Overview

• Removed feature flag for consolidated session timeout component
• Removed feature flag for disabling type zero decryption
• Removed feature flag for migration of My Vault to My Items
• Removed feature flag for Send UI refresh
• Removed feature flag for unlocking with SDK
• Various under-the-hood improvements and minor bug fixes

What's Changed

Feature Development

• [PM-26732] Remove Chromium ABE importer feature flag by @mcamirault in #7026
• [PM-34615] - add SuppressOnboardingInterstitials setting by @jaasen-livefront in #7516
• PM 35227 Extend checkout endpoint for browser/desktop platforms by @cyprain-okeke in #7550
• [PM-35948] Update send openapi to work for sdk by @adudek-bw in #7556
• [PM-35393] MasterPasswordService auth integration by @enmande in #7575
• [PM-35357] Update Trial Length Parameter by @sbrown-livefront in #7597
• [PM-27679] Remove flagged logic from server by @jengstrom-bw in #7612
• [PM-36359] Feature flag for Splunk integration by @voommen-livefront in #7622
• [PM-37237] Move OrganizationsNew into ProfileResponseModel by @eliykat in #7627
• feat(kdf-settings-validator): Enforce salt cannot be empty string. by @enmande in #7628
• [PM-35394] MasterPasswordService Admin Console Integration by @enmande in #7629
• Add PAM feature flag by @Hinton in #7641
• [PM-35656] Add Events for New Item Types by @nick-livefront in #7642
• [PM-36949] feat: Add OrganizationPlanMigrationCohort and Assignment tables with bare repositories by @amorask-bitwarden in #7644
• [PM-35830] Add ChangeEmailCommand by @ike-kottlowski in #7650
• [PM-37251] Add public invite link GET status endpoint by @r-tome in #7656
• [PM-35058] Adoption UX Improvements (feature flag) by @voommen-livefront in #7657
• [PM-38273] feat(admin-console): Add InjectOrganizationAttribute and OrganizationModelBinder by @JaredScar in #7659
• [PM-33951] feat(admin-console): Add bulk confirmation and pending auto-confirmation by @JaredScar in #7661
• [PM-37597] Set Automatic Tax and Prevent Tax Exempt Mutations by @sbrown-livefront in #7662
• [PM-37723] Add feature flag pm-28191-cipher-admin-ops-to-sdk by @nikwithak in #7664
• [PM-37064] feat: Add ScheduleBusinessPriceIncrease scheduler entry point by @amorask-bitwarden in #7665
• [PM-37593] Add OrganizationUserStatusTypeNew - 🪓 Revoked by @sven-bitwarden in #7666
• [PM-37598] Update Tax Id Warning Logic with Feature Flag by @sbrown-livefront in #7677
• [PM-37068] feat: Add business plan cohort branch to UpcomingInvoiceHandler by @amorask-bitwarden in #7678
• [PM-36563] Send access event logs by @harr1424 in #7679
• [PM-36964] Add per-org migration cohort assignment to the Admin portal by @cyprain-okeke in #7681
• [PM-34776/PM-37797] Add invite link email domain validation endpoint by @r-tome in #7683
• [PM-28178] Remove Send UI refresh feature flag by @mcamirault in #7684
• [PM-37084] Business Aware Schedule Recovery and Cancellation by @sbrown-livefront in #7686
• [Shared Unlock] [PM-35083] Add shared unlock feature flags by @quexten in #7687
• [PM-31021] Resolve authoring exclusions by @jprusik in #7688
• [PM-37083] feat: Add per-phase price resolution to UpdateOrganizationSubscriptionCommand by @amorask-bitwarden in #7695
• [PM-37785] Add vault batch bar feature flags by @nick-livefront in #7696
• Add feature flag for SSH ecdsa by @neuronull in #7697
• [PM-37092] feat: Add business plan migration handler to SubscriptionUpdatedHandler by @cyprain-okeke in #7707
• [PM-31191] Move KDF from Auth to KM constants by @mzieniukbw in #7709
• [PM-29658]: Remove PUT Policy vNext by @sven-bitwarden in #7711
• [PM-27487] Remove disable-type-0-decryption feature flag by @jlf0dev in #7717
• [PM-27298] Remove consolidated-session-timeout-component feature flag by @jlf0dev in #7718
• [PM-37170] feat: Add churn-mitigation offer query, command, and API endpoints by @amorask-bitwarden in #7722
• refactor(server): consolidate cloud region config by @addisonbeck in #7728
• Migrate Web Frontend to Official Aspire JavaScript Hosting by @sbrown-livefront in #7731

