Server Updates & Release Notes

Overview

Removed feature flag for automatic member confirmation settings

Removed feature flag for unlock with passkey

Removed feature flag for SCIM refactor

Various under-the-hood improvements and minor bug fixes

Security notice: To resolve a bug with the local storage of API keys for the Bitwarden CLI, the next Bitwarden server release following this one will automatically rotate the personal API keys for users of the Bitwarden CLI. If you use the Bitwarden CLI for any automated workflows, update those workflows with your new API keys immediately following that release in order to maintain continuity.

What's Changed

Feature Development

[PM-34595] Add provider authorization attributes by @eliykat in #7389

[PM-34230] server side constant for feature flag by @voommen-livefront in #7395

Add SDK Sends API feature flag by @adudek-bw in #7254

[PM-34177] Add feature flag for Organization Invite Links by @r-tome in #7404

[PM-34177] Fix feature flag key value for Organization Invite Links by @r-tome in #7409

[PM-34171] Add card scanner feature flag by @SaintPatrck in #7310

PM-34686 Remove Summary Count Limit by @prograhamming in #7398

[PM-32105] - Org ability feature flag by @jrmccannon in #7401

[PM-33213] Remove FeatureFlag Around ResetPassword && PolicyRequirements by @sven-bitwarden in #7188

[PM-32394] Implement Scim V2 features by @JaredScar in #7397

[PM-34694] - add quick actions feature flag by @jaasen-livefront in #7412

[PM-34146] Add GetManyConfirmedAcceptedByUserIdAsync(Guid userId) to the IPolicyRepository interface by @JimmyVo16 in #7392

[PM-34178] Add entities, repository and database migrations for Organization Invite Link feature by @r-tome in #7407

[PM-31894] remove storage reconciliation job and flags by @kdenney in #7424

[PM-26383] Remove feature flag from server-side for autoconfirm by @JaredScar in #7402

[PM-34805] Add new feature flag for Policy Drawers (pm-34804) in Constants.cs by @JaredScar in #7429

[PM-34147] Add GetManyConfirmedAcceptedDetailsByUserAsync to IOrganizationUserRepository by @JimmyVo16 in #7399

[PM-34500] Add PM-34500-strict-cipher-decryption feature flag by @nikwithak in #7387

[PM-35072] Allow account recovery for revoked status users by @kspearrin in #7446

[PM-34854] Add pm-34145-policies-in-accepted-state feature flag by @eliykat in #7449

[PM-31941] Implement Feature Flag and Access Intelligence Refactor Integration by @Banrion in #7459

[PM-34500] Fix Feature Flag pm-34500-strict-cipher-decryption name casing by @nikwithak in #7460

[PM-30751] - add secure SSRF protection for internal IPs by @jaasen-livefront in #7256

[PM-31909] Remove m3 flagged logic by @connerbw in #7352

[PM-31911] Remove m3 flag definition by @connerbw in #7354

[PM-34825] Add support for ml-dsa44 keypairs by @quexten in #7435

[PM-31780] Add exempt from billing automation toggle by @amorask-bitwarden in #7438

[PM-32068] - Org Ability Extended Cache by @jrmccannon in #7443

[PM-33866] Revocation Reasons: DDL Edition by @sven-bitwarden in #7432

chore: remove bulk reinvite and org accept init flags by @vincentsalucci in #7484

Auth/Innovation/PM-4517 - Device Management - Add Last Activity Date by @JaredSnider-Bitwarden in #7302

[PM-34060] Add bank account item type by @gbubemismith in #7112

[PM-35154] collection SDK decryption feature flag to Constants.cs by @JaredScar in #7470

[PM-34595] Update provider controllers to use authz attribute by @eliykat in #7450

[PM-24927] Add payment optional support to trial initiation flow by @cyprain-okeke in #7418

[PM-32069] Add ExtendedProviderAbilityCacheService by @JimmyVo16 in #7447

PM-22228 Added Phishing events by @voommen-livefront in #7427

[PM-32853] Add Trial Initiation Metadata for Marketing or Product by @sbrown-livefront in #7462

feat(validation): [PM-32626] by @Patrick-Pimentel-Bitwarden in #7064

[PM-32073] - Added Bulk Get Org Ability by @jrmccannon in #7476

🐛 Bug fixes

[PM-22525] Log when provider admin accesses an org vault by @BTreston in #7379

[PM-34679] Display Phase 2 prices and discount on org subscription page by @amorask-bitwarden in #7393

