bitwarden/server v2026.4.2

Version 2026.4.2

on GitHub

What's Changed

• Bug fix for subscription handling

🎨 Other

• [PM-33501] Prevent orphaned Sends during user and org deletion by @harr1424 in #7386
• Arch/qa env seeding tweaks by @MGibson1 in #7430
• [deps] Tools: Update MailKit to 4.16.0 [SECURITY] by @renovate[bot] in #7502
• [PM-25056] - Deadlock testing fix by @jrmccannon in #7478
• [AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix[bot] in #7448
• [PM-34427] Fix Users can edit and save sends with the hide email address option enabled by @harr1424 in #7509
• [PM-30483] Remove feature flagged logic around passkey unlock by @eligrubb in #7318
• Add README for PolicyRequirements feature by @eliykat in #7503
• [PM-27278] add AccountKeysRequestModel to RegisterFinishRequestModel for account encryption v2 support by @eligrubb in #6798
• Add seed script for local development by @Hinton in #7490
• billing/pm-24665/license-file-generation-should-fail-for-unpaid-subscription by @cyprain-okeke in #7444
• Migrate server specific skills into correct location by @theMickster in #7488
• [PM-32598] - Remove Unused sso/details Endpoint + Sprocs by @sven-bitwarden in #7400
• Move missed integration files to DIRT by @eliykat in #7487
• [PM-35306] Fix password change not working when using the unlock and authentication data models by @quexten in #7505
• Update SSO package path in Renovate config by @ike-kottlowski in #7518
• [sm-1878] Adding feature flag for secret versioning by @cd-bitwarden in #7170
• Feature flag for autotriage (autofill) by @blackwood in #7528
• [PM-33436] Refactor setup shell commands by @dereknance in #7494
• Add -o --output parameters to DB seeder util for preset command by @mimartin12 in #7495
• [PM-34213] Create attachment event log by @shane-melton in #7425
• [PM-35489] Move collections to AC ownership by @eliykat in #7523
• [PM-34813] fix system coupons regression by @kdenney in #7515
• [PM-35250] Prevent Custom Users Removing Admins by @sven-bitwarden in #7526
• [PM-35305] Add desktop-ui-settings-dialog flag by @Hinton in #7491
• [PM-34822] Consistent error response 400 and 404 in Org Integrations controller by @voommen-livefront in #7458
• [PM-28045] - Org Key Validation by @jrmccannon in #7384
• [PM-33875] Add Revocation Reasons by @sven-bitwarden in #7473
• [PM-35489] Move collections to AC ownership - update namespaces by @eliykat in #7532
• Update Bitwarden.Server.Sdk to 1.5.2 by @justindbaur in #7559
• fix(ci): fix startup_failure in move_edd_db_scripts job by @addisonbeck in #7554
• [BRE-1848] Remove legacy failure check job and Slack webhook by @vgrassia in #7557
• [PM-34116][PM-34117] Drivers License and Passport by @nick-livefront in #7512
• PM-35200 - Create contributing guide for Claude tooling by @theMickster in #7508
• [PM-34883] - Add InjectOrganizationUserAttribute by @jrmccannon in #7536
• [PM-29090] Remove FF: pm-26793-fetch-premium-price-from-pricing-service - Flag by @amorask-bitwarden in #7549
• [PM-35805] Add BulkAutoConfirmOnLogin feature flag by @JaredScar in #7553
• [PM-34565] Save Cancellation Details for Scheduled Subscriptions by @sbrown-livefront in #7535
• Auth/pm 35392/master password service foundation by @enmande in #7530
• [PM-34601] Bump Group.RevisionDate on edits and access changes by @r-tome in #7467
• Implement master password policy requirement by @BTreston in #7537
• [deps] Billing: Update coverlet.collector to v10 by @renovate[bot] in #7542
• [PM-35252] by @ike-kottlowski in #7501
• [PM-35253] Add organization ability UseInviteLinks by @r-tome in #7489
• [PM-33417] WebAuthn cache by @ike-kottlowski in #7500
• [PM-35351] Fix self-hosted public API member invites by skipping plan retrieval by @r-tome in #7507
• [PM-33885]: Attach RevocationReason to Needed Client Response Model by @sven-bitwarden in #7563
• [PM-34148] Implement feature flag for fetching new policies and organization details by @JaredScar in #7529
• PM-35503 fixed flaky tests due to timing issue. by @prograhamming in #7551
• [PM-36209] Support Unprotect only certificates by @justindbaur in #7569
• [PM-34387] Add organization invite link creation endpoint by @r-tome in #7477
• [BRE-1871] Adding trigger for dev deploy after build on main by @pixman20 in #7572
• [PM-28727] Upgrade to .NET 10 by @dereknance in #7171
