Bitwarden Release Notes

Overview

Performance improvements to reduce the extension's impact on web page loading and responsiveness

What's Changed

💙 Community Highlight

[PM-35399] Performance issue due to observer cascade and shadow DOMs in modern apps/websites by @golddragon007 in #20286 (included in #20622 )

🐛 Bug fixes

[PM-35399] golddragon007 performance fix by @audreyality in #20622

[PM-35399] autofill chrome performance tuning (#20622) by @audreyality in #20642

⚙️ Maintenance

Bump browser client version to 2026.5.0 by @differsthecat in #20633

Change browser version to 2026.4.1 by @differsthecat in #20652

New Contributors

@golddragon007 made their first contribution in #20286

Full Changelog: browser-v2026.4.0...browser-v2026.4.1

Original source

Overview

Fix crash on startup for F-Droid build

Fix for missing search option during autofill

Fix for login issues on devices running 32bit Android

What's Changed

🐛 Bug fixes

[PM-36867] fix: Disable card scanner on F-Droid builds (hotfix v2026.4.1) by @SaintPatrck in #6890

🍒 PM-36475: Update when search icon is shown by @david-livefront in #6907

[PM-37224] bug: Update Bitwarden SDK to hotfix version by @SaintPatrck in #6920

Full Changelog: v2026.4.1-bwpm...v2026.4.2-bwpm

Builds Source: https://github.com/bitwarden/android/actions/runs/25866701011

Original source

Overview

Refactor unlock service to use Bitwarden SDK
Compact mode no longer in beta
Updated default clipboard clearing time to 5 minutes
Various under-the-hood improvements and minor bug fixes

What's Changed

💙 Community Highlight

[PM-24289] fix popout windows on wayland (browser) by @krjan02 in #15825
[PM-32584] fix: warn user about unsaved changes before applying desktop update by @bittoby in #19147
[PM-33210] fix(login): clear validation errors on region change by @OnSuorce in #19407

Feature Development

[PM-8458] Change ClearClipboardDelay to strings and change default by @bensbits91 in #17756
[CL-958] Update avatar component to new styles by @vleague2 in #18975
[CL-1023][CL-1031] Design system refresh: Milestone 1 by @willmartian in #19061
[CL-966] Updated Progress Component by @lxiong-livefront in #19072
PM-31767 resend feature by @bmbitwarden in #19136
Auth/PM-33261 - Multi-client Password Management (new for desktop & extension) by @JaredSnider-Bitwarden in #19289
[PM-31885] Consolidate all Send policies to a single policy by @harr1424 in #19314
[PM-28167] Desktop - migrate vault drawers UI to shared lib by @iivins-livefront in #19341
[PM-30584] Add unlock for key connector with SDK by @quexten in #19367
[PM-33173] Use unlock service for password login strategy by @quexten in #19371
[PM-31438] Send unsaved edits dialog by @mcamirault in #19425
[CL-1110] Migrate tools CTAs to new icon API by @BryanCunningham in #19485
Auth/PM-33353 - Password Login - refine prefetching of password prelogin data by @JaredSnider-Bitwarden in #19510
[PM-33134] Implement delta sync for phishing blocklist by @AlexRubik in #19515
PM-31418 implemented password generator inside drawer by @bmbitwarden in #19521
[PM-24476] At Risk Password setting by @nick-livefront in #19557
[PM-32783] Cached electron storage by @dani-garcia in #19590
[PM-30101] subscription discounts in web checkout by @kdenney in #19599
[PM-26713] Refactor Attachment Uploads to use XMLHTTPRequest by @nick-livefront in #19634
[PM-32057] Wire up Trend Widget in Access Intelligence Activity by @Banrion in #19664
[PM-33139] Targeting Rules initial implementation by @jprusik in #19693
[PM-28419] Remove feature flagged logic by @BTreston in #19718
[PM-34012] - Replace image in welcome dialog with extension prompt by @jaasen-livefront in #19720
[CL-1012] Removed hyphenation from Simple Dialog Component by @lxiong-livefront in #19732
Auth/Innovation/PM-4659 - Device Management - Add Last Activity Date by @JaredSnider-Bitwarden in #19784
[CL-941] Remove router focus flag from client by @vleague2 in #19812
[PM-19168] Remove Archive Feature Flag by @nick-livefront in #19829
[PM-31899] Remove m2 flag definition by @connerbw in #19869
[PM-15489] 2fa account recovery by @kspearrin in #19894
[PM-31885] Bump SendControls Policy Enum Value by @harr1424 in #19903
Update primitive colors by @BryanCunningham in #19910
[Shared Unlock] [PM-34073] Implement vault timeout supression by @quexten in #19934
[PM-34119] Web New Item Dialog by @nick-livefront in #19953
Add PM-34500-strict-cipher-decryption feature flag by @nikwithak in #19973
[PM-31119] Run side-effects in sdk unlock service by @quexten in #20004
[PM-32009] New Item page for Browser by @nick-livefront in #20014
[PM-26383] Remove feature flag to enable autoconfirm by @JaredScar in #20015
[PM-34690] - add quick actions feature flag by @jaasen-livefront in #20019
[PM-31875] Client changes for async sdk client get/set by @Hinton in #20032
[PM-34177] Add feature flag for Organization Invite Links by @r-tome in #20033
[PM-34177] Fix feature flag key value for Organization Invite Links by @r-tome in #20039
[PM-33391] Removes beta badge for compact mode by @jengstrom-bw in #20047
[PM-34614] Item Action Updates by @nick-livefront in #20051
[PM-24927] Add payment optional support to trial initiation flow and Remove payment-optional feature flag by @cyprain-okeke in #20053
[PM-34037] New event log for 2fa recovery by @kspearrin in #20055
[PM-31270] New default argon2id in change kdf component by @mzieniukbw in #20058
[PM-22228] Phishing events by @voommen-livefront in #20065
PM-33122: Rename feature flag pm-34500-strict-cipher-decryption by @nikwithak in #20151
[PM-34816] add performance instrumentation by @audreyality in #20158
[PM-26383] Remove AutoConfirm feature flag from the FeatureFlag enum by @JaredScar in #20179
[PM-27887] Keeper json importer by @itsadrago in #20200
Add percentage complete translation for progress bar by @nick-livefront in #20206

