # Run cargo fmt (Only run on rust-toolchain defined version)
-      - name: '`cargo fmt`'
+      - name: "check formatting"
-        uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1
+        id: formatting
-        with:
+        if: ${{ always() && matrix.channel == 'rust-toolchain' }}
-          command: fmt
+        run: |
-          args: --all -- --check
+          cargo fmt --all -- --check
      # End Run cargo fmt
-      # Build the binary
+      # Check for any previous failures, if there are stop, else continue.
-      - name: "`cargo build --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }}`"
+      # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
-        uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1
+      - name: "Some checks failed"
-        with:
+        if: ${{ failure() }}
-          command: build
+        run: |
-          args: --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }}
+          echo "### :x: Checks Failed!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "|Job|Status|" >> $GITHUB_STEP_SUMMARY
          echo "|---|------|" >> $GITHUB_STEP_SUMMARY
          echo "|test (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.test_sqlite_mysql_postgresql_mimalloc.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|test (sqlite,mysql,postgresql)|${{ steps.test_sqlite_mysql_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|test (sqlite)|${{ steps.test_sqlite.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|test (mysql)|${{ steps.test_mysql.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|test (postgresql)|${{ steps.test_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|clippy (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.clippy.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|fmt|${{ steps.formatting.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "Please check the failed jobs and fix where needed." >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          exit 1
      # Check for any previous failures, if there are stop, else continue.
      # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
      - name: "All checks passed"
        if: ${{ success() }}
        run: |
          echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
      # Build the binary to upload to the artifacts
      - name: "build features: sqlite,mysql,postgresql"
        if: ${{ matrix.channel == 'rust-toolchain' }}
        run: |
          cargo build --release --features sqlite,mysql,postgresql
      # End Build the binary
      # Upload artifact to Github Actions
-      - name: Upload artifact
+      - name: "Upload artifact"
-        uses: actions/upload-artifact@27121b0bdffd731efa15d66772be8dc71245d074 # v2.2.4
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        if: ${{ matrix.channel == 'rust-toolchain' }}
        with:
-          name: vaultwarden-${{ matrix.target-triple }}${{ matrix.ext }}
+          name: vaultwarden
-          path: target/${{ matrix.target-triple }}/release/vaultwarden${{ matrix.ext }}
+          path: target/release/vaultwarden
      # End Upload artifact to Github Actions
--- a/.github/workflows/hadolint.yml
+++ b/.github/workflows/hadolint.yml
@@ -1,33 +1,30 @@
 name: Hadolint
-on:
+on: [
-  push:
+      push,
-    paths:
+      pull_request
-      - "docker/**"
+    ]
  pull_request:
    paths:
      - "docker/**"
 jobs:
  hadolint:
    name: Validate Dockerfile syntax
    runs-on: ubuntu-20.04
    timeout-minutes: 30
    steps:
      # Checkout the repo
      - name: Checkout
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      # End Checkout the repo
-      # Download hadolint
+      # Download hadolint - https://github.com/hadolint/hadolint/releases
      - name: Download hadolint
        shell: bash
        run: |
          sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \
          sudo chmod +x /usr/local/bin/hadolint
        env:
-          HADOLINT_VERSION: 2.7.0
+          HADOLINT_VERSION: 2.12.0
      # End Download hadolint
      # Test Dockerfiles
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,21 +24,22 @@ jobs:
  # Some checks to determine if we need to continue with building a new docker.
  # We will skip this check if we are creating a tag, because that has the same hash as a previous run already.
  skip_check:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    if: ${{ github.repository == 'dani-garcia/vaultwarden' }}
    outputs:
      should_skip: ${{ steps.skip_check.outputs.should_skip }}
    steps:
      - name: Skip Duplicates Actions
        id: skip_check
-        uses: fkirc/skip-duplicate-actions@f75dd6564bb646f95277dc8c3b80612e46a4a1ea # v3.4.1
+        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0
        with:
          cancel_others: 'true'
        # Only run this when not creating a tag
        if: ${{ startsWith(github.ref, 'refs/heads/') }}
  docker-build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    timeout-minutes: 120
    needs: skip_check
    # Start a local docker registry to be used to generate multi-arch images.
    services:
@@ -47,11 +48,23 @@ jobs:
        ports:
          - 5000:5000
    env:
-      DOCKER_BUILDKIT: 1 # Disabled for now, but we should look at this because it will speedup building!
+      # Use BuildKit (https://docs.docker.com/build/buildkit/) for better
-      # DOCKER_REPO/secrets.DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
+      # build performance and the ability to copy extended file attributes
-      DOCKER_REPO: ${{ secrets.DOCKERHUB_REPO }}
+      # (e.g., for executable capabilities) across build phases.
      DOCKER_BUILDKIT: 1
      SOURCE_COMMIT: ${{ github.sha }}
      SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
      # The *_REPO variables need to be configured as repository variables
      # Append `/settings/variables/actions` to your repo url
      # DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
      # Check for Docker hub credentials in secrets
      HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
      # GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
      # Check for Github credentials in secrets
      HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
      # QUAY_REPO needs to be 'quay.io/<user>/<repo>'
      # Check for Quay.io credentials in secrets
      HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
    if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
    strategy:
      matrix:
@@ -60,17 +73,10 @@ jobs:
    steps:
      # Checkout the repo
      - name: Checkout
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
        with:
          fetch-depth: 0
      # Login to Docker Hub
      - name: Login to Docker Hub
        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 # v1.10.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      # Determine Docker Tag
      - name: Init Variables
        id: vars
@@ -78,42 +84,152 @@ jobs:
        run: |
          # Check which main tag we are going to build determined by github.ref
          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
-            echo "set-output name=DOCKER_TAG::${GITHUB_REF#refs/*/}"
+            echo "DOCKER_TAG=${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_OUTPUT}"
            echo "::set-output name=DOCKER_TAG::${GITHUB_REF#refs/*/}"
          elif [[ "${{ github.ref }}" == refs/heads/* ]]; then
-            echo "set-output name=DOCKER_TAG::testing"
+            echo "DOCKER_TAG=testing" | tee -a "${GITHUB_OUTPUT}"
            echo "::set-output name=DOCKER_TAG::testing"
          fi
      # End Determine Docker Tag
-      - name: Build Debian based images
+      # Login to Docker Hub
      - name: Login to Docker Hub
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
        if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
      # Login to GitHub Container Registry
      - name: Login to GitHub Container Registry
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
        if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
      # Login to Quay.io
      - name: Login to Quay.io
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_TOKEN }}
        if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
      # Debian
      # Docker Hub
      - name: Build Debian based images (docker.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/build
-        if: ${{ matrix.base_image == 'debian' }}
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-      - name: Push Debian based images
+      - name: Push Debian based images (docker.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/push
-        if: ${{ matrix.base_image == 'debian' }}
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-      - name: Build Alpine based images
+      # GitHub Container Registry
      - name: Build Debian based images (ghcr.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
      - name: Push Debian based images (ghcr.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
      # Quay.io
      - name: Build Debian based images (quay.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
      - name: Push Debian based images (quay.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
      # Alpine
      # Docker Hub
      - name: Build Alpine based images (docker.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/build
-        if: ${{ matrix.base_image == 'alpine' }}
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-      - name: Push Alpine based images
+      - name: Push Alpine based images (docker.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/push
-        if: ${{ matrix.base_image == 'alpine' }}
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
      # GitHub Container Registry
      - name: Build Alpine based images (ghcr.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
      - name: Push Alpine based images (ghcr.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
      # Quay.io
      - name: Build Alpine based images (quay.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
      - name: Push Alpine based images (quay.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@@ -3,5 +3,9 @@ ignored:
  - DL3008
  # disable explicit version for apk install
  - DL3018
  # disable check for consecutive `RUN` instructions
  - DL3059
 trustedRegistries:
  - docker.io
  - ghcr.io
  - quay.io
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,16 +1,20 @@
 ---
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.0.1
+    rev: v4.4.0
    hooks:
    - id: check-yaml
    - id: check-json
    - id: check-toml
    - id: mixed-line-ending
      args: ["--fix=no"]
    - id: end-of-file-fixer
      exclude: "(.*js$|.*css$)"
    - id: check-case-conflict
    - id: check-merge-conflict
    - id: detect-private-key
    - id: check-symlinks
    - id: forbid-submodules
 -   repo: local
    hooks:
    - id: fmt
@@ -25,14 +29,16 @@ repos:
      description: Test the package for errors.
      entry: cargo test
      language: system
-      args: ["--features", "sqlite,mysql,postgresql", "--"]
+      args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--"]
-      types: [rust]
+      types_or: [rust, file]
      files: (Cargo.toml|Cargo.lock|rust-toolchain|.*\.rs$)
      pass_filenames: false
    - id: cargo-clippy
      name: cargo clippy
      description: Lint Rust sources
      entry: cargo clippy
      language: system
-      args: ["--features", "sqlite,mysql,postgresql", "--", "-D", "warnings"]
+      args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--", "-D", "warnings"]
-      types: [rust]
+      types_or: [rust, file]
      files: (Cargo.toml|Cargo.lock|rust-toolchain|clippy.toml|.*\.rs$)
      pass_filenames: false
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,16 +3,17 @@ name = "vaultwarden"
 version = "1.0.0"
 authors = ["Daniel García <dani-garcia@users.noreply.github.com>"]
 edition = "2021"
-rust-version = "1.60"
+rust-version = "1.68.2"
 resolver = "2"
 repository = "https://github.com/dani-garcia/vaultwarden"
 readme = "README.md"
-license = "GPL-3.0-only"
+license = "AGPL-3.0-only"
 publish = false
 build = "build.rs"
 [features]
 # default = ["sqlite"]
 # Empty to keep compatibility, prefer to set USE_SYSLOG=true
 enable_syslog = []
 mysql = ["diesel/mysql", "diesel_migrations/mysql"]
@@ -20,135 +21,163 @@ postgresql = ["diesel/postgres", "diesel_migrations/postgres"]
 sqlite = ["diesel/sqlite", "diesel_migrations/sqlite", "libsqlite3-sys"]
 # Enable to use a vendored and statically linked openssl
 vendored_openssl = ["openssl/vendored"]
 # Enable MiMalloc memory allocator to replace the default malloc
 # This can improve performance for Alpine builds
 enable_mimalloc = ["mimalloc"]
 # This is a development dependency, and should only be used during development!
 # It enables the usage of the diesel_logger crate, which is able to output the generated queries.
 # You also need to set an env variable `QUERY_LOGGER=1` to fully activate this so you do not have to re-compile
 # if you want to turn off the logging for a specific run.
 query_logger = ["diesel_logger"]
 # Enable unstable features, requires nightly
 # Currently only used to enable rusts official ip support
 unstable = []
 [target."cfg(not(windows))".dependencies]
-syslog = "4.0.1"
+# Logging
 syslog = "6.1.0"
 [dependencies]
-# Web framework for nightly with a focus on ease-of-use, expressibility, and speed.
