Bitwarden Clients Updates & Release Notes

Overview

Performance improvements to reduce the extension's impact on web page loading and responsiveness

What's Changed

💙 Community Highlight

[PM-35399] Performance issue due to observer cascade and shadow DOMs in modern apps/websites by @golddragon007 in #20286 (included in #20622 )

🐛 Bug fixes

[PM-35399] golddragon007 performance fix by @audreyality in #20622

[PM-35399] autofill chrome performance tuning (#20622) by @audreyality in #20642

⚙️ Maintenance

Bump browser client version to 2026.5.0 by @differsthecat in #20633

Change browser version to 2026.4.1 by @differsthecat in #20652

New Contributors

@golddragon007 made their first contribution in #20286

Full Changelog: browser-v2026.4.0...browser-v2026.4.1

Original source

Overview

Refactor unlock service to use Bitwarden SDK
Compact mode no longer in beta
Updated default clipboard clearing time to 5 minutes
Various under-the-hood improvements and minor bug fixes

What's Changed

💙 Community Highlight

[PM-24289] fix popout windows on wayland (browser) by @krjan02 in #15825
[PM-32584] fix: warn user about unsaved changes before applying desktop update by @bittoby in #19147
[PM-33210] fix(login): clear validation errors on region change by @OnSuorce in #19407

Feature Development

[PM-8458] Change ClearClipboardDelay to strings and change default by @bensbits91 in #17756
[CL-958] Update avatar component to new styles by @vleague2 in #18975
[CL-1023][CL-1031] Design system refresh: Milestone 1 by @willmartian in #19061
[CL-966] Updated Progress Component by @lxiong-livefront in #19072
PM-31767 resend feature by @bmbitwarden in #19136
Auth/PM-33261 - Multi-client Password Management (new for desktop & extension) by @JaredSnider-Bitwarden in #19289
[PM-31885] Consolidate all Send policies to a single policy by @harr1424 in #19314
[PM-28167] Desktop - migrate vault drawers UI to shared lib by @iivins-livefront in #19341
[PM-30584] Add unlock for key connector with SDK by @quexten in #19367
[PM-33173] Use unlock service for password login strategy by @quexten in #19371
[PM-31438] Send unsaved edits dialog by @mcamirault in #19425
[CL-1110] Migrate tools CTAs to new icon API by @BryanCunningham in #19485
Auth/PM-33353 - Password Login - refine prefetching of password prelogin data by @JaredSnider-Bitwarden in #19510
[PM-33134] Implement delta sync for phishing blocklist by @AlexRubik in #19515
PM-31418 implemented password generator inside drawer by @bmbitwarden in #19521
[PM-24476] At Risk Password setting by @nick-livefront in #19557
[PM-32783] Cached electron storage by @dani-garcia in #19590
[PM-30101] subscription discounts in web checkout by @kdenney in #19599
[PM-26713] Refactor Attachment Uploads to use XMLHTTPRequest by @nick-livefront in #19634
[PM-32057] Wire up Trend Widget in Access Intelligence Activity by @Banrion in #19664
[PM-33139] Targeting Rules initial implementation by @jprusik in #19693
[PM-28419] Remove feature flagged logic by @BTreston in #19718
[PM-34012] - Replace image in welcome dialog with extension prompt by @jaasen-livefront in #19720
[CL-1012] Removed hyphenation from Simple Dialog Component by @lxiong-livefront in #19732
Auth/Innovation/PM-4659 - Device Management - Add Last Activity Date by @JaredSnider-Bitwarden in #19784
[CL-941] Remove router focus flag from client by @vleague2 in #19812
[PM-19168] Remove Archive Feature Flag by @nick-livefront in #19829
[PM-31899] Remove m2 flag definition by @connerbw in #19869
[PM-15489] 2fa account recovery by @kspearrin in #19894
[PM-31885] Bump SendControls Policy Enum Value by @harr1424 in #19903
Update primitive colors by @BryanCunningham in #19910
[Shared Unlock] [PM-34073] Implement vault timeout supression by @quexten in #19934
[PM-34119] Web New Item Dialog by @nick-livefront in #19953
Add PM-34500-strict-cipher-decryption feature flag by @nikwithak in #19973
[PM-31119] Run side-effects in sdk unlock service by @quexten in #20004
[PM-32009] New Item page for Browser by @nick-livefront in #20014
[PM-26383] Remove feature flag to enable autoconfirm by @JaredScar in #20015
[PM-34690] - add quick actions feature flag by @jaasen-livefront in #20019
[PM-31875] Client changes for async sdk client get/set by @Hinton in #20032
[PM-34177] Add feature flag for Organization Invite Links by @r-tome in #20033
[PM-34177] Fix feature flag key value for Organization Invite Links by @r-tome in #20039
[PM-33391] Removes beta badge for compact mode by @jengstrom-bw in #20047
[PM-34614] Item Action Updates by @nick-livefront in #20051
[PM-24927] Add payment optional support to trial initiation flow and Remove payment-optional feature flag by @cyprain-okeke in #20053
[PM-34037] New event log for 2fa recovery by @kspearrin in #20055
[PM-31270] New default argon2id in change kdf component by @mzieniukbw in #20058
[PM-22228] Phishing events by @voommen-livefront in #20065
PM-33122: Rename feature flag pm-34500-strict-cipher-decryption by @nikwithak in #20151
[PM-34816] add performance instrumentation by @audreyality in #20158
[PM-26383] Remove AutoConfirm feature flag from the FeatureFlag enum by @JaredScar in #20179
[PM-27887] Keeper json importer by @itsadrago in #20200
Add percentage complete translation for progress bar by @nick-livefront in #20206