🐛 Bug fixes

[PM-32085] - popup width migration by @jaasen-livefront in #19408
[PM-22890] Automatically open Extension in FireFox by @nick-livefront in #19456
[PM-32761] Lock causes log out on TDE account with PIN by @mzieniukbw in #19594
[PM-33765] - Fix viewPassword not preserved during legacy cipher encryption by @jaasen-livefront in #19601
[PM-27368] Injected Autofill experiences should respect the user's "show animations" setting by @jprusik in #19622
[CL-1105] Ensure hover and focus states match spec by @vleague2 in #19638
[PM-32747] Empty TOTP secrets are being saved to ciphers in web based clients by @jengstrom-bw in #19645
[PM-30614] - Fix double event log in browser ext popup by @jrmccannon in #19657
[PM-33877] - handle blank custom field values in cipher form by @jaasen-livefront in #19676
[PM-33952] Fix cipher key encryption logic when editing ciphers by @nikwithak in #19695
flatten type-specific data into openNotificationBar message by @audreyality in #19719
[PM-33459] fix(autofill): exclude username-only scenario from new cipher save notification by @bensbits91 in #19733
[PM-33431] Inline menu icon is showing up on the view item screen on vault.bitwarden.com by @dan-livefront in #19734
[PM-33580] fix: skip change-password notification when no ciphers exist for URL by @bensbits91 in #19761
[PM-34131] Editing ciphers with change at risk password banner fails on web by @jengstrom-bw in #19785
Auth/PM-34198 - Device Management - fix device icons not rendering by @JaredSnider-Bitwarden in #19786
[PM-34192] My Items Collection is not marked as default when creating an item by @jengstrom-bw in #19793
[PM-34199] [Extension] Change Password Routing Fix by @rr-bw in #19794
[PM-33524] Not able to set new Master Password in a previously TDE org by @enmande in #19810
[PM-34223] discounts rounding bug fix by @kdenney in #19811
BRE-1746 fix(build-web-target): add packages write by @fntyler in #19816
[CL-1140] BUG FIX: desktop nav group anchor link color and cipher name styles by @lxiong-livefront in #19820
Auth/PM-34242 - Device Management Comp - Fix upsert losing isTrusted state and show trust status on pending auth request devices by @JaredSnider-Bitwarden in #19822
PM-33905 resolved plaholder text issue by @bmbitwarden in #19862
[CL-1124] updated badge max width by @BryanCunningham in #19864
[PM-30311] focus management creation in effect to account for async menu item changes by @BryanCunningham in #19871
[PM-34225] generate keypair even if there is no current one on password login by @jlf0dev in #19896
[PM-29455] safari unlock during autofill does not close by @audreyality in #19897
[PM-29227]Fix incorrect credential autofill in password change form by @dan-livefront in #19912
[CL-1130] Fix storybook a11y and console errors for billing files by @vleague2 in #19916
[CL-1130] Fix storybook a11y and console errors for admin console files by @vleague2 in #19917
[CL-1130] Fix storybook a11y and console errors for vault files by @vleague2 in #19920
[PM-34530] Display cart-level discount on personal subscription page by @amorask-bitwarden in #19925
Downloading an attachment, appends a file extension. Even if original file didn't have one by @jengstrom-bw in #19931
[PM-33808] - automatically autofill in search results by @jaasen-livefront in #19951
[PM-33554] Don't log out when trust denied for sdk key rotation by @quexten in #19961
Revert "[PM-33210] fix(login): clear validation errors on region change" by @enmande in #19979
Revert "Revert "[PM-33210] fix(login): clear validation errors on region change"" by @enmande in #20007
Auth/pm-34506 - Login Strategy Session Cache Expiration Adjustment by @JaredSnider-Bitwarden in #20009
[PM-34142] BUGFIX: Allow moving a newly created cipher to org by @nikwithak in #20025
[PM-34781] exclude "no folder" from key rotation by @mzieniukbw in #20068
[PM-14883] Strip non-numeric characters in credit card number display… by @shane-melton in #20070
[PM-33554] Fix emergency access fingerprint by @quexten in #20072
[PM-34902] - [Defect] "Do not autofill" button is not centered by @jaasen-livefront in #20105
[PM-35258] Add archive confirmation to Desktop and fix right click menu by @shane-melton in #20208
[PM-35246] Fix IdentityTokenResponse kdfConfig error by @rr-bw in #20209
[PM-35187] Store new default avatar colors as hexes by @vleague2 in #20236
[PM-35318] Desktop v3/4 - Showing two "Archived" badge by @gbubemismith in #20239
[PM-35330] Fix state not being updated on change kdf by @quexten in #20259
[PM-35335] Fix bug making discard edits dialog show on navigate after… by @mcamirault in #20267
[PM-35335] Fix bug making discard edits dialog show on navigate after… by @mcamirault in #20274
Remove the desktop-specific Archived badge from ItemDetailsV2Compone… by @gbubemismith in #20277
PM-35363 resolved stale child controllers by @bmbitwarden in #20295
PM-35363 resolved stale child controllers (#20295) by @bmbitwarden in #20307
Auth/PM-35336 - TokenService - prevent stale access token retrieval to fix logout on org user confirm by @JaredSnider-Bitwarden in #20334
[PM-35240] RC cherry-pick: Add sync before forced kdf migration by @Thomas-Avery in #20340
[PM-35330] RC cherry-pick: Fix state not being updated on change kdf by @Thomas-Avery in #20341
CherryPick/Auth/PM-35336 - TokenService - prevent stale access token retrieval to fix logout on org user confirm by @JaredSnider-Bitwarden in #20342
[PM-35484] Remove exemption for owners/admins for mp policy by @BTreston in #20398
[PM-35484] Remove exemption for owners/admins for mp policy by @BTreston in #20418
Auth/PM-36080 by @JaredSnider-Bitwarden in #20452
CherryPick/Auth/PM-36080 (#20452) by @JaredSnider-Bitwarden in #20463

