Keyguard Updates & Release Notes

WebAuthn Level 3 support has been added for Android, and window capture protection is now available on Windows. On Windows and macOS, the app will now use the system's accent color. The previously used barcode format is also now remembered on a per-item basis. Fixes in this release correct WebAuthn authenticator flags, improve domain matching for autofill, resolve a Watchtower search bug, and prevent a potential crash in the TOTP component.

All changes

06066aac - chore: Bump app version to 2.13.0
c6dddea0 - refactor(KMP): Fake signalr websockets to allow iOS tets to pass
dac56dd1 - refactor(KMP): Switch to explicit binary search implementation because the method is not available for KMP
29e5b1b2 - feat(Android): Webauthn Level 3
7ac90ee9 - fix: Handle public suffix exception rules in TLD impl
56ded491 - @billiegoose has signed the CLA in #1435
3070efde - refactor: Batch cipher filter deletes
7ba83a3e - refactor: Pass AutoSizeText remember keys separately
16ec6b28 - improvement: Remember password visual transformation instance
233ecb21 - refactor: reuse DSecret name separator regex
32db525a - fix(signalr): Parse completion errors by field presence
7de13ff7 - fix: Clean up download cache files after success
f65c96ea - fix: compare cipher MACs by MessageDigest.isEqual()
e6755880 - fix(UI): Guard against a division by zero in totp component
85b1a23d - fix(Watchtower): Fix binary search missing common PINs on the edge (off by 1)
f14ef446 - fix(Autofill): Bound short keyword matching
7560a3af - fix(Android): Honor credential service cancellation signal
1718eb4f - fix: Make file download progress counter atomic
76c2ecfa - fix: separate tag filter visibility from collections
c681b74a - fix: Prevent potential OkHttp response leak if file downloading fails early
18c41d7c - fix(UI): Do not show Folder merge action if folders are from multiple accounts
3cc7bd1f - fix: correct WebAuthn authenticator data flags
c256da64 - refactor: Update Bitwarden passkey monotonic counter TODO comment
e3d448f5 - refactor: Migrate to the modern Compose autofill node APIs
585cac9c - refactor: Remove deprecated ServerEnvApi.Ciphers.Attachments.post(...)
29cb283d - refactor: Move request list scroll on revision change to a shared impl
a59884b8 - improvement(Windows): Support window capture protection #1424
c92c7ddb - improvement(Windows/MacOS): Use actual accent color if available #1423
1e89c104 - improvement: Remember previously used barcode format per item #1433
516d54ac - fix: IO.shared() sometimes consumes the block twice

In-app previews are now available for image and text attachments, including on WearOS. The clipboard can now be configured to clear automatically, and the desktop app can be set to minimize after copying an item. Watchtower now supports using a custom HIBP token for username breach checks. This release also improves Bitwarden sync compatibility and fixes a potential crash on Android when launching the Large Type activity.