🐛 Bug fixes

• [PM-35401] Update exception handling in CreateAuthRequestAsync() and PostAdminRequest() by @rr-bw in #7615
• [PM-37727] Fix exceptions when serialzing blob-encrypted ciphers by @nikwithak in #7667
• [PM-36678] Add custom user check by @JimmyVo16 in #7675
• [PM-37259] - Update Sso Request Validator by @jrmccannon in #7676
• SRE-4899 - update node 20 to 24 for admin project by @sneakernuts in #7685
• [PM-37820] Update Missing Tax Logic for US Customers by @sbrown-livefront in #7719
• [PM-38288] - Restore collections endpoint by @jaasen-livefront in #7738

⚙️ Maintenance

• [PM-4128] Remove nullability of Send.Data and Send.Keys by @harr1424 in #7266
• Use fixture to share state between PushControllerTests by @justindbaur in #7433
• [PM-35066] - remove legacy collections endpoint by @jaasen-livefront in #7520
• [PM-13328] Move OrganizationCollectionManagementUpdateRequestModel to AC team by @eliykat in #7651
• PM-36952 - Improve code review workflow with added triggers by @theMickster in #7663
• Triggering main build to rebuild after cosign failure by @pixman20 in #7669
• [PM-37740] Add missing container configuration to aspire by @eliykat in #7670
• [PM-37486] Remove IPolicyService and associated dead code by @r-tome in #7672
• [PM-12469] Move remaining Admin Password Reset code to AC team by @eliykat in #7680
• [PM-25691] Create OrganizationUpdateCollectionManagementCommand by @r-tome in #7682
• [PM-37956] by @ike-kottlowski in #7698
• [PM-35312] Remove Outdated Stored Procedures by @sven-bitwarden in #7712
• [PM-34502] Remove the IPolicyValidator pattern by @JimmyVo16 in #7714
• refactor(server): move CloudRegion enum from Setup to Core by @addisonbeck in #7727
• docs: expand CACHING.md (non-Redis L2, sizing/cost, SRE coordination) by @withinfocus in #7736

📦 Dependency Updates

• [deps]: Update dotnet monorepo to v10 (major) by @renovate in #6634
• [PM-35479] updating AutoMapper to v14 and adding cve workaround by @itsadrago in #7521
• [PM-36843] Skip relay push registration for non mobile clients by @justindbaur in #7617
• Bump version to 2026.5.0 by @github-actions in #7655
• [deps]: Pin dependencies by @renovate in #7703
• [deps]: Update aspire monorepo to 13.3.4 by @renovate in #7729
• Bump version ...