+# Logging
-rocket = { version = "=0.5.0-dev", features = ["tls"], default-features = false }
+log = "0.4.19"
-rocket_contrib = "=0.5.0-dev"
+fern = { version = "0.6.2", features = ["syslog-6"] }
 tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
-# HTTP client
+# A `dotenv` implementation for Rust
-reqwest = { version = "0.11.8", features = ["blocking", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] }
+dotenvy = { version = "0.15.7", default-features = false }
-# Used for custom short lived cookie jar
+# Lazy initialization
-cookie = "0.15.1"
+once_cell = "1.18.0"
 cookie_store = "0.15.1"
 bytes = "1.1.0"
 url = "2.2.2"
-# multipart/form-data support
+# Numerical libraries
-multipart = { version = "0.18.0", features = ["server"], default-features = false }
+num-traits = "0.2.15"
 num-derive = "0.4.0"
-# WebSockets library
+# Web framework
-ws = { version = "0.11.1", package = "parity-ws" }
+rocket = { version = "0.5.0-rc.3", features = ["tls", "json"], default-features = false }
 # rocket_ws = { version ="0.1.0-rc.3" }
 rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = "ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa" } # v0.5 branch
-# MessagePack library
+# WebSockets libraries
-rmpv = "1.0.0"
+tokio-tungstenite = "0.19.0"
 rmpv = "1.0.0" # MessagePack library
-# Concurrent hashmap implementation
+# Concurrent HashMap used for WebSocket messaging and favicons
-chashmap = "2.2.2"
+dashmap = "5.4.0"
 # Async futures
 futures = "0.3.28"
 tokio = { version = "1.29.1", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
 # A generic serialization/deserialization framework
-serde = { version = "1.0.132", features = ["derive"] }
+serde = { version = "1.0.166", features = ["derive"] }
-serde_json = "1.0.73"
+serde_json = "1.0.99"
 # Logging
 log = "0.4.14"
 fern = { version = "0.6.0", features = ["syslog-4"] }
 # A safe, extensible ORM and Query builder
-diesel = { version = "1.4.8", features = [ "chrono", "r2d2"] }
+diesel = { version = "2.1.0", features = ["chrono", "r2d2"] }
-diesel_migrations = "1.4.0"
+diesel_migrations = "2.1.0"
 diesel_logger = { version = "0.3.0", optional = true }
-# Bundled SQLite
+# Bundled/Static SQLite
-libsqlite3-sys = { version = "0.22.2", features = ["bundled"], optional = true }
+libsqlite3-sys = { version = "0.26.0", features = ["bundled"], optional = true }
 # Crypto-related libraries
-rand = "0.8.4"
+rand = { version = "0.8.5", features = ["small_rng"] }
 ring = "0.16.20"
 # UUID generation
-uuid = { version = "0.8.2", features = ["v4"] }
+uuid = { version = "1.4.0", features = ["v4"] }
 # Date and time libraries
-chrono = { version = "0.4.19", features = ["serde"] }
+chrono = { version = "0.4.26", features = ["clock", "serde"], default-features = false }
-chrono-tz = "0.6.1"
+chrono-tz = "0.8.3"
-time = "0.2.27"
+time = "0.3.22"
 # Job scheduler
-job_scheduler = "1.2.1"
+job_scheduler_ng = "2.0.4"
-# TOTP library
+# Data encoding library Hex/Base32/Base64
-totp-lite = "1.0.3"
+data-encoding = "2.4.0"
 # Data encoding library
 data-encoding = "2.3.2"
 # JWT library
-jsonwebtoken = "7.2.0"
+jsonwebtoken = "8.3.0"
-# U2F library
+# TOTP library
-u2f = "0.2.0"
+totp-lite = "2.0.0"
 webauthn-rs = "0.3.1"
 # Yubico Library
-yubico = { version = "0.10.0", features = ["online-tokio"], default-features = false }
+yubico = { version = "0.11.0", features = ["online-tokio"], default-features = false }
-# A `dotenv` implementation for Rust
+# WebAuthn libraries
-dotenv = { version = "0.15.0", default-features = false }
+webauthn-rs = "0.3.2"
-# Lazy initialization
+# Handling of URL's for WebAuthn and favicons
-once_cell = "1.9.0"
+url = "2.4.0"
 # Numerical libraries
 num-traits = "0.2.14"
 num-derive = "0.3.3"
 # Email libraries
-tracing = { version = "0.1.29", features = ["log"] } # Needed to have lettre trace logging used when SMTP_DEBUG is enabled.
+lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
-lettre = { version = "0.10.0-rc.4", features = ["smtp-transport", "builder", "serde", "native-tls", "hostname", "tracing"], default-features = false }
+percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails
 email_address = "0.2.4"
-# Template library
+# HTML Template library
-handlebars = { version = "4.1.6", features = ["dir_source"] }
+handlebars = { version = "4.3.7", features = ["dir_source"] }
-# For favicon extraction from main website
+# HTTP client (Used for favicons, version check, DUO and HIBP API)
-html5ever = "0.25.1"
+reqwest = { version = "0.11.18", features = ["stream", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] }
 markup5ever_rcdom = "0.1.0"
 regex = { version = "1.5.4", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.1.1"
-# Used by U2F, JWT and Postgres
+# Favicon extraction libraries
-openssl = "0.10.38"
+html5gum = "0.5.3"
 regex = { version = "1.8.4", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.3.0"
 bytes = "1.4.0"
-# URL encoding library
+# Cache function results (Used for version check and favicon fetching)
-percent-encoding = "2.1.0"
+cached = "0.44.0"
-# Punycode conversion
+
-idna = "0.2.3"
+# Used for custom short lived cookie jar during favicon extraction
 cookie = "0.16.2"
 cookie_store = "0.19.1"
 # Used by U2F, JWT and PostgreSQL
 openssl = "0.10.55"
 # CLI argument parsing
-pico-args = "0.4.2"
+pico-args = "0.5.0"
 # Logging panics to logfile instead stderr only
 backtrace = "0.3.63"
 # Macro ident concatenation
-paste = "1.0.6"
+paste = "1.0.13"
-governor = "0.3.2"
+governor = "0.5.1"
 # Check client versions for specific features.
 semver = "1.0.17"
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
 mimalloc = { version = "0.1.37", features = ["secure"], default-features = false, optional = true }
 which = "4.4.0"
 # Argon2 library with support for the PHC format
 argon2 = "0.5.0"
 # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN
 rpassword = "7.2.0"
 [patch.crates-io]
-# Use newest ring
+rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch
-rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = '263e39b5b429de1913ce7e3036575a7b4d88b6d7' }
+# rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch
 rocket_contrib = { git = 'https://github.com/SergioBenitez/Rocket', rev = '263e39b5b429de1913ce7e3036575a7b4d88b6d7' }
-# The maintainer of the `job_scheduler` crate doesn't seem to have responded
+# Strip debuginfo from the release builds
-# to any issues or PRs for almost a year (as of April 2021). This hopefully
+# Also enable thin LTO for some optimizations
-# temporary fork updates Cargo.toml to use more up-to-date dependencies.
+[profile.release]
-# In particular, `cron` has since implemented parsing of some common syntax
+strip = "debuginfo"
-# that wasn't previously supported (https://github.com/zslayton/cron/pull/64).
+lto = "thin"
-job_scheduler = { git = 'https://github.com/jjlin/job_scheduler', rev = 'ee023418dbba2bfe1e30a5fd7d937f9e33739806' }
+
 # Always build argon2 using opt-level 3
 # This is a huge speed improvement during testing
 [profile.dev.package.argon2]
 opt-level = 3
 # A little bit of a speedup
 [profile.dev]
 split-debuginfo = "unpacked"
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,5 +1,5 @@
-                    GNU GENERAL PUBLIC LICENSE
+                    GNU AFFERO GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
+                       Version 3, 19 November 2007
 Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
@@ -7,17 +7,15 @@
                            Preamble
-  The GNU General Public License is a free, copyleft license for
+  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works.
+software and other kinds of works, specifically designed to ensure
 cooperation with the community in the case of network server software.
  The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
+our General Public Licenses are intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
+software for all its users.
 GNU General Public License for most of our software; it applies also to
 any other work released this way by its authors.  You can apply it to
 your programs, too.
  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -26,44 +24,34 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.
-  To protect your rights, we need to prevent others from denying you
+  Developers that use our General Public Licenses protect your rights
-these rights or asking you to surrender the rights.  Therefore, you have
+with two steps: (1) assert copyright on the software, and (2) offer
-certain responsibilities if you distribute copies of the software, or if
+you this License which gives you legal permission to copy, distribute
-you modify it: responsibilities to respect the freedom of others.
+and/or modify the software.
-  For example, if you distribute copies of such a program, whether
+  A secondary benefit of defending all users' freedom is that
-gratis or for a fee, you must pass on to the recipients the same
+improvements made in alternate versions of the program, if they
-freedoms that you received.  You must make sure that they, too, receive
+receive widespread use, become available for other developers to
-or can get the source code.  And you must show them these terms so they
+incorporate.  Many developers of free software are heartened and
-know their rights.
+encouraged by the resulting cooperation.  However, in the case of
 software used on network servers, this result may fail to come about.
 The GNU General Public License permits making a modified version and
 letting the public access it on a server without ever releasing its
 source code to the public.
-  Developers that use the GNU GPL protect your rights with two steps:
+  The GNU Affero General Public License is designed specifically to
-(1) assert copyright on the software, and (2) offer you this License
+ensure that, in such cases, the modified source code becomes available
-giving you legal permission to copy, distribute and/or modify it.
+to the community.  It requires the operator of a network server to
 provide the source code of the modified version running there to the
 users of that server.  Therefore, public use of a modified version, on
 a publicly accessible server, gives the public access to the source
 code of the modified version.
-  For the developers' and authors' protection, the GPL clearly explains
+  An older license, called the Affero General Public License and
-that there is no warranty for this free software.  For both users' and
+published by Affero, was designed to accomplish similar goals.  This is
-authors' sake, the GPL requires that modified versions be marked as
+a different license, not a version of the Affero GPL, but Affero has
-changed, so that their problems will not be attributed erroneously to
+released a new version of the Affero GPL which permits relicensing under
-authors of previous versions.
+this license.
  Some devices are designed to deny users access to install or run
 modified versions of the software inside them, although the manufacturer
 can do so.  This is fundamentally incompatible with the aim of
 protecting users' freedom to change the software.  The systematic
 pattern of such abuse occurs in the area of products for individuals to
 use, which is precisely where it is most unacceptable.  Therefore, we
 have designed this version of the GPL to prohibit the practice for those
 products.  If such problems arise substantially in other domains, we
 stand ready to extend this provision to those domains in future versions
 of the GPL, as needed to protect the freedom of users.
  Finally, every program is threatened constantly by software patents.
 States should not allow patents to restrict development and use of
 software on general-purpose computers, but in those that do, we wish to
 avoid the special danger that patents applied to a free program could
 make it effectively proprietary.  To prevent this, the GPL assures that
 patents cannot be used to render the program non-free.
  The precise terms and conditions for copying, distribution and
 modification follow.
@@ -72,7 +60,7 @@ modification follow.
  0. Definitions.
-  "This License" refers to version 3 of the GNU General Public License.
+  "This License" refers to version 3 of the GNU Affero General Public License.
  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -549,35 +537,45 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.
-  13. Use with the GNU Affero General Public License.
+  13. Remote Network Interaction; Use with the GNU General Public License.
  Notwithstanding any other provision of this License, if you modify the
 Program, your modified version must prominently offer all users
 interacting with it remotely through a computer network (if your version
 supports such interaction) an opportunity to receive the Corresponding
 Source of your version by providing access to the Corresponding Source
 from a network server at no charge, through some standard or customary
 means of facilitating copying of software.  This Corresponding Source
 shall include the Corresponding Source for any work covered by version 3
 of the GNU General Public License that is incorporated pursuant to the
 following paragraph.
  Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
+under version 3 of the GNU General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
+but the work with which it is combined will remain governed by version
-section 13, concerning interaction through a network will apply to the
+3 of the GNU General Public License.
 combination as such.