🐛 Bug fixes

[PM-32085] - popup width migration by @jaasen-livefront in #19408
[PM-22890] Automatically open Extension in FireFox by @nick-livefront in #19456
[PM-32761] Lock causes log out on TDE account with PIN by @mzieniukbw in #19594
[PM-33765] - Fix viewPassword not preserved during legacy cipher encryption by @jaasen-livefront in #19601
[PM-27368] Injected Autofill experiences should respect the user's "show animations" setting by @jprusik in #19622
[CL-1105] Ensure hover and focus states match spec by @vleague2 in #19638
[PM-32747] Empty TOTP secrets are being saved to ciphers in web based clients by @jengstrom-bw in #19645
[PM-30614] - Fix double event log in browser ext popup by @jrmccannon in #19657
[PM-33877] - handle blank custom field values in cipher form by @jaasen-livefront in #19676
[PM-33952] Fix cipher key encryption logic when editing ciphers by @nikwithak in #19695
flatten type-specific data into openNotificationBar message by @audreyality in #19719
[PM-33459] fix(autofill): exclude username-only scenario from new cipher save notification by @bensbits91 in #19733
[PM-33431] Inline menu icon is showing up on the view item screen on vault.bitwarden.com by @dan-livefront in #19734
[PM-33580] fix: skip change-password notification when no ciphers exist for URL by @bensbits91 in #19761
[PM-34131] Editing ciphers with change at risk password banner fails on web by @jengstrom-bw in #19785
Auth/PM-34198 - Device Management - fix device icons not rendering by @JaredSnider-Bitwarden in #19786
[PM-34192] My Items Collection is not marked as default when creating an item by @jengstrom-bw in #19793
[PM-34199] [Extension] Change Password Routing Fix by @rr-bw in #19794
[PM-33524] Not able to set new Master Password in a previously TDE org by @enmande in #19810
[PM-34223] discounts rounding bug fix by @kdenney in #19811
BRE-1746 fix(build-web-target): add packages write by @fntyler in #19816
[CL-1140] BUG FIX: desktop nav group anchor link color and cipher name styles by @lxiong-livefront in #19820
Auth/PM-34242 - Device Management Comp - Fix upsert losing isTrusted state and show trust status on pending auth request devices by @JaredSnider-Bitwarden in #19822
PM-33905 resolved plaholder text issue by @bmbitwarden in #19862
[CL-1124] updated badge max width by @BryanCunningham in #19864
[PM-30311] focus management creation in effect to account for async menu item changes by @BryanCunningham in #19871
[PM-34225] generate keypair even if there is no current one on password login by @jlf0dev in #19896
[PM-29455] safari unlock during autofill does not close by @audreyality in #19897
[PM-29227]Fix incorrect credential autofill in password change form by @dan-livefront in #19912
[CL-1130] Fix storybook a11y and console errors for billing files by @vleague2 in #19916
[CL-1130] Fix storybook a11y and console errors for admin console files by @vleague2 in #19917
[CL-1130] Fix storybook a11y and console errors for vault files by @vleague2 in #19920
[PM-34530] Display cart-level discount on personal subscription page by @amorask-bitwarden in #19925
Downloading an attachment, appends a file extension. Even if original file didn't have one by @jengstrom-bw in #19931
[PM-33808] - automatically autofill in search results by @jaasen-livefront in #19951
[PM-33554] Don't log out when trust denied for sdk key rotation by @quexten in #19961
Revert "[PM-33210] fix(login): clear validation errors on region change" by @enmande in #19979
Revert "Revert "[PM-33210] fix(login): clear validation errors on region change"" by @enmande in #20007
Auth/pm-34506 - Login Strategy Session Cache Expiration Adjustment by @JaredSnider-Bitwarden in #20009
[PM-34142] BUGFIX: Allow moving a newly created cipher to org by @nikwithak in #20025
[PM-34781] exclude "no folder" from key rotation by @mzieniukbw in #20068
[PM-14883] Strip non-numeric characters in credit card number display… by @shane-melton in #20070
[PM-33554] Fix emergency access fingerprint by @quexten in #20072
[PM-34902] - [Defect] "Do not autofill" button is not centered by @jaasen-livefront in #20105
[PM-35258] Add archive confirmation to Desktop and fix right click menu by @shane-melton in #20208
[PM-35246] Fix IdentityTokenResponse kdfConfig error by @rr-bw in #20209
[PM-35187] Store new default avatar colors as hexes by @vleague2 in #20236
[PM-35318] Desktop v3/4 - Showing two "Archived" badge by @gbubemismith in #20239
[PM-35330] Fix state not being updated on change kdf by @quexten in #20259
[PM-35335] Fix bug making discard edits dialog show on navigate after… by @mcamirault in #20267
[PM-35335] Fix bug making discard edits dialog show on navigate after… by @mcamirault in #20274
Remove the desktop-specific Archived badge from ItemDetailsV2Compone… by @gbubemismith in #20277
PM-35363 resolved stale child controllers by @bmbitwarden in #20295
PM-35363 resolved stale child controllers (#20295) by @bmbitwarden in #20307
Auth/PM-35336 - TokenService - prevent stale access token retrieval to fix logout on org user confirm by @JaredSnider-Bitwarden in #20334
[PM-35240] RC cherry-pick: Add sync before forced kdf migration by @Thomas-Avery in #20340
[PM-35330] RC cherry-pick: Fix state not being updated on change kdf by @Thomas-Avery in #20341
CherryPick/Auth/PM-35336 - TokenService - prevent stale access token retrieval to fix logout on org user confirm by @JaredSnider-Bitwarden in #20342
[PM-35484] Remove exemption for owners/admins for mp policy by @BTreston in #20398
[PM-35484] Remove exemption for owners/admins for mp policy by @BTreston in #20418
Auth/PM-36080 by @JaredSnider-Bitwarden in #20452
CherryPick/Auth/PM-36080 (#20452) by @JaredSnider-Bitwarden in #20463