What's Changed

Feature Development

• [PM-30483] Remove feature flagged logic around passkey unlock by @eligrubb in #7318
• Add README for PolicyRequirements feature by @eliykat in #7503
• [PM-27278] add AccountKeysRequestModel to RegisterFinishRequestModel for account encryption v2 support by @eligrubb in #6798
• billing/pm-24665/license-file-generation-should-fail-for-unpaid-subscription by @cyprain-okeke in #7444
• [sm-1878] Adding feature flag for secret versioning by @cd-bitwarden in #7170
• Feature flag for autotriage (autofill) by @blackwood in #7528
• [PM-35305] Add desktop-ui-settings-dialog flag by @Hinton in #7491
• [PM-33875] Add Revocation Reasons by @sven-bitwarden in #7473
• [PM-34116][PM-34117] Drivers License and Passport by @nick-livefront in #7512
• [PM-29090] Remove FF: pm-26793-fetch-premium-price-from-pricing-service - Flag by @amorask-bitwarden in #7549
• [PM-35805] Add BulkAutoConfirmOnLogin feature flag by @JaredScar in #7553
• [PM-34565] Save Cancellation Details for Scheduled Subscriptions by @sbrown-livefront in #7535
• Auth/pm 35392/master password service foundation by @enmande in #7530
• Implement master password policy requirement by @BTreston in #7537
• [PM-35253] Add organization ability UseInviteLinks by @r-tome in #7489
• [PM-33885]: Attach RevocationReason to Needed Client Response Model by @sven-bitwarden in #7563
• [PM-34148] Implement feature flag for fetching new policies and organization details by @JaredScar in #7529
• [PM-34387] Add organization invite link creation endpoint by @r-tome in #7477
• Removed feature flag by @Patrick-Pimentel-Bitwarden in #7574
• [PM-34774] Add GET endpoint for organization invite links by @r-tome in #7534
• [PM-32100] Implement Multi-Provider Ability Lookup by @JimmyVo16 in #7552
• [PM-34388] Add organization invite link update endpoint by @r-tome in #7560
• [PM-35263] Admin Portal: Add checkbox for the InviteLinks ability by @r-tome in #7578
• [PM-28346] Use SDK for attachment delete operations by @gbubemismith in #7538
• [PM-30852] Add support for TDE user key rotation by @Thomas-Avery in #7565
• [PM-31631] update password pre-login salt response by @ike-kottlowski in #7469
• [PM-34392] Add delete invite link endpoint by @r-tome in #7591
• [PM-35201] Enhance AdminRecoverAccountValidator to include Accepted status by @JaredScar in #7579
• [PM-33473] Remove pm-29594-update-individual-subscription-page feature flag by @amorask-bitwarden in #7519
• [PM-34389] Add refresh endpoint for organization invite links by @r-tome in #7588
• [PM-19790] [PM-19791] Remove policy requirements feature flag references and definition by @vincentsalucci in #7596
• [PM-36859] Add new feature flag for refactoring Org Collections Vault by @JaredScar in #7599
• [PM-34150] - RequireSSO Applies to Accepted by @jrmccannon in #7603
• PM 35229 [Browser/Desktop] Stripe Checkout from upgrade dialog by @cyprain-okeke in #7606
• PM-31923 adding the whole report endpoints v2 by @prograhamming in #7228
• [PM-31781] skip unpaid automations for exempt orgs by @kdenney in #7480
• [PM-37230] remove FF logic from new send endpoints by @itsadrago in #7621
• [PM-30215] Allow key rotation for key connector users by @mzieniukbw in #7618
• [PM 34174]Do not show renewal reminder banners to exempt organizations by @cyprain-okeke in #7483
• Auth/PM-37165 - Add Last API Key Rotated Date to User by @JaredSnider-Bitwarden in #7634
• [PM-37292] - add feature flag by @jaasen-livefront in #7630
• [PM-26657] removes feature flag pm-25083-autofill-confirm-from-search by @jengstrom-bw in #7610
• Auth/PM-37166 - Devices - add client version by @JaredSnider-Bitwarden in #7632
• [PM-36560] Create Send event logs by @harr1424 in #7602
• [PM-29607] Remove PM24032 Feature Flag by @sbrown-livefront in #7558
• Aspire Integration by @sbrown-livefront in #6775
• [PM-26696] Removes pm-23904-risk-insights-for-premium feature flag by @jengstrom-bw in #7613
• Aspire: Add README for Aspire AppHost setup and usage by @sbrown-livefront in #7646
• [PM-32743] Add ability to create folders during import to orgs by @mcamirault in #7568
• [PM-19551] Add externalId support to groups PATCH endpoint by @JimmyVo16 in #7620