⚙️ Maintenance

[PM-25688] Migrate Folder API request model to TS strict by @shane-melton in #17269
[deps]: Update chromaui/action action to v13.3.5 by @renovate in #17886
Added devcontainer setup (devcontainer.json, docker-compose.yml, postCreateCommand.sh) by @connerbw in #18541
[deps]: Update actions/checkout action to v6.0.2 by @renovate in #18569
[PM-25686] - migrate cipher export and sub-models by @jaasen-livefront in #19050
[PM-32864] Remove local masterkey hash by @quexten in #19277
[PM-32919] Migrate DeleteAccountDialog to shared code by @djsmith85 in #19308
Sanitize branch ref with toJSON by @mandreko-bitwarden in #19394
[PM-18133] Remove generatePasswordCallback, rely on new service by @blackwood in #19400
[PM-33555]Remove @ts-strict-ignore in autofill overlay content service by @dan-livefront in #19562
[deps]: Update docker/build-push-action action to v7 by @renovate in #19582
[deps]: Update docker/setup-buildx-action action to v4 by @renovate in #19583
[deps]: Update docker/setup-qemu-action action to v4 by @renovate in #19585
DN Team Codeowners Rename by @coltonhurst in #19595
[BRE 1670] update token for build workflows by @AmyLGalles in #19660
[BRE-1004] Publish web images to GHCR on release by @vgrassia in #19679
[PM-33797] AIV2: Standardize Models and Services: Shared Components by @Banrion in #19730
chore: update sm code ownership for sm owned files in bw license by @vincentsalucci in #19765
refactor(scheduling): extract @bitwarden/scheduling Nx leaf library by @addisonbeck in #19771
[BRE-1004] Remove web-sh image tag by @vgrassia in #19788
[PM-34194]Remove unused items from autofill component constructor by @dan-livefront in #19824
[deps]: Update dtolnay/rust-toolchain digest to 29eef33 by @renovate in #19841
[deps]: Update docker/login-action action to v4 by @renovate in #19853
[deps]: Update dorny/paths-filter action to v4 by @renovate in #19854
[deps]: Update dorny/test-reporter action to v3 by @renovate in #19855
[PM-33167] Replace img with TwoFactorIcon component by @djsmith85 in #19865
Bitwarden IPC improvements/refactor by @coroiu in #19935
remove base directive import by @BryanCunningham in #19978
Added ownership of sdk-update workflow. by @trmartin4 in #19980
Enable the custom.regex package manager to enable rust toolchain updates by @neuronull in #20035
eslint: error on importing bitwarden licensed code into /libs**/* by @djsmith85 in #20054
[PM-33101] Remove master key from uv service by @quexten in #20076
Remove unused signature type enum by @quexten in #20091
Auth/PM-34506 - LoginStrategyService - Refactor cache and timeout out into own services by @JaredSnider-Bitwarden in #20108
[AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix in #20113
[AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix in #20114
[deps]: Update codecov/codecov-action action to v6 by @renovate in #20126
[BRE-1004] Fix GHCR logic in Build Web and Publish Web by @vgrassia in #20163
Add Skunkworks as co-owners of native passkeys by @iinuwa in #20184
enable jest/no-alias-methods by @cd-bitwarden in #20187
Add dev tag to GHCR by @vgrassia in #20234
[BRE-1845] Removing unused code for Apple signing by @pixman20 in #20412
Update config.yml by @acostarj in #4555
Update config.yml by @acostarj in #4775

📦 Dependency Updates

[deps] Architecture: Update Minor and patch linting updates by @renovate in #17491
[deps] UI Foundation: Update vite-tsconfig-paths to v6 by @renovate in #18085
[deps] UI Foundation: Update @compodoc/compodoc to v1.2.1 by @renovate in #18713
[deps] Platform: Update copy-webpack-plugin to v14 by @renovate in #19581
[deps] UI Foundation: Update svgo to v4.0.1 [SECURITY] by @renovate in #19757
[deps] SM: Update jest-diff to v30.3.0 by @renovate in #19843
[deps] Platform: Update webpack-cli to v7 by @renovate in #19849
Update sdk-internal to 0.2.0-main.646 by @bw-ghapp in #20057
Update sdk-internal to 0.2.0-main.668 by @bw-ghapp in #20132
Update sdk-internal to 0.2.0-main.672 by @bw-ghapp in #20140
Update sdk-internal to 0.2.0-main.673 by @bw-ghapp in #20157
Update sdk-internal to 0.2.0-main.681 by @bw-ghapp in #20194
[SM-1762] Bump Jest to 30.3.0 by @djsmith85 in #20211
Update sdk-internal to 0.2.0-main.687 by @bw-ghapp in #20220
Update sdk-internal to 0.2.0-main.689 by @bw-ghapp in #20224
Update sdk-internal to 0.2.0-main.692 by @bw-ghapp in #20251

🎨 Other

[CL-1026] Cherry pick icon tile refresh to main by @willmartian in #19063
disable claude attribution by @audreyality in #19253
Share inline menu qualification service implementation of keyword matching with autofill service by @blackwood in #19263
[PM-32687] Create Claude skill to add more item types easily by @gbubemismith in #19301
Add fix-angular-fixmes skill to resolve Angular FIXME migration comments by @JaredScar in #19426
[PM-29524]Remove ts strict ignore in collect autofill content service by @dan-livefront in #19525
Update all import statements and remove re-exporting files by @eliykat in #19545
[CL-1049] Make fallback autofocus approach for dialogs by @vleague2 in #19561
[PM-33426 ] - add popup focus wrap directive by @jaasen-livefront in #19666
[PM-31331] Incorrect data shown in notification bar after consecutive logins with new ciphers by @dan-livefront in #19711
[PM-34008] Autofill behavior from more option component asks to save URI for non login cipher types by @jengstrom-bw in #19712
[PM-34058] fix vault timeout on MV2 Firefox by @jlf0dev in #19742
Autosync Crowdin Translations for browser by @bw-ghapp in #19799
[PM-22406]Setting Bitwarden to default browser fails after accepting permission prompt by @dan-livefront in #19813
[PM-34459] AI skill for converting figma designs to Angular component by @Hinton in #19866
[PM-34230] Skill for HEC integration by @voommen-livefront in #19914
Autosync Crowdin Translations for browser by @bw-ghapp in #19958
update gray-050 primitive by @BryanCunningham in #20016
Autosync Crowdin Translations for browser by @bw-ghapp in #20087
Replace deprecated typescript.tsdk with js/ts.tsdk.path by @willmartian in #20146
Autosync Crowdin Translations for browser by @bw-ghapp in #20219
Autosync Crowdin Translations for browser by @bw-ghapp in #20262