All changes

• 65e88418 - Merge pull request #1430 from AChep/localization_action
• 38f8fb66 - [AUTO] Update localization library
• e3f0c4d7 - build: fix missing string tokens
• 63c9affc - Merge pull request #1414 from AChep/localization_action
• bcd5daa7 - Merge pull request #1425 from AChep/dependabot/gradle/androidx.wear.compose-compose-material3-1.6.2
• 8526292a - Merge pull request #1426 from AChep/dependabot/gradle/androidxCamera-1.6.1
• eb8c5f12 - chore(ci): Set default cooldown for dependabot to 7 days
• ef990c7d - chore(ci): Tighten default workflow's permissions in github actions
• d5c960f7 - chore(ci): Avoid shell template injection in github actions
• 0a391811 - fix(Android): Prevent a crash if Large type Activity is launched without arguments
• 94fb30b9 - feat(WearOS): In-app attachment preview for Image and Text formats
• 4910d6d5 - fix: clamp zoomed attachment image panning
• f56ae171 - docs(README): Add in-app attachment preview as a highlight
• f8aff93d - improvement(UI): Show text preview minimap on smaller devices as well
• 3655f66a - [AUTO] Update localization library
• fbd5458b - chore: Bump app version to 2.12.0
• d1f87386 - feat: In-app attachment previews for Image and Text formats
• d94cbb9f - build(deps): Bump androidxCamera from 1.6.0 to 1.6.1
• 09e654d4 - build(deps): Bump androidx.wear.compose:compose-material3
• bad2ae66 - Merge pull request #1419 from AChep/dependabot/gradle/gradle-wrapper-9.5.1
• 8c67431b - improvement: Change the default Auto clipboard clear to Never
• c92420fb - chore: Bump BuildKonfig to 0.21.2
• dddf4871 - feat: Auto clear clipboard #1422
• cf838d22 - tests: Correct expected result of the Ktor multipart payload
• 0b0909a7 - feat(Desktop): Minimize on copy #1368
• d7884a64 - improvement(Watchtower): Allow specifying your own HIBP token for username breach checks
• 4636c0ca - @auphone has signed the CLA in #1421
• 63b681ee - refactor: Add vault-based store for the sensitive settings
• 65c83bc9 - chore: Workaround for BuildKonfig AGP incompatibility
• c04c02d8 - chore: Bump Kotlin Ktor to 3.5.0
• 0dac0f69 - chore: Bump Kotlin coroutines to 1.11.0
• 95653fd8 - chore: Bump app version to 2.11.1
• e3bece9d - chore: Bump AGP from 9.2.0 to 9.2.1
• ad33cd72 - chore: Bump BuildKonfig from 0.20.0 to 0.21.0
• a323a889 - chore: Bump Compose from 1.11.0-rc01 to 1.11.0
• 1ec56931 - improvement(Bitwarden API): Clean-up unused properties from Cipher entity
• 0c522337 - improvement(Bitwarden API): Ignore the ciphers that have not know cipher type
• 71e5733b - improvement(Bitwarden API): Support the modern data field in the Cipher entity response
• db779262 - build(deps): Bump gradle-wrapper from 9.4.1 to 9.5.1
• 436a4558 - refactor: Custom KMP implementation of the signalr /notifications/hub
• cace3e11 - chore: Force truncate generated changelog to have less than 500 symbols

All changes

The SSH agent now features a key approval window and maintains a request history; its settings have been moved to a new Developer section. The password generator adds support for Cloudflare and Fastmail email forwarders, displaying service logos in the list. When merging vault items, you can now choose to keep, archive, or trash the originals, and password history is preserved through the process. For Bitwarden users, TOTP changes are now stored in password history and several sync reliability issues are resolved.