🐛 Bug fixes

• [PM-33501] Prevent orphaned Sends during user and org deletion by @harr1424 in #7386
• [PM-25056] - Deadlock testing fix by @jrmccannon in #7478
• [PM-34427] Fix Users can edit and save sends with the hide email address option enabled by @harr1424 in #7509
• [PM-35306] Fix password change not working when using the unlock and authentication data models by @quexten in #7505
• [PM-33436] Refactor setup shell commands by @dereknance in #7494
• [PM-34213] Create attachment event log by @shane-melton in #7425
• [PM-34813] fix system coupons regression by @kdenney in #7515
• [PM-35250] Prevent Custom Users Removing Admins by @sven-bitwarden in #7526
• [PM-34822] Consistent error response 400 and 404 in Org Integrations controller by @voommen-livefront in #7458
• [PM-28045] - Org Key Validation by @jrmccannon in #7384
• [PM-34601] Bump Group.RevisionDate on edits and access changes by @r-tome in #7467
• [PM-35351] Fix self-hosted public API member invites by skipping plan retrieval by @r-tome in #7507
• [PM-34848] Add authorization to PreviewInvoiceController org endpoints by @connerbw in #7583
• [PM-35257] Validate plan frequency tier by @connerbw in #7570
• [PM-36568] Disable Pushed Authorization Request endpoint in Identity and SSO by @ike-kottlowski in #7585
• [PM-35909] Preserve existing discounts during price migration by @amorask-bitwarden in #7561
• [PM-33289] Stop 500-retry loop on incomplete_expired subs by @amorask-bitwarden in #7525
• [PM-35624] Fix EF GetCountByOnlyOwnerAsync by @JimmyVo16 in #7586
• [PM-35300] emails do not match figma by @JaredScar in #7592
• [PM-23900] Optimize organization exports by @harr1424 in #7590
• PM-34680 serialize values to prevent injection by @voommen-livefront in #7593
• [PM-37077] Remediate Data Protection errors in DeleteSendsJob by @harr1424 in #7608
• [PM-36613] Void open invoices for unpaid subscriptions by @amorask-bitwarden in #7589
• [PM-36185] Change where Setup container looks for openssl config by @dereknance in #7623
• [PM-35300] fix emails do not match figma by @JaredScar in #7609
• Auth/PM-37621 - Fix Device.LastActivityDate surfacing legacy NULL rows as DateTime.UtcNow by @JaredSnider-Bitwarden in #7649

⚙️ Maintenance

• [AppSec] AI Fix for Template Injection in GitHub Workflows Action by @aikido-autofix[bot] in #7448
• [PM-32598] - Remove Unused sso/details Endpoint + Sprocs by @sven-bitwarden in #7400
• Move missed integration files to DIRT by @eliykat in h...

Overview

• Bug fix for subscription handling

What's Changed

🐛 Bug fixes

• [PM-36613] Void open invoices for unpaid subscriptions by @amorask-bitwarden in #7589

📦 Dependency Updates

• Update Bitwarden.Server.Sdk to 1.5.2 by @justindbaur in #7559

🎨 Other

• Bumped version to 2026.4.2 by @connerbw in #7619

Full Changelog: v2026.4.1...v2026.4.2

Overview

• Removed feature flag for automatic member confirmation settings
• Removed feature flag for unlock with passkey
• Removed feature flag for SCIM refactor
• Various under-the-hood improvements and minor bug fixes