Original source

Overview

What's New

Support for client certificate authentication (mTLS) for self-hosted environments

Your User ID is now visible in the Debug view with a one-tap copy button

Improvements

Authenticator menu bar now displays correctly on iOS 26 when biometric unlock is enabled

Bug Fixes

Fixed autofill occasionally closing when using long press

What's Changed

✨ Community Highlight

[PM-23409] feat: Add client certificate authentication (mTLS) support for self-hosted environments by @jalenfran in #1720

[PM-26292] chore: Remove unused strings by @mKoonrad in #2003

Feature Development

[PM-33848] feat: Add dismissable Premium Upgrade banner to vault list by @andrebispo5 in #2505

[PM-26293] tool: Add scripts to delete duplicate Localizable.strings entries by @KatherineInCode in #2412

[PM-33849] feat: Add Premium Upgrade view by @andrebispo5 in #2523

[PM-34904] feat: Replace plans endpoint with premium plan endpoint by @andrebispo5 in #2534

[PM-26292] tool: Add script to delete unused Localizable.strings entries by @KatherineInCode in #2464

[PM-35126] feat: Add billing subscription endpoint by @andrebispo5 in #2546

[PM-13971] feature: Add user ID to DebugView by @morganzellers-bw in #2529

[PM-34897] feat: Premium plan screen by @andrebispo5 in #2541

🐛 Bug fixes

[PM-35040] fix: Prevent Authenticator lock overlay from being dismissed by @KatherineInCode in #2537

[PM-24195] fix: Pass userId to refreshToken and setTokens by @LRNcardozoWDF in #2374

[PM-35251] fix: Adjust presentation style to avoid Tab Bar issues in BWA by @KatherineInCode in #2551

[PM-35285] fix: Prevent StateService.isAuthenticated(userId:) from throwing if token doesn't exist in keychain by @matt-livefront in #2553

⚙️ Maintenance

[PM-25832] chore: Remove cxp-export-mobile feature flag by @matt-livefront in #2516

Crowdin Pull by @bw-ghapp[bot] in #2520

[PM-34016] chore: Centralize logic around TOTP code generation authorization by @morganzellers-bw in #2513

[PM-33207] chore: Remove pm-19051-send-email-verification feature flag by @matt-livefront in #2524

[PM-33571] llm: Add requirements refinement and planning skills by @SaintPatrck in #2445

[deps]: Update actions/create-github-app-token action to v3 by @renovate[bot] in #2476

Crowdin Pull by @bw-ghapp[bot] in #2531

[PM-34009] chore: Create KeychainServiceFacade by @KatherineInCode in #2507

📦 Dependency Updates

Update public suffix list by @github-actions[bot] in #2521

Update public suffix list by @github-actions[bot] in #2532

🎨 Other

[PM-33575] llm: Add delivery skills for preflight, commit, PR, and labeling by @SaintPatrck in #2449

[PM-33572] llm: Add implementing-ios-code skill with Swift templates by @SaintPatrck in #2446

[PM-33573] llm: Add testing-ios-code skill with examples and references by @SaintPatrck in #2447

[PM-33576] llm: Add orchestration command, agent, and skill index to CLAUDE.md by @SaintPatrck in #2450

[PM-34793] llm: Add ios-architect agent by @KatherineInCode in #2525

[PM-34811] llm: Fix simulator destination in build-test-verify skill by @KatherineInCode in #2526

QA-1654: Adding accessibilityIDs to FlightRecorderLogsView elements by @ifernandezdiaz in #2542

New Contributors

@jalenfran made their first contribution in #1720

Full Changelog: v2026.4.0-bwpm...v2026.4.1-bwpm

Builds Source: https://github.com/bitwarden/ios/actions/runs/24576670030

Original source

Overview

General under-the-hood improvements and bug fixes.

What's Changed

✨ Community Highlight

[PM-23409] feat: Add client certificate authentication (mTLS) support for self-hosted environments by @jalenfran in #1720

[PM-26292] chore: Remove unused strings by @mKoonrad in #2003

Feature Development

[PM-33848] feat: Add dismissable Premium Upgrade banner to vault list by @andrebispo5 in #2505

[PM-26293] tool: Add scripts to delete duplicate Localizable.strings entries by @KatherineInCode in #2412

[PM-33849] feat: Add Premium Upgrade view by @andrebispo5 in #2523

[PM-34904] feat: Replace plans endpoint with premium plan endpoint by @andrebispo5 in #2534

[PM-26292] tool: Add script to delete unused Localizable.strings entries by @KatherineInCode in #2464

[PM-35126] feat: Add billing subscription endpoint by @andrebispo5 in #2546

[PM-13971] feature: Add user ID to DebugView by @morganzellers-bw in #2529

[PM-34897] feat: Premium plan screen by @andrebispo5 in #2541

🐛 Bug fixes

[PM-35040] fix: Prevent Authenticator lock overlay from being dismissed by @KatherineInCode in #2537

[PM-24195] fix: Pass userId to refreshToken and setTokens by @LRNcardozoWDF in #2374

[PM-35251] fix: Adjust presentation style to avoid Tab Bar issues in BWA by @KatherineInCode in #2551

[PM-35285] fix: Prevent StateService.isAuthenticated(userId:) from throwing if token doesn't exist in keychain by @matt-livefront in #2553

⚙️ Maintenance

[PM-25832] chore: Remove cxp-export-mobile feature flag by @matt-livefront in #2516

Crowdin Pull by @bw-ghapp[bot] in #2520

[PM-34016] chore: Centralize logic around TOTP code generation authorization by @morganzellers-bw in #2513

[PM-33207] chore: Remove pm-19051-send-email-verification feature flag by @matt-livefront in #2524

[PM-33571] llm: Add requirements refinement and planning skills by @SaintPatrck in #2445

[deps]: Update actions/create-github-app-token action to v3 by @renovate[bot] in #2476

Crowdin Pull by @bw-ghapp[bot] in #2531

[PM-34009] chore: Create KeychainServiceFacade by @KatherineInCode in #2507

📦 Dependency Updates

Update public suffix list by @github-actions[bot] in #2521

Update public suffix list by @github-actions[bot] in #2532

🎨 Other

[PM-33575] llm: Add delivery skills for preflight, commit, PR, and labeling by @SaintPatrck in #2449