⚙️ Maintenance

[PM-25688] Migrate Folder API request model to TS strict by @shane-melton in #17269
[deps]: Update chromaui/action action to v13.3.5 by @renovate in #17886
Added devcontainer setup (devcontainer.json, docker-compose.yml, postCreateCommand.sh) by @connerbw in #18541
[deps]: Update actions/checkout action to v6.0.2 by @renovate in #18569
[PM-25686] - migrate cipher export and sub-models by @jaasen-livefront in #19050
[PM-32864] Remove local masterkey hash by @quexten in #19277
[PM-32919] Migrate DeleteAccountDialog to shared code by @djsmith85 in #19308
Sanitize branch ref with toJSON by @mandreko-bitwarden in #19394
[PM-18133] Remove generatePasswordCallback, rely on new service by @blackwood in #19400
[PM-33555]Remove @ts-strict-ignore in autofill overlay content service by @dan-livefront in #19562
[deps]: Update docker/build-push-action action to v7 by @renovate in #19582
[deps]: Update docker/setup-buildx-action action to v4 by @renovate in #19583
[deps]: Update docker/setup-qemu-action action to v4 by @renovate in #19585
DN Team Codeowners Rename by @coltonhurst in #19595
[BRE 1670] update token for build workflows by @AmyLGalles in #19660
[BRE-1004] Publish web images to GHCR on release by @vgrassia in #19679
[PM-33797] AIV2: Standardize Models and Services: Shared Components by @Banrion in #19730
chore: update sm code ownership for sm owned files in bw license by @vincentsalucci in #19765
refactor(scheduling): extract @bitwarden/scheduling Nx leaf library by @addisonbeck in #19771
[BRE-1004] Remove web-sh image tag by @vgrassia in #19788
[PM-34194]Remove unused items from autofill component constructor by @dan-livefront in #19824
[deps]: Update dtolnay/rust-toolchain digest to 29eef33 by @renovate in #19841
[deps]: Update docker/login-action action to v4 by @renovate in #19853
[deps]: Update dorny/paths-filter action to v4 by @renovate in #19854
[deps]: Update dorny/test-reporter action to v3 by @renovate in #19855
[PM-33167] Replace img with TwoFactorIcon component by @djsmith85 in #19865
Bitwarden IPC improvements/refactor by @coroiu in #19935
remove base directive import by @BryanCunningham in #19978
Added ownership of sdk-update workflow. by @trmartin4 in #19980
Enable the custom.regex package manager to enable rust toolchain updates by @neuronull in #20035
eslint: error on importing bitwarden licensed code into /libs**/* by @djsmith85 in #20054
[PM-33101] Remove master key from uv service by @quexten in #20076
Remove unused signature type enum by @quexten in #20091
Auth/PM-34506 - LoginStrategyService - Refactor cache and timeout out into own services by @JaredSnider-Bitwarden in #20108
[AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix in #20113
[AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix in #20114
[deps]: Update codecov/codecov-action action to v6 by @renovate in #20126
[BRE-1004] Fix GHCR logic in Build Web and Publish Web by @vgrassia in #20163
Add Skunkworks as co-owners of native passkeys by @iinuwa in #20184
enable jest/no-alias-methods by @cd-bitwarden in #20187
Add dev tag to GHCR by @vgrassia in #20234
[BRE-1845] Removing unused code for Apple signing by @pixman20 in #20412
Update config.yml by @acostarj in #4555
Update config.yml by @acostarj in #4775

