125b64727c
* [PM-38116] Harden SSRF protection in IPAddressExtensions.IsInternal() Replace the prefix/byte-pattern checks in IsInternal() with an explicit list of reserved networks from the IANA IPv4 and IPv6 Special-Purpose Address Registries, and add NAT64/6to4 embedded-IPv4 decoding so an attacker cannot reach an internal IPv4 host by encoding it as an IPv6 destination. Coverage added: - IPv4: 0.0.0.0/8, RFC 1918, CGNAT, loopback, link-local, 192.0.0.0/24 (incl. Oracle Cloud metadata 192.0.0.192), TEST-NET-1/2/3, 6to4 anycast, benchmarking, multicast, 240.0.0.0/4, limited broadcast. - IPv6: ::, ::1, NAT64 local-use, discard-only, Teredo, benchmarking, AMT, ORCHID/ORCHIDv2, RFC 3849 and RFC 9637 documentation, segment routing, ULA, link-local, multicast. - Embedded IPv4: RFC 6052 NAT64 well-known (64:ff9b::/96) and RFC 3056 6to4 (2002::/16) decode the embedded IPv4 and re-check it. - IPv4-mapped IPv6 (::ffff:0:0/96) maps to IPv4 and re-checks. Fixes a bypass where the previous fe-prefix check classified fec0::/10 and fe00::/10 as link-local even though only fe80::/10 is. * [PM-38116] Restore UTF-8 BOM on IPAddressExtensions files The .editorconfig requires *.cs files to use utf-8-bom encoding, which was inadvertently stripped during prior edits, causing dotnet format --verify-no-changes to fail with error CHARSET. * updates _ipv4embedded constructor to be the same as _reservedipv4/6networks * updates tests to use a more obviously public IP * Adds additional tests * refactor foreach to linq * adds azure IP address 168.63.129.16 --------- Co-authored-by: Matt Andreko <mandreko@bitwarden.com>
The Bitwarden Server project contains the APIs, database, and other core infrastructure items needed for the "backend" of all bitwarden client applications.
The server project is written in C# using .NET Core with ASP.NET Core. The database is written in T-SQL/SQL Server. The codebase can be developed, built, run, and deployed cross-platform on Windows, macOS, and Linux distributions.
Developer Documentation
Please refer to the Server Setup Guide in the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.
Deploy
You can deploy Bitwarden using Docker containers on Windows, macOS, and Linux distributions. Use the provided PowerShell and Bash scripts to get started quickly. Find all of the Bitwarden images on GitHub Container Registry.
Full documentation for deploying Bitwarden with Docker can be found in our help center at: https://help.bitwarden.com/article/install-on-premise/
Requirements
- Docker
- Docker Compose (already included with some Docker installations)
These dependencies are free to use.
Linux & macOS
curl -s -L -o bitwarden.sh \
"https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" \
&& chmod +x bitwarden.sh
./bitwarden.sh install
./bitwarden.sh start
Windows
Invoke-RestMethod -OutFile bitwarden.ps1 `
-Uri "https://func.bitwarden.com/api/dl/?app=self-host&platform=windows"
.\bitwarden.ps1 -install
.\bitwarden.ps1 -start
Production Container Images
View Current Production Image Hashes (click to expand)
US Production Cluster
| Service | Image Hash |
|---|---|
| Admin |  |
| API |  |
| Billing |  |
| Events |  |
| EventsProcessor |  |
| Identity |  |
| Notifications |  |
| SCIM |  |
| SSO |  |
EU Production Cluster
| Service | Image Hash |
|---|---|
| Admin |  |
| API |  |
| Billing |  |
| Events |  |
| EventsProcessor |  |
| Identity |  |
| Notifications |  |
| SCIM |  |
| SSO |  |
We're Hiring!
Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our Careers page to see what opportunities are currently open as well as what it's like to work at Bitwarden.
Contribute
Code contributions are welcome! Please commit any pull requests against the main branch. Learn more about how to contribute by reading the Contributing Guidelines. Check out the Contributing Documentation for how to get started with your first contribution.
Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the SECURITY.md file. We also run a program on HackerOne.
No grant of any rights in the trademarks, service marks, or logos of Bitwarden is made (except as may be necessary to comply with the notice requirements as applicable), and use of any Bitwarden trademarks must comply with Bitwarden Trademark Guidelines.
Dotnet-format
Consider installing our git pre-commit hook for automatic formatting.
git config --local core.hooksPath .git-hooks