f09d8c4d - tests: Correct Cloudflare email forwarder tests
41e73dc8 - chore: Adjust changelog generation script for a more human-sounding generation
89e5fceb - chore: Bump app version to 2.11.0
439b8e3d - refactor: Move the SSH agent settings from Security to a new Developer settings section
b8159a72 - improvement: SSH agent key approval window #1407
fbc9a809 - improvement: Maintain SSH agent history
2c2facee - Merge pull request #1399 from AChep/localization_action
d4b2933f - Merge remote-tracking branch 'origin/improvement/more-email-forwarders'
dcf000f5 - Merge pull request #1413 from AChep/gpmpasskeysprivapps_action
f9dd7756 - Merge pull request #1412 from AChep/justdeleteme_action
5847fbfd - Merge pull request #1411 from AChep/tld_public_suffix_list_action
182bfbfb - Merge pull request #1410 from AChep/tfa_2factorauth_action
56eef586 - [AUTO] Update GPM Credential Privileged Apps JSON
76c783b9 - [AUTO] Update localization library
fc2cafdd - [AUTO] Update justdeleteme library
3593376c - [AUTO] Update Public suffix list
81ee676d - [AUTO] Update two-factor auth library
bf7f41e4 - tests: Fix localized exception message test
514a88a5 - refactor: Clean up common Kotlin source from JVM dependencies
d0b31a9f - refactor: Simpler List -> Flow implementation
962be287 - improvement(UI): Use actual services' logos for the Email forwarders list
9c1d0ed0 - improvement: Add Fastmail email support as an Email forwarder
d315f129 - improvement: Add Cloudflare Email Routing support as an Email forwarder
536abe47 - improvement: Utilize password history during cipher conflict resolution #1405
e99dce00 - tests: Add tests specific for password / totp / fields 3-way merge process
ab597f64 - improvement(Bitwarden): Store TOTP changes in the Password history #1405
37949a6f - improvement: Merge password and passwordRevisionDate atomically during 3-way merge
9a90c901 - improvement: Treat "" the same as null in 3-way cipher merge
6507e1a9 - fix: Crash during Send screen serialization because of the Duration type
b46bbcdb - fix(UI): Adjust the min cell width in Watchtower so the cards are never too narrow #1403
b60ddf71 - fix(Watchtower): Changing per-item Watchtower alerts does not reflect in the alert counter #1402
86ef1347 - fix(Bitwarden): Add explicit no-cache/no-store to the /sync endpoints #1305
9be7d2b6 - improvement(Bitwarden): Remove extra guard against Empty vault response from the backend
85fdbd92 - fix(Bitwarden): Handle a case where the server returns stale /sync data #1305
8e6625fb - improvement: Display an accurate post-processed Tint color preview in the dropdown picker #1281
66ea7468 - improvement: During merge of items provide an option to keep/archive/trash origin items #1376
8ffa2f36 - improvement: Preserve and maintain password history during a merger of items #1376
f5d10210 - tests: Correct Watchtower Weak SSH tests' expected results
8c002932 - fix: Weak SSH filter now respects per-cipher ignore list

This update brings improvements for Wear OS and SSH functionality. The Wear OS app introduces a platform-specific UI for the change password screen, displays Watchtower alerts for SSH keys, and now respects Send tab visibility preferences. For SSH users, the in-app tutorial shows actual socket paths. This release also resolves issues where the Wear OS vault did not persist through restarts and trashed SSH keys were not correctly omitted from lists or signing requests.

All changes

• e8fd4433 - chore: Bump app version to 2.10.2
• 0104295f - refactor(Desktop): Allow both prod & dev builds running side by side
• f78a8289 - improvement(Wear): Use a Wear-specific UI for the CHange password screen
• c41b8e1a - improvement(SSH): Wear SSH key watchtower alert
• 51ef5e4b - fix(Wear): Persist vault database through app restarts
• 66514a6f - fix(SSH): Omit trashed SSH keys from list & sign requests
• 4363af19 - improvement(SSH): Show the actual paths to the .sock in the in-app tutorial
• 161d80e7 - improvement(Wear): Respect the Send tab visibility preferences
• 67719d7d - tests: Fix flaky Bitwarden sync test caused by the async log messages

This update addresses several user interface issues. On Android, a layout rendering issue in the subscriptions view has been corrected. Additionally, the 'Send' tab will no longer flicker upon application launch, as its visibility state is now loaded from the cache to prevent waiting for upstream status.

All changes

90113b81 - chore: Bump app version to 2.10.1

a8879e2f - fix(Android): Remove double wrapping into surface for subscriptions layout

2d222012 - fix: Prevent Send tab visibility from always waiting for the upstream status instead of using cache -- no more flicker on launch

7bb52de2 - docs: Add attachment upload feature to vault

All changes

This update introduces support for file attachments and Bitwarden Sends. Passkey authentication is now enforced if the authentication mode is set to preferred or higher. Performance for lists has been updated, and UI animations now use the Material 3 motion scheme. This release also resolves an autofill crash on pre-Android 10 devices, clears the password field when the unlock screen is moved to the background, and addresses various issues with Bitwarden file uploads and the new Send feature.

