[PM-34456] Innovation Sprint: Enable generating automated release notes

[djsmith85]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-34456

📔 Objective

As part of the Innovation Sprint I am enabling generating automated release notes

This work is greatly inspired by the workflows and release notes created by @vvolkgang.

Currently I only added some categories, but I was aiming to get the workflow going and then tweaking categories and labels in future PRs.

📸 Screenshots

Changes generated from a drafted release between this branch and the tag v2026.3.1

[github-actions]

Checkmarx One – Scan Summary & Details – f01ef70c-0be8-4f3e-8470-a435742f2703

---

New Issues (121)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		Stored_XSS	/src/SharedWeb/Health/HealthCheckServiceExtensions.cs: 61	details The method embeds untrusted data in generated output with WriteAsync, at line 60 of /src/SharedWeb/Health/HealthCheckServiceExtensions.cs. This ... Attack Vector
2		Stored_XSS	/util/Server/Startup.cs: 57	details The method embeds untrusted data in generated output with WriteAsync, at line 59 of /util/Server/Startup.cs. This untrusted data is embedded int... Attack Vector
3		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 55	details Method at line 55 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This pa... Attack Vector
4		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145	details Method at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T... Attack Vector
5		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145	details Method at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T... Attack Vector
6		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... Attack Vector
7		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... Attack Vector
8		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 534	details Method at line 534 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
9		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 229	details Method at line 229 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
10		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1558	details Method at line 1558 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
11		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1558	details Method at line 1558 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
12		CSRF	/src/Api/Tools/Controllers/SendsController.cs: 73	details Method at line 73 of /src/Api/Tools/Controllers/SendsController.cs gets a parameter from a user request from id. This parameter value flows thro... Attack Vector
13		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 145	details Method at line 145 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This p... Attack Vector
14		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 217	details Method at line 217 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
15		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
16		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
17		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
18		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
19		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
20		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
21		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 173	details Method at line 173 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
22		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 452	details Method at line 452 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
23		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 189	details Method at line 189 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
24		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 104	details Method at line 104 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This p... Attack Vector
25		CSRF	/src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 107	details Method at line 107 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organiza... Attack Vector
26		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1417	details Method at line 1417 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
27		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 286	details Method at line 286 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
28		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 233	details Method at line 233 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
29		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 189	details Method at line 189 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
30		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1417	details Method at line 1417 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
31		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1417	details Method at line 1417 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
32		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 289	details Method at line 289 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgUserId. This parameter ... Attack Vector
33		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1385	details Method at line 1385 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
34		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1446	details Method at line 1446 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
35		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1148	details Method at line 1148 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
36		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1032	details Method at line 1032 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
37		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1281	details Method at line 1281 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from organizationId. This parameter ... Attack Vector
38		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 394	details Method at line 394 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector

More results are available on the CxOne platform

---

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 287

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.43%. Comparing base (5596ffc) to head (b0318be).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7362   +/-   ##
=======================================
  Coverage   58.43%   58.43%           
=======================================
  Files        2060     2060           
  Lines       91173    91173           
  Branches     8112     8112           
=======================================
  Hits        53281    53281           
  Misses      36003    36003           
  Partials     1889     1889           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[AmyLGalles]

LGTM