  14. Revised Versions of this License.
  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
+the GNU Affero General Public License from time to time.  Such new versions
-be similar in spirit to the present version, but may differ in detail to
+will be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
+Program specifies that a certain numbered version of the GNU Affero General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
+GNU Affero General Public License, you may choose any version ever published
 by the Free Software Foundation.
  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
+versions of the GNU Affero General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.
@@ -635,40 +633,29 @@ the "copyright" line and a pointer to where the full notice is found.
    Copyright (C) <year>  <name of author>
    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
+    it under the terms of the GNU Affero General Public License as published
-    the Free Software Foundation, either version 3 of the License, or
+    by the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
+    GNU Affero General Public License for more details.
-    You should have received a copy of the GNU General Public License
+    You should have received a copy of the GNU Affero General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 Also add information on how to contact you by electronic and paper mail.
-  If the program does terminal interaction, make it output a short
+  If your software can interact with users remotely through a computer
-notice like this when it starts in an interactive mode:
+network, you should also make sure that it provides a way for users to
-
+get its source.  For example, if your program is a web application, its
-    <program>  Copyright (C) <year>  <name of author>
+interface could display a "Source" link that leads users to an archive
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+of the code.  There are many ways you could offer source, and different
-    This is free software, and you are welcome to redistribute it
+solutions will be better for different programs; see section 13 for the
-    under certain conditions; type `show c' for details.
+specific requirements.
 The hypothetical commands `show w' and `show c' should show the appropriate
 parts of the General Public License.  Of course, your program's commands
 might be different; for a GUI interface, you would use an "about box".
  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
+For more information on this, and how to apply and follow the GNU AGPL, see
 <https://www.gnu.org/licenses/>.
  The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
 <https://www.gnu.org/licenses/why-not-lgpl.html>.
--- a/README.md
+++ b/README.md
@@ -3,16 +3,18 @@
 📢 Note: This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues. Please see [#1642](https://github.com/dani-garcia/vaultwarden/discussions/1642) for more explanation.
 ---
-
+[![Build](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml/badge.svg)](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml)
 [![ghcr.io](https://img.shields.io/badge/ghcr.io-download-blue)](https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden)
 [![Docker Pulls](https://img.shields.io/docker/pulls/vaultwarden/server.svg)](https://hub.docker.com/r/vaultwarden/server)
 [![Quay.io](https://img.shields.io/badge/Quay.io-download-blue)](https://quay.io/repository/vaultwarden/server)
 [![Dependency Status](https://deps.rs/repo/github/dani-garcia/vaultwarden/status.svg)](https://deps.rs/repo/github/dani-garcia/vaultwarden)
 [![GitHub Release](https://img.shields.io/github/release/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/releases/latest)
-[![GPL-3.0 Licensed](https://img.shields.io/github/license/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/blob/master/LICENSE.txt)
+[![AGPL-3.0 Licensed](https://img.shields.io/github/license/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/blob/main/LICENSE.txt)
 [![Matrix Chat](https://img.shields.io/matrix/vaultwarden:matrix.org.svg?logo=matrix)](https://matrix.to/#/#vaultwarden:matrix.org)
 Image is based on [Rust implementation of Bitwarden API](https://github.com/dani-garcia/vaultwarden).
-**This project is not associated with the [Bitwarden](https://bitwarden.com/) project nor 8bit Solutions LLC.**
+**This project is not associated with the [Bitwarden](https://bitwarden.com/) project nor Bitwarden, Inc.**
 #### ⚠️**IMPORTANT**⚠️: When using this server, please report any bugs or suggestions to us directly (look at the bottom of this page for ways to get in touch), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels.
@@ -23,23 +25,24 @@ Image is based on [Rust implementation of Bitwarden API](https://github.com/dani
 Basically full implementation of Bitwarden API is provided including:
 * Organizations support
- * Attachments
+ * Attachments and Send
 * Vault API support
 * Serving the static files for Vault interface
 * Website icons API
 * Authenticator and U2F support
 * YubiKey and Duo support
 * Emergency Access
 ## Installation
 Pull the docker image and mount a volume from the host for persistent storage:
 ```sh
 docker pull vaultwarden/server:latest
-docker run -d --name vaultwarden -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latest
+docker run -d --name vaultwarden -v /vw-data/:/data/ --restart unless-stopped -p 80:80 vaultwarden/server:latest
 ```
 This will preserve any persistent data under /vw-data/, you can adapt the path to whatever suits you.
-**IMPORTANT**: Some web browsers, like Chrome, disallow the use of Web Crypto APIs in insecure contexts. In this case, you might get an error like `Cannot read property 'importKey'`. To solve this problem, you need to access the web vault from HTTPS. 
+**IMPORTANT**: Most modern web browsers, disallow the use of Web Crypto APIs in insecure contexts. In this case, you might get an error like `Cannot read property 'importKey'`. To solve this problem, you need to access the web vault via HTTPS or localhost.
 This can be configured in [vaultwarden directly](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS) or using a third-party reverse proxy ([some examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples)).
@@ -49,41 +52,43 @@ If you have an available domain name, you can get HTTPS certificates with [Let's
 See the [vaultwarden wiki](https://github.com/dani-garcia/vaultwarden/wiki) for more information on how to configure and run the vaultwarden server.
 ## Get in touch
-To ask a question, offer suggestions or new features or to get help configuring or installing the software, please [use the forum](https://vaultwarden.discourse.group/).
+To ask a question, offer suggestions or new features or to get help configuring or installing the software, please use [GitHub Discussions](https://github.com/dani-garcia/vaultwarden/discussions) or [the forum](https://vaultwarden.discourse.group/).
-If you spot any bugs or crashes with vaultwarden itself, please [create an issue](https://github.com/dani-garcia/vaultwarden/issues/). Make sure there aren't any similar issues open, though!
+If you spot any bugs or crashes with vaultwarden itself, please [create an issue](https://github.com/dani-garcia/vaultwarden/issues/). Make sure you are on the latest version and there aren't any similar issues open, though!
 If you prefer to chat, we're usually hanging around at [#vaultwarden:matrix.org](https://matrix.to/#/#vaultwarden:matrix.org) room on Matrix. Feel free to join us!
 ### Sponsors
 Thanks for your contribution to the project!
 <!--
 <table>
  <tr>
    <td align="center">
-      <a href="https://github.com/netdadaltd">
+      <a href="https://github.com/username">
-        <img src="https://avatars.githubusercontent.com/u/77323954?s=75&v=4" width="75px;" alt="netdadaltd"/>
+        <img src="https://avatars.githubusercontent.com/u/725423?s=75&v=4" width="75px;" alt="username"/>
        <br />
-        <sub><b>netDada Ltd.</b></sub>
+        <sub><b>username</b></sub>
      </a>
  </td>
  </tr>
 </table>
 <br/>
 -->
 <table>
  <tr>
    <td align="center">
-      <a href="https://github.com/Gyarbij" style="width: 75px">
+       <a href="https://github.com/themightychris" style="width: 75px">
-        <sub><b>Chono N</b></sub>
+        <sub><b>Chris Alfano</b></sub>
      </a>
    </td>
  </tr>
  <tr>
    <td align="center">
-       <a href="https://github.com/themightychris">
+      <a href="https://github.com/numberly" style="width: 75px">
-        <sub><b>Chris Alfano</b></sub>
+        <sub><b>Numberly</b></sub>
      </a>
    </td>
  </tr>
--- a/Rocket.toml
+++ b/Rocket.toml
@@ -1,2 +0,0 @@
 [global.limits]
 json = 10485760 # 10 MiB
--- a/build.rs
+++ b/build.rs
@@ -9,20 +9,25 @@ fn main() {
    println!("cargo:rustc-cfg=mysql");
    #[cfg(feature = "postgresql")]
    println!("cargo:rustc-cfg=postgresql");
    #[cfg(feature = "query_logger")]
    println!("cargo:rustc-cfg=query_logger");
    #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql")))]
    compile_error!(
        "You need to enable one DB backend. To build with previous defaults do: cargo build --features sqlite"
    );
    #[cfg(all(not(debug_assertions), feature = "query_logger"))]
    compile_error!("Query Logging is only allowed during development, it is not intented for production usage!");
    // Support $BWRS_VERSION for legacy compatibility, but default to $VW_VERSION.
    // If neither exist, read from git.