c4fe2ce6 - fix: Prevent Send tab launching it hidden state if you have many accounts
1b953aeb - chore: Bump app version to 2.10.0
9d9e24c2 - Merge pull request #1383 from AChep/localization_action
e57a3c84 - Merge pull request #1394 from AChep/justdeleteme_action
02afe559 - Merge pull request #1395 from AChep/tld_public_suffix_list_action
ed79ad1f - Merge pull request #1396 from AChep/passkeys_action
6d9aee16 - Merge pull request #1397 from AChep/gpmpasskeysprivapps_action
ad8d67b7 - [AUTO] Update localization library
5d96cbbf - Merge pull request #1392 from AChep/tfa_2factorauth_action
8853dd23 - [AUTO] Update GPM Credential Privileged Apps JSON
5a8a6ef8 - Merge pull request #1393 from AChep/justgetmydata_action
8fe70909 - [AUTO] Update passkeys library
5d63eb91 - [AUTO] Update Public suffix list
ef0b7628 - [AUTO] Update justdeleteme library
7329d742 - [AUTO] Update justgetmydata library
491821cc - [AUTO] Update two-factor auth library
7b2a5ca6 - fix: When the Create / Unlock vault screen is moved into background clear the password field
0f23706f - improvement(UI): Use M3 defaultEffectsSpec for color state animations
5210754a - improvement(perf): Utilize Lazy list's content type property
42359159 - build: Bump Android compile SDK from 36 to 37
9ec7f31b - build: Bump Play services wearable to 20.0.1
d3bfc041 - build: Bump AndroidX libraries
d2555b3e - build: Bump kotlinx-serialization from 1.10.0 to 1.11.0
c77f4648 - build: Bump AGP from 9.1.1 to 9.2.0
b025a599 - build: Bump common-codec from 1.21.0 to 1.22.0
eebfb8c9 - build: Bump firebase dependency
fb2bdf03 - build: Bump compose-native-tray from 1.1.0 to 1.3.0
384fdf60 - build: Bump compose-multiplatform from 1.11.0-beta03 to 1.11.0-rc01
e1cd3b6c - build: Bump gradle-versions-plugin from 0.53.0 to 0.54.0
3c44a59d - build: Bump filekit from 0.13 to 0.14.1
9b676095 - build: Bump bc-java from 1.83 to 1.84
f39608c0 - build: Bump sqlcipher-android from 4.14.1 to 4.15.0
7201e4d1 - build: Bump Kotlin from 2.3.10 to 2.3.21
0283c220 - build: Bump BuildKonfig from 0.17.1 to 0.20.0
035ecbd3 - fix(Sync): Send encrypted file name during the Send file upload
03f7d50f - refactor(diagnostic): Add logs to Bitwarden sync pipeline
601372fa - Merge pull request #1389 from AChep/dependabot/gradle/ktor-3.4.3
c36cd702 - fix: Account / Sends screen now shows the items if the account is hidden
ec144efb - fix(Bitwarden): Do not treat 404 as terminal file upload failure
1d3cba40 - improvement: Testable Bitwarden sync with optimistic concurrency control
495e2e02 - refactor(UI): Migrate Shimmer to Modifier.Node
9865bd97 - refactor(UI): Migrate some components to M3 Motion scheme
05a07135 - maintenance(Bitwarden): Add bulk endpoints for the future use
ae954617 - fix(Bitwarden): Make unarchive bulk API use actual unarchive endpoint
88d47712 - maintenance(Bitwarden): Support new prelogin/password in addition to prelogin
9b571a9e - feat: File attachments / sends support
3da60281 - chore(Wear): Generate Licenses list for internal builds
8d5ecf41 - improvement(Wear): Pass a title to the dropdown picker
98f0486e - fix: Add missing Force hide Send tabs setting option
171a8037 - improvement: Add more string resources
ebcf5302 - improvement: Show the Send tab only when relevant #1388
975dd030 - build(deps): Bump ktor from 3.4.2 to 3.4.3
661568f5 - deps: Bump to Compose 1.11.0-beta03
56dfade4 - fix(Wear): Make debug & release build have different wear capabilities
e9b76120 - fix(Autofill): Fix a crash on pre Android 10 devices when autofilling a password
8c501bd0 - improvement(Passkey): Force user to authenticate if auth mode is >= preferred