What's Changed

Feature Development

• [PM-34595] Add provider authorization attributes by @eliykat in #7389
• [PM-34230] server side constant for feature flag by @voommen-livefront in #7395
• Add SDK Sends API feature flag by @adudek-bw in #7254
• [PM-34177] Add feature flag for Organization Invite Links by @r-tome in #7404
• [PM-34177] Fix feature flag key value for Organization Invite Links by @r-tome in #7409
• [PM-34171] Add card scanner feature flag by @SaintPatrck in #7310
• PM-34686 Remove Summary Count Limit by @prograhamming in #7398
• [PM-32105] - Org ability feature flag by @jrmccannon in #7401
• [PM-33213] Remove FeatureFlag Around ResetPassword && PolicyRequirements by @sven-bitwarden in #7188
• [PM-32394] Implement Scim V2 features by @JaredScar in #7397
• [PM-34694] - add quick actions feature flag by @jaasen-livefront in #7412
• [PM-34146] Add GetManyConfirmedAcceptedByUserIdAsync(Guid userId) to the IPolicyRepository interface by @JimmyVo16 in #7392
• [PM-34178] Add entities, repository and database migrations for Organization Invite Link feature by @r-tome in #7407
• [PM-31894] remove storage reconciliation job and flags by @kdenney in #7424
• [PM-26383] Remove feature flag from server-side for autoconfirm by @JaredScar in #7402
• [PM-34805] Add new feature flag for Policy Drawers (pm-34804) in Constants.cs by @JaredScar in #7429
• [PM-34147] Add GetManyConfirmedAcceptedDetailsByUserAsync to IOrganizationUserRepository by @JimmyVo16 in #7399
• [PM-34500] Add PM-34500-strict-cipher-decryption feature flag by @nikwithak in #7387
• [PM-35072] Allow account recovery for revoked status users by @kspearrin in #7446
• [PM-34854] Add pm-34145-policies-in-accepted-state feature flag by @eliykat in #7449
• [PM-31941] Implement Feature Flag and Access Intelligence Refactor Integration by @Banrion in #7459
• [PM-34500] Fix Feature Flag pm-34500-strict-cipher-decryption name casing by @nikwithak in #7460
• [PM-30751] - add secure SSRF protection for internal IPs by @jaasen-livefront in #7256
• [PM-31909] Remove m3 flagged logic by @connerbw in #7352
• [PM-31911] Remove m3 flag definition by @connerbw in #7354
• [PM-34825] Add support for ml-dsa44 keypairs by @quexten in #7435
• [PM-31780] Add exempt from billing automation toggle by @amorask-bitwarden in #7438
• [PM-32068] - Org Ability Extended Cache by @jrmccannon in #7443
• [PM-33866] Revocation Reasons: DDL Edition by @sven-bitwarden in #7432
• chore: remove bulk reinvite and org accept init flags by @vincentsalucci in #7484
• Auth/Innovation/PM-4517 - Device Management - Add Last Activity Date by @JaredSnider-Bitwarden in #7302
• [PM-34060] Add bank account item type by @gbubemismith in #7112
• [PM-35154] collection SDK decryption feature flag to Constants.cs by @JaredScar in #7470
• [PM-34595] Update provider controllers to use authz attribute by @eliykat in #7450
• [PM-24927] Add payment optional support to trial initiation flow by @cyprain-okeke in #7418
• [PM-32069] Add ExtendedProviderAbilityCacheService by @JimmyVo16 in #7447
• PM-22228 Added Phishing events by @voommen-livefront in #7427
• [PM-32853] Add Trial Initiation Metadata for Marketing or Product by @sbrown-livefront in #7462
• feat(validation): [PM-32626] by @Patrick-Pimentel-Bitwarden in #7064
• [PM-32073] - Added Bulk Get Org Ability by @jrmccannon in #7476