[PM-34679] Fix Families 2019 Phase 2 price and discount display by @amorask-bitwarden in #7408

PM-34391 fixes to eventsController by @voommen-livefront in #7405

[PM-34728] Use top-level ProrationBehavior on schedule updates by @amorask-bitwarden in #7410

[PM-33500] - delete attachments from deleted ciphers by @jaasen-livefront in #7208

fix(change-email): [PM-34742] Change Email Sets Salt by @Patrick-Pimentel-Bitwarden in #7413

[PM-34773] Fix storage addition during active Phase 2 of schedule by @amorask-bitwarden in #7420

[PM-34255] - SCIM Api Key Fix by @jrmccannon in #7403

fix(refactor): [PM-34246] Rename Set Password to Finalize Onboarding by @Patrick-Pimentel-Bitwarden in #7328

Revert "fix(change-email): [PM-34742] Change Email Sets Salt" by @Patrick-Pimentel-Bitwarden in #7421

PM-33194 single integration of a type only by @voommen-livefront in #7280

[PM-22450] Bump Collection.RevisionDate on edits and access changes by @r-tome in #7380

[PM-26043] Fix bug: can't add secrets manager to legacy plans by @kdenney in #7414

[PM-22450] Bump date on migration script file CollectionBumpRevisionDateOnAccessChange by @r-tome in #7436

[PM-33301] Add Functionality for Upgrading Using PayPal by @sbrown-livefront in #7183

[PM-34866][PM-34865] Fix EnableAutomaticTaxAsync to update schedule phases by @connerbw in #7437

Fix test clock awareness in schedule-aware cancellation by @connerbw in #7440

Fix CollectionUsers/CollectionGroups table names for Seeder across all DB providers by @mimartin12 in #7441

[PM-32463] Remove organization enabled filter from database query/view by @shane-melton in #7037

Auth/PM-34130 - Fix DeviceAuthDetails constructor and stored procedure for EDD compliance by @JaredSnider-Bitwarden in #7416

[PM-34390] - Fixing Group/Provider User by @jrmccannon in #7431

[PM-33539] Fix wrong model response type for file model size by @quexten in #7474

[PM-35234] Prevent appending duplicate org user in validator request by @BTreston in #7486

[PM-34427] Fix Users can edit and save sends with the hide email address option enabled by @harr1424 in #7511

⚙️ Maintenance

[PM-34456] Innovation Sprint: Enable generating automated release notes by @djsmith85 in #7362

[FIX] Image tag max length logic by @gitclonebrian in #7396

[PM-29152] Rename VNextSavePolicyCommand to SavePolicyCommand and remove deprecated policy interfaces by @r-tome in #7364

test(change-email): [PM-34742] Change Email Sets Salt Attempt 2 by @Patrick-Pimentel-Bitwarden in #7422

[PM-34383] Add import validation allowing providers to perform imports by @harr1424 in #7394

[PM-33044] Provider Ability Refactor EventService by @JimmyVo16 in #7411

[PM-34823] Remove missed uses of PolicyRequirements flag by @eliykat in #7426

[deps]: Update docker/login-action action to v4 by @renovate[bot] in #7346

[deps]: Update docker/setup-qemu-action action to v4 by @renovate[bot] in #7223

[deps]: Update codecov/codecov-action action to v6 by @renovate[bot] in #7455

BRE-1004 - Add write packages permission by @vgrassia in #7457

[BRE-1004] Fix container image push logic by @vgrassia in #7464

[deps]: Update actions/create-github-app-token action to v3 by @renovate[bot] in #7345

[deps]: Update dtolnay/rust-toolchain digest to 29eef33 by @renovate[bot] in #7341

[deps]: Update docker/setup-buildx-action action to v4 by @renovate[bot] in #7222

[BRE-1533] Update trigger for Bitwarden lite builds by @vgrassia in #7479

[BRE-1670] replace PAT tokens with app token by @AmyLGalles in #7434

Add dev tags back to GHCR for US-DEV by @vgrassia in #7492

[PM-35150] Make Setup testable and add test for install by @justindbaur in #7445

[PM-35235] Make PUT Policy identical to PUT Policy/VNext by @sven-bitwarden in #7485

chore: remove leftover implied reference to create default location ff by @vincentsalucci in #7499

📦 Dependency Updates

[deps] Billing: Update swashbuckle-aspnetcore monorepo to 10.1.7 by @renovate[bot] in #7008