All changes

• d306e66c - chore: Bump rust rand to 0.8.6
• f31aa4fd - Merge pull request #1385 from AChep/dependabot/github_actions/r0adkll/upload-google-play-1.1.5
• 87ce4905 - Merge pull request #1386 from AChep/dependabot/github_actions/crowdin/github-action-2.16.2
• 1e397767 - improvement(Wear): Optimize the manual Bitwarden login screen for wear os
• 6256f50e - improvement(Wear): Optimize the Generator screen for wear os
• fdcd8dad - improvement: Remove the description text from the biometric prompt as it was not providing extra information either way #1387
• 938409c7 - improvement(Wear): Convert about team screen to use transforming scaffold
• 0bceee3f - improvement(Wear): Convert data safety screen to use transforming scaffold
• 16ffb974 - fix(Desktop): Periodically check for the SystemTheme changes #1379
• c663bf24 - build(deps): Bump crowdin/github-action from 2.16.0 to 2.16.2
• 778b37cc - build(deps): Bump r0adkll/upload-google-play from 1.1.3 to 1.1.5
• a307fc1b - chore: Fix Lint errors
• ba033da6 - chore: Fix wearApp release build
• 03913d21 - chore: Provide common proguard rules to wear app module
• 4b6defc3 - Merge pull request #1373 from AChep/dependabot/github_actions/softprops/action-gh-release-3.0.0
• e20e3d2b - Merge pull request #1372 from AChep/dependabot/github_actions/actions/upload-artifact-7.0.1
• 6be9bcae - build(deps): Bump actions/upload-artifact from 7.0.0 to 7.0.1
• 5500cce0 - chore: Bump app version to 2.9.0
• 32f90949 - feat: Initial Wear OS support
• 4a7512e5 - docs: Add screenshots of the Wear OS app
• 2d8eab13 - build(deps): Bump softprops/action-gh-release from 2.6.1 to 3.0.0

A new application icon has been introduced for macOS. On Android, autofill compatibility for Chromium-based browsers has been revised. Removed Autofill origin isolation feature, that prevented Edge from working properly.

All changes

• ce23da59 - chore: Bump app version to 2.8.1
• 62425f22 - fix(Android): Remove the unfortunately not possible Autofill origin isolation #1375
• c19e81fe - improvement(Android): Remove all of the exotic Chromium-based browsers from the autofill compatibility mode list
• 0fc7c852 - improvement(Android): Set max version of the Chromium-based browsers to the autofill compatibility to apply
• 782a469c - chore: Migrate to Gradle Toolchains
• f326562e - deps: Bump AGP from 9.1.0 to 9.1.1
• 861c9c3c - Merge pull request #1377 from AChep/localization_action
• c63423f1 - [AUTO] Update localization library
• ec3fa53b - improvement(MacOS): Liquid (Gl)ass app icon

This update adds several new capabilities on Android: the password generator is now available as a Quick Settings Tile for access without login, YubiKey provisioning is supported via NFC, and QR codes can be opened from a file. Android autofill functionality has been updated with a new structure parser to reduce false positives, improved handling of iframes to prevent AutoSpill, and better support for native autofill hints. Additionally, the app package name is now hidden from the legacy autofill popup.

