Overview

• Hide Send from navigation for users subject to policy removing send
• SSO redirect page will now auto-close on some browsers
• Corrected login page UI to avoid scroll bar displaying by default
• Users with pending confirmation are approved when admin logs in
• Various under-the-hood improvements and minor bug fixes

What's Changed

💙 Community Highlight

• [PM-26954] Disable 'sync vault now' button while busy by @henrebotha in #16868
• [PM-31854] fix: simplify switching unlock methods by @iHildy in #18826
• [PM-33781] fix(fido2): fall back to browser for hardware/CTAP1 keys not in vault by @nancysangani in #19606
• Remove unused strings by @mKoonrad in #20608
• [PM-38330] Fix per-request memory leak in bw serve (authStatusFor$) by @ggiesen in #20912

Feature Development

• [Shared Unlock] [PM-35083] Shared Unlock for Web, Browser, Desktop by @quexten in #19698
• [CL-1077] Update Menu Item styles by @lxiong-livefront in #19763
• [Shared Unlock] [PM-34508] Default enable native messaging permission on browser by @quexten in #19907
• [CL-999] Update tabs by @lxiong-livefront in #20010
• [CL-963] Update breadcrumb styles by @lxiong-livefront in #20085
• Add new SendApiServer that uses the SDK by @adudek-bw in #20170
• [PM-33933] Update autofill dialog for 'never' match setting by @nikwithak in #20189
• [PM-35224] Add route provider parameters support to featureFlaggedRoute by @Banrion in #20235
• BEEEP/Auth/PM-35338 - Auto Submit on OTP Paste by @JaredSnider-Bitwarden in #20250
• [PM-34157] Wire up SDK to NewPolicyService by @eliykat in #20377
• [PM-31059] Implement SDK managed PIN unlock by @quexten in #20395
• [PM-34497] Handle Same-Origin iframes in queryDeepSelector by @bensbits91 in #20401
• [CL-1042] Design system refresh: Milestone 3 by @vleague2 in #20425
• [PM-35228] Add Premium Status Changed Push Notification by @sbrown-livefront in #20498
• [Shared Unlock] [PM-35083] Add shared unlock typescript drivers and services by @quexten in #20589
• [PM-36857] Add copy actions for bank account cipher type by @nick-livefront in #20605
• [PM-27679] Remove flagged logic from clients/server and clients feature flag by @jengstrom-bw in #20609
• [PM-34156] Add accepted-state organization sync by @eliykat in #20627
• [PM-28192] Migrate Cipher Attachment Operations to use SDK instead of APIs by @gbubemismith in #20628
• [PM-37295] Ignore upgrade key rotation logout based on feature flag by @Thomas-Avery in #20637
• [PM-32016] - hide at-risk callout behind feature flag by @jaasen-livefront in #20639
• [PM-31054] Add V2UpgradeToken handling to sync by @Thomas-Avery in #20641
• [PM-34112] Add Passport copy actions to browser extension by @nick-livefront in #20655
• Remove feature flag check from password generation by @adudek-bw in #20671
• [PM-2588] resolved sends root url conditionally by @bmbitwarden in #20684
• [Shared Unlock] [PM-35083] Implement biometrics over sdk IPC by @quexten in #20689
• [PM-37251] Add getStatus API method for public invite link status endpoint by @r-tome in #20695
• [PM-35656] Update Copy functionality for new item types by @nick-livefront in #20708
• [PM-36967] Update rotate_user_keys to use UpgradeTokenAction by @Thomas-Avery in #20711
• [PM-37229] Add bwi-passport icon for passport cipher type by @nick-livefront in #20712
• [PM-36229] Route bulk-collections, move, and assigned-cipher ops to SDK by @gbubemismith in #20718
• [CL-1204] bulk actions bar by @BryanCunningham in #20735
• [PM-36563] Send access event logs by @harr1424 in #20740
• [PM-37797] Add API method to check if email is valid for a given organization invite link by @r-tome in #20749
• [PM-37779] - Add notification bar confirmation mode for inline menu save flow by @jaasen-livefront in #20752
• [CL-1214] remove tabs min height by @BryanCunningham in #20796
• [PM-30848] Key connector for user key rotation by @mzieniukbw in #20805
• Add feature flag for SSH ecdsa by @neuronull in #20813
• [PM-33753] Remove unlock-via-sdk-flag by @quexten in #20832
• [PM-37875] Split out crypto verification UI by @quexten in #20856
• [CL-1172] Improved non-color a11y for selected vs unselected nav items by @vleague2 in #20865
• [CL-1201] update row selected state and hover state by @BryanCunningham in #20869
• update contrast variant text color by @BryanCunningham in #20878
• chore(platform): add FedRampGovRegion to client feature flag enum by @addisonbeck in #20880
• [CL-1213] allow tab label to be anchor for spotlight by @BryanCunningham in #20882
• [PM-37175] Preserve individual vault export folders when importing to My Items by @mcamirault in #20883
• [PM-37800] Add VaultBatchBarService to libs/vault by @nick-livefront in #20885
• [PM-38243] performance metrics by @audreyality in #20888
• [PM-37780] - Add "Save and fill" button to inline menu cipher creation by @jaasen-livefront in #20892
• [PM-38165] Limit Send Email character length by @harr1424 in #20895
• PM-32577 implemeneted send policy check of nav for desktop and browser by @bmbitwarden in #20934
• [PM-31625] Removes feature flag pm-30521-autofill-button-view-login-screen by @jengstrom-bw in #20968
• [PM-38458] Let the browser client assemble the targeting rules manifest.json URI by @jprusik in #21001
• [PM-36016] Handle cross-origin iframes in queryDeepSelector by @bensbits91 in #21024
• [PM-18400] Update multi-select component to add title attribute for better accessibility by @JaredScar in #21031
• [PM-32245] Update toggle for targeting rules in Autofill Settings view with designed experience by @dan-livefront in #21049
• Gate import of SSH key ECDSA type on FF by @neuronull in #21059
• [PM-38163] Add getPoliciesByInviteLinkCode to PolicyApiService by @r-tome in #21075
• [PM-38012] Initialize feature flag overrides state to empty object by @quexten in #21166