📦 Dependency Updates

[deps] Architecture: Update Minor and patch linting updates by @renovate in #17491
[deps] UI Foundation: Update vite-tsconfig-paths to v6 by @renovate in #18085
[deps] UI Foundation: Update @compodoc/compodoc to v1.2.1 by @renovate in #18713
[deps] Platform: Update copy-webpack-plugin to v14 by @renovate in #19581
[deps] UI Foundation: Update svgo to v4.0.1 [SECURITY] by @renovate in #19757
[deps] SM: Update jest-diff to v30.3.0 by @renovate in #19843
[deps] Platform: Update webpack-cli to v7 by @renovate in #19849
Update sdk-internal to 0.2.0-main.646 by @bw-ghapp in #20057
Update sdk-internal to 0.2.0-main.668 by @bw-ghapp in #20132
Update sdk-internal to 0.2.0-main.672 by @bw-ghapp in #20140
Update sdk-internal to 0.2.0-main.673 by @bw-ghapp in #20157
Update sdk-internal to 0.2.0-main.681 by @bw-ghapp in #20194
[SM-1762] Bump Jest to 30.3.0 by @djsmith85 in #20211
Update sdk-internal to 0.2.0-main.687 by @bw-ghapp in #20220
Update sdk-internal to 0.2.0-main.689 by @bw-ghapp in #20224
Update sdk-internal to 0.2.0-main.692 by @bw-ghapp in #20251

🎨 Other

[CL-1026] Cherry pick icon tile refresh to main by @willmartian in #19063
disable claude attribution by @audreyality in #19253
Share inline menu qualification service implementation of keyword matching with autofill service by @blackwood in #19263
[PM-32687] Create Claude skill to add more item types easily by @gbubemismith in #19301
Add fix-angular-fixmes skill to resolve Angular FIXME migration comments by @JaredScar in #19426
[PM-29524]Remove ts strict ignore in collect autofill content service by @dan-livefront in #19525
Update all import statements and remove re-exporting files by @eliykat in #19545
[CL-1049] Make fallback autofocus approach for dialogs by @vleague2 in #19561
[PM-33426 ] - add popup focus wrap directive by @jaasen-livefront in #19666
[PM-31331] Incorrect data shown in notification bar after consecutive logins with new ciphers by @dan-livefront in #19711
[PM-34008] Autofill behavior from more option component asks to save URI for non login cipher types by @jengstrom-bw in #19712
[PM-34058] fix vault timeout on MV2 Firefox by @jlf0dev in #19742
Autosync Crowdin Translations for browser by @bw-ghapp in #19799
[PM-22406]Setting Bitwarden to default browser fails after accepting permission prompt by @dan-livefront in #19813
[PM-34459] AI skill for converting figma designs to Angular component by @Hinton in #19866
[PM-34230] Skill for HEC integration by @voommen-livefront in #19914
Autosync Crowdin Translations for browser by @bw-ghapp in #19958
update gray-050 primitive by @BryanCunningham in #20016
Autosync Crowdin Translations for browser by @bw-ghapp in #20087
Replace deprecated typescript.tsdk with js/ts.tsdk.path by @willmartian in #20146
Autosync Crowdin Translations for browser by @bw-ghapp in #20219
Autosync Crowdin Translations for browser by @bw-ghapp in #20262

Original source

Overview

Added event logs for phishing blocker
Refactor unlock service to use Bitwarden SDK
Updated account recovery to include managing member two-step login methods
Updates to prevent losing unsaved changes when creating a Send
Updated default clipboard clearing time to 5 minutes
Various under-the-hood improvements and minor bug fixes