    let maybe_vaultwarden_version =
        env::var("VW_VERSION").or_else(|_| env::var("BWRS_VERSION")).or_else(|_| version_from_git_info());
    if let Ok(version) = maybe_vaultwarden_version {
-        println!("cargo:rustc-env=VW_VERSION={}", version);
+        println!("cargo:rustc-env=VW_VERSION={version}");
-        println!("cargo:rustc-env=CARGO_PKG_VERSION={}", version);
+        println!("cargo:rustc-env=CARGO_PKG_VERSION={version}");
    }
 }
@@ -47,29 +52,29 @@ fn version_from_git_info() -> Result<String, std::io::Error> {
    // the current commit doesn't have an associated tag
    let exact_tag = run(&["git", "describe", "--abbrev=0", "--tags", "--exact-match"]).ok();
    if let Some(ref exact) = exact_tag {
-        println!("cargo:rustc-env=GIT_EXACT_TAG={}", exact);
+        println!("cargo:rustc-env=GIT_EXACT_TAG={exact}");
    }
    // The last available tag, equal to exact_tag when
    // the current commit is tagged
    let last_tag = run(&["git", "describe", "--abbrev=0", "--tags"])?;
-    println!("cargo:rustc-env=GIT_LAST_TAG={}", last_tag);
+    println!("cargo:rustc-env=GIT_LAST_TAG={last_tag}");
    // The current branch name
    let branch = run(&["git", "rev-parse", "--abbrev-ref", "HEAD"])?;
-    println!("cargo:rustc-env=GIT_BRANCH={}", branch);
+    println!("cargo:rustc-env=GIT_BRANCH={branch}");
    // The current git commit hash
    let rev = run(&["git", "rev-parse", "HEAD"])?;
    let rev_short = rev.get(..8).unwrap_or_default();
-    println!("cargo:rustc-env=GIT_REV={}", rev_short);
+    println!("cargo:rustc-env=GIT_REV={rev_short}");
    // Combined version
    if let Some(exact) = exact_tag {
        Ok(exact)
-    } else if &branch != "main" && &branch != "master" {
+    } else if &branch != "main" && &branch != "master" && &branch != "HEAD" {
-        Ok(format!("{}-{} ({})", last_tag, rev_short, branch))
+        Ok(format!("{last_tag}-{rev_short} ({branch})"))
    } else {
-        Ok(format!("{}-{}", last_tag, rev_short))
+        Ok(format!("{last_tag}-{rev_short}"))
    }
 }
--- a/docker/Dockerfile.buildx
+++ b/docker/Dockerfile.buildx
@@ -1,3 +1,4 @@
 # syntax=docker/dockerfile:1
 # The cross-built images have the build arch (`amd64`) embedded in the image
 # manifest, rather than the target arch. For example:
 #
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@@ -2,40 +2,42 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
+{% set rust_version = "1.70.0" %}
-{% set build_stage_base_image = "rust:1.58-buster" %}
+{% set debian_version = "bullseye" %}
 {% set alpine_version = "3.17" %}
 {% set build_stage_base_image = "docker.io/library/rust:%s-%s" % (rust_version, debian_version) %}
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-nightly-2022-01-23" %}
+{%     set build_stage_base_image = "docker.io/blackdex/rust-musl:x86_64-musl-stable-%s" % rust_version %}
-{%     set runtime_stage_base_image = "alpine:3.15" %}
+{%     set runtime_stage_base_image = "docker.io/library/alpine:%s" % alpine_version %}
 {%     set package_arch_target = "x86_64-unknown-linux-musl" %}
 {%   elif "armv7" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-nightly-2022-01-23" %}
+{%     set build_stage_base_image = "docker.io/blackdex/rust-musl:armv7-musleabihf-stable-%s" % rust_version %}
-{%     set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.15" %}
+{%     set runtime_stage_base_image = "docker.io/balenalib/armv7hf-alpine:%s" % alpine_version %}
 {%     set package_arch_target = "armv7-unknown-linux-musleabihf" %}
 {%   elif "armv6" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-nightly-2022-01-23" %}
+{%     set build_stage_base_image = "docker.io/blackdex/rust-musl:arm-musleabi-stable-%s" % rust_version %}
-{%     set runtime_stage_base_image = "balenalib/rpi-alpine:3.15" %}
+{%     set runtime_stage_base_image = "docker.io/balenalib/rpi-alpine:%s" % alpine_version %}
 {%     set package_arch_target = "arm-unknown-linux-musleabi" %}
 {%   elif "arm64" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-nightly-2022-01-23" %}
+{%     set build_stage_base_image = "docker.io/blackdex/rust-musl:aarch64-musl-stable-%s" % rust_version %}
-{%     set runtime_stage_base_image = "balenalib/aarch64-alpine:3.15" %}
+{%     set runtime_stage_base_image = "docker.io/balenalib/aarch64-alpine:%s" % alpine_version %}
 {%     set package_arch_target = "aarch64-unknown-linux-musl" %}
 {%   endif %}
 {% elif "amd64" in target_file %}
-{%   set runtime_stage_base_image = "debian:buster-slim" %}
+{%   set runtime_stage_base_image = "docker.io/library/debian:%s-slim" % debian_version %}
 {% elif "arm64" in target_file %}
-{%   set runtime_stage_base_image = "balenalib/aarch64-debian:buster" %}
+{%   set runtime_stage_base_image = "docker.io/balenalib/aarch64-debian:%s" % debian_version %}
 {%   set package_arch_name = "arm64" %}
 {%   set package_arch_target = "aarch64-unknown-linux-gnu" %}
 {%   set package_cross_compiler = "aarch64-linux-gnu" %}
 {% elif "armv6" in target_file %}
-{%   set runtime_stage_base_image = "balenalib/rpi-debian:buster" %}
+{%   set runtime_stage_base_image = "docker.io/balenalib/rpi-debian:%s" % debian_version %}
 {%   set package_arch_name = "armel" %}
 {%   set package_arch_target = "arm-unknown-linux-gnueabi" %}
 {%   set package_cross_compiler = "arm-linux-gnueabi" %}
 {% elif "armv7" in target_file %}
-{%   set runtime_stage_base_image = "balenalib/armv7hf-debian:buster" %}
+{%   set runtime_stage_base_image = "docker.io/balenalib/armv7hf-debian:%s" % debian_version %}
 {%   set package_arch_name = "armhf" %}
 {%   set package_arch_target = "armv7-unknown-linux-gnueabihf" %}
 {%   set package_cross_compiler = "arm-linux-gnueabihf" %}
@@ -50,7 +52,7 @@
 {% else %}
 {%   set package_arch_target_param = "" %}
 {% endif %}
-{% if "buildx" in target_file %}
+{% if "buildkit" in target_file %}
 {%   set mount_rust_cache = "--mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry " %}
 {% else %}
 {%   set mount_rust_cache = "" %}
@@ -59,8 +61,8 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-{% set vault_version = "2.25.1b" %}
+{% set vault_version = "v2023.5.0" %}
-{% set vault_image_digest = "sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba" %}
+{% set vault_image_digest = "sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085" %}
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
@@ -70,21 +72,19 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v{{ vault_version }}
+#     $ docker pull docker.io/vaultwarden/web-vault:{{ vault_version }}
-#     $ docker image inspect --format "{{ '{{' }}.RepoDigests}}" vaultwarden/web-vault:v{{ vault_version }}
+#     $ docker image inspect --format "{{ '{{' }}.RepoDigests}}" docker.io/vaultwarden/web-vault:{{ vault_version }}
-#     [vaultwarden/web-vault@{{ vault_image_digest }}]
+#     [docker.io/vaultwarden/web-vault@{{ vault_image_digest }}]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{ '{{' }}.RepoTags}}" vaultwarden/web-vault@{{ vault_image_digest }}
+#     $ docker image inspect --format "{{ '{{' }}.RepoTags}}" docker.io/vaultwarden/web-vault@{{ vault_image_digest }}
-#     [vaultwarden/web-vault:v{{ vault_version }}]
+#     [docker.io/vaultwarden/web-vault:{{ vault_version }}]
 #
-FROM vaultwarden/web-vault@{{ vault_image_digest }} as vault
+FROM docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault
 ########################## BUILD IMAGE  ##########################
 FROM {{ build_stage_base_image }} as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
@@ -93,39 +93,29 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 {# {% if "alpine" not in target_file and "buildx" in target_file %}
 # Debian based Buildx builds can use some special apt caching to speedup building.
 # By default Debian based images have some rules to keep docker builds clean, we need to remove this.
 # See: https://hub.docker.com/r/docker/dockerfile
 RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
 {% endif %} #}
 # Create CARGO_HOME folder and don't download rust docs
 RUN {{ mount_rust_cache -}} mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 {% if "alpine" in target_file %}
-ENV RUSTFLAGS='-C link-arg=-s'
+{%   if "armv6" in target_file %}
-{%   if "armv7" in target_file %}
+# To be able to build the armv6 image with mimalloc we need to specifically specify the libatomic.a file location
-{#- https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html -#}
+ENV RUSTFLAGS='-Clink-arg=/usr/local/musl/{{ package_arch_target }}/lib/libatomic.a'
 ENV CFLAGS_armv7_unknown_linux_musleabihf="-mfpu=vfpv3-d16"
 {%   endif %}
 {% elif "arm" in target_file %}
-#
+# Install build dependencies for the {{ package_arch_name }} architecture
 # Install required build libs for {{ package_arch_name }} architecture.
 # hadolint ignore=DL3059
 RUN dpkg --add-architecture {{ package_arch_name }} \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
-        libssl-dev{{ package_arch_prefix }} \
+        gcc-{{ package_cross_compiler }} \
        libc6-dev{{ package_arch_prefix }} \
        libpq5{{ package_arch_prefix }} \
        libpq-dev{{ package_arch_prefix }} \
        libmariadb3{{ package_arch_prefix }} \
        libmariadb-dev{{ package_arch_prefix }} \
        libmariadb-dev-compat{{ package_arch_prefix }} \
-        gcc-{{ package_cross_compiler }} \
+        libmariadb3{{ package_arch_prefix }} \
        libpq-dev{{ package_arch_prefix }} \
        libpq5{{ package_arch_prefix }} \
        libssl-dev{{ package_arch_prefix }} \
    #
    # Make sure cargo has the right target config
    && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \
@@ -137,16 +127,13 @@ ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_
    CROSS_COMPILE="1" \
    OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \
    OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}"
 {% elif "amd64" in target_file %}
-# Install DB packages
+# Install build dependencies
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
-        libmariadb-dev{{ package_arch_prefix }} \
+        libmariadb-dev \
-        libpq-dev{{ package_arch_prefix }} \
+        libpq-dev
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 {% endif %}
 # Creates a dummy project used to grab dependencies
@@ -163,7 +150,12 @@ RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }}
 {% endif %}
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 {% if "alpine" in target_file %}
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 {% else %}
 ARG DB=sqlite,mysql,postgresql
 {% endif %}
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -180,30 +172,22 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }}
 {% if "alpine" in target_file %}
 {%   if "armv7" in target_file %}
 # hadolint ignore=DL3059
 RUN musl-strip target/{{ package_arch_target }}/release/vaultwarden
 {%   endif %}
 {% endif %}
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM {{ runtime_stage_base_image }}
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 {%- if "alpine" in runtime_stage_base_image %} \
    SSL_CERT_DIR=/etc/ssl/certs
 {% endif %}
 {% if "amd64" not in target_file %}
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 {% endif %}
@@ -211,26 +195,30 @@ RUN [ "cross-build-start" ]
 RUN mkdir /data \
 {% if "alpine" in runtime_stage_base_image %}
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 {% else %}
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 {% endif %}
 {% if "armv6" in target_file and "alpine" not in target_file %}
 # In the Balena Bullseye images for armv6/rpi-debian there is a missing symlink.
 # This symlink was there in the buster images, and for some reason this is needed.
 RUN ln -v -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3
 {% endif -%}
 {% if "amd64" not in target_file %}
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 {% endif %}
@@ -241,7 +229,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 {% if package_arch_target is defined %}
 COPY --from=build /app/target/{{ package_arch_target }}/release/vaultwarden .
@@ -254,6 +241,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -8,8 +8,8 @@ all: $(OBJECTS)
 %/Dockerfile.alpine: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
-%/Dockerfile.buildx: Dockerfile.j2 render_template
+%/Dockerfile.buildkit: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
-%/Dockerfile.buildx.alpine: Dockerfile.j2 render_template
+%/Dockerfile.buildkit.alpine: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
--- a/docker/amd64/Dockerfile
+++ b/docker/amd64/Dockerfile
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.58-buster as build
+FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,19 +36,16 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-# Install DB packages
+# Install build dependencies
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libmariadb-dev \
-        libpq-dev \
+        libpq-dev
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -81,29 +75,27 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM debian:buster-slim
+FROM docker.io/library/debian:bullseye-slim
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
@@ -115,7 +107,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/release/vaultwarden .
@@ -124,6 +115,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.alpine
+++ b/docker/amd64/Dockerfile.alpine
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:x86_64-musl-nightly-2022-01-23 as build
+FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,12 +36,10 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 ENV RUSTFLAGS='-C link-arg=-s'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -58,7 +53,8 @@ COPY ./build.rs ./build.rs
 RUN rustup target add x86_64-unknown-linux-musl
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+# Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -75,17 +71,16 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM alpine:3.15
+FROM docker.io/library/alpine:3.17
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    ROCKET_WORKERS=10 \
    SSL_CERT_DIR=/etc/ssl/certs
@@ -93,11 +88,10 @@ ENV ROCKET_ENV="staging" \
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 VOLUME /data
@@ -107,7 +101,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
@@ -116,6 +109,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.buildkit
+++ b/docker/amd64/Dockerfile.buildkit
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.58-buster as build
+FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,19 +36,16 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-# Install DB packages
+# Install build dependencies
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libmariadb-dev \
-        libpq-dev \
+        libpq-dev
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -81,29 +75,27 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM debian:buster-slim
+FROM docker.io/library/debian:bullseye-slim
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
@@ -115,7 +107,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/release/vaultwarden .