🐛 Bug fixes

• [PM-22525] Log when provider admin accesses an org vault by @BTreston in #7379
• [PM-34679] Display Phase 2 prices and discount on org subscription page by @amorask-bitwarden in #7393
• [PM-34679] Fix Families 2019 Phase 2 price and discount display by @amorask-bitwarden in #7408
• PM-34391 fixes to eventsController by @voommen-livefront in #7405
• [PM-34728] Use top-level ProrationBehavior on schedule updates by @amorask-bitwarden in #7410
• [PM-33500] - delete attachments from deleted ciphers by @jaasen-livefront in #7208
• fix(change-email): [PM-34742] Change Email Sets Salt by @Patrick-Pimentel-Bitwarden in #7413
• [PM-34773] Fix storage addition during active Phase 2 of schedule by @amorask-bitwarden in #7420
• [PM-34255] - SCIM Api Key Fix by @jrmccannon in #7403
• fix(refactor): [PM-34246] Rename Set Password to Finalize Onboarding by @Patrick-Pimentel-Bitwarden in #7328
• Revert "fix(change-email): [PM-34742] Change Email Sets Salt" by @Patrick-Pimentel-Bitwarden in #7421
• PM-33194 single integration of a type only by @voommen-livefront in #7280
• [PM-22450] Bump Collection.RevisionDate on edits and access changes by @r-tome in #7380
• [PM-26043] Fix bug: can't add secrets manager to legacy plans by @kdenney in #7414
• [PM-22450] Bump date on migration script file CollectionBumpRevisionDateOnAccessChange by @r-tome in #7436
• [PM-33301] Add Functionality for Upgrading Using PayPal by @sbrown-livefront in #7183
• [PM-34866][PM-34865] Fix EnableAutomaticTaxAsync to update schedule phases by @connerbw in #7437
• Fix test clock awareness in schedule-aware cancellation by @connerbw in #7440
• Fix CollectionUsers/CollectionGroups table names for Seeder across all DB providers by @mimartin12 in #7441
• [PM-32463] Remove organization enabled filter from database query/view by @shane-melton in #7037
• Auth/PM-34130 - Fix DeviceAuthDetails constructor and stored procedure for EDD compliance by @JaredSnider-Bitwarden in #7416
• [PM-34390] - Fixing Group/Provider User by @jrmccannon in #7431
• [PM-33539] Fix wrong model response type for file model size by @quexten in #7474
• [PM-35234] Prevent appending duplicate org user in validator request by @BTreston in #7486
• [PM-34427] Fix Users can edit and save sends with the hide email address option enabled by @harr1424 in #7511

⚙️ Maintenance

• [PM-34456] Innovation Sprint: Enable generating automated release notes by @djsmith85 in #7362
• [FIX] Image tag max length logic by @gitclonebrian in #7396
• [PM-29152] Rename VNextSavePolicyCommand to SavePolicyCommand and remove deprecated policy interfaces by @r-tome in #7364
• test(change-email): [PM-34742] Change Email Sets Salt Attempt 2 by @Patrick-Pimentel-Bitwarden in #7422
• [PM-34383] Add import validation allowing providers to perform imports by @harr1424 in #7394
• [PM-33044] Provider Ability Refactor EventService by @JimmyVo16 in #7411
• [PM-34823] Remove missed uses of PolicyRequirements flag by @eliykat in #7426
• [deps]: Update docker/login-action action to v4 by @renovate[bot] in #7346
• [deps]: Update docker/setup-qemu-action action to v4 by @renovate[bot] in #7223
• [deps]: Update codecov/codecov-action action to v6 by @renovate[bot] in #7455
  *...

Overview

• Removed feature flag for vault items archive
• Removed feature flag for default saving location when organization data ownership policy is enabled
• Removed feature flag for hiding alternate login methods when SSO is required
• Removed feature flag for several UX improvements
• Removed feature flag for provider initialization refactor
• Added support for deeplink redirect with https schema
• Various under-the-hood improvements and minor bug fixes

What's Changed

Feature Development

• [PM-31736] User-friendly cookie vendor error message by @dereknance in #7270
• [PM-33972] Remove pm-26140-marketing-initiated-premium-flow feature flag by @trmartin4 in #7275
• [PM-32783] Add electron-storage-cache flag by @dani-garcia in #7286
• [PM-33890] Set up Stripe Subscription Schedule API operations by @amorask-bitwarden in #7289
• feat(redirect): [PM-30810] Https Redirection for Cloud Users by @Patrick-Pimentel-Bitwarden in #6852
• [PM-22110] Remove pm-22110-disable-alternate-login-methods feature flag by @trmartin4 in #7274
• [PM-22435] chore: remove create default collections ff ref by @vincentsalucci in #7298
• [PM-33086/7] Remove the feature flag RefactorOrgAcceptInit by @r-tome in #7287
• [PM-28420] Remove feature flag by @BTreston in #7282
• [PM-33087] Remove RefactorOrgAcceptInit feature flag by @r-tome in #7325
• [PM-15489] 2fa account recovery by @kspearrin in #7139
• Auth/PM-34400 - Add desktop devices feature flag by @JaredSnider-Bitwarden in #7361
• [PM-32009] Add New Item Type Feature Flag by @nick-livefront in #7358
• [PM-34410] Attachment Upload Feature Flag by @nick-livefront in #7357
• Add feature flag for access intelligence trend chart by @Banrion in #7363
• [PM-33212] Finalize Org Data Ownership Policy Requirement by @sven-bitwarden in #7210
• [PM-332124] Finalize PolicyRequirement + 2FA Feature Flag by @sven-bitwarden in #7209
• [PM-19168] Remove Archive Feature Flag guards by @nick-livefront in #7371
• [PM-31885] Consolidate all Send policies to a single policy by @harr1424 in #7113
• [PM-31905] Remove m2 flag definition by @cturnbull-bitwarden in #7353
• [PM-28190] Add feature flag: pm-28190-cipher-sharing-ops-to-sdk Feature Flag by @nikwithak in #6887

