Back to Freedom.Tech Back
All Bitwarden Server Version releasesAll versions
Release Wed, Jun 24, 2026 4 min read

Bitwarden Server Version 2026.6.1

Added more argon2id configurations to prelogin endpoint; Improved validation of access intelligence reports; Add support for plan plan migration paths; Various under-the-hood improvements and minor bug fixes

Overview

  • Added more argon2id configurations to prelogin endpoint
  • Improved validation of access intelligence reports
  • Add support for plan plan migration paths
  • Various under-the-hood improvements and minor bug fixes

What's Changed

:shipit: Feature Development

  • [PM-34909] Serve only validated report files from get-latest and self-hosted file endpoints by @AlexRubik in #7465
  • [PM-33951] automatically confirm pending users on admin login by @JaredScar in #7527
  • [PM-35395] MasterPasswordService Key Management Integration by @enmande in #7637
  • [PM-37595] Use New OrganizationUserStatusType Columns by @sven-bitwarden in #7693
  • [PM-31191] New Argon2id configuration into prelogin by @mzieniukbw in #7708
  • chore(server): add FedRampGovRegion feature flag constant by @addisonbeck in #7726
  • feat(server): add Gov cloud region by @addisonbeck in #7730
  • [PM-36951] Add Billing Plan Migration Cohorts Admin UI by @kdenney in #7732
  • [PM-37589] - Add PM29968_FillAfterSave feature flag by @jaasen-livefront in #7733
  • [PM-37087] Release migration schedule before adding org to provider" by @cyprain-okeke in #7737
  • [PM-38416] Add Bitwarden-Region to HTTP request to the pricing service by @justindbaur in #7749
  • [PM-37070] feat: Add business plan migration renewal email by @cyprain-okeke in #7755
  • [PM-37085] feat: Release migration schedule on organization plan upgrade by @amorask-bitwarden in #7757
  • [PM-34778] Implement AcceptOrganizationInviteLinkCommand by @r-tome in #7759
  • Set fill assist server urls by @differsthecat in #7761
  • [PM-38265] Enhance TwoFactorIsEnabledQuery to use a dictionary for two-factor authentication results by @r-tome in #7764
  • [PM-37510] feat: Grandfather Secrets Manager machine accounts for Enterprise 2020 migrations by @amorask-bitwarden in #7765
  • [PM-38163] Add endpoint to retrieve organization policies by invite link code by @r-tome in #7767
  • [PM-37228] feat: Add scheduled price increase to organization warnings by @amorask-bitwarden in #7790
  • [PM-37292] - update feature flag by @jaasen-livefront in #7791
  • [PM-33408] Add OrganizationUser_NotificationBannerActionClicked EventType by @jengstrom-bw in #7796
  • [PM-37875] Make webauthn available on all platforms by @quexten in #7801

Bug fixes

  • Auth/PM-38129 by @JaredSnider-Bitwarden in #7743
  • Dirt/pm 38134 access intelligence report not generating by @prograhamming in #7748
  • [PM-37168] Fix missing expiration check. by @JimmyVo16 in #7760
  • Auth/PM-38588 - Login and Refresh backfill CurrentContext for LaunchDarkly Feature Flag Evaluation by @JaredSnider-Bitwarden in #7766
  • Auth/PM-38648 - Refactor device last-activity cache to use configurable TTL by @JaredSnider-Bitwarden in #7773
  • [PM-38729] fix: Reflect all discounts in 2020-migration renewal email by @cyprain-okeke in #7786
  • Aspire: Fix Self-Host Development Configuration by @sbrown-livefront in #7803
  • fix broken auto confirm policyRequirement check for org scoped request by @BTreston in #7839
  • fix broken auto confirm policyRequirement check for org scoped reques... by @BTreston in #7848

Maintenance

  • Auth/PM-32102 - (1) Create ConvertUserToKeyConnectorCommand (2) Remove salt and hint on key connector conversion by @JaredSnider-Bitwarden in #7692
  • [PM-38116] Harden SSRF protection in IPAddressExtensions by @jengstrom-bw in #7721
  • [PM-38165] Improve Data Protection error handling and constrain plaintext input by @harr1424 in #7734
  • [PM-13330] Move collection SQL files to AC Team by @eliykat in #7758
  • [SHOT-96] Apply new http2 directive by @mimartin12 in #7769
  • [PM-38338] Drop Unused Sprocs by @sven-bitwarden in #7789
  • [PM-37511] test: Add Teams 2020 + Secrets Manager migration tests by @cyprain-okeke in #7799

Dependency Updates

  • [deps] BRE: Update mcr.microsoft.com/mssql/server Docker tag to v2025 by @renovate in #6447
  • [deps]: Update webpack-cli to v7 by @renovate in #7348
  • [deps] Auth: Update Auth dotnet dependencies to v10.0.8 by @renovate in #7604
  • [deps]: Update dotnet monorepo by @renovate in #7605
  • [PM-36584] Bidirectional C2 in icons.bitwarden.net by @jengstrom-bw in #7668
  • [AppSec] Add packages.lock.json files for dependency locking by @aikido-autofix in #7725
  • Bump version to 2026.6.0 by @github-actions in #7747
  • [deps]: Update sass-loader to v17 by @renovate in #7779
  • PM-37021 - Fix dotnet deps version bump failure to modify packages.lock.json by @JaredSnider-Bitwarden in #7787
  • Pin nginx image to a specific version by @mimartin12 in #7802
  • [DBOPS-177] Update MSSQL Docker image to SQL Server 2025 CU5 by @mkincaid-bw in #7806
  • [deps] Platform: Update MessagePack to v3.1.7 [SECURITY] by @renovate in #7807
  • Bump version to 2026.6.1 by @github-actions in #7813

Other

  • Document migration workflow in .claude/CLAUDE.md by @Hinton in #7689
  • Update EmergencyAccessInviteQuery to return encoded URLs and a JSON object by @bnagawiecki in #7741
  • [bre-1835] update SeederApi Base Image by @aj-bw in #7771
  • Add SingleOrganizationScene to seeder by @bnagawiecki in #7781
  • Add 3 more Org Scenes by @bnagawiecki in #7798

Full Changelog: https://github.com/bitwarden/server/compare/v2026.6.0...v2026.6.1

More in Privacy

Privacy release Jun 26, 2026

Syncthing 2.1.2-rc.4
Privacy release Jun 25, 2026

Bitwarden iOS Authenticator 2026.6.0
Privacy release Jun 25, 2026

Bitwarden Android Password Manager 2026.6.0