• [BRE-1871] Using new trigger action by @pixman20 in #7573
• Removed feature flag by @Patrick-Pimentel-Bitwarden in #7574
• [PM-36250] Add option to load certificate from file path by @quexten in #7571
• [PM-34774] Add GET endpoint for organization invite links by @r-tome in #7534
• [deps] BRE: Update mcr.microsoft.com/devcontainers/dotnet Docker tag to v10 by @renovate[bot] in #6498
• Separate Feature Flags for Desktop Native Team by @differsthecat in #7577
• [PM-32100] Implement Multi-Provider Ability Lookup by @JimmyVo16 in #7552
• [PM-34388] Add organization invite link update endpoint by @r-tome in #7560
• [PM-35263] Admin Portal: Add checkbox for the InviteLinks ability by @r-tome in #7578
• [PM-28346] Use SDK for attachment delete operations by @gbubemismith in #7538
• [PM-36047] Add tech-leads group as owners of the CODEOWNERS file by @coltonhurst in #7562
• [PM-30852] Add support for TDE user key rotation by @Thomas-Avery in #7565
• [PM-34848] Add authorization to PreviewInvoiceController org endpoints by @connerbw in #7583
• [PM-35257] Validate plan frequency tier by @connerbw in #7570
• chore(launch/tasks): Upgrade for .net10 by @enmande in #7584
• [PM-31631] update password pre-login salt response by @ike-kottlowski in #7469
• [PM-36568] Disable Pushed Authorization Request endpoint in Identity and SSO by @ike-kottlowski in #7585
• [BRE-1851] - Migrate Publish and Release workflows by @vgrassia in #7582
• [PM-35909] Preserve existing discounts during price migration by @amorask-bitwarden in #7561
• [PM-34392] Add delete invite link endpoint by @r-tome in #7591
• [PM-36421] Add xmldoc to Admin Console entities by @eliykat in #7580
• [PM-36419] [BEEEP] Add collection management settings to seeder by @eliykat in #7576
• [PM-33289] Stop 500-retry loop on incomplete_expired subs by @amorask-bitwarden in #7525
• [deps] Tools: Pin dependencies by @renovate[bot] in #6204
• [PM-35624] Fix EF GetCountByOnlyOwnerAsync by @JimmyVo16 in #7586
• [PM-35201] Enhance AdminRecoverAccountValidator to include Accepted status by @JaredScar in #7579
• SHOT-152: Remove workflow logic for EE labels by @mimartin12 in #7595
• [PM-33473] Remove pm-29594-update-individual-subscription-page feature flag by @amorask-bitwarden in #7519
• [PM-34389] Add refresh endpoint for organization invite links by @r-tome in #7588
• [PM-19790] [PM-19791] Remove policy requirements feature flag references and definition by @vincentsalucci in #7596
• [PM-35300] emails do not match figma by @JaredScar in #7592
• [PM-36859] Add new feature flag for refactoring Org Collections Vault by @JaredScar in #7599
• [PM-34150] - RequireSSO Applies to Accepted by @jrmccannon in #7603
• [PM-25690] Create UpdateUserResetPasswordEnrollment command by @r-tome in #7594
• PM 35229 [Browser/Desktop] Stripe Checkout from upgrade dialog by @cyprain-okeke in #7606
• PM-31923 adding the whole report endpoints v2 by @prograhamming in #7228
• [PM-23900] Optimize organization exports by @harr1424 in #7590
• PM-36416 - Implement master password reprompt seeding by @theMickster in #7598
• [deps]: Update vstest monorepo by @renovate[bot] in #6869
• [deps]: Update Microsoft.NET.Test.Sdk to v18 by @renovate[bot] in #6870
• Add data protection cert override to recommended dev settings by @MGibson1 in #7614
• [deps]: Update actions/github-script action to v9 by @renovate[bot] in #7545
• PM-34680 serialize values to prevent injection by @voommen-livefront in #7593
• Bumped version to 2026.4.2 by @connerbw in #7619
• [PM-31781] skip unpaid automations for exempt orgs by @kdenney in #7480
• [PM-37077] Remediate Data Protection errors in DeleteSendsJob by @harr1424 in #7608
• [PM-36613] Void open invoices for unpaid subscriptions by @amorask-bitwarden in #7589
• Remove plan file by @eliykat in #7625
• Remove BW-GHAPP tokens from repository-management workflow by @AmyLGalles in #7624
• Fix/repository management remove tokens by @AmyLGalles in #7626
• [PM-36185] Change where Setup container looks for openssl config by @dereknance in #7623
• [PM-37482] Disable migration tester by @eliykat in #7633

New Contributors

• @aikido-autofix[bot] made their first contribution in #7448
• @blackwood made their first contribution in #7528

Full Changelog: v2026.4.1...v2026.4.2