@@ -124,6 +115,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.buildkit.alpine
+++ b/docker/amd64/Dockerfile.buildkit.alpine
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:x86_64-musl-nightly-2022-01-23 as build
+FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,12 +36,10 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 ENV RUSTFLAGS='-C link-arg=-s'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -58,7 +53,8 @@ COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add x86_64-unknown-linux-musl
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+# Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -75,17 +71,16 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM alpine:3.15
+FROM docker.io/library/alpine:3.17
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    ROCKET_WORKERS=10 \
    SSL_CERT_DIR=/etc/ssl/certs
@@ -93,11 +88,10 @@ ENV ROCKET_ENV="staging" \
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 VOLUME /data
@@ -107,7 +101,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
@@ -116,6 +109,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile
+++ b/docker/arm64/Dockerfile
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.58-buster as build
+FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,26 +36,23 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-#
+# Install build dependencies for the arm64 architecture
 # Install required build libs for arm64 architecture.
 # hadolint ignore=DL3059
 RUN dpkg --add-architecture arm64 \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
-        libssl-dev:arm64 \
+        gcc-aarch64-linux-gnu \
        libc6-dev:arm64 \
        libpq5:arm64 \
        libpq-dev:arm64 \
        libmariadb3:arm64 \
        libmariadb-dev:arm64 \
        libmariadb-dev-compat:arm64 \
-        gcc-aarch64-linux-gnu \
+        libmariadb3:arm64 \
        libpq-dev:arm64 \
        libpq5:arm64 \
        libssl-dev:arm64 \
    #
    # Make sure cargo has the right target config
    && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \
@@ -71,7 +65,6 @@ ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \
    OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \
    OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
@@ -101,35 +94,31 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/aarch64-debian:buster
+FROM docker.io/balenalib/aarch64-debian:bullseye
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -139,7 +128,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
@@ -148,6 +136,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.alpine
+++ b/docker/arm64/Dockerfile.alpine
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:aarch64-musl-nightly-2022-01-23 as build
+FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,12 +36,10 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 ENV RUSTFLAGS='-C link-arg=-s'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -58,7 +53,8 @@ COPY ./build.rs ./build.rs
 RUN rustup target add aarch64-unknown-linux-musl
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+# Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -75,33 +71,29 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/aarch64-alpine:3.15
+FROM docker.io/balenalib/aarch64-alpine:3.17
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    ROCKET_WORKERS=10 \
    SSL_CERT_DIR=/etc/ssl/certs
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -111,7 +103,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
@@ -120,6 +111,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.buildkit
+++ b/docker/arm64/Dockerfile.buildkit
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.58-buster as build
+FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,26 +36,23 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-#
+# Install build dependencies for the arm64 architecture
 # Install required build libs for arm64 architecture.
 # hadolint ignore=DL3059
 RUN dpkg --add-architecture arm64 \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
-        libssl-dev:arm64 \
+        gcc-aarch64-linux-gnu \
        libc6-dev:arm64 \
        libpq5:arm64 \
        libpq-dev:arm64 \
        libmariadb3:arm64 \
        libmariadb-dev:arm64 \
        libmariadb-dev-compat:arm64 \
-        gcc-aarch64-linux-gnu \
+        libmariadb3:arm64 \
        libpq-dev:arm64 \
        libpq5:arm64 \
        libssl-dev:arm64 \
    #
    # Make sure cargo has the right target config
    && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \
@@ -71,7 +65,6 @@ ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \
    OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \
    OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
@@ -101,35 +94,31 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/aarch64-debian:buster
+FROM docker.io/balenalib/aarch64-debian:bullseye
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -139,7 +128,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
@@ -148,6 +136,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.buildkit.alpine
+++ b/docker/arm64/Dockerfile.buildkit.alpine
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:aarch64-musl-nightly-2022-01-23 as build
+FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,12 +36,10 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 ENV RUSTFLAGS='-C link-arg=-s'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -58,7 +53,8 @@ COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-musl
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+# Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -75,33 +71,29 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/aarch64-alpine:3.15
+FROM docker.io/balenalib/aarch64-alpine:3.17
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    ROCKET_WORKERS=10 \
    SSL_CERT_DIR=/etc/ssl/certs
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -111,7 +103,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
@@ -120,6 +111,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile
+++ b/docker/armv6/Dockerfile
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.58-buster as build
+FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,26 +36,23 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-#
+# Install build dependencies for the armel architecture
 # Install required build libs for armel architecture.
 # hadolint ignore=DL3059
 RUN dpkg --add-architecture armel \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
-        libssl-dev:armel \
+        gcc-arm-linux-gnueabi \
        libc6-dev:armel \
        libpq5:armel \
        libpq-dev:armel \
        libmariadb3:armel \
        libmariadb-dev:armel \
        libmariadb-dev-compat:armel \
-        gcc-arm-linux-gnueabi \
+        libmariadb3:armel \
        libpq-dev:armel \
        libpq5:armel \
        libssl-dev:armel \
    #
    # Make sure cargo has the right target config
    && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \
@@ -71,7 +65,6 @@ ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \
    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \
    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
@@ -101,35 +94,35 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/rpi-debian:buster
+FROM docker.io/balenalib/rpi-debian:bullseye
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
-# hadolint ignore=DL3059
+# In the Balena Bullseye images for armv6/rpi-debian there is a missing symlink.
 # This symlink was there in the buster images, and for some reason this is needed.
 RUN ln -v -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -139,7 +132,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
@@ -148,6 +140,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.alpine
+++ b/docker/armv6/Dockerfile.alpine
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:arm-musleabi-nightly-2022-01-23 as build
+FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,12 +36,12 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-ENV RUSTFLAGS='-C link-arg=-s'
+# To be able to build the armv6 image with mimalloc we need to specifically specify the libatomic.a file location
 ENV RUSTFLAGS='-Clink-arg=/usr/local/musl/arm-unknown-linux-musleabi/lib/libatomic.a'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -58,7 +55,8 @@ COPY ./build.rs ./build.rs
 RUN rustup target add arm-unknown-linux-musleabi
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+# Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -75,33 +73,29 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/rpi-alpine:3.15
+FROM docker.io/balenalib/rpi-alpine:3.17
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    ROCKET_WORKERS=10 \
    SSL_CERT_DIR=/etc/ssl/certs
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -111,7 +105,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
@@ -120,6 +113,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.buildkit
+++ b/docker/armv6/Dockerfile.buildkit
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.58-buster as build
+FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,26 +36,23 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-#
+# Install build dependencies for the armel architecture
 # Install required build libs for armel architecture.
 # hadolint ignore=DL3059
 RUN dpkg --add-architecture armel \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
-        libssl-dev:armel \
+        gcc-arm-linux-gnueabi \
        libc6-dev:armel \
        libpq5:armel \
        libpq-dev:armel \
        libmariadb3:armel \
        libmariadb-dev:armel \
        libmariadb-dev-compat:armel \
-        gcc-arm-linux-gnueabi \
+        libmariadb3:armel \
        libpq-dev:armel \
        libpq5:armel \
        libssl-dev:armel \
    #
    # Make sure cargo has the right target config
    && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \
@@ -71,7 +65,6 @@ ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \
    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \
    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
@@ -101,35 +94,35 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/rpi-debian:buster
+FROM docker.io/balenalib/rpi-debian:bullseye
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
-# hadolint ignore=DL3059
+# In the Balena Bullseye images for armv6/rpi-debian there is a missing symlink.
 # This symlink was there in the buster images, and for some reason this is needed.
 RUN ln -v -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -139,7 +132,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
@@ -148,6 +140,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.buildkit.alpine
+++ b/docker/armv6/Dockerfile.buildkit.alpine
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:arm-musleabi-nightly-2022-01-23 as build
+FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,12 +36,12 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-ENV RUSTFLAGS='-C link-arg=-s'
+# To be able to build the armv6 image with mimalloc we need to specifically specify the libatomic.a file location
 ENV RUSTFLAGS='-Clink-arg=/usr/local/musl/arm-unknown-linux-musleabi/lib/libatomic.a'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -58,7 +55,8 @@ COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-musleabi
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+# Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -75,33 +73,29 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/rpi-alpine:3.15
+FROM docker.io/balenalib/rpi-alpine:3.17
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    ROCKET_WORKERS=10 \
    SSL_CERT_DIR=/etc/ssl/certs
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -111,7 +105,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
@@ -120,6 +113,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile
+++ b/docker/armv7/Dockerfile
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.58-buster as build
+FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,26 +36,23 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-#
+# Install build dependencies for the armhf architecture
 # Install required build libs for armhf architecture.
 # hadolint ignore=DL3059
 RUN dpkg --add-architecture armhf \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
-        libssl-dev:armhf \
+        gcc-arm-linux-gnueabihf \
        libc6-dev:armhf \
        libpq5:armhf \
        libpq-dev:armhf \
        libmariadb3:armhf \
        libmariadb-dev:armhf \
        libmariadb-dev-compat:armhf \
-        gcc-arm-linux-gnueabihf \
+        libmariadb3:armhf \
        libpq-dev:armhf \
        libpq5:armhf \
        libssl-dev:armhf \
    #
    # Make sure cargo has the right target config
    && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \
@@ -71,7 +65,6 @@ ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \
    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \
    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
@@ -101,35 +94,31 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/armv7hf-debian:buster
+FROM docker.io/balenalib/armv7hf-debian:bullseye
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -139,7 +128,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
@@ -148,6 +136,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.alpine
+++ b/docker/armv7/Dockerfile.alpine
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:armv7-musleabihf-nightly-2022-01-23 as build
+FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,13 +36,10 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 ENV RUSTFLAGS='-C link-arg=-s'
 ENV CFLAGS_armv7_unknown_linux_musleabihf="-mfpu=vfpv3-d16"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -59,7 +53,8 @@ COPY ./build.rs ./build.rs
 RUN rustup target add armv7-unknown-linux-musleabihf
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+# Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -76,35 +71,29 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
 # hadolint ignore=DL3059
 RUN musl-strip target/armv7-unknown-linux-musleabihf/release/vaultwarden
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/armv7hf-alpine:3.15
+FROM docker.io/balenalib/armv7hf-alpine:3.17
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    ROCKET_WORKERS=10 \
    SSL_CERT_DIR=/etc/ssl/certs
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -114,7 +103,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
@@ -123,6 +111,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.buildkit
+++ b/docker/armv7/Dockerfile.buildkit
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.58-buster as build
+FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,26 +36,23 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
-#
+# Install build dependencies for the armhf architecture
 # Install required build libs for armhf architecture.
 # hadolint ignore=DL3059
 RUN dpkg --add-architecture armhf \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
-        libssl-dev:armhf \
+        gcc-arm-linux-gnueabihf \
        libc6-dev:armhf \
        libpq5:armhf \
        libpq-dev:armhf \
        libmariadb3:armhf \
        libmariadb-dev:armhf \
        libmariadb-dev-compat:armhf \
-        gcc-arm-linux-gnueabihf \
+        libmariadb3:armhf \
        libpq-dev:armhf \
        libpq5:armhf \
        libssl-dev:armhf \
    #
    # Make sure cargo has the right target config
    && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \
@@ -71,7 +65,6 @@ ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \
    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \
    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
@@ -101,35 +94,31 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/armv7hf-debian:buster
+FROM docker.io/balenalib/armv7hf-debian:bullseye
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
-    ROCKET_PORT=80 \
+    ROCKET_ADDRESS=0.0.0.0 \
-    ROCKET_WORKERS=10
+    ROCKET_PORT=80
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    dumb-init \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -139,7 +128,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
@@ -148,6 +136,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.buildkit.alpine
+++ b/docker/armv7/Dockerfile.buildkit.alpine
@@ -2,7 +2,6 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
@@ -16,20 +15,18 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull vaultwarden/web-vault:v2.25.1b
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
-#     $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.1b
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
-#     [vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba]
+#     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
-#     [vaultwarden/web-vault:v2.25.1b]
+#     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
-FROM vaultwarden/web-vault@sha256:9b82318d553d72f091e8755f5aff80eed495f90bbe5b0703522953480f5c2fba as vault
+FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:armv7-musleabihf-nightly-2022-01-23 as build
+FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -39,13 +36,10 @@ ENV DEBIAN_FRONTEND=noninteractive \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 ENV RUSTFLAGS='-C link-arg=-s'
 ENV CFLAGS_armv7_unknown_linux_musleabihf="-mfpu=vfpv3-d16"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
@@ -59,7 +53,8 @@ COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-musleabihf
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+# Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@@ -76,35 +71,29 @@ RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 # hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
 # hadolint ignore=DL3059
 RUN musl-strip target/armv7-unknown-linux-musleabihf/release/vaultwarden
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM balenalib/armv7hf-alpine:3.15
+FROM docker.io/balenalib/armv7hf-alpine:3.17
-ENV ROCKET_ENV="staging" \
+ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    ROCKET_WORKERS=10 \
    SSL_CERT_DIR=/etc/ssl/certs
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
-        openssl \
+        ca-certificates \
        tzdata \
        curl \
-        dumb-init \
+        openssl \
-        ca-certificates
+        tzdata
 # hadolint ignore=DL3059
 RUN [ "cross-build-end" ]
 VOLUME /data
@@ -114,7 +103,6 @@ EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
@@ -123,6 +111,4 @@ COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/start.sh"]