All changes

01332e90 - Merge pull request #1340 from AChep/localization_action
5b0c40fb - [AUTO] Update localization library
3a230147 - chore: Bump app version to 2.8.0
506d9ff4 - Merge pull request #1369 from AChep/dependabot/gradle/androidx.datastore-datastore-1.2.1
31b67574 - improvement(Android): Hide app package name from the legacy autofill popup
37c27560 - fix(Android): Guard node.webScheme call behind SDK 28
ed445fc6 - build(deps): Bump androidx.datastore:datastore from 1.2.0 to 1.2.1
08a84234 - improvement(Android): Explicitly isolate components to prevent AutoSpill, including multiple iframes
bae8d462 - fix(Android): Better support for Android native autofillHints
a71eccad - fix(Android): Do not accept "" as a valid web domain during autofill structure parsing
79046187 - Merge pull request #1367 from AChep/dependabot/gradle/androidx.credentials-credentials-1.6.0
b7799daa - improvement(Android): Better structure parser based on trained CART decision tree - should reduce the amount of false positive triggers
300f248c - build(deps): Bump androidx.credentials:credentials from 1.5.0 to 1.6.0
58431ccd - Merge pull request #1366 from AChep/dependabot/gradle/yubiKit-3.1.0
cdbfbcf9 - build(deps): Bump yubiKit from 3.0.1 to 3.1.0
acdacda4 - Merge pull request #1355 from AChep/dependabot/gradle/androidx.benchmark-benchmark-macro-junit4-1.5.0-alpha05
2d600262 - Merge pull request #1361 from AChep/dependabot/github_actions/gradle/actions-6.1.0
ae8b3017 - Merge pull request #1362 from AChep/dependabot/github_actions/android-actions/setup-android-4.0.1
fefec427 - Merge pull request #1363 from AChep/dependabot/gradle/net.zetetic-sqlcipher-android-4.14.1
20a525cb - build(deps): Bump net.zetetic:sqlcipher-android from 4.13.0 to 4.14.1
039f372f - build(deps): Bump android-actions/setup-android from 4.0.0 to 4.0.1
9fac616f - build(deps): Bump gradle/actions from 6.0.1 to 6.1.0
86d075fc - Merge pull request #1354 from AChep/dependabot/gradle/gradle-wrapper-9.4.1
b96e4297 - build(deps): Bump androidx.benchmark:benchmark-macro-junit4
62cf1043 - build(deps): Bump gradle-wrapper from 9.4.0 to 9.4.1
d6756ab0 - Merge pull request #1349 from AChep/dependabot/gradle/androidxCamera-1.6.0
6cd615c8 - Merge pull request #1350 from AChep/dependabot/gradle/androidxWork-2.11.2
f02cd32b - improvement(Android): Expose Generator as a Tile that is outside the Vault and needs no login #741
56926a85 - improvement(Android): Support provisioning YubiKey via NFC #1348
6e58fa85 - improvement: Update Strings resources with new phrases
ad98bba6 - build(deps): Bump androidxWork from 2.11.1 to 2.11.2
1ca70d43 - build(deps): Bump androidxCamera from 1.5.3 to 1.6.0
ff3dd06c - Merge pull request #1347 from AChep/dependabot/gradle/androidx.core-core-ktx-1.18.0
1e8f5cb4 - Merge pull request #1342 from AChep/dependabot/github_actions/dtolnay/rust-toolchain-3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
fb8d2969 - Merge pull request #1343 from AChep/dependabot/github_actions/crowdin/github-action-2.16.0
63730352 - Merge pull request #1344 from AChep/dependabot/github_actions/gradle/actions-6.0.1
948bf8ce - Merge pull request #1345 from AChep/dependabot/github_actions/metcalfc/changelog-generator-4.7.0
9b1ca299 - Merge pull request #1346 from AChep/dependabot/gradle/ktor-3.4.2
3ff9756d - build(deps): Bump androidx.core:core-ktx from 1.17.0 to 1.18.0
76b5eb35 - build(deps): Bump ktor from 3.4.1 to 3.4.2
5eed9e27 - build(deps): Bump metcalfc/changelog-generator from 4.6.2 to 4.7.0
27ec8a98 - build(deps): Bump gradle/actions from 5.0.2 to 6.0.1
bf836a21 - build(deps): Bump crowdin/github-action from 2.15.2 to 2.16.0
95a9db69 - build(deps): Bump dtolnay/rust-toolchain
a7e0623d - improvement(Android): Support opening QR code from a file #1301

This update features a major search rework, SSH agent support for Android via Termux, and the ability to import SSH keys from files. Search now prioritizes title matches and displays context as a badge. You can also batch-edit tags for multiple items. Further improvements include Bash syntax highlighting and optimized Watchtower processing. Key fixes address desktop SSH agent startup loops, cmd:// URI handling, and gracefully handle invalid TOTP keys and SSH agent failures on Android.