🐛 Bug fixes

• [PM-32445] Extension Scrollbar Fix by @rr-bw in #20478
• [PM-36880] Filter Linked field type for Bank Account cipher type by @nick-livefront in #20564
• [PM-36947] Restrict bank account PIN field to numeric characters only by @nick-livefront in #20598
• PM-37554 resolved double cancel issue by @bmbitwarden in #20683
• [CL-1046] Add no-bit-dialog-wrapper lint rule by @willmartian in #20698
• [CL-1203] Place tab overflow More button next to last visible tab by @willmartian in #20709
• [PM-36642] Fixing LastPass direct import for non-SSO accounts by @itsadrago in #20716
• Disable Native popover use from Angular 21 by @nick-livefront in #20730
• [PM-37759] Unable to use passkey that is stored in my vault to log in by @jengstrom-bw in #20738
• [PM-8123] Clearing import target selector as necessary by @itsadrago in #20739
• [CL-1207] Fix missing provideZoneChangeDetection() in bit-browser bootstrap by @willmartian in #20750
• [PM-37782] User with view permission cannot favorite or add an item to a folder by @jengstrom-bw in #20764
• [PM-37798] Fix bank account section label to show "Bank account details" by @nick-livefront in #20779
• [PM-37776] - fix empty vault on pin and touch id unlock by @jaasen-livefront in #20793
• [PM-37825] Fix partial date validation blocking save and improve error count accuracy by @nick-livefront in #20799
• [PM-24173] Fix credential generator constraint bypass by @harr1424 in #20810
• [PM-36277]Save login notification not appearing on Facebook by @dan-livefront in #20814
• [PM-37970] Fix vault list icons for Login and Identity with new item types flag by @nick-livefront in #20818
• [PM-37479] Assign to collection dialog displays dummy string 0"> by @jengstrom-bw in #20819
• [PM-37932] Recover browser IPC after process reload by @coroiu in #20848
• PM-37696 resolved broswer popup when trying to close tab by @bmbitwarden in #20861
• [PM-36823] ensure browser uses Inter font by @BryanCunningham in #20864
• [PM-35196] Mutation memory management by @blackwood in #20871
• [BRE-1949] Removing duplicate messages keys by @pixman20 in #20916
• Improve consistency of popout closure by @trmartin4 in #20924
• [PM-38400] Fix avoid ambiguous character bug by @adudek-bw in #20953
• [PM-38185] Safari numeric values translations by @nick-livefront in #20964
• [PM-38405] Fix SDK ref leaking out of scope and add eslint rule by @quexten in #20999
• [PM-35573] - Refocus login input on Desktop restore by @jaasen-livefront in #21012
• [PM-37913] - fix cloning archived cipher by @jaasen-livefront in #21058
• [PM-38357] Surface more descriptive error messages from server on Send edit failure by @mcamirault in #21067
• Adjust size variant for spinner by @nick-livefront in #21080
• [PM-38571] Fix shareReplay memory leaks by @nick-livefront in #21087
• [CL-1217] Fix menu item role after menu item style changes by @vleague2 in #21091
• [PM-38617] Fix Targeting Rules not respecting Fill Assist setting changes in some cases by @jprusik in #21094
• [PM-38744] Bugfix - Do not trigger Targeting Rules sync on scheduled vault syncs by @jprusik in #21132
• [PM-37913] - set archivedDate when cloning ciphers by @jaasen-livefront in #21160
• [PM-38856] Match targeting rules against frame over tab URI by @jprusik in #21178
• [PM-38831] fix: defective SyncPolicy push notification parsing by @eliykat in #21189
• [CL-1222] m3 fast follows by @BryanCunningham in #21202
• fix(nx): clear build dependsOn workspace default by @addisonbeck in #21203
• [PM-38867] Fix: add error toast if no owner for a new item by @eliykat in #21222
• [PM-38012] Fix local override migration by @quexten in #21223
• [PM-38992] Fix Targeting Rules autofilling new password inputs with current password values by @jprusik in #21238
• [PM-39000] Fix targeted new password field not filling upon click on generate password inline menu by @jprusik in #21239
• [PM-39009] Do not do heuristic filtering on targeted fields by @jprusik in #21245
• [PM-39200] - fix notification bar behavior with save and fill by @jaasen-livefront in #21351
• fix(extension-scrollbar): Auth [PM-32445] Extension Scrollbar Fix (#2… by @rr-bw in #21353
• [PM-39200] - fix notification bar behavior with save and fill (#21351) by @jaasen-livefront in #21369
• [SM-1993][CL-1227] Fix textarea height and fix SM button spacing by @vleague2 in #21417
• [SM-1993][CL-1227] Fix textarea height and fix SM button spacing (#21417) by @vleague2 in #21418
• [PM-39392] Use readonly styles for fields intended to be readonly by @vleague2 in #21425
• [PM-39392] Use readonly styles for fields intended to be readonly (#21425) by @vleague2 in #21428
• PM-39449 resolved root url issues by @itsadrago in #21481