🐛 Bug fixes

• [PM-33980] Only verify UseMyItems when claim exists by @amorask-bitwarden in #7278
• [PM-32450] Allow SMTP TLS CRL status retrieval failures by @dereknance in #7271
• [PM-19143] Fix custom permissions not persisting via InviteOrganizationUsersCommand by @r-tome in #7285
• [PM-34049] Fix PoliciesController authorize attribute by @eliykat in #7303
• [PM-34048 ] Add limit item deletion to manage collection permission to Org view/edit by @vincentsalucci in #7296
• [PM-31822] Fix file Send size validation by @mcamirault in #7311
• [PM-34440] Fix cache duplicate-key error by @JimmyVo16 in #7360
• [PM-30185] Fix email fallback logic to ignore empty primary email by @BTreston in #7359
• [PM-32829] Cipher Key for unassigned ciphers by @nick-livefront in #7164
• [PM-32260] Fix missing device approval event logs for accepted users by @r-tome in #7247
• [PM-26581] Add missing model.type param by @BTreston in #7369
• [PM-29981] Add repo call to check if existing collection already has access setup by @BTreston in #7365
• [PM-34570] Expired or Cancelled Claimed User Throws Billing Exception on Subscription Cancel by @sbrown-livefront in #7382
• fix(change-email): [PM-34742] Change Email Sets Salt (#7422) by @Patrick-Pimentel-Bitwarden in #7423

⚙️ Maintenance

• [BRE-1004] Add GHCR Support to Build/Publish workflows by @vgrassia in #7263
• [PM-32066] - Add Org Ability View by @jrmccannon in #7194
• [PM-33895] Filter [BindNever] parameters from OpenAPI schema by @dani-garcia in #7257
• [deps]: Update docker/build-push-action action to v7 by @renovate[bot] in #7221
• [PM-32067] - Add Provider Ability View by @jrmccannon in #7200
• [PM-33041] Organization Ability: Refactor CipherResponseModel by @JimmyVo16 in #7202
• [PM-33043] Refactor PolicyService, CipherService, and TwoFactorAuthenticationValidator by @JimmyVo16 in #7214
• [PM-33042] Refactor EventService to remove deprecated GetOrganizationAbilitiesAsync by @JimmyVo16 in #7240
• [deps]: Update dorny/test-reporter action to v3 by @renovate[bot] in #7347
• [PM-34462] Improve role handling in provider controllers by @eliykat in #7372
• [PM-3836] Tools - Make Controllers, Services and API Models nullable by @harr1424 in #7212
• Add release yml to rc by @djsmith85 in #7466

📦 Dependency Updates

• [deps] Auth: Update Duende.IdentityServer to 7.4.6 by @renovate[bot] in #6323
• [PM-33499] Permissive base64 decoder by @dereknance in #7207
• [deps]: Update sass to v1.98.0 by @renovate[bot] in #7343
• [deps]: Update prettier to v3.8.1 by @renovate[bot] in #6702