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@@ -2,8 +2,8 @@
 # Use the value of the corresponding env var (if present),
 # or a default value otherwise.
-: ${DATA_FOLDER:="data"}
+: "${DATA_FOLDER:="data"}"
-: ${ROCKET_PORT:="80"}
+: "${ROCKET_PORT:="80"}"
 CONFIG_FILE="${DATA_FOLDER}"/config.json
@@ -45,9 +45,13 @@ if [ -r "${CONFIG_FILE}" ]; then
    fi
 fi
 addr="${ROCKET_ADDRESS}"
 if [ -z "${addr}" ] || [ "${addr}" = '0.0.0.0' ] || [ "${addr}" = '::' ]; then
    addr='localhost'
 fi
 base_path="$(get_base_path "${DOMAIN}")"
 if [ -n "${ROCKET_TLS}" ]; then
    s='s'
 fi
 curl --insecure --fail --silent --show-error \
-     "http${s}://localhost:${ROCKET_PORT}${base_path}/alive" || exit 1
+     "http${s}://${addr}:${ROCKET_PORT}${base_path}/alive" || exit 1
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -9,15 +9,15 @@ fi
 if [ -d /etc/vaultwarden.d ]; then
    for f in /etc/vaultwarden.d/*.sh; do
-        if [ -r $f ]; then
+        if [ -r "${f}" ]; then
-            . $f
+            . "${f}"
        fi
    done
 elif [ -d /etc/bitwarden_rs.d ]; then
    echo "### You are using the old /etc/bitwarden_rs.d script directory, please migrate to /etc/vaultwarden.d ###"
    for f in /etc/bitwarden_rs.d/*.sh; do
-        if [ -r $f ]; then
+        if [ -r "${f}" ]; then
-            . $f
+            . "${f}"
        fi
    done
 fi
--- a/hooks/arches.sh
+++ b/hooks/arches.sh
@@ -1,3 +1,5 @@
 #!/usr/bin/env bash
 # The default Debian-based images support these arches for all database backends.
 arches=(
    amd64
@@ -5,7 +7,9 @@ arches=(
    armv7
    arm64
 )
 export arches
 if [[ "${DOCKER_TAG}" == *alpine ]]; then
    distro_suffix=.alpine
 fi
 export distro_suffix
--- a/hooks/build
+++ b/hooks/build
@@ -1,7 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
 echo ">>> Building images..."
 # shellcheck source=arches.sh
 source ./hooks/arches.sh
 if [[ -z "${SOURCE_COMMIT}" ]]; then
@@ -23,10 +24,10 @@ LABELS=(
    # https://github.com/opencontainers/image-spec/blob/master/annotations.md
    org.opencontainers.image.created="$(date --utc --iso-8601=seconds)"
    org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki"
-    org.opencontainers.image.licenses="GPL-3.0-only"
+    org.opencontainers.image.licenses="AGPL-3.0-only"
    org.opencontainers.image.revision="${SOURCE_COMMIT}"
    org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}"
-    org.opencontainers.image.url="https://hub.docker.com/r/${DOCKER_REPO#*/}"
+    org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden"
    org.opencontainers.image.version="${SOURCE_VERSION}"
 )
 LABEL_ARGS=()
@@ -34,9 +35,9 @@ for label in "${LABELS[@]}"; do
    LABEL_ARGS+=(--label "${label}")
 done
-# Check if DOCKER_BUILDKIT is set, if so, use the Dockerfile.buildx as template
+# Check if DOCKER_BUILDKIT is set, if so, use the Dockerfile.buildkit as template
 if [[ -n "${DOCKER_BUILDKIT}" ]]; then
-    buildx_suffix=.buildx
+    buildkit_suffix=.buildkit
 fi
 set -ex
@@ -45,6 +46,6 @@ for arch in "${arches[@]}"; do
    docker build \
           "${LABEL_ARGS[@]}" \
           -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \
-           -f docker/${arch}/Dockerfile${buildx_suffix}${distro_suffix} \
+           -f "docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix}" \
           .
 done
--- a/hooks/pre_build
+++ b/hooks/pre_build
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -ex
--- a/hooks/push
+++ b/hooks/push
@@ -1,5 +1,6 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # shellcheck source=arches.sh
 source ./hooks/arches.sh
 export DOCKER_CLI_EXPERIMENTAL=enabled
@@ -41,7 +42,7 @@ LOCAL_REPO="${LOCAL_REGISTRY}/${REPO}"
 echo ">>> Pushing images to local registry..."
-for arch in ${arches[@]}; do
+for arch in "${arches[@]}"; do
    docker_image="${DOCKER_REPO}:${DOCKER_TAG}-${arch}"
    local_image="${LOCAL_REPO}:${DOCKER_TAG}-${arch}"
    docker tag "${docker_image}" "${local_image}"
@@ -71,9 +72,9 @@ tags=("${DOCKER_REPO}:${DOCKER_TAG}")
 # to make it easier for users to track the latest release.
 if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
    if [[ "${DOCKER_TAG}" == *alpine ]]; then
-        tags+=(${DOCKER_REPO}:alpine)
+        tags+=("${DOCKER_REPO}:alpine")
    else
-        tags+=(${DOCKER_REPO}:latest)
+        tags+=("${DOCKER_REPO}:latest")
    fi
 fi
@@ -91,10 +92,10 @@ declare -A arch_to_platform=(
    [arm64]="linux/arm64"
 )
 platforms=()
-for arch in ${arches[@]}; do
+for arch in "${arches[@]}"; do
    platforms+=("${arch_to_platform[$arch]}")
 done
-platforms="$(join "," "${platforms[@]}")"
+platform="$(join "," "${platforms[@]}")"
 # Run the build, pushing the resulting images and multi-arch manifest list to
 # Docker Hub. The Dockerfile is read from stdin to avoid sending any build
@@ -104,46 +105,7 @@ docker buildx build \
       --network host \
       --build-arg LOCAL_REPO="${LOCAL_REPO}" \
       --build-arg DOCKER_TAG="${DOCKER_TAG}" \
-       --platform "${platforms}" \
+       --platform "${platform}" \
       "${tag_args[@]}" \
       --push \
       - < ./docker/Dockerfile.buildx
 # Add an extra arch-specific tag for `arm32v6`; Docker can't seem to properly
 # auto-select that image on ARMv6 platforms like Raspberry Pi 1 and Zero
 # (https://github.com/moby/moby/issues/41017).
 #
 # Note that we use `arm32v6` instead of `armv6` to be consistent with the
 # existing vaultwarden tags, which adhere to the naming conventions of the
 # Docker per-architecture repos (e.g., https://hub.docker.com/u/arm32v6).
 # Unfortunately, these per-arch repo names aren't always consistent with the
 # corresponding platform (OS/arch/variant) IDs, particularly in the case of
 # 32-bit ARM arches (e.g., `linux/arm/v6` is used, not `linux/arm32/v6`).
 #
 # TODO: It looks like this issue should be fixed starting in Docker 20.10.0,
 # so this step can be removed once fixed versions are in wider distribution.
 #
 # Tags:
 #
 #   testing        => testing-arm32v6
 #   testing-alpine => <ignored>
 #   x.y.z          => x.y.z-arm32v6, latest-arm32v6
 #   x.y.z-alpine   => <ignored>
 #
 if [[ "${DOCKER_TAG}" != *alpine ]]; then
    image="${DOCKER_REPO}":"${DOCKER_TAG}"
    # Fetch the multi-arch manifest list and find the digest of the armv6 image.
    filter='.manifests|.[]|select(.platform.architecture=="arm" and .platform.variant=="v6")|.digest'
    digest="$(docker manifest inspect "${image}" | jq -r "${filter}")"