[PM-33572] llm: Add implementing-ios-code skill with Swift templates by @SaintPatrck in #2446

[PM-33573] llm: Add testing-ios-code skill with examples and references by @SaintPatrck in #2447

[PM-33576] llm: Add orchestration command, agent, and skill index to CLAUDE.md by @SaintPatrck in #2450

[PM-34793] llm: Add ios-architect agent by @KatherineInCode in #2525

[PM-34811] llm: Fix simulator destination in build-test-verify skill by @KatherineInCode in #2526

QA-1654: Adding accessibilityIDs to FlightRecorderLogsView elements by @ifernandezdiaz in #2542

New Contributors

@jalenfran made their first contribution in #1720

Full Changelog: v2026.4.0-bwa...v2026.4.1-bwa

Builds Source: https://github.com/bitwarden/ios/actions/runs/24576671046

Original source

Overview

Bug Fixes

Fixed looping alert in encryption settings

Fixed passkey creation for related-origin sites

Archived items no longer appear in Verification Codes

Fixed TOTP countdown freezing when returning to the app in some occasions

What's Changed

✨ Community Highlight

[PM-29309] [BWA-209] bug: Fix TOTP countdown freeze when returning to Authenticator app (change Flow to StateFlow) by @david-livefront in #6764

[PM-23379] bug: custom fields: hide or show move up or down actions depending on the items' index by @gbrbrand in #5480

[PM-34833] bug: Search improvements by @gbrbrand in #6776

Feature Development

QA-1702: Adding missing testTags for TestHarness app by @ifernandezdiaz in #6763

[PM-34125] feat: Add card text analysis pipeline by @SaintPatrck in #6720

[PM-34126] feat: Add card scan screen by @SaintPatrck in #6721

[PM-34127] feat: Integrate card scanner with VaultAddEdit by @SaintPatrck in #6722

PM-34872, PM-34873, PM-34874, PM-34875: feat: Add feature flags for Encryption v2 Registration by @david-livefront in #6778

PM-33458: feat: Add speed bump when archiving item from a list by @david-livefront in #6774

🐛 Bug fixes

PM-34238: bug: Hide archived ciphers on VerificationCodes Screen by @david-livefront in #6767

PM-34840: bug: Allow related-origin passkey creation by @david-livefront in #6777

[PM-35117] fix: Getting updated values from KDF before displaying update KDF prompt by @aj-rosado in #6802

⚙️ Maintenance

[PM-34124] refactor: Generalize CameraPreview analyzer parameter by @SaintPatrck in #6719

Crowdin Pull by @bw-ghapp[bot] in #6762

chore: Update the AppVersionName to 2026.4.0 by @david-livefront in #6765

Chore: Add 'isActive' extension menthods for CipherView and CipherListView by @david-livefront in #6769

QA-1655: chore: Adding testTags to RecordedLogsScreen.kt by @ifernandezdiaz in #6772

Crowdin Pull by @bw-ghapp[bot] in #6785

[deps]: Update gradle/actions action to v6 by @renovate[bot] in #6788

[deps]: Update codecov/codecov-action action to v6 by @renovate[bot] in #6787

📦 Dependency Updates

[deps]: Update protobuf monorepo to v4.34.1 by @renovate[bot] in #6735

Update Kotlinx-Kover to v0.9.8. by @david-livefront in #6766

Update Androidx dependencies to their latest versions by @david-livefront in #6768

Update SDK to 2.0.0-6000-b41ccf65 by @bw-ghapp[bot] in #6677

[deps]: Update androidxCredentialsProviderEvents to v1.0.0-alpha06 by @renovate[bot] in #6734

Update SDK to 2.0.0-6074-f373e7f3 by @bw-ghapp[bot] in #6771

[deps]: Lock file maintenance by @renovate[bot] in #6789

deps: Update agp to latest version by @david-livefront in #6790

New Contributors

@gabrbrand made their first contribution in #5480

Full Changelog: v2026.4.0-bwpm...v2026.4.1-bwpm

Builds Source: https://github.com/bitwarden/android/actions/runs/24576662405

Original source

Overview

General under-the-hood improvements and bug fixes.

What's Changed

✨ Community Highlight

[PM-29309] [BWA-209] bug: Fix TOTP countdown freeze when returning to Authenticator app (change Flow to StateFlow) by @david-livefront in #6764
[PM-23379] bug: custom fields: hide or show move up or down actions depending on the items' index by @gabrbrand in #5480
[PM-34833] bug: Search improvements by @gabrbrand in #6776

Feature Development

QA-1702: Adding missing testTags for TestHarness app by @ifernandezdiaz in #6763
[PM-34125] feat: Add card text analysis pipeline by @SaintPatrck in #6720
[PM-34126] feat: Add card scan screen by @SaintPatrck in #6721
[PM-34127] feat: Integrate card scanner with VaultAddEdit by @SaintPatrck in #6722
PM-34872, PM-34873, PM-34874, PM-34875: feat: Add feature flags for Encryption v2 Registration by @david-livefront in #6778
PM-33458: feat: Add speed bump when archiving item from a list by @david-livefront in #6774

🐛 Bug fixes

PM-34238: bug: Hide archived ciphers on VerificationCodes Screen by @david-livefront in #6767
PM-34840: bug: Allow related-origin passkey creation by @david-livefront in #6777
[PM-35117] fix: Getting updated values from KDF before displaying update KDF prompt by @aj-rosado in #6802

⚙️ Maintenance

[PM-34124] refactor: Generalize CameraPreview analyzer parameter by @SaintPatrck in #6719
Crowdin Pull by @bw-ghapp[bot] in #6762
chore: Update the AppVersionName to 2026.4.0 by @david-livefront in #6765
Chore: Add 'isActive' extension menthods for CipherView and CipherListView by @david-livefront in #6769
QA-1655: chore: Adding testTags to RecordedLogsScreen.kt by @ifernandezdiaz in #6772
Crowdin Pull by @bw-ghapp[bot] in #6785
[deps]: Update gradle/actions action to v6 by @renovate[bot] in #6788
[deps]: Update codecov/codecov-action action to v6 by @renovate[bot] in #6787

