From ecd51386e8159d6e83f9ba70b5cc2825e87bf053 Mon Sep 17 00:00:00 2001
From: Joe Irving <joe@irving.me.uk>
Date: Tue, 20 Jan 2026 18:02:18 +0000
Subject: [PATCH 1/3] chore: publish 3.0.0+1.35.2 release

---
 .env.sample          | 25 +++++++++++++++++++++++++
 compose.yml          |  4 ++--
 release/3.0.0+1.35.2 |  4 ++++
 3 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 release/3.0.0+1.35.2

diff --git a/.env.sample b/.env.sample
index 16dde98..87cd854 100644
--- a/.env.sample
+++ b/.env.sample
@@ -31,3 +31,28 @@ TX="Europe/Berlin"
 #SMTP_HOST=mail.example.com
 #SMTP_PORT=587
 #SMTP_SECURITY=starttls
+
+## SSO Setup Start ##
+
+## SSO Required Setup
+#SSO_ENABLED=false ## Activate the SSO
+
+## the OpenID Connect Discovery endpoint of your SSO. Should not include the /.well-known/openid-configuration part and no trailing / ${SSO_AUTHORITY}/.well-known/openid-configuration must return a JSON document: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse (with an HTTP status code 200 OK!)
+#SSO_AUTHORITY=
+#SSO_CLIENT_ID=             
+#SSO_CLIENT_SECRET= 
+#SSO_ONLY=false ## disable email+Master password authentication
+
+## SSO Optional Setup
+#SSO_SIGNUPS_MATCH_EMAIL=true ##: On SSO Signup if a user with a matching email already exists make the association (default true)
+#SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION=false ## Allow unknown email verification status (default false). Allowing this with SSO_SIGNUPS_MATCH_EMAIL open potential account takeover.
+#SSO_SCOPES= ##Optional, allow to override scopes if needed (default "email profile")
+#SSO_AUTHORIZE_EXTRA_PARAMS= ## Optional, allow to add extra parameter to the authorize redirection (default "")
+#SSO_PKCE=true ## Activate PKCE for the Auth Code flow (default true).
+#SSO_AUDIENCE_TRUSTED= ##Optional, Regex to trust additional audience for the IdToken (client_id is always trusted). Use single quote when writing the regex: '^$'.
+#SSO_MASTER_PASSWORD_POLICY ## Optional Master password policy (enforceOnLogin is not supported).
+#SSO_AUTH_ONLY_NOT_SESSION ## Enable to use SSO only for authentication not session lifecycle
+#SSO_CLIENT_CACHE_EXPIRATION=0 ## Cache calls to the discovery endpoint, duration in seconds, 0 to disable (default 0);
+#SSO_DEBUG_TOKENS=false ## Log all tokens for easier debugging (default false, LOG_LEVEL=debug or LOG_LEVEL=info,vaultwarden::sso=debug need to be set)
+
+## SSO Setup End ##
diff --git a/compose.yml b/compose.yml
index 696c373..5fef515 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: vaultwarden/server:1.34.3
+    image: vaultwarden/server:1.35.2
     networks:
       - proxy
       - internal
@@ -43,7 +43,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=2.1.1+1.34.3"
+        - "coop-cloud.${STACK_NAME}.version=3.0.0+1.35.2"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/data"
 
diff --git a/release/3.0.0+1.35.2 b/release/3.0.0+1.35.2
new file mode 100644
index 0000000..12dfa4c
--- /dev/null
+++ b/release/3.0.0+1.35.2
@@ -0,0 +1,4 @@
+Allows support for 2026.1+ clients.
+
+This release includes options for SSO. Check out the release notes for
+more infomation.
-- 
2.49.0


From 2410d778e3defd4905891478307528b745f40a72 Mon Sep 17 00:00:00 2001
From: Joe Irving <joe@irving.me.uk>
Date: Sat, 24 Jan 2026 17:03:15 +0000
Subject: [PATCH 2/3] fix: remove SSO reference while WIP

