Overview
- Removed feature flag for vault items archive
- Removed feature flag for default saving location when organization data ownership policy is enabled
- Removed feature flag for hiding alternate login methods when SSO is required
- Removed feature flag for several UX improvements
- Removed feature flag for provider initialization refactor
- Added support for deeplink redirect with https schema
- Various under-the-hood improvements and minor bug fixes
What's Changed
Feature Development
- [PM-31736] User-friendly cookie vendor error message by @dereknance in #7270
- [PM-33972] Remove pm-26140-marketing-initiated-premium-flow feature flag by @trmartin4 in #7275
- [PM-32783] Add electron-storage-cache flag by @dani-garcia in #7286
- [PM-33890] Set up Stripe Subscription Schedule API operations by @amorask-bitwarden in #7289
- feat(redirect): [PM-30810] Https Redirection for Cloud Users by @Patrick-Pimentel-Bitwarden in #6852
- [PM-22110] Remove pm-22110-disable-alternate-login-methods feature flag by @trmartin4 in #7274
- [PM-22435] chore: remove create default collections ff ref by @vincentsalucci in #7298
- [PM-33086/7] Remove the feature flag RefactorOrgAcceptInit by @r-tome in #7287
- [PM-28420] Remove feature flag by @BTreston in #7282
- [PM-33087] Remove RefactorOrgAcceptInit feature flag by @r-tome in #7325
- [PM-15489] 2fa account recovery by @kspearrin in #7139
- Auth/PM-34400 - Add desktop devices feature flag by @JaredSnider-Bitwarden in #7361
- [PM-32009] Add New Item Type Feature Flag by @nick-livefront in #7358
- [PM-34410] Attachment Upload Feature Flag by @nick-livefront in #7357
- Add feature flag for access intelligence trend chart by @Banrion in #7363
- [PM-33212] Finalize Org Data Ownership Policy Requirement by @sven-bitwarden in #7210
- [PM-332124] Finalize PolicyRequirement + 2FA Feature Flag by @sven-bitwarden in #7209
- [PM-19168] Remove Archive Feature Flag guards by @nick-livefront in #7371
- [PM-31885] Consolidate all Send policies to a single policy by @harr1424 in #7113
- [PM-31905] Remove m2 flag definition by @cturnbull-bitwarden in #7353
- [PM-28190] Add feature flag: pm-28190-cipher-sharing-ops-to-sdk Feature Flag by @nikwithak in #6887
🐛 Bug fixes
- [PM-33980] Only verify
UseMyItemswhen claim exists by @amorask-bitwarden in #7278 - [PM-32450] Allow SMTP TLS CRL status retrieval failures by @dereknance in #7271
- [PM-19143] Fix custom permissions not persisting via InviteOrganizationUsersCommand by @r-tome in #7285
- [PM-34049] Fix PoliciesController authorize attribute by @eliykat in #7303
- [PM-34048 ] Add limit item deletion to manage collection permission to Org view/edit by @vincentsalucci in #7296
- [PM-31822] Fix file Send size validation by @mcamirault in #7311
- [PM-34440] Fix cache duplicate-key error by @JimmyVo16 in #7360
- [PM-30185] Fix email fallback logic to ignore empty primary email by @BTreston in #7359
- [PM-32829] Cipher Key for unassigned ciphers by @nick-livefront in #7164
- [PM-32260] Fix missing device approval event logs for accepted users by @r-tome in #7247
- [PM-26581] Add missing model.type param by @BTreston in #7369
- [PM-29981] Add repo call to check if existing collection already has access setup by @BTreston in #7365
- [PM-34570] Expired or Cancelled Claimed User Throws Billing Exception on Subscription Cancel by @sbrown-livefront in #7382
- fix(change-email): [PM-34742] Change Email Sets Salt (#7422) by @Patrick-Pimentel-Bitwarden in #7423
⚙️ Maintenance
- [BRE-1004] Add GHCR Support to Build/Publish workflows by @vgrassia in #7263
- [PM-32066] - Add Org Ability View by @jrmccannon in #7194
- [PM-33895] Filter
[BindNever]parameters from OpenAPI schema by @dani-garcia in #7257 - [deps]: Update docker/build-push-action action to v7 by @renovate[bot] in #7221