📦 Dependency Updates

[deps]: Update protobuf monorepo to v4.34.1 by @renovate[bot] in #6735
Update Kotlinx-Kover to v0.9.8. by @david-livefront in #6766
Update Androidx dependencies to their latest versions by @david-livefront in #6768
Update SDK to 2.0.0-6000-b41ccf65 by @bw-ghapp[bot] in #6677
[deps]: Update androidxCredentialsProviderEvents to v1.0.0-alpha06 by @renovate[bot] in #6734
Update SDK to 2.0.0-6074-f373e7f3 by @bw-ghapp[bot] in #6771
[deps]: Lock file maintenance by @renovate[bot] in #6789
deps: Update agp to latest version by @david-livefront in #6790

New Contributors

@gabrbrand made their first contribution in #5480

Full Changelog: v2026.4.0-bwa...v2026.4.1-bwa
Builds Source: https://github.com/bitwarden/android/actions/runs/24576663374

Original source

(The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.4.2, Browser Extension 2026.4.0, Desktop 2026.4.0, Mobile 2026.4.1, and CLI 2026.4.0)

Password Manager

• Change master password on extensions and desktop: You can now change your master password on browser extensions and desktop apps. To support future improvements, workflows that allowed a master password change via the CLI were removed.
• Desktop UI updates: The desktop app UI has been updated with visual improvements.
• Click to autofill by default: Within the browser extension, you can now click anywhere on an item within Autofill suggestions to insert your credentials. This update removes the Fill button and Click items in autofill suggestions to fill setting for a more streamlined appearance.
• Updated Clear Clipboard default: The browser extension's Clear Clipboard setting now defaults to five minutes, an extra precaution to help keep your credentials secure.
• mTLS support now on iOS: Both the iOS and Android mobile apps now support uploading mTLS certificates for self-hosted servers that require client authentication. Upload your certificate when you set your server URL.
• Attachment status loading bar: Uploading an attachment on the desktop app and browser extension will display an upload status bar.
• Keeper JSON importer: You can now import data from Keeper with a JSON file.

Original source

Overview

Added event logs for phishing blocker
Refactor unlock service to use Bitwarden SDK
Updated account recovery to include managing member two-step login methods
Updates to prevent losing unsaved changes when creating a Send
Updated default clipboard clearing time to 5 minutes
Various under-the-hood improvements and minor bug fixes

What's Changed

Feature Development

[PM-8458] Change ClearClipboardDelay to strings and change default by @bensbits91 in #17756
[CL-966] Updated Progress Component by @lxiong-livefront in #19072
[PM-28167] Desktop - migrate vault drawers UI to shared lib by @iivins-livefront in #19341
[PM-30584] Add unlock for key connector with SDK by @quexten in #19367
[PM-31778] Multi-step policy edit dialog by @JaredScar in #19406
[PM-31438] Send unsaved edits dialog by @mcamirault in #19425
[CL-1110] Migrate tools CTAs to new icon API by @BryanCunningham in #19485
[PM-26713] Refactor Attachment Uploads to use XMLHTTPRequest by @nick-livefront in #19634
[PM-29927] update reseller notifications by @kdenney in #19690
Auth/Innovation/PM-4659 - Device Management - Add Last Activity Date by @JaredSnider-Bitwarden in #19784
[PM-31901] Remove m3 flagged logic by @connerbw in #19868
[PM-31906] Remove m3 flag definition by @connerbw in #19870
[PM-15489] 2fa account recovery by @kspearrin in #19894
[PM-31942] Handle load/save Access Intelligence reports as files (pt. 1) by @lastbestdev in #19922
[Shared Unlock] [PM-34073] Implement vault timeout supression by @quexten in #19934
[PM-34119] Web New Item Dialog by @nick-livefront in #19953
Add PM-34500-strict-cipher-decryption feature flag by @nikwithak in #19973
[PM-31119] Run side-effects in sdk unlock service by @quexten in #20004
[PM-34230] Blumira Integration using HEC by @voommen-livefront in #20008
[PM-26383] Remove feature flag to enable autoconfirm by @JaredScar in #20015
[PM-34690] - add quick actions feature flag by @jaasen-livefront in #20019
[PM-31875] Client changes for async sdk client get/set by @Hinton in #20032
[PM-34177] Add feature flag for Organization Invite Links by @r-tome in #20033
[PM-34177] Fix feature flag key value for Organization Invite Links by @r-tome in #20039
[PM-24927] Add payment optional support to trial initiation flow and Remove payment-optional feature flag by @cyprain-okeke in #20053
[PM-34037] New event log for 2fa recovery by @kspearrin in #20055
[PM-31270] New default argon2id in change kdf component by @mzieniukbw in #20058
[PM-34396] Create dialog structure for new invite link that supports tab views by @BTreston in #20063
[PM-22228] Phishing events by @voommen-livefront in #20065
[PM-25627] convert policy dialogs to drawers by @JaredScar in #20078
[PM-35072] Allow account recovery for revoked members by @kspearrin in #20100
[PM-32853] Add FromMarketing Property for TrialInitiation Path by @sbrown-livefront in #20144
PM-33122: Rename feature flag pm-34500-strict-cipher-decryption by @nikwithak in #20151
[PM-26383] Remove AutoConfirm feature flag from the FeatureFlag enum by @JaredScar in #20179
[PM-27887] Keeper json importer by @itsadrago in #20200