All changes

• 0601d320 - improvement: Basic syntax highlighting for the Bash code snippets
• 76b62959 - improvement: More consistent padding on search qualifier popup
• 556891e7 - chore: Bump app version to 2.7.0
• 32461784 - improvement: Increase the max height of the SSH request window so the fingerprint icon fits properly
• 5a43351b - Merge pull request #1327 from AChep/localization_action
• 319a785b - Merge pull request #1337 from AChep/tld_public_suffix_list_action
• 47f08d12 - Merge pull request #1338 from AChep/tfa_2factorauth_action
• ba46532c - Merge pull request #1339 from AChep/justdeleteme_action
• a4b12bad - [AUTO] Update localization library
• 3a0bff06 - [AUTO] Update justdeleteme library
• 7323aaec - [AUTO] Update two-factor auth library
• 628d679b - [AUTO] Update Public suffix list
• b0716995 - improvement(Desktop): Retry starting up the SSH agent before giving up
• bc912119 - fix(UI): On edit cipher screen show invalid (deleted) folder as No folder #1330
• ea26480a - chore: Bump Compose Multiplatform components to their respectable versions
• 58bc1e2e - chore: Bump Compose Multiplatform from 1.11.0-alpha04 to 1.11.0-beta01
• e4022b25 - fix(Android): Gracefully handle failures in the SSH agent bridge
• 3dba1d6c - chore(Android): Uncomment .debug suffix for debug builds
• efa31d30 - Merge pull request #1335 from AChep/dependabot/gradle/com.google.firebase-firebase-bom-34.11.0
• 24b18533 - Merge pull request #1334 from AChep/dependabot/gradle/com.hierynomus-sshj-0.40.0
• 6ca45b89 - feat(Android): SSH Agent support via a custom Termux package #884
• 31f11f68 - fix(Desktop): SSH agent restarts multiple times on app launch
• 72bdedbf - docs: Remove repository map from AGENTS.md
• 8d8857b0 - build(deps): Bump com.google.firebase:firebase-bom
• e0bd6a4b - build(deps): Bump com.hierynomus:sshj from 0.38.0 to 0.40.0
• bd2f6b8d - fix: Stop cmd:// URIs from being recognized as Web platform, which prevents a user from executing the command #1261
• 5ef22bcb - fix(Linux): Mark jspawnhelper as executable #640 #1261
• 24c8ed4f - Merge pull request #1331 from AChep/dependabot/github_actions/apple-actions/import-codesign-certs-6.1.0
• 17b358d5 - Merge pull request #1332 from AChep/dependabot/gradle/arrow-2.2.2.1
• 30edbae4 - Merge pull request #1333 from AChep/dependabot/gradle/touchIcon-0.9.12
• a7aa0681 - build(deps): Bump touchIcon from 0.9.11 to 0.9.12
• 11e13f85 - build(deps): Bump arrow from 2.2.2 to 2.2.2.1
• 38b7171e - build(deps): Bump apple-actions/import-codesign-certs
• c13d67b0 - chore(Android): Fix build by adding sun.security.x509.X509Key to R8's donotwarn
• 746454bf - Merge pull request #1328 from AChep/dependabot/gradle/androidx.activity-activity-compose-1.13.0
• 673cbee4 - Merge pull request #1329 from AChep/dependabot/gradle/sqldelight-2.3.2
• f690f4c4 - feat: Add support for importing SSH keys from files #1326
• d4dc2b70 - refactor(Android): Migrate from deprecated APIs for edge-to-edge
• a93d9f9c - fix(Desktop): Show toast messages on the focused window
• bc7c2f4a - build(deps): Bump sqldelight from 2.3.1 to 2.3.2
• 4bea6934 - build(deps): Bump androidx.activity:activity-compose
• 89ee6f93 - docs: Add VAULT_SEARCH section
• 8700ac23 - fix: Handle invalid TOTP secret key gracefully
• 5d78ba3d - improvement(UI): Insert/delete animation for add a cipher screen's items
• 37fa7345 - improvement(Vault): Set tags on multiple ciphers in batch #1181
• 47c62e09 - refactor: Add a comment about mutablePersistedFlow(...)
• c9a3f7f4 - improvement(search): Always highlight a title match if there's one
• 204153c8 - improvement(search): Boost title field impact
• 90dfd060 - improvement(search,UI): Display search context as a badge
• e62fa8ce - tests(search): Add search benchmark
• 98fb6207 - Merge pull request #1325 from AChep/dependabot/gradle/androidx.benchmark-benchmark-macro-junit4-1.5.0-alpha04
• f5b1f0f8 - Merge pull request #1320 from AChep/dependabot/github_actions/crowdin/github-action-2.15.2
• ad96da5c - Merge pull request #1321 from AChep/dependabot/github_actions/reactivecircus/android-emulator-runner-2.37.0
• ea15db47 - Merge pull request #1322 from AChep/dependabot/github_actions/softprops/action-gh-release-2.6.1
• 34e34935 - Merge pull request #1324 from AChep/dependabot/gradle/gradle-wrapper-9.4.0
• af59a1eb - feat: Large Search rework
• edc9ffac - refactor: Minor code cleanup of the DB repos
• fea9ab3f - improvement(performance): Split background processing of Watchtower entities in chunks, limit parallelization to lower the load on low-end devices
• b1c6f46c - improvement(KeePass): Calculate the password strength on first sync
• 35a68955 - chore: Add a script for generating test KeePass databases
• 4ea4c578 - build(deps): Bump androidx.benchmark:benchmark-macro-junit4
• 880ce4dd - build(deps): Bump gradle-wrapper from 9.3.1 to 9.4.0
• f358f0fc - build(deps): Bump softprops/action-gh-release from 2.5.0 to 2.6.1
• 098e879e - build(deps): Bump reactivecircus/android-emulator-runner
• da390d76 - build(deps): Bump crowdin/github-action from 2.15.0 to 2.15.2