[deps] Billing: Update Kralizek.AutoFixture.Extensions.MockHttp to 2.2.1 by @renovate[bot] in #6556

[deps] DbOps: Update Microsoft.Data.SqlClient to v7 by @renovate[bot] in #7344

[deps] DbOps: Update dbup-sqlserver to v7 by @renovate[bot] in #7218

[deps]: Update webpack to v5.105.4 by @renovate[bot] in #7007

🎨 Other

[PM-31144] Edit Families 2019 renewal email subject by @sbrown-livefront in #7406

Add SeederApi PlayData delete scheduled job by @MGibson1 in #7281

Auth-owned PRs for minor/patch updates for their dotnet monorepo deps by @trmartin4 in #7451

Add scenario docs for Seeder adoption and trim CLI reference by @theMickster in #7456

[BRE-1413] Empty commit to test hash change in Canary by @pixman20 in #7471

[BRE-1823] Bumping hash for canary testing by @pixman20 in #7497

[BRE-1823] Bumping hash for canary testing by @pixman20 in #7498

Full Changelog: v2026.4.0...v2026.4.1

Original source

Version: 2026.1

Release Date: May 6, 2026

Go to the complete Server 2026.1 Release Notes

OAuth Support for SMTP Email in Exchange Online

Alteryx Server now supports OAuth for SMTP email delivery, in response to Microsoft’s retirement of Basic Authentication in Exchange Online starting March 2025.

If you use Exchange Online, update your SMTP authentication settings in System Settings > Server UI to ensure continued delivery of critical system emails, including workflow alerts and notifications.

For more information on how to configure Server email, go to Configure Email for Server Notifications.

Centralized Proxy Management

We’ve added support for centralized proxy management on Alteryx Server for engine runs on Worker nodes. This update aligns Server more closely with Designer and provides improved proxy configuration consistency, visibility, and control.

For more information about the new proxy settings, refer to the Engine and Data Connection Manager help pages.

AI Tools Support on Server

Added support for running workflows that include Prompt and LLM Override tools on Alteryx Server.

To run these workflows on Server, you must configure a DCM connection that authenticates to Alteryx One using Service Principal credentials. Update the Prompt and LLM Override tools to use this DCM connection instead of Designer’s Active Link, and ensure all referenced LLM connections are shared (with credentials) with the Service Principal.

Workflows run successfully on Server when DCM connections are synchronized and the Server environment allows network access to the Alteryx One Platform.

For more information about AI tools, refer to the AI Tools on Server and Service Principals help pages.

Original source

Removed feature flag for automatic member confirmation settings

Removed feature flag for unlock with passkey

Removed feature flag for SCIM refactor

Various under-the-hood improvements and minor bug fixes

Security notice: To resolve a bug with the local storage of API keys for the Bitwarden CLI, the next Bitwarden server release following this one will automatically rotate the personal API keys for users of the Bitwarden CLI. If you use the Bitwarden CLI for any automated workflows, update those workflows with your new API keys immediately following that release in order to maintain continuity.

Original source

Overview

Removed feature flag for vault items archive
Removed feature flag for default saving location when organization data ownership policy is enabled
Removed feature flag for hiding alternate login methods when SSO is required
Removed feature flag for several UX improvements
Removed feature flag for provider initialization refactor
Added support for deeplink redirect with https schema
Various under-the-hood improvements and minor bug fixes

What's Changed

Feature Development

[PM-31736] User-friendly cookie vendor error message by @dereknance in #7270
[PM-33972] Remove pm-26140-marketing-initiated-premium-flow feature flag by @trmartin4 in #7275
[PM-32783] Add electron-storage-cache flag by @dani-garcia in #7286
[PM-33890] Set up Stripe Subscription Schedule API operations by @amorask-bitwarden in #7289
feat(redirect): [PM-30810] Https Redirection for Cloud Users by @Patrick-Pimentel-Bitwarden in #6852
[PM-22110] Remove pm-22110-disable-alternate-login-methods feature flag by @trmartin4 in #7274
[PM-22435] chore: remove create default collections ff ref by @vincentsalucci in #7298
[PM-33086/7] Remove the feature flag RefactorOrgAcceptInit by @r-tome in #7287
[PM-28420] Remove feature flag by @BTreston in #7282
[PM-33087] Remove RefactorOrgAcceptInit feature flag by @r-tome in #7325
[PM-15489] 2fa account recovery by @kspearrin in #7139
Auth/PM-34400 - Add desktop devices feature flag by @JaredSnider-Bitwarden in #7361
[PM-32009] Add New Item Type Feature Flag by @nick-livefront in #7358
[PM-34410] Attachment Upload Feature Flag by @nick-livefront in #7357
Add feature flag for access intelligence trend chart by @Banrion in #7363
[PM-33212] Finalize Org Data Ownership Policy Requirement by @sven-bitwarden in #7210
[PM-332124] Finalize PolicyRequirement + 2FA Feature Flag by @sven-bitwarden in #7209
[PM-19168] Remove Archive Feature Flag guards by @nick-livefront in #7371
[PM-31885] Consolidate all Send policies to a single policy by @harr1424 in #7113
[PM-31905] Remove m2 flag definition by @cturnbull-bitwarden in #7353
[PM-28190] Add feature flag: pm-28190-cipher-sharing-ops-to-sdk Feature Flag by @nikwithak in #6887