⚙️ Maintenance

• [PM-31832] Update *ngIf/*ngFor to @if/@for in vault browser components by @jengstrom-bw in #18818
• [CL-965] update spinner component by @iivins-livefront in #19017
• [CL-1129] Enable @angular-eslint/template/elements-content lint rule by @willmartian in #19505
• [PM-36363] Refactors org user view models and consumers to be ts-strict compliant by @BTreston in #20559
• [PM-31084] - migrate badge to chip-action in vault components by @jaasen-livefront in #20606
• [PM-6796] implemented file reorg by @bmbitwarden in #20648
• PM-36952 - Improve code review workflow with added triggers by @theMickster in #20702
• [PM-377730] Refactor unlock service & add decrypted user key method by @quexten in #20719
• [PM-33906] Use PureCrypto::new_guid for FIDO2 credential ID by @dereknance in #20736
• fixed perms in cherry-pick workflow by @gitclonebrian in #20758
• refactor(platform): migrate Region enum to const object per ADR-0025 by @addisonbeck in #20887
• [PM-36510] Remove dead "SDK not available" guards from SDK-backed services by @gbubemismith in #21173
• [BRE-2013] Add repository_dispatch trigger to sdk-update workflow by @vgrassia in #21187

📦 Dependency Updates

• [CL-954] Upgrade to Angular 21 by @willmartian in #19725
• Update sdk-internal to 0.2.0-main.765 by @bw-ghapp in #20744
• Update sdk-internal to 0.2.0-main.774 by @bw-ghapp in #20770
• [PM-37729] SDK Bump by @nick-livefront in #20776
• [bre-1942] fix package lock issue by @aj-bw in #20785
• Update sdk-internal to 0.2.0-main.779 by @bw-ghapp in #20798
• Update sdk-internal to 0.2.0-main.782 by @bw-ghapp in #20807
• [deps] Autofill: Update @lit-labs/signals to v0.3.0 by @renovate in #20841
• [deps] Architecture: Update lint-staged to v17 by @renovate in #20843
• Update sdk-internal to 0.2.0-main.798 by @bw-ghapp in #20937
• [deps] Autofill: Update tldts to v7.4.2 by @renovate in #21112
• Bump SDK version for ECDSA key support by @neuronull in #21176

🔧 Other

• Autosync Crowdin Translations for browser by @bw-ghapp in #20692
• [BEEEP] [PM-38012] Add local feature flag overrides by @quexten in #20833
• [PM-36085] - add autofillVerb and autofillNoun by @jaasen-livefront in #20904
• Improve claude.md by @Hinton in #20941
• Bump client version(s) by @github-actions in #20950
• Expand .claude/rules to cover i18n, Tailwind, testing, and Angular DI by @Hinton in #21051
• [PM-37768] VULN - webauthn honor permissions policy by @bensbits91 in #21054
• Autosync Crowdin Translations for browser by @bw-ghapp in #21064
• Autosync Crowdin Translations for browser by @bw-ghapp in #21110
• Remove FF caching for dev env by default by @coltonhurst in #21131
• Change configRetrievalIntervalMs by @coltonhurst in #21143
• Autosync Crowdin Translations for browser by @bw-ghapp in #21192
• Autosync Crowdin Translations for browser by @bw-ghapp in #21220
• Auth - Add claude.md for libs/auth by @JaredSnider-Bitwarden in #21235
• Autosync Crowdin Translations for browser by @bw-ghapp in #21261
• Bump client version(s) by @github-actions in #21271
• Bumped client version(s) (#21271) by @addisonbeck in #21274

Full Changelog: browser-v2026.5.1...browser-v2026.6.0