🐛 Bug fixes

[PM-33480] Fix false success toasts in integration save/delete by @AlexRubik in #19544
[PM-33877] - handle blank custom field values in cipher form by @jaasen-livefront in #19676
[PM-32456] - set canEdit and canDelete in onCipherSaved by @jaasen-livefront in #19694
PM-33194 show appropriate error message for 409 by @voommen-livefront in #19713
[PM-34064] - remove unnecessary wrapper div around web extension prompt dialog by @jaasen-livefront in #19739
[PM-33301] Prevent Unverified Bank Account from Upgrade to Premium by @sbrown-livefront in #19745
[PM-33524] Not able to set new Master Password in a previously TDE org by @enmande in #19810
PM-33905 resolved plaholder text issue by @bmbitwarden in #19862
[CL-1124] updated badge max width by @BryanCunningham in #19864
[CL-1130] Fix storybook a11y and console errors for billing files by @vleague2 in #19916
[CL-1130] Fix storybook a11y and console errors for platform files by @vleague2 in #19918
[CL-1130] Fix storybook a11y and console errors for vault files by @vleague2 in #19920
Downloading an attachment, appends a file extension. Even if original file didn't have one by @jengstrom-bw in #19931
[PM-33554] Don't log out when trust denied for sdk key rotation by @quexten in #19961
Revert "Revert "[PM-33210] fix(login): clear validation errors on region change"" by @enmande in #20007
Auth/pm-34506 - Login Strategy Session Cache Expiration Adjustment by @JaredSnider-Bitwarden in #20009
[PM-34685][Defect] Subscription status for organizations not updating with feature flag enabled by @sbrown-livefront in #20018
[PM-34142] BUGFIX: Allow moving a newly created cipher to org by @nikwithak in #20025
[PM-34579] Update Access Intelligence chart to fit the entire selected timespan on x-axis by @lastbestdev in #20026
[PM-32463] Do not filter disabled orgs for Admin Console by @shane-melton in #20027
[PM-34255] - SCIM Key Fix by @jrmccannon in #20036
[PM-34575] Stop allCiphers$ firing twice by @JaredScar in #20067
[PM-34781] exclude "no folder" from key rotation by @mzieniukbw in #20068
[PM-14883] Strip non-numeric characters in credit card number display… by @shane-melton in #20070
[PM-33554] Fix emergency access fingerprint by @quexten in #20072
[PM-34792] - Fix Mp/Key prompt for SCIM API KEY by @jrmccannon in #20074
PM-34863 Org name has a contrast issue by @voommen-livefront in #20083
[PM-35055] fix account recovery policy config checkbox states by @kspearrin in #20141
[PM-35258] Add archive confirmation to Desktop and fix right click menu by @shane-melton in #20208
[PM-35246] Fix IdentityTokenResponse kdfConfig error by @rr-bw in #20209
[CL-1167] BUG FIX: Fixed nav switcher text colors by @lxiong-livefront in #20214
Fix eslint on main by @quexten in #20225
[PM-35187] Store new default avatar colors as hexes by @vleague2 in #20236
[PM-35318] Desktop v3/4 - Showing two "Archived" badge by @gbubemismith in #20239
[PM-35330] Fix state not being updated on change kdf by @quexten in #20259
[PM-35335] Fix bug making discard edits dialog show on navigate after… by @mcamirault in #20267
[PM-35335] Fix bug making discard edits dialog show on navigate after… by @mcamirault in #20274
Remove the desktop-specific Archived badge from ItemDetailsV2Compone… by @gbubemismith in #20277
PM-35363 resolved stale child controllers by @bmbitwarden in #20295
PM-35363 resolved stale child controllers (#20295) by @bmbitwarden in #20307
[PM-35458] fix status check by @BTreston in #20312
fix status check (#20312) by @BTreston in #20313
Auth/PM-35336 - TokenService - prevent stale access token retrieval to fix logout on org user confirm by @JaredSnider-Bitwarden in #20334
[PM-35240] RC cherry-pick: Add sync before forced kdf migration by @Thomas-Avery in #20340
[PM-35330] RC cherry-pick: Fix state not being updated on change kdf by @Thomas-Avery in #20341
CherryPick/Auth/PM-35336 - TokenService - prevent stale access token retrieval to fix logout on org user confirm by @JaredSnider-Bitwarden in #20342
[PM-35484] Remove exemption for owners/admins for mp policy by @BTreston in #20398
[PM-35484] Remove exemption for owners/admins for mp policy by @BTreston in #20418
Auth/PM-36080 by @JaredSnider-Bitwarden in #20452
CherryPick/Auth/PM-36080 (#20452) by @JaredSnider-Bitwarden in #20463

⚙️ Maintenance

[PM-25688] Migrate Folder API request model to TS strict by @shane-melton in #17269
Added devcontainer setup (devcontainer.json, docker-compose.yml, postCreateCommand.sh) by @connerbw in #18541
[deps]: Update actions/checkout action to v6.0.2 by @renovate in #18569
[PM-31838] Update ngIf/ngFor to @if/@for in vault web components by @jengstrom-bw in #18820
[PM-32864] Remove local masterkey hash by @quexten in #19277
[PM-32919] Migrate DeleteAccountDialog to shared code by @djsmith85 in #19308
Sanitize branch ref with toJSON by @mandreko-bitwarden in #19394
[PM-18133] Remove generatePasswordCallback, rely on new service by @blackwood in #19400
[CL-1113] Migrate auth CTAs to new icon API by @BryanCunningham in #19489
[deps]: Update docker/setup-buildx-action action to v4 by @renovate in #19583
[deps]: Update docker/setup-qemu-action action to v4 by @renovate in #19585
DN Team Codeowners Rename by @coltonhurst in #19595
[BRE 1670] update token for build workflows by @AmyLGalles in #19660
[deps]: Update dtolnay/rust-toolchain digest to 29eef33 by @renovate in #19841
[deps]: Update dorny/test-reporter action to v3 by @renovate in #19855
Bitwarden IPC improvements/refactor by @coroiu in #19935
Added ownership of sdk-update workflow. by @trmartin4 in #19980
Enable the custom.regex package manager to enable rust toolchain updates by @neuronull in #20035
eslint: error on importing bitwarden licensed code into /libs/* by @djsmith85 in #20054
[PM-34574] Remove personal vault decrypt from AC by @JaredScar in #20066
[PM-33101] Remove master key from uv service by @quexten in #20076
Remove unused signature type enum by @quexten in #20091
Auth/PM-34506 - LoginStrategyService - Refactor cache and timeout out into own services by @JaredSnider-Bitwarden in #20108
[AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix in #20113
[AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix in #20114
[deps]: Update codecov/codecov-action action to v6 by @renovate in #20126
[BRE-1004] Fix GHCR logic in Build Web and Publish Web by @vgrassia in #20163
Add Skunkworks as co-owners of native passkeys by @iinuwa in #20184
enable jest/no-alias-methods by @cd-bitwarden in #20187
Add dev tag to GHCR by @vgrassia in #20234