---
 .env.sample | 27 +--------------------------
 1 file changed, 1 insertion(+), 26 deletions(-)

diff --git a/.env.sample b/.env.sample
index 87cd854..a3de749 100644
--- a/.env.sample
+++ b/.env.sample
@@ -30,29 +30,4 @@ TX="Europe/Berlin"
 #SMTP_USERNAME=noreply@example.com
 #SMTP_HOST=mail.example.com
 #SMTP_PORT=587
-#SMTP_SECURITY=starttls
-
-## SSO Setup Start ##
-
-## SSO Required Setup
-#SSO_ENABLED=false ## Activate the SSO
-
-## the OpenID Connect Discovery endpoint of your SSO. Should not include the /.well-known/openid-configuration part and no trailing / ${SSO_AUTHORITY}/.well-known/openid-configuration must return a JSON document: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse (with an HTTP status code 200 OK!)
-#SSO_AUTHORITY=
-#SSO_CLIENT_ID=             
-#SSO_CLIENT_SECRET= 
-#SSO_ONLY=false ## disable email+Master password authentication
-
-## SSO Optional Setup
-#SSO_SIGNUPS_MATCH_EMAIL=true ##: On SSO Signup if a user with a matching email already exists make the association (default true)
-#SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION=false ## Allow unknown email verification status (default false). Allowing this with SSO_SIGNUPS_MATCH_EMAIL open potential account takeover.
-#SSO_SCOPES= ##Optional, allow to override scopes if needed (default "email profile")
-#SSO_AUTHORIZE_EXTRA_PARAMS= ## Optional, allow to add extra parameter to the authorize redirection (default "")
-#SSO_PKCE=true ## Activate PKCE for the Auth Code flow (default true).
-#SSO_AUDIENCE_TRUSTED= ##Optional, Regex to trust additional audience for the IdToken (client_id is always trusted). Use single quote when writing the regex: '^$'.
-#SSO_MASTER_PASSWORD_POLICY ## Optional Master password policy (enforceOnLogin is not supported).
-#SSO_AUTH_ONLY_NOT_SESSION ## Enable to use SSO only for authentication not session lifecycle
-#SSO_CLIENT_CACHE_EXPIRATION=0 ## Cache calls to the discovery endpoint, duration in seconds, 0 to disable (default 0);
-#SSO_DEBUG_TOKENS=false ## Log all tokens for easier debugging (default false, LOG_LEVEL=debug or LOG_LEVEL=info,vaultwarden::sso=debug need to be set)
-
-## SSO Setup End ##
+#SMTP_SECURITY=starttls
\ No newline at end of file
-- 
2.49.0


From 10af40a73d1f3e52a4e1e52c53e64c00b2fa58df Mon Sep 17 00:00:00 2001
From: Joe Irving <joe@irving.me.uk>
Date: Sat, 24 Jan 2026 19:18:50 +0000
Subject: [PATCH 3/3] fix: release notes

---
 release/2.0.1+1.35.2 | 1 +
 release/3.0.0+1.35.2 | 4 ----
 2 files changed, 1 insertion(+), 4 deletions(-)
 create mode 100644 release/2.0.1+1.35.2
 delete mode 100644 release/3.0.0+1.35.2

diff --git a/release/2.0.1+1.35.2 b/release/2.0.1+1.35.2
new file mode 100644
index 0000000..047eba3
--- /dev/null
+++ b/release/2.0.1+1.35.2
@@ -0,0 +1 @@
+Allows support for 2026.1+ clients.
diff --git a/release/3.0.0+1.35.2 b/release/3.0.0+1.35.2
deleted file mode 100644
index 12dfa4c..0000000
--- a/release/3.0.0+1.35.2
+++ /dev/null
@@ -1,4 +0,0 @@
-Allows support for 2026.1+ clients.
-
-This release includes options for SSO. Check out the release notes for
-more infomation.
-- 
2.49.0