What's Changed

Feature Development

[PM-8458] Change ClearClipboardDelay to strings and change default by @bensbits91 in #17756
[CL-966] Updated Progress Component by @lxiong-livefront in #19072
[PM-28167] Desktop - migrate vault drawers UI to shared lib by @iivins-livefront in #19341
[PM-30584] Add unlock for key connector with SDK by @quexten in #19367
[PM-31778] Multi-step policy edit dialog by @JaredScar in #19406
[PM-31438] Send unsaved edits dialog by @mcamirault in #19425
[CL-1110] Migrate tools CTAs to new icon API by @BryanCunningham in #19485
[PM-26713] Refactor Attachment Uploads to use XMLHTTPRequest by @nick-livefront in #19634
[PM-29927] update reseller notifications by @kdenney in #19690
Auth/Innovation/PM-4659 - Device Management - Add Last Activity Date by @JaredSnider-Bitwarden in #19784
[PM-31901] Remove m3 flagged logic by @connerbw in #19868
[PM-31906] Remove m3 flag definition by @connerbw in #19870
[PM-15489] 2fa account recovery by @kspearrin in #19894
[PM-31942] Handle load/save Access Intelligence reports as files (pt. 1) by @lastbestdev in #19922
[Shared Unlock] [PM-34073] Implement vault timeout supression by @quexten in #19934
[PM-34119] Web New Item Dialog by @nick-livefront in #19953
Add PM-34500-strict-cipher-decryption feature flag by @nikwithak in #19973
[PM-31119] Run side-effects in sdk unlock service by @quexten in #20004
[PM-34230] Blumira Integration using HEC by @voommen-livefront in #20008
[PM-26383] Remove feature flag to enable autoconfirm by @JaredScar in #20015
[PM-34690] - add quick actions feature flag by @jaasen-livefront in #20019
[PM-31875] Client changes for async sdk client get/set by @Hinton in #20032
[PM-34177] Add feature flag for Organization Invite Links by @r-tome in #20033
[PM-34177] Fix feature flag key value for Organization Invite Links by @r-tome in #20039
[PM-24927] Add payment optional support to trial initiation flow and Remove payment-optional feature flag by @cyprain-okeke in #20053
[PM-34037] New event log for 2fa recovery by @kspearrin in #20055
[PM-31270] New default argon2id in change kdf component by @mzieniukbw in #20058
[PM-34396] Create dialog structure for new invite link that supports tab views by @BTreston in #20063
[PM-22228] Phishing events by @voommen-livefront in #20065
[PM-25627] convert policy dialogs to drawers by @JaredScar in #20078
[PM-35072] Allow account recovery for revoked members by @kspearrin in #20100
[PM-32853] Add FromMarketing Property for TrialInitiation Path by @sbrown-livefront in #20144
PM-33122: Rename feature flag pm-34500-strict-cipher-decryption by @nikwithak in #20151
[PM-26383] Remove AutoConfirm feature flag from the FeatureFlag enum by @JaredScar in #20179
[PM-27887] Keeper json importer by @itsadrago in #20200

🐛 Bug fixes

[PM-33480] Fix false success toasts in integration save/delete by @AlexRubik in #19544
[PM-33877] - handle blank custom field values in cipher form by @jaasen-livefront in #19676
[PM-32456] - set canEdit and canDelete in onCipherSaved by @jaasen-livefront in #19694
PM-33194 show appropriate error message for 409 by @voommen-livefront in #19713
[PM-34064] - remove unnecessary wrapper div around web extension prompt dialog by @jaasen-livefront in #19739
[PM-33301] Prevent Unverified Bank Account from Upgrade to Premium by @sbrown-livefront in #19745
[PM-33524] Not able to set new Master Password in a previously TDE org by @enmande in #19810
PM-33905 resolved plaholder text issue by @bmbitwarden in #19862
[CL-1124] updated badge max width by @BryanCunningham in #19864
[CL-1130] Fix storybook a11y and console errors for billing files by @vleague2 in #19916
[CL-1130] Fix storybook a11y and console errors for platform files by @vleague2 in #19918
[CL-1130] Fix storybook a11y and console errors for vault files by @vleague2 in #19920
Downloading an attachment, appends a file extension. Even if original file didn't have one by @jengstrom-bw in #19931
[PM-33554] Don't log out when trust denied for sdk key rotation by @quexten in #19961
Revert "Revert "[PM-33210] fix(login): clear validation errors on region change"" by @enmande in #20007
Auth/pm-34506 - Login Strategy Session Cache Expiration Adjustment by @JaredSnider-Bitwarden in #20009
[PM-34685][Defect] Subscription status for organizations not updating with feature flag enabled by @sbrown-livefront in #20018
[PM-34142] BUGFIX: Allow moving a newly created cipher to org by @nikwithak in #20025
[PM-34579] Update Access Intelligence chart to fit the entire selected timespan on x-axis by @lastbestdev in #20026
[PM-32463] Do not filter disabled orgs for Admin Console by @shane-melton in #20027
[PM-34255] - SCIM Key Fix by @jrmccannon in #20036
[PM-34575] Stop allCiphers$ firing twice by @JaredScar in #20067
[PM-34781] exclude "no folder" from key rotation by @mzieniukbw in #20068
[PM-14883] Strip non-numeric characters in credit card number display… by @shane-melton in #20070
[PM-33554] Fix emergency access fingerprint by @quexten in #20072
[PM-34792] - Fix Mp/Key prompt for SCIM API KEY by @jrmccannon in #20074
PM-34863 Org name has a contrast issue by @voommen-livefront in #20083
[PM-35055] fix account recovery policy config checkbox states by @kspearrin in #20141
[PM-35258] Add archive confirmation to Desktop and fix right click menu by @shane-melton in #20208
[PM-35246] Fix IdentityTokenResponse kdfConfig error by @rr-bw in #20209
[CL-1167] BUG FIX: Fixed nav switcher text colors by @lxiong-livefront in #20214
Fix eslint on main by @quexten in #20225
[PM-35187] Store new default avatar colors as hexes by @vleague2 in #20236
[PM-35318] Desktop v3/4 - Showing two "Archived" badge by @gbubemismith in #20239
[PM-35330] Fix state not being updated on change kdf by @quexten in #20259
[PM-35335] Fix bug making discard edits dialog show on navigate after… by @mcamirault in #20267
[PM-35335] Fix bug making discard edits dialog show on navigate after… by @mcamirault in #20274
Remove the desktop-specific Archived badge from ItemDetailsV2Compone… by @gbubemismith in #20277
PM-35363 resolved stale child controllers by @bmbitwarden in #20295
PM-35363 resolved stale child controllers (#20295) by @bmbitwarden in #20307
[PM-35458] fix status check by @BTreston in #20312
fix status check (#20312) by @BTreston in #20313
Auth/PM-35336 - TokenService - prevent stale access token retrieval to fix logout on org user confirm by @JaredSnider-Bitwarden in #20334
[PM-35240] RC cherry-pick: Add sync before forced kdf migration by @Thomas-Avery in #20340
[PM-35330] RC cherry-pick: Fix state not being updated on change kdf by @Thomas-Avery in #20341
CherryPick/Auth/PM-35336 - TokenService - prevent stale access token retrieval to fix logout on org user confirm by @JaredSnider-Bitwarden in #20342
[PM-35484] Remove exemption for owners/admins for mp policy by @BTreston in #20398
[PM-35484] Remove exemption for owners/admins for mp policy by @BTreston in #20418
Auth/PM-36080 by @JaredSnider-Bitwarden in #20452
CherryPick/Auth/PM-36080 (#20452) by @JaredSnider-Bitwarden in #20463