📦 Dependency Updates

[deps] SM: Update jest-diff to v30.3.0 by @renovate in #19843
[deps] Platform: Update webpack-cli to v7 by @renovate in #19849
Update sdk-internal to 0.2.0-main.646 by @bw-ghapp in #20057
Update sdk-internal to 0.2.0-main.668 by @bw-ghapp in #20132
Update sdk-internal to 0.2.0-main.672 by @bw-ghapp in #20140
Update sdk-internal to 0.2.0-main.673 by @bw-ghapp in #20157
Update sdk-internal to 0.2.0-main.681 by @bw-ghapp in #20194
[SM-1762] Bump Jest to 30.3.0 by @djsmith85 in #20211
Update sdk-internal to 0.2.0-main.687 by @bw-ghapp in #20220
Update sdk-internal to 0.2.0-main.689 by @bw-ghapp in #20224
Update sdk-internal to 0.2.0-main.692 by @bw-ghapp in #20251

🎨 Other

[PM-32687] Create Claude skill to add more item types easily by @gbubemismith in #19301
Add fix-angular-fixmes skill to resolve Angular FIXME migration comments by @JaredScar in #19426
update gray-050 primitive by @BryanCunningham in #20016
[PM-32091] Update postmessage by @enmande in #20064
Autosync Crowdin Translations for web by @bw-ghapp in #20088
Replace deprecated typescript.tsdk with js/ts.tsdk.path by @willmartian in #20146
Autosync Crowdin Translations for web by @bw-ghapp in #20218
[PM-25627] Fix type checks failing by @JaredScar in #20245
Autosync Crowdin Translations for web by @bw-ghapp in #20264

Original source

Overview

Updated exit survey options

Fix an issue with how avatar color selections are stored to fix a crash with some Android devices.

What's Changed

🐛 Bug fixes

[PM-35187] Store new default avatar colors as hexes by @vleague2 in #20236

🎨 Other

Bumped client version(s) by @differsthecat in #20241

[PM-35187] Store new default avatar colors as hexes (#20236) by @differsthecat in #20242

feat(survey): [PM-35243] Update cancel survey options for Teams and Enterprise by @trmartin4 in #20247

Original source

(The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.4.0 and Mobile 2026.4.0.)

Password Manager

• Preview image attachments on Android: You can now preview image attachments from within the Password Manager Android app, without having to download the file to your device. Previewing image attachments will be available on iOS in a future release.

Admin Console

• Send controls Enterprise policy: Two Enterprise policies, Send Options and Remove Send, were merged into the newly titled Send controls policy. If either policy was previously turned on, the chosen options will transfer and remain unchanged.
• Updated Enterprise Policies page: On the Policies page, the Enterprise Policies are now organized into three categories: Data Controls, Authentication, and Vault Management. You can also review at a glance which policies are turned on or off.
• Access Intelligence dashboard update: Visualize how at-risk applications, passwords, and members have changed over time relative to absolute changes in application, password, and member counts with new graphs on the Access Intelligence Activity view.

Original source

Overview

What's New

Preview image attachments before downloading

Improvements

TOTP codes now align consistently for easier reading

Bug Fixes

Fixed crash during autofill with special characters in URIs

Fixed passphrase generator incorrectly adding spaces as separators

What's Changed

✨ Community Highlight

PM-25654: feat: Preview attachment by @david-livefront in #6675

[PM-34168] Add future CalyxOS Chromium key to FIDO2 privilege community list by @lucasmz-dev in #6723

Feature Development

[PM-33515] feat: Render premium upgrade banner in Vault UI by @SaintPatrck in #6698

PM-34042: feat: Preview attachments from AttachmentsScreen by @david-livefront in #6712

[PM-33516] feat: Create PlanScreen, PlanViewModel, and modal navigation by @SaintPatrck in #6715

PM-34228: feat: Add feature flag for forthcoming attachment updates by @david-livefront in #6739

PM-34231: feat: Support renaming attachments during creation by @david-livefront in #6742

🐛 Bug fixes

PM-29871: bug: Add more accessibility callouts for external links by @david-livefront in #6708

PM-32721: bug: Sort password history before persisting by @david-livefront in #6709

BWA-238: bug: Send additional cipher data for Authenticator Sync by @david-livefront in #6714

PM-34115: bug: Consistent visual length of TOTP codes by @david-livefront in #6716

PM-34193: bug: Unlock vault from Never-Lock should be on io thread by @david-livefront in #6728

BWA-224: bug: Add sort order for Authenticator items by @david-livefront in #6740

BWA-228: bug: Update identity custom field keys to use index by @david-livefront in #6743

PM-29763: bug: Handle invalid URI crash by @david-livefront in #6748

PM-34499: bug: Add appropriate external link callouts for attachments by @david-livefront in #6752

PM-34498: bug: Update attachments premium dialogs by @david-livefront in #6753

PM-34544: bug: Handle large attachments in preview by @david-livefront in #6757

⚙️ Maintenance

misc: Update BitwardenButtonData for more usability by @david-livefront in #6704

Crowdin Pull by @bw-ghapp[bot] in #6705

[PM-33999] chore: Standardize casing of Premium account status references by @SaintPatrck in #6707

chore: Implement Folder Repo interface for Bitwarden SDK by @david-livefront in #6691

chore: Update RootNavScreen to enforce state-based navigation by @david-livefront in #6713

chore: Update UI lists to ImmutableLists by @david-livefront in #6718

Crowdin Pull by @bw-ghapp[bot] in #6731

chore: Update AttachmentsState to use immutable list by @david-livefront in #6741

[deps]: Update actions/create-github-app-token action to v3 by @renovate[bot] in #6737

chore: Create common UI elements for VaultItemScreen by @david-livefront in #6746

chore: Attachment UI tweaks by @david-livefront in #6749

📦 Dependency Updates

[deps]: Lock file maintenance by @renovate[bot] in #6738

[deps]: Update com.google.firebase:firebase-bom to v34.11.0 by @renovate[bot] in #6736

🎨 Other

[PM-33941] llm: Refine skills and commands for agent reliability by @SaintPatrck in #6703

[PM-34107] llm: Add android-architect agent by @SaintPatrck in #6686

llm: Add test constants placement rule to testing skill by @SaintPatrck in #6726

llm: Add AI review label prompt to PR creation skill by @SaintPatrck in #6729

Full Changelog: v2026.3.1-bwpm...v2026.4.0-bwpm

Builds Source: https://github.com/bitwarden/android/actions/runs/23952219208

Original source