- [PM-32067] - Add Provider Ability View by @jrmccannon in #7200
- [PM-33041] Organization Ability: Refactor CipherResponseModel by @JimmyVo16 in #7202
- [PM-33043] Refactor PolicyService, CipherService, and TwoFactorAuthenticationValidator by @JimmyVo16 in #7214
- [PM-33042] Refactor EventService to remove deprecated GetOrganizationAbilitiesAsync by @JimmyVo16 in #7240
- [deps]: Update dorny/test-reporter action to v3 by @renovate[bot] in #7347
- [PM-34462] Improve role handling in provider controllers by @eliykat in #7372
- [PM-3836] Tools - Make Controllers, Services and API Models nullable by @harr1424 in #7212
- Add release yml to rc by @djsmith85 in #7466
📦 Dependency Updates
- [deps] Auth: Update Duende.IdentityServer to 7.4.6 by @renovate[bot] in #6323
- [PM-33499] Permissive base64 decoder by @dereknance in #7207
- [deps]: Update sass to v1.98.0 by @renovate[bot] in #7343
- [deps]: Update prettier to v3.8.1 by @renovate[bot] in #6702
🎨 Other
- PM-33964 - Fix silent switch defaults in Seeder with fail-fast throws by @theMickster in #7277
- [PM-33819] Enforce use of authorize attributes by @eliykat in #7242
- Arch/cipher scene by @MGibson1 in #7241
- [PM-33894] Schedule price increases by @amorask-bitwarden in #7293
- [PM-34082] Seed passkeys by @MGibson1 in #7265
- Added RSA keypair pool + Caching to Seeder's RustSdk by @theMickster in #7288
- [PM-33896] Update Families organization on schedule transition by @cturnbull-bitwarden in #7300
- [PM- 30370] [PM-28827] Add Salt to Auth and KM DTOs by @ike-kottlowski in #7239
- [PM-32008] Add scope comment for SecurityTaskAuthorizationHandler by @nick-livefront in #7291
- [PM-21926] Add salt to Admin Console DTOs by @ike-kottlowski in #7231
- [PM-33043] Fix the failing test. by @JimmyVo16 in #7316
- [PM-33899] Release schedule on terminal subscription operations by @amorask-bitwarden in #7305
- PM-34033 - Add individual user seeding to preset pipeline by @theMickster in #7304
- PM-34033 - Add user & org API key seeding and improve CLI output by @theMickster in #7324
- [PM-34039] [Defect] Discount Eligibility Endpoint Shows "New Users Only" Discounts by @sbrown-livefront in #7301
- Update to
IHostBuilderstyle by @justindbaur in #6843 - [PM-32216] Create Stripe Checkout Session Endpoint by @sbrown-livefront in #7246
- [PM-33901] Remove unused UpdateTaxInformation by @cturnbull-bitwarden in #7320
- [PM-33901] Implement schedule-aware tax handling by @cturnbull-bitwarden in #7319
- PM-33964 - Unify CipherSeeder factories behind CipherSeed domain model. by @theMickster in #7330
- Clarify potential misleading comment by @theMickster in #7339
- Rename CLI endpoint to Preset instead of Seed by @theMickster in #7340
- Move IEventService to Dirt by @eliykat in #7272
- [PM-33898] Schedule-aware storage adjustments by @amorask-bitwarden in #7350
- [PM-33891] Migrate Cancel and Reinstate Paths by @sbrown-livefront in #7331
- [PM-33405] Add
OrganizationUserNotificationPolicyby @nick-livefront in #7250 - [PM-31902] Remove m2 flagged logic by @cturnbull-bitwarden in #7351
- [PM-34530] Display schedule discount on premium subscription page by @amorask-bitwarden in #7375
- [PM-33897] Schedule Aware Cancellation and Reinstatement by @sbrown-livefront in #7374
- [PM-34530] Fix schedule discount scope on premium subscription page by @amorask-bitwarden in #7378
- [PM-29956] Add logging to sponsorship redemption flow by @cturnbull-bitwarden in #7381
- [pm-34486] require basic auth on seeder api endpoints by @MGibson1 in #7368
- [PM-34582] Include schedule discount in premium tax estimate by @cturnbull-bitwarden in #7385
- [PM-33788] EF Emergency Access Query Updates by @enmande in #7297
- [PM-34623] Fix stale discount display after Stripe deletion by @amorask-bitwarden in #7391
Full Changelog: v2026.3.2...v2026.4.0