⚙️ Maintenance

[PM-25688] Migrate Folder API request model to TS strict by @shane-melton in #17269
Added devcontainer setup (devcontainer.json, docker-compose.yml, postCreateCommand.sh) by @connerbw in #18541
[deps]: Update actions/checkout action to v6.0.2 by @renovate in #18569
[PM-31838] Update ngIf/ngFor to @if/@for in vault web components by @jengstrom-bw in #18820
[PM-32864] Remove local masterkey hash by @quexten in #19277
[PM-32919] Migrate DeleteAccountDialog to shared code by @djsmith85 in #19308
Sanitize branch ref with toJSON by @mandreko-bitwarden in #19394
[PM-18133] Remove generatePasswordCallback, rely on new service by @blackwood in #19400
[CL-1113] Migrate auth CTAs to new icon API by @BryanCunningham in #19489
[deps]: Update docker/setup-buildx-action action to v4 by @renovate in #19583
[deps]: Update docker/setup-qemu-action action to v4 by @renovate in #19585
DN Team Codeowners Rename by @coltonhurst in #19595
[BRE 1670] update token for build workflows by @AmyLGalles in #19660
[deps]: Update dtolnay/rust-toolchain digest to 29eef33 by @renovate in #19841
[deps]: Update dorny/test-reporter action to v3 by @renovate in #19855
Bitwarden IPC improvements/refactor by @coroiu in #19935
Added ownership of sdk-update workflow. by @trmartin4 in #19980
Enable the custom.regex package manager to enable rust toolchain updates by @neuronull in #20035
eslint: error on importing bitwarden licensed code into /libs/* by @djsmith85 in #20054
[PM-34574] Remove personal vault decrypt from AC by @JaredScar in #20066
[PM-33101] Remove master key from uv service by @quexten in #20076
Remove unused signature type enum by @quexten in #20091
Auth/PM-34506 - LoginStrategyService - Refactor cache and timeout out into own services by @JaredSnider-Bitwarden in #20108
[AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix in #20113
[AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix in #20114
[deps]: Update codecov/codecov-action action to v6 by @renovate in #20126
[BRE-1004] Fix GHCR logic in Build Web and Publish Web by @vgrassia in #20163
Add Skunkworks as co-owners of native passkeys by @iinuwa in #20184
enable jest/no-alias-methods by @cd-bitwarden in #20187
Add dev tag to GHCR by @vgrassia in #20234

📦 Dependency Updates

[deps] SM: Update jest-diff to v30.3.0 by @renovate in #19843
[deps] Platform: Update webpack-cli to v7 by @renovate in #19849
Update sdk-internal to 0.2.0-main.646 by @bw-ghapp in #20057
Update sdk-internal to 0.2.0-main.668 by @bw-ghapp in #20132
Update sdk-internal to 0.2.0-main.672 by @bw-ghapp in #20140
Update sdk-internal to 0.2.0-main.673 by @bw-ghapp in #20157
Update sdk-internal to 0.2.0-main.681 by @bw-ghapp in #20194
[SM-1762] Bump Jest to 30.3.0 by @djsmith85 in #20211
Update sdk-internal to 0.2.0-main.687 by @bw-ghapp in #20220
Update sdk-internal to 0.2.0-main.689 by @bw-ghapp in #20224
Update sdk-internal to 0.2.0-main.692 by @bw-ghapp in #20251