🐛 Bug fixes

[PM-33980] Only verify UseMyItems when claim exists by @amorask-bitwarden in #7278
[PM-32450] Allow SMTP TLS CRL status retrieval failures by @dereknance in #7271
[PM-19143] Fix custom permissions not persisting via InviteOrganizationUsersCommand by @r-tome in #7285
[PM-34049] Fix PoliciesController authorize attribute by @eliykat in #7303
[PM-34048 ] Add limit item deletion to manage collection permission to Org view/edit by @vincentsalucci in #7296
[PM-31822] Fix file Send size validation by @mcamirault in #7311
[PM-34440] Fix cache duplicate-key error by @JimmyVo16 in #7360
[PM-30185] Fix email fallback logic to ignore empty primary email by @BTreston in #7359
[PM-32829] Cipher Key for unassigned ciphers by @nick-livefront in #7164
[PM-32260] Fix missing device approval event logs for accepted users by @r-tome in #7247
[PM-26581] Add missing model.type param by @BTreston in #7369
[PM-29981] Add repo call to check if existing collection already has access setup by @BTreston in #7365
[PM-34570] Expired or Cancelled Claimed User Throws Billing Exception on Subscription Cancel by @sbrown-livefront in #7382
fix(change-email): [PM-34742] Change Email Sets Salt (#7422) by @Patrick-Pimentel-Bitwarden in #7423

⚙️ Maintenance

[BRE-1004] Add GHCR Support to Build/Publish workflows by @vgrassia in #7263
[PM-32066] - Add Org Ability View by @jrmccannon in #7194
[PM-33895] Filter [BindNever] parameters from OpenAPI schema by @dani-garcia in #7257
[deps]: Update docker/build-push-action action to v7 by @renovate[bot] in #7221
[PM-32067] - Add Provider Ability View by @jrmccannon in #7200
[PM-33041] Organization Ability: Refactor CipherResponseModel by @JimmyVo16 in #7202
[PM-33043] Refactor PolicyService, CipherService, and TwoFactorAuthenticationValidator by @JimmyVo16 in #7214
[PM-33042] Refactor EventService to remove deprecated GetOrganizationAbilitiesAsync by @JimmyVo16 in #7240
[deps]: Update dorny/test-reporter action to v3 by @renovate[bot] in #7347
[PM-34462] Improve role handling in provider controllers by @eliykat in #7372
[PM-3836] Tools - Make Controllers, Services and API Models nullable by @harr1424 in #7212
Add release yml to rc by @djsmith85 in #7466

📦 Dependency Updates

[deps] Auth: Update Duende.IdentityServer to 7.4.6 by @renovate[bot] in #6323
[PM-33499] Permissive base64 decoder by @dereknance in #7207
[deps]: Update sass to v1.98.0 by @renovate[bot] in #7343
[deps]: Update prettier to v3.8.1 by @renovate[bot] in #6702