This release introduces the ability to unlock vaults with a YubiKey on Android and the option to archive or unarchive entries. For Bitwarden users, support for email-protected Sends is now available, and the encryptedFor field is correctly included with Cipher entities. This update also contains a fix for YubiKey integration on Android by supplying custom Proguard rules.

All changes

• c3ef7753 - Merge pull request #1316 from AChep/localization_action
• c93fa4a5 - [AUTO] Update localization library
• c0998dbe - chore: Bump app version to 2.6.0
• eca0792b - chore(Bitwarden): Bump client version to Bitwarden 2026.2.1
• 99cf9b75 - fix(Android): Supply custom YubiKey proguard rules
• 581656ba - docs: Add vault unlocking info with biometrics and YubiKey
• 07f3aa93 - feat(Android): Unlock with YubiKey
• 2f0f1e33 - refactor: Rename files for a better consistency
• da1257e6 - feat: Archive/Unarchive ciphers (part 2)
• 2d3c1492 - feat(Bitwarden): Add a support for email-protected Sends
• e077f479 - feat: Archive/Unarchive ciphers (part 1) #1304
• 52af3c5c - improvement(Bitwarden): Send the encryptedFor field with the Cipher entity
• c8402911 - Merge pull request #1307 from AChep/dependabot/gradle/org.jlleitschuh.gradle.ktlint-14.2.0
• 8e5a7710 - chore: Enhance prompt for release note generation, make it more structured
• 44b50d61 - docs: Add AUR installation instructions for Keyguard
• 3a0755e9 - build(deps): Bump org.jlleitschuh.gradle.ktlint from 14.0.1 to 14.2.0