🎨 Other

[PM-32687] Create Claude skill to add more item types easily by @gbubemismith in #19301
Add fix-angular-fixmes skill to resolve Angular FIXME migration comments by @JaredScar in #19426
update gray-050 primitive by @BryanCunningham in #20016
[PM-32091] Update postmessage by @enmande in #20064
Autosync Crowdin Translations for web by @bw-ghapp in #20088
Replace deprecated typescript.tsdk with js/ts.tsdk.path by @willmartian in #20146
Autosync Crowdin Translations for web by @bw-ghapp in #20218
[PM-25627] Fix type checks failing by @JaredScar in #20245
Autosync Crowdin Translations for web by @bw-ghapp in #20264

Original source

Overview

Updated exit survey options

Fix an issue with how avatar color selections are stored to fix a crash with some Android devices.

What's Changed

🐛 Bug fixes

[PM-35187] Store new default avatar colors as hexes by @vleague2 in #20236

🎨 Other

Bumped client version(s) by @differsthecat in #20241

[PM-35187] Store new default avatar colors as hexes (#20236) by @differsthecat in #20242

feat(survey): [PM-35243] Update cancel survey options for Teams and Enterprise by @trmartin4 in #20247

Original source

Overview

Flagged code - users belonging to auto-confirmation orgs cannot issue or accept emergency access invitations

Organized policies into categories

Consolidated Send policies

Added support for deeplink redirect with https schema

Various under-the-hood improvements and minor bug fixes

What's Changed

💙 Community Highlight

[PM-33210] fix(login): clear validation errors on region change by @OnSuorce in #19407

Feature Development

feat(redirect): [PM-26578] Https Redirection for Cloud Users by @Patrick-Pimentel-Bitwarden in #17873

[CL-958] Update avatar component to new styles by @vleague2 in #18975

[CL-1023][CL-1031] Design system refresh: Milestone 1 by @willmartian in #19061

PM-31767 resend feature by @bmbitwarden in #19136

[PM-31426] add categories to policy page by @JaredScar in #19151

Auth/PM-33261 - Multi-client Password Management (new for desktop & extension) by @JaredSnider-Bitwarden in #19289

[PM-31885] Consolidate all Send policies to a single policy by @harr1424 in #19314

[PM-33173] Use unlock service for password login strategy by @quexten in #19371

[PM-33372] hide prompt if org does not use my items by @JaredScar in #19475

Auth/PM-33353 - Password Login - refine prefetching of password prelogin data by @JaredSnider-Bitwarden in #19510

PM-31418 implemented password generator inside drawer by @bmbitwarden in #19521

[PM-24476] At Risk Password setting by @nick-livefront in #19557

[PM-32783] Cached electron storage by @dani-garcia in #19590

[PM-30101] subscription discounts in web checkout by @kdenney in #19599

[PM-32057] Wire up Trend Widget in Access Intelligence Activity by @Banrion in #19664

[PM-28419] Remove feature flagged logic by @BTreston in #19718

[PM-34012] - Replace image in welcome dialog with extension prompt by @jaasen-livefront in #19720

[CL-1012] Removed hyphenation from Simple Dialog Component by @lxiong-livefront in #19732

[CL-941] Remove router focus flag from client by @vleague2 in #19812

[PM-19168] Remove Archive Feature Flag by @nick-livefront in #19829

[PM-31897] Remove m2 flagged logic by @cturnbull-bitwarden in #19867

[PM-31899] Remove m2 flag definition by @cturnbull-bitwarden in #19869

[PM-31885] Bump SendControls Policy Enum Value by @harr1424 in #19903

Update primitive colors by @BryanCunningham in #19910

🐛 Bug fixes

[PM-33067] Fix false success toast when mark/unmark critical apps API fails by @AlexRubik in #19344

[PM-22890] Automatically open Extension in FireFox by @nick-livefront in #19456

[PM-33380] Fix Access Intelligence drawer not opening on row click by @AlexRubik in #19496

[PM-32761] Lock causes log out on TDE account with PIN by @mzieniukbw in #19594

[PM-33765] - Fix viewPassword not preserved during legacy cipher encryption by @jaasen-livefront in #19601

[CL-1105] Ensure hover and focus states match spec by @vleague2 in #19638

[PM-32747] Empty TOTP secrets are being saved to ciphers in web based clients by @jengstrom-bw in #19645

[PM-30614] - Fix double event log in browser ext popup by @jrmccannon in #19657

[PM-33952] Fix cipher key encryption logic when editing ciphers by @nikwithak in #19695