🎨 Other

PM-33964 - Fix silent switch defaults in Seeder with fail-fast throws by @theMickster in #7277
[PM-33819] Enforce use of authorize attributes by @eliykat in #7242
Arch/cipher scene by @MGibson1 in #7241
[PM-33894] Schedule price increases by @amorask-bitwarden in #7293
[PM-34082] Seed passkeys by @MGibson1 in #7265
Added RSA keypair pool + Caching to Seeder's RustSdk by @theMickster in #7288
[PM-33896] Update Families organization on schedule transition by @cturnbull-bitwarden in #7300
[PM- 30370] [PM-28827] Add Salt to Auth and KM DTOs by @ike-kottlowski in #7239
[PM-32008] Add scope comment for SecurityTaskAuthorizationHandler by @nick-livefront in #7291
[PM-21926] Add salt to Admin Console DTOs by @ike-kottlowski in #7231
[PM-33043] Fix the failing test. by @JimmyVo16 in #7316
[PM-33899] Release schedule on terminal subscription operations by @amorask-bitwarden in #7305
PM-34033 - Add individual user seeding to preset pipeline by @theMickster in #7304
PM-34033 - Add user & org API key seeding and improve CLI output by @theMickster in #7324
[PM-34039] [Defect] Discount Eligibility Endpoint Shows "New Users Only" Discounts by @sbrown-livefront in #7301
Update to IHostBuilder style by @justindbaur in #6843
[PM-32216] Create Stripe Checkout Session Endpoint by @sbrown-livefront in #7246
[PM-33901] Remove unused UpdateTaxInformation by @cturnbull-bitwarden in #7320
[PM-33901] Implement schedule-aware tax handling by @cturnbull-bitwarden in #7319
PM-33964 - Unify CipherSeeder factories behind CipherSeed domain model. by @theMickster in #7330
Clarify potential misleading comment by @theMickster in #7339
Rename CLI endpoint to Preset instead of Seed by @theMickster in #7340
Move IEventService to Dirt by @eliykat in #7272
[PM-33898] Schedule-aware storage adjustments by @amorask-bitwarden in #7350
[PM-33891] Migrate Cancel and Reinstate Paths by @sbrown-livefront in #7331
[PM-33405] Add OrganizationUserNotificationPolicy by @nick-livefront in #7250
[PM-31902] Remove m2 flagged logic by @cturnbull-bitwarden in #7351
[PM-34530] Display schedule discount on premium subscription page by @amorask-bitwarden in #7375
[PM-33897] Schedule Aware Cancellation and Reinstatement by @sbrown-livefront in #7374
[PM-34530] Fix schedule discount scope on premium subscription page by @amorask-bitwarden in #7378
[PM-29956] Add logging to sponsorship redemption flow by @cturnbull-bitwarden in #7381
[pm-34486] require basic auth on seeder api endpoints by @MGibson1 in #7368
[PM-34582] Include schedule discount in premium tax estimate by @cturnbull-bitwarden in #7385
[PM-33788] EF Emergency Access Query Updates by @enmande in #7297
[PM-34623] Fix stale discount display after Stripe deletion by @amorask-bitwarden in #7391

Full Changelog: v2026.3.2...v2026.4.0

Original source

• Removed feature flag for biometrics refactor on Windows
• Removed feature flag for updated organization invitation email
• Removed feature flag for updated organization confirmation email
• Removed feature flag for data recovery tool
• Removed feature flag for push notifications infrastructure updates
• Updated tax logic for Switzerland
• Various under-the-hood improvements and minor bug fixes

Thank you! 💙 A big shout-out to the following community members for their contributions!

• mdusher - Add globalSettings.knownNetworks so that entire IP ranges can be used for trusting X-Forwarded-* headers
• Warfields - Add PQC TLS Support

Original source

Release notes

• Added option in system administration portal to disable My Items
• Removed feature flag for multi-thread decryption
• Removed feature flag for SSH key storage and SSH Agent
• Removed feature flag for creating My Items for users who are revoked then restored
• Removed feature flag for refactor of InMemoryApplicationCacheService instantiation to help prevent pod stampedes
• Various under-the-hood improvements and minor bug fixes
• Thank you! 💙 A big shout-out to the following community members for their contributions!
• lahma - Use SchedulerBuilder to configure Quartz

Original source

Release Notes

• Added endpoints to public API for revoke and restore members
• Removed feature flag for Premium risk insights
• Removed feature flag for improved loading states
• Removed feature flag for performance improvements to re-invite endpoint
• Various under-the-hood improvements and minor bug fixes

Acknowledgments

• Thank you! 💙 A big shout-out to the following community members for their contributions!
• jolness1 - Change hardcoded 5 key WebAuthn limit for login to check if premium

Original source

• Removed feature flag for remove card item type policy

• Removed feature flag for sending email following failed 2FA attempt

• Removed feature flag for fix related to recovery code use by SSO required users

• Removed feature flag for browser warning when autofilling from search

• Increased Premium and organization storage from 1GB to 5GB

• Added policy to prevent accounts being created with a claimed domain

• Optimized bulk re-invite endpoint

• Various under-the-hood improvements and minor bug fixes.

Original source