🎨 Other

• PM-33964 - Fix silent switch defaults in Seeder with fail-fast throws by @theMickster in #7277
• [PM-33819] Enforce use of authorize attributes by @eliykat in #7242
• Arch/cipher scene by @MGibson1 in #7241
• [PM-33894] Schedule price increases by @amorask-bitwarden in #7293
• [PM-34082] Seed passkeys by @MGibson1 in #7265
• Added RSA keypair pool + Caching to Seeder's RustSdk by @theMickster in #7288
• [PM-33896] Update Families organization on schedule transition by @cturnbull-bitwarden in #7300
• [PM- 30370] [PM-28827] Add Salt to Auth and KM DTOs by @ike-kottlowski in #7239
• [PM-32008] Add scope comment for SecurityTaskAuthorizationHandler by @nick-livefront in #7291
• [PM-21926] Add salt to Admin Console DTOs by @ike-kottlowski in #7231
• [PM-33043] Fix the failing test. by @JimmyVo16 in #7316
• [PM-33899] Release schedule on terminal subscription operations by @amorask-bitwarden in #7305
• PM-34033 - Add individual user seeding to preset pipeline by @theMickster in #7304
• PM-34033 - Add user & org API key seeding and improve CLI output by @theMickster in #7324
• [PM-34039] [Defect] Discount Eligibility Endpoint Shows "New Users Only" Discounts by @sbrown-livefront in #7301
• Update to IHostBuilder style by @justindbaur in #6843
• [PM-32216] Create Stripe Checkout Session Endpoint by @sbrown-livefront in #7246
• [PM-33901] Remove unused UpdateTaxInformation by @cturnbull-bitwarden in #7320
• [PM-33901] Implement schedule-aware tax handling by @cturnbull-bitwarden in #7319
• PM-33964 - Unify CipherSeeder factories behind CipherSeed domain model. by @theMickster in #7330
• Clarify potential misleading comment by @theMickster in #7339
• Rename CLI endpoint to Preset instead of Seed by @theMickster in #7340
• Move IEventService to Dirt by @eliykat in #7272
• [PM-33898] Schedule-aware storage adjustments by @amorask-bitwarden in #7350
• [PM-33891] Migrate Cancel and Reinstate Paths by @sbrown-livefront in #7331
• [PM-33405] Add `...

• Removed feature flag for biometrics refactor on Windows
• Removed feature flag for updated organization invitation email
• Removed feature flag for updated organization confirmation email
• Removed feature flag for data recovery tool
• Removed feature flag for push notifications infrastructure updates
• Updated tax logic for Switzerland
• Various under-the-hood improvements and minor bug fixes

Thank you! 💙 A big shout-out to the following community members for their contributions!

mdusher - Add globalSettings.knownNetworks so that entire IP ranges can be used for trusting X-Forwarded-* headers

Warfields - Add PQC TLS Support

Fixed an issue that could cause cipher key corruption under certain conditions.

• Added option in system administration portal to disable My Items
• Removed feature flag for multi-thread decryption
• Removed feature flag for SSH key storage and SSH Agent
• Removed feature flag for creating My Items for users who are revoked then restored
• Removed feature flag for refactor of InMemoryApplicationCacheService instantiation to help prevent pod stampedes
• Various under-the-hood improvements and minor bug fixes

Thank you! 💙 A big shout-out to the following community members for their contributions!

lahma - Use SchedulerBuilder to configure Quartz

• Updated email templates for organization invitations
• Removed feature flag for Premium risk insights
• Removed feature flag for claimed domain account creation policy
• Removed feature flag for new organization metadata structure
• Various under-the-hood improvements and minor bug fixes

Thank you! 💙 A big shout-out to the following community members for their contributions!

[+jolness1+|https://github.com/jolness1] - Change hardcoded 5 key WebAuthn limit for login to check if premium

• Added endpoints to public API for revoke and restore members
• Removed feature flag for Premium risk insights
• Removed feature flag for improved loading states
• Removed feature flag for performance improvements to re-invite endpoint
• Various under-the-hood improvements and minor bug fixes

Thank you! 💙 A big shout-out to the following community members for their contributions!

jolness1 - Change hardcoded 5 key WebAuthn limit for login to check if premium