PM-33577 added email validation by @bmbitwarden in #19707

[PM-34047] Change column header in at-risk member drawers to "At-risk applications" by @lastbestdev in #19741

[PM-34054] Fix text overruns by @voommen-livefront in #19781

[PM-34131] Editing ciphers with change at risk password banner fails on web by @jengstrom-bw in #19785

Auth/PM-34198 - Device Management - fix device icons not rendering by @JaredSnider-Bitwarden in #19786

[PM-34192] My Items Collection is not marked as default when creating an item by @jengstrom-bw in #19793

[PM-34199] [Extension] Change Password Routing Fix by @rr-bw in #19794

[PM-32096] Collection name style fix by @BTreston in #19809

[PM-34223] discounts rounding bug fix by @kdenney in #19811

[PM-30190] Add validator for revoked emails when inviting users by @BTreston in #19815

BRE-1746 fix(build-web-target): add packages write by @fntyler in #19816

[CL-1140] BUG FIX: desktop nav group anchor link color and cipher name styles by @lxiong-livefront in #19820

Auth/PM-34242 - Device Management Comp - Fix upsert losing isTrusted state and show trust status on pending auth request devices by @JaredSnider-Bitwarden in #19822

[PM-30311] focus management creation in effect to account for async menu item changes by @BryanCunningham in #19871

[PM-33928] Fix: Can view MyItems Passwords in Org Vault Health Reports by @Banrion in #19874

[PM-34225] generate keypair even if there is no current one on password login by @jlf0dev in #19896

[CL-1130] Fix storybook a11y and console errors for admin console files by @vleague2 in #19917

[PM-34530] Display cart-level discount on personal subscription page by @amorask-bitwarden in #19925

[PM-34556, PM-34558, PM-34557] Access Intelligence trend chart design tweaks by @lastbestdev in #19977

Revert "[PM-33210] fix(login): clear validation errors on region change" by @enmande in #19979

[PM-34685][Defect] Subscription status for organizations not updating with feature flag enabled by @sbrown-livefront in #20018

Cherry-Pick #20018 Fix Subscription Status Logic by @sbrown-livefront in #20034

[PM-34781] exclude "no folder" from key rotation by @mzieniukbw in #20068

[PM-34781] exclude "no folder" from key rotation - cherry pick by @mzieniukbw in #20143

Revert "[PM-34781] exclude "no folder" from key rotation - cherry pick" by @mzieniukbw in #20152

⚙️ Maintenance

[deps]: Update chromaui/action action to v13.3.5 by @renovate in #17886

[PM-25686] - migrate cipher export and sub-models by @jaasen-livefront in #19050

[deps]: Update docker/build-push-action action to v7 by @renovate in #19582

[BRE-1004] Publish web images to GHCR on release by @vgrassia in #19679

[PM-33797] AIV2: Standardize Models and Services: Web Services by @Banrion in #19717

[PM-33797] AIV2: Standardize Models and Services: Shared Components by @Banrion in #19730

chore: update sm code ownership for sm owned files in bw license by @vincentsalucci in #19765

refactor(scheduling): extract @bitwarden/scheduling Nx leaf library by @addisonbeck in #19771

[CL-1137] Remove unecessary toggle-width componet by @Hinton in #19782

[BRE-1004] Remove web-sh image tag by @vgrassia in #19788

[deps]: Update docker/login-action action to v4 by @renovate in #19853

[deps]: Update dorny/paths-filter action to v4 by @renovate in #19854

[PM-33167] Replace img with TwoFactorIcon component by @djsmith85 in #19865

[PM-33797] AIV2: Standardize Models and Services: Page Components by @Banrion in #19930

remove base directive import by @BryanCunningham in #19978

Update config.yml by @acostarj in #4555

Update config.yml by @acostarj in #4775

📦 Dependency Updates

[deps] Architecture: Update Minor and patch linting updates by @renovate in #17491

[deps] UI Foundation: Update vite-tsconfig-paths to v6 by @renovate in #18085

[deps] UI Foundation: Update @compodoc/compodoc to v1.2.1 by @renovate in #18713

[deps] Platform: Update copy-webpack-plugin to v14 by @renovate in #19581

[deps] UI Foundation: Update svgo to v4.0.1 [SECURITY] by @renovate in #19757

🎨 Other

[CL-1026] Cherry pick icon tile refresh to main by @willmartian in #19063

disable claude attribution by @audreyality in #19253

Update all import statements and remove re-exporting files by @eliykat in #19545

[CL-1049] Make fallback autofocus approach for dialogs by @vleague2 in #19561

Autosync Crowdin Translations for web by @bw-ghapp in #19801

Dirt/pm 33474/setup data testids by @voommen-livefront in #19807

[PM-34459] AI skill for converting figma designs to Angular component by @Hinton in #19866

[PM-34230] Skill for HEC integration by @voommen-livefront in #19914

Autosync Crowdin Translations for web by @bw-ghapp in #19960

Original source