    # Pull the armv6 image by digest, retag it, and repush it.
    docker pull "${DOCKER_REPO}"@"${digest}"
    docker tag "${DOCKER_REPO}"@"${digest}" "${image}"-arm32v6
    docker push "${image}"-arm32v6
    if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
        docker tag "${image}"-arm32v6 "${DOCKER_REPO}:latest"-arm32v6
        docker push "${DOCKER_REPO}:latest"-arm32v6
    fi
 fi
--- a/migrations/mysql/2022-03-02-210038_update_devices_primary_key/down.sql
+++ b/migrations/mysql/2022-03-02-210038_update_devices_primary_key/down.sql
--- a/migrations/mysql/2022-03-02-210038_update_devices_primary_key/up.sql
+++ b/migrations/mysql/2022-03-02-210038_update_devices_primary_key/up.sql
@@ -0,0 +1,4 @@
 -- First remove the previous primary key
 ALTER TABLE devices DROP PRIMARY KEY;
 -- Add a new combined one
 ALTER TABLE devices ADD PRIMARY KEY (uuid, user_uuid);
--- a/migrations/mysql/2022-07-27-110000_add_group_support/down.sql
+++ b/migrations/mysql/2022-07-27-110000_add_group_support/down.sql
@@ -0,0 +1,3 @@
 DROP TABLE `groups`;
 DROP TABLE groups_users;
 DROP TABLE collections_groups;
--- a/migrations/mysql/2022-07-27-110000_add_group_support/up.sql
+++ b/migrations/mysql/2022-07-27-110000_add_group_support/up.sql
@@ -0,0 +1,23 @@
 CREATE TABLE `groups` (
  uuid                              CHAR(36) NOT NULL PRIMARY KEY,
  organizations_uuid                VARCHAR(40) NOT NULL REFERENCES organizations (uuid),
  name                              VARCHAR(100) NOT NULL,
  access_all                        BOOLEAN NOT NULL,
  external_id                       VARCHAR(300) NULL,
  creation_date                     DATETIME NOT NULL,
  revision_date                     DATETIME NOT NULL
 );
 CREATE TABLE groups_users (
  groups_uuid                       CHAR(36) NOT NULL REFERENCES `groups` (uuid),
  users_organizations_uuid          VARCHAR(36) NOT NULL REFERENCES users_organizations (uuid),
  UNIQUE (groups_uuid, users_organizations_uuid)
 );
 CREATE TABLE collections_groups (
  collections_uuid                  VARCHAR(40) NOT NULL REFERENCES collections (uuid),
  groups_uuid                       CHAR(36) NOT NULL REFERENCES `groups` (uuid),
  read_only                         BOOLEAN NOT NULL,
  hide_passwords                    BOOLEAN NOT NULL,
  UNIQUE (collections_uuid, groups_uuid)
 );
--- a/migrations/mysql/2022-10-18-170602_add_events/down.sql
+++ b/migrations/mysql/2022-10-18-170602_add_events/down.sql
@@ -0,0 +1 @@
 DROP TABLE event;
--- a/migrations/mysql/2022-10-18-170602_add_events/up.sql
+++ b/migrations/mysql/2022-10-18-170602_add_events/up.sql
@@ -0,0 +1,19 @@
 CREATE TABLE event (
  uuid               CHAR(36)    NOT NULL PRIMARY KEY,
  event_type         INTEGER     NOT NULL,
  user_uuid          CHAR(36),
  org_uuid           CHAR(36),
  cipher_uuid        CHAR(36),
  collection_uuid    CHAR(36),
  group_uuid         CHAR(36),
  org_user_uuid      CHAR(36),
  act_user_uuid      CHAR(36),
  device_type        INTEGER,
  ip_address         TEXT,
  event_date         DATETIME    NOT NULL,
  policy_uuid        CHAR(36),
  provider_uuid      CHAR(36),
  provider_user_uuid CHAR(36),
  provider_org_uuid  CHAR(36),
  UNIQUE (uuid)
 );
--- a/migrations/mysql/2023-01-06-151600_add_reset_password_support/down.sql
+++ b/migrations/mysql/2023-01-06-151600_add_reset_password_support/down.sql
--- a/migrations/mysql/2023-01-06-151600_add_reset_password_support/up.sql
+++ b/migrations/mysql/2023-01-06-151600_add_reset_password_support/up.sql
@@ -0,0 +1,2 @@
 ALTER TABLE users_organizations
 ADD COLUMN reset_password_key TEXT;
--- a/migrations/mysql/2023-01-11-205851_add_avatar_color/down.sql
+++ b/migrations/mysql/2023-01-11-205851_add_avatar_color/down.sql
--- a/migrations/mysql/2023-01-11-205851_add_avatar_color/up.sql
+++ b/migrations/mysql/2023-01-11-205851_add_avatar_color/up.sql
@@ -0,0 +1,2 @@
 ALTER TABLE users
 ADD COLUMN avatar_color VARCHAR(7);
--- a/migrations/mysql/2023-01-31-222222_add_argon2/down.sql
+++ b/migrations/mysql/2023-01-31-222222_add_argon2/down.sql
--- a/migrations/mysql/2023-01-31-222222_add_argon2/up.sql
+++ b/migrations/mysql/2023-01-31-222222_add_argon2/up.sql
@@ -0,0 +1,7 @@
 ALTER TABLE users
    ADD COLUMN
    client_kdf_memory INTEGER DEFAULT NULL;
 ALTER TABLE users
    ADD COLUMN
    client_kdf_parallelism INTEGER DEFAULT NULL;
--- a/migrations/mysql/2023-02-18-125735_push_uuid_table/down.sql
+++ b/migrations/mysql/2023-02-18-125735_push_uuid_table/down.sql
--- a/migrations/mysql/2023-02-18-125735_push_uuid_table/up.sql
+++ b/migrations/mysql/2023-02-18-125735_push_uuid_table/up.sql
@@ -0,0 +1 @@
 ALTER TABLE devices ADD COLUMN push_uuid TEXT;
--- a/migrations/mysql/2023-06-02-200424_create_organization_api_key/down.sql
+++ b/migrations/mysql/2023-06-02-200424_create_organization_api_key/down.sql
--- a/migrations/mysql/2023-06-02-200424_create_organization_api_key/up.sql
+++ b/migrations/mysql/2023-06-02-200424_create_organization_api_key/up.sql
@@ -0,0 +1,10 @@
 CREATE TABLE organization_api_key (
 	uuid			CHAR(36) NOT NULL,
 	org_uuid		CHAR(36) NOT NULL REFERENCES organizations(uuid),
 	atype			INTEGER NOT NULL,
 	api_key			VARCHAR(255) NOT NULL,
 	revision_date	DATETIME NOT NULL,
 	PRIMARY KEY(uuid, org_uuid)
 );
 ALTER TABLE users ADD COLUMN external_id TEXT;
--- a/migrations/mysql/2023-06-28-133700_add_collection_external_id/down.sql
+++ b/migrations/mysql/2023-06-28-133700_add_collection_external_id/down.sql
--- a/migrations/mysql/2023-06-28-133700_add_collection_external_id/up.sql
+++ b/migrations/mysql/2023-06-28-133700_add_collection_external_id/up.sql
@@ -0,0 +1 @@
 ALTER TABLE collections ADD COLUMN external_id TEXT;
--- a/migrations/postgresql/2022-03-02-210038_update_devices_primary_key/down.sql
+++ b/migrations/postgresql/2022-03-02-210038_update_devices_primary_key/down.sql
--- a/migrations/postgresql/2022-03-02-210038_update_devices_primary_key/up.sql
+++ b/migrations/postgresql/2022-03-02-210038_update_devices_primary_key/up.sql
@@ -0,0 +1,4 @@
 -- First remove the previous primary key
 ALTER TABLE devices DROP CONSTRAINT devices_pkey;
 -- Add a new combined one
 ALTER TABLE devices ADD PRIMARY KEY (uuid, user_uuid);
--- a/migrations/postgresql/2022-07-27-110000_add_group_support/down.sql
+++ b/migrations/postgresql/2022-07-27-110000_add_group_support/down.sql
@@ -0,0 +1,3 @@
 DROP TABLE groups;
 DROP TABLE groups_users;
 DROP TABLE collections_groups;
--- a/migrations/postgresql/2022-07-27-110000_add_group_support/up.sql
+++ b/migrations/postgresql/2022-07-27-110000_add_group_support/up.sql
@@ -0,0 +1,23 @@
 CREATE TABLE groups (
  uuid                              CHAR(36) NOT NULL PRIMARY KEY,
  organizations_uuid                 VARCHAR(40) NOT NULL REFERENCES organizations (uuid),
  name                              VARCHAR(100) NOT NULL,
  access_all                        BOOLEAN NOT NULL,
  external_id                       VARCHAR(300) NULL,
  creation_date                     TIMESTAMP NOT NULL,
  revision_date                     TIMESTAMP NOT NULL
 );
 CREATE TABLE groups_users (
  groups_uuid                       CHAR(36) NOT NULL REFERENCES groups (uuid),
  users_organizations_uuid          VARCHAR(36) NOT NULL REFERENCES users_organizations (uuid),
  PRIMARY KEY (groups_uuid, users_organizations_uuid)
 );
 CREATE TABLE collections_groups (
  collections_uuid                  VARCHAR(40) NOT NULL REFERENCES collections (uuid),
  groups_uuid                       CHAR(36) NOT NULL REFERENCES groups (uuid),
  read_only                         BOOLEAN NOT NULL,
  hide_passwords                    BOOLEAN NOT NULL,
  PRIMARY KEY (collections_uuid, groups_uuid)
 );
--- a/migrations/postgresql/2022-10-18-170602_add_events/down.sql
+++ b/migrations/postgresql/2022-10-18-170602_add_events/down.sql
@@ -0,0 +1 @@
 DROP TABLE event;
--- a/migrations/postgresql/2022-10-18-170602_add_events/up.sql
+++ b/migrations/postgresql/2022-10-18-170602_add_events/up.sql
@@ -0,0 +1,19 @@
 CREATE TABLE event (
  uuid               CHAR(36)        NOT NULL PRIMARY KEY,
  event_type         INTEGER     NOT NULL,
  user_uuid          CHAR(36),
  org_uuid           CHAR(36),
  cipher_uuid        CHAR(36),
  collection_uuid    CHAR(36),
  group_uuid         CHAR(36),
  org_user_uuid      CHAR(36),
  act_user_uuid      CHAR(36),
  device_type        INTEGER,
  ip_address         TEXT,
  event_date         TIMESTAMP    NOT NULL,
  policy_uuid        CHAR(36),
  provider_uuid      CHAR(36),
  provider_user_uuid CHAR(36),
  provider_org_uuid  CHAR(36),
  UNIQUE (uuid)
 );
--- a/migrations/postgresql/2023-01-06-151600_add_reset_password_support/down.sql
+++ b/migrations/postgresql/2023-01-06-151600_add_reset_password_support/down.sql
--- a/migrations/postgresql/2023-01-06-151600_add_reset_password_support/up.sql
+++ b/migrations/postgresql/2023-01-06-151600_add_reset_password_support/up.sql
@@ -0,0 +1,2 @@
 ALTER TABLE users_organizations
 ADD COLUMN reset_password_key TEXT;
--- a/migrations/postgresql/2023-01-11-205851_add_avatar_color/down.sql
+++ b/migrations/postgresql/2023-01-11-205851_add_avatar_color/down.sql
--- a/migrations/postgresql/2023-01-11-205851_add_avatar_color/up.sql
+++ b/migrations/postgresql/2023-01-11-205851_add_avatar_color/up.sql
@@ -0,0 +1,2 @@
 ALTER TABLE users
 ADD COLUMN avatar_color TEXT;
--- a/migrations/postgresql/2023-01-31-222222_add_argon2/down.sql
+++ b/migrations/postgresql/2023-01-31-222222_add_argon2/down.sql
--- a/migrations/postgresql/2023-01-31-222222_add_argon2/up.sql
+++ b/migrations/postgresql/2023-01-31-222222_add_argon2/up.sql
@@ -0,0 +1,7 @@
 ALTER TABLE users
    ADD COLUMN
    client_kdf_memory INTEGER DEFAULT NULL;
 ALTER TABLE users
    ADD COLUMN
    client_kdf_parallelism INTEGER DEFAULT NULL;
--- a/migrations/postgresql/2023-02-18-125735_push_uuid_table/down.sql
+++ b/migrations/postgresql/2023-02-18-125735_push_uuid_table/down.sql
--- a/migrations/postgresql/2023-02-18-125735_push_uuid_table/up.sql
+++ b/migrations/postgresql/2023-02-18-125735_push_uuid_table/up.sql
@@ -0,0 +1 @@
 ALTER TABLE devices ADD COLUMN push_uuid TEXT;
--- a/migrations/postgresql/2023-06-02-200424_create_organization_api_key/down.sql
+++ b/migrations/postgresql/2023-06-02-200424_create_organization_api_key/down.sql
--- a/migrations/postgresql/2023-06-02-200424_create_organization_api_key/up.sql
+++ b/migrations/postgresql/2023-06-02-200424_create_organization_api_key/up.sql
@@ -0,0 +1,10 @@
 CREATE TABLE organization_api_key (
 	uuid			CHAR(36) NOT NULL,
 	org_uuid		CHAR(36) NOT NULL REFERENCES organizations(uuid),
 	atype			INTEGER NOT NULL,
