server

v2026.4.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 29d Server & OS Management

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

api aspnet aspnetcore bitwarden c# docker

+5 more

.net dotnet-core signalr sql sql-server

Summary

AI summary

Removed feature flags for automatic member confirmation, unlock with passkey, and SCIM refactor.

Full changelog

Removed feature flag for automatic member confirmation settings
Removed feature flag for unlock with passkey
Removed feature flag for SCIM refactor
Various under-the-hood improvements and minor bug fixes

Security notice: To resolve a bug with the local storage of API keys for the Bitwarden CLI, the next Bitwarden server release following this one will automatically rotate the personal API keys for users of the Bitwarden CLI. If you use the Bitwarden CLI for any automated workflows, update those workflows with your new API keys immediately following that release in order to maintain continuity.

Breaking Changes

Removed feature flag for automatic member confirmation settings
Removed feature flag for unlock with passkey
Removed feature flag for SCIM refactor

Security Fixes

Automatic rotation of Bitwarden CLI personal API keys in the next server release to fix local storage bug

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track server

Get notified when new releases ship.

About server

Bitwarden infrastructure/backend (API, database, Docker, etc).

All releases →

Related context

Related tools

Earlier breaking changes

v2026.5.0 SSO Required policy now enforced for members in the “accepted” status