 	api_key			VARCHAR(255),
 	revision_date	TIMESTAMP NOT NULL,
 	PRIMARY KEY(uuid, org_uuid)
 );
 ALTER TABLE users ADD COLUMN external_id TEXT;
--- a/migrations/postgresql/2023-06-28-133700_add_collection_external_id/down.sql
+++ b/migrations/postgresql/2023-06-28-133700_add_collection_external_id/down.sql
--- a/migrations/postgresql/2023-06-28-133700_add_collection_external_id/up.sql
+++ b/migrations/postgresql/2023-06-28-133700_add_collection_external_id/up.sql
@@ -0,0 +1 @@
 ALTER TABLE collections ADD COLUMN external_id TEXT;
--- a/migrations/sqlite/2022-03-02-210038_update_devices_primary_key/down.sql
+++ b/migrations/sqlite/2022-03-02-210038_update_devices_primary_key/down.sql
--- a/migrations/sqlite/2022-03-02-210038_update_devices_primary_key/up.sql
+++ b/migrations/sqlite/2022-03-02-210038_update_devices_primary_key/up.sql
@@ -0,0 +1,23 @@
 -- Create new devices table with primary keys on both uuid and user_uuid
 CREATE TABLE devices_new (
 	uuid	TEXT NOT NULL,
 	created_at	DATETIME NOT NULL,
 	updated_at	DATETIME NOT NULL,
 	user_uuid	TEXT NOT NULL,
 	name	TEXT NOT NULL,
 	atype	INTEGER NOT NULL,
 	push_token	TEXT,
 	refresh_token	TEXT NOT NULL,
 	twofactor_remember	TEXT,
 	PRIMARY KEY(uuid, user_uuid),
 	FOREIGN KEY(user_uuid) REFERENCES users(uuid)
 );
 -- Transfer current data to new table
 INSERT INTO devices_new SELECT * FROM devices;
 -- Drop the old table
 DROP TABLE devices;
 -- Rename the new table to the original name
 ALTER TABLE devices_new RENAME TO devices;
--- a/migrations/sqlite/2022-07-27-110000_add_group_support/down.sql
+++ b/migrations/sqlite/2022-07-27-110000_add_group_support/down.sql
@@ -0,0 +1,3 @@
 DROP TABLE groups;
 DROP TABLE groups_users;
 DROP TABLE collections_groups;
--- a/migrations/sqlite/2022-07-27-110000_add_group_support/up.sql
+++ b/migrations/sqlite/2022-07-27-110000_add_group_support/up.sql
@@ -0,0 +1,23 @@
 CREATE TABLE groups (
  uuid                              TEXT NOT NULL PRIMARY KEY,
  organizations_uuid                TEXT NOT NULL REFERENCES organizations (uuid),
  name                              TEXT NOT NULL,
  access_all                        BOOLEAN NOT NULL,
  external_id                       TEXT NULL,
  creation_date                     TIMESTAMP NOT NULL,
  revision_date                     TIMESTAMP NOT NULL
 );
 CREATE TABLE groups_users (
  groups_uuid                       TEXT NOT NULL REFERENCES groups (uuid),
  users_organizations_uuid          TEXT NOT NULL REFERENCES users_organizations (uuid),
  UNIQUE (groups_uuid, users_organizations_uuid)
 );
 CREATE TABLE collections_groups (
  collections_uuid                  TEXT NOT NULL REFERENCES collections (uuid),
  groups_uuid                       TEXT NOT NULL REFERENCES groups (uuid),
  read_only                         BOOLEAN NOT NULL,
  hide_passwords                    BOOLEAN NOT NULL,
  UNIQUE (collections_uuid, groups_uuid)
 );
--- a/migrations/sqlite/2022-10-18-170602_add_events/down.sql
+++ b/migrations/sqlite/2022-10-18-170602_add_events/down.sql
@@ -0,0 +1 @@
 DROP TABLE event;
--- a/migrations/sqlite/2022-10-18-170602_add_events/up.sql
+++ b/migrations/sqlite/2022-10-18-170602_add_events/up.sql
@@ -0,0 +1,19 @@
 CREATE TABLE event (
  uuid               TEXT        NOT NULL PRIMARY KEY,
  event_type         INTEGER     NOT NULL,
  user_uuid          TEXT,
  org_uuid           TEXT,
  cipher_uuid        TEXT,
  collection_uuid    TEXT,
  group_uuid         TEXT,
  org_user_uuid      TEXT,
  act_user_uuid      TEXT,
  device_type        INTEGER,
  ip_address         TEXT,
  event_date         DATETIME    NOT NULL,
  policy_uuid        TEXT,
  provider_uuid      TEXT,
  provider_user_uuid TEXT,
  provider_org_uuid  TEXT,
  UNIQUE (uuid)
 );
--- a/migrations/sqlite/2023-01-06-151600_add_reset_password_support/down.sql
+++ b/migrations/sqlite/2023-01-06-151600_add_reset_password_support/down.sql
--- a/migrations/sqlite/2023-01-06-151600_add_reset_password_support/up.sql
+++ b/migrations/sqlite/2023-01-06-151600_add_reset_password_support/up.sql
@@ -0,0 +1,2 @@
 ALTER TABLE users_organizations
 ADD COLUMN reset_password_key TEXT;
--- a/migrations/sqlite/2023-01-11-205851_add_avatar_color/down.sql
+++ b/migrations/sqlite/2023-01-11-205851_add_avatar_color/down.sql
--- a/migrations/sqlite/2023-01-11-205851_add_avatar_color/up.sql
+++ b/migrations/sqlite/2023-01-11-205851_add_avatar_color/up.sql
@@ -0,0 +1,2 @@
 ALTER TABLE users
 ADD COLUMN avatar_color TEXT;
--- a/migrations/sqlite/2023-01-31-222222_add_argon2/down.sql
+++ b/migrations/sqlite/2023-01-31-222222_add_argon2/down.sql
--- a/migrations/sqlite/2023-01-31-222222_add_argon2/up.sql
+++ b/migrations/sqlite/2023-01-31-222222_add_argon2/up.sql
@@ -0,0 +1,7 @@
 ALTER TABLE users
    ADD COLUMN
    client_kdf_memory INTEGER DEFAULT NULL;
 ALTER TABLE users
    ADD COLUMN
    client_kdf_parallelism INTEGER DEFAULT NULL;
--- a/migrations/sqlite/2023-02-18-125735_push_uuid_table/down.sql
+++ b/migrations/sqlite/2023-02-18-125735_push_uuid_table/down.sql
--- a/migrations/sqlite/2023-02-18-125735_push_uuid_table/up.sql
+++ b/migrations/sqlite/2023-02-18-125735_push_uuid_table/up.sql
@@ -0,0 +1 @@
 ALTER TABLE devices ADD COLUMN push_uuid TEXT;
--- a/migrations/sqlite/2023-06-02-200424_create_organization_api_key/down.sql
+++ b/migrations/sqlite/2023-06-02-200424_create_organization_api_key/down.sql
--- a/migrations/sqlite/2023-06-02-200424_create_organization_api_key/up.sql
+++ b/migrations/sqlite/2023-06-02-200424_create_organization_api_key/up.sql
@@ -0,0 +1,11 @@
 CREATE TABLE organization_api_key (
 	uuid            TEXT NOT NULL,
    org_uuid	    TEXT NOT NULL,
    atype           INTEGER NOT NULL,
    api_key         TEXT NOT NULL,
 	revision_date   DATETIME NOT NULL,
 	PRIMARY KEY(uuid, org_uuid),
 	FOREIGN KEY(org_uuid) REFERENCES organizations(uuid)
 );
 ALTER TABLE users ADD COLUMN external_id TEXT;
--- a/migrations/sqlite/2023-06-28-133700_add_collection_external_id/down.sql
+++ b/migrations/sqlite/2023-06-28-133700_add_collection_external_id/down.sql
--- a/migrations/sqlite/2023-06-28-133700_add_collection_external_id/up.sql
+++ b/migrations/sqlite/2023-06-28-133700_add_collection_external_id/up.sql
@@ -0,0 +1 @@
 ALTER TABLE collections ADD COLUMN external_id TEXT;
--- a/resources/404.svg
+++ b/resources/404.svg
@@ -0,0 +1,93 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!-- Created with Inkscape (http://www.inkscape.org/) -->
 <svg
   width="500"
   height="222"
   viewBox="0 0 500 222"
   version="1.1"
   id="svg5"
   xml:space="preserve"
   inkscape:version="1.2.1 (9c6d41e410, 2022-07-14, custom)"
   sodipodi:docname="404.svg"
   inkscape:export-filename="404.png"
   inkscape:export-xdpi="96"
   inkscape:export-ydpi="96"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns:xlink="http://www.w3.org/1999/xlink"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
     id="namedview7"
     pagecolor="#ffffff"
     bordercolor="#666666"
     borderopacity="1.0"
     inkscape:showpageshadow="2"
     inkscape:pageopacity="0.0"
     inkscape:pagecheckerboard="0"
     inkscape:deskcolor="#d1d1d1"
     inkscape:document-units="px"
     showgrid="false"
     inkscape:zoom="1.3791767"
     inkscape:cx="284.59007"
     inkscape:cy="214.25826"
     inkscape:window-width="1916"
     inkscape:window-height="1038"
     inkscape:window-x="0"
     inkscape:window-y="18"
     inkscape:window-maximized="1"
     inkscape:current-layer="layer1"
     showguides="false" /><defs
     id="defs2"><mask
       id="holes"><rect
         x="-60"
         y="-60"
         width="120"
         height="120"
         fill="#ffffff"
         id="rect3296" /><circle
         id="hole"
         cy="-40"
         r="3"
         cx="0" /><use
         transform="rotate(72)"
         xlink:href="#hole"
         id="use3299" /><use
         transform="rotate(144)"
         xlink:href="#hole"
         id="use3301" /><use
         transform="rotate(-144)"
         xlink:href="#hole"
         id="use3303" /><use
         transform="rotate(-72)"
         xlink:href="#hole"
         id="use3305" /></mask></defs><g
     inkscape:label="Ebene 1"
     inkscape:groupmode="layer"
     id="layer1"><rect
       style="fill:none;fill-opacity:0.5;stroke:none;stroke-width:0.74;stroke-opacity:1"
       id="rect681"
       width="666"
       height="222"
       x="0"
       y="0" /><text
       xml:space="preserve"
       style="font-size:128px;line-height:1.25;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.7;stroke-width:1"
       x="249.9375"
       y="134.8125"
       id="text3425"><tspan
         id="tspan3423"
         x="249.9375"
         y="134.8125"
         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:128px;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.7;stroke-width:1"
         sodipodi:role="line">404</tspan></text><text
       xml:space="preserve"
       style="font-size:26.6667px;line-height:1.25;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';text-align:center;text-anchor:middle"
       x="249.04297"
       y="194.68582"
       id="text4067"><tspan
         sodipodi:role="line"
         id="tspan4065"
         x="249.04295"
         y="194.68582"
         style="font-size:26.6667px;text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.7">Return to the web vault?</tspan></text></g></svg>
--- a/resources/vaultwarden-icon-white.svg
+++ b/resources/vaultwarden-icon-white.svg
--- a/resources/vaultwarden-icon.svg
+++ b/resources/vaultwarden-icon.svg
--- a/resources/vaultwarden-logo-white.svg
+++ b/resources/vaultwarden-logo-white.svg
--- a/resources/vaultwarden-logo.svg
+++ b/resources/vaultwarden-logo.svg
--- a/2
+++ b/2
@@ -1 +1 @@
-nightly-2022-01-23
+1.70.0
--- a/rustfmt.toml
+++ b/rustfmt.toml
@@ -1,7 +1,4 @@
-version = "Two"
+edition = "2021"
 edition = "2018"
 max_width = 120
 newline_style = "Unix"
 use_small_heuristics = "Off"
 struct_lit_single_line = false
 overflow_delimited_expr = true
--- a/Show More
+++ b/Show More
		`@@ -1,2 +0,0 @@`
			`[global.limits]`
			`json = 10485760 # 10 MiB`
`@@ -1,4 +1,4 @@`
	`#!/bin/bash`	`#!/usr/bin/env bash`

	`set -ex`	`set -ex`
		`@@ -0,0 +1,2 @@`
							`ALTER TABLE users_organizations`
							`ADD COLUMN reset_password_key TEXT;`
		`@@ -0,0 +1,2 @@`
							`ALTER TABLE users`
							`ADD COLUMN avatar_color VARCHAR(7);`
		`@@ -0,0 +1 @@`
							`ALTER TABLE devices ADD COLUMN push_uuid TEXT;`
		`@@ -0,0 +1 @@`
							`ALTER TABLE collections ADD COLUMN external_id TEXT;`
		`@@ -0,0 +1,2 @@`
							`ALTER TABLE users`
							`ADD COLUMN avatar_color TEXT;`