Version 2026.6.1

Overview

• Added more argon2id configurations to prelogin endpoint
• Improved validation of access intelligence reports
• Add support for plan plan migration paths
• Various under-the-hood improvements and minor bug fixes

What's Changed

Feature Development

• [PM-34909] Serve only validated report files from get-latest and self-hosted file endpoints by @AlexRubik in #7465
• [PM-33951] automatically confirm pending users on admin login by @JaredScar in #7527
• [PM-35395] MasterPasswordService Key Management Integration by @enmande in #7637
• [PM-37595] Use New OrganizationUserStatusType Columns by @sven-bitwarden in #7693
• [PM-31191] New Argon2id configuration into prelogin by @mzieniukbw in #7708
• chore(server): add FedRampGovRegion feature flag constant by @addisonbeck in #7726
• feat(server): add Gov cloud region by @addisonbeck in #7730
• [PM-36951] Add Billing Plan Migration Cohorts Admin UI by @kdenney in #7732
• [PM-37589] - Add PM29968_FillAfterSave feature flag by @jaasen-livefront in #7733
• [PM-37087] Release migration schedule before adding org to provider" by @cyprain-okeke in #7737
• [PM-38416] Add Bitwarden-Region to HTTP request to the pricing service by @justindbaur in #7749
• [PM-37070] feat: Add business plan migration renewal email by @cyprain-okeke in #7755
• [PM-37085] feat: Release migration schedule on organization plan upgrade by @amorask-bitwarden in #7757
• [PM-34778] Implement AcceptOrganizationInviteLinkCommand by @r-tome in #7759
• Set fill assist server urls by @differsthecat in #7761
• [PM-38265] Enhance TwoFactorIsEnabledQuery to use a dictionary for two-factor authentication results by @r-tome in #7764
• [PM-37510] feat: Grandfather Secrets Manager machine accounts for Enterprise 2020 migrations by @amorask-bitwarden in #7765
• [PM-38163] Add endpoint to retrieve organization policies by invite link code by @r-tome in #7767
• [PM-37228] feat: Add scheduled price increase to organization warnings by @amorask-bitwarden in #7790
• [PM-37292] - update feature flag by @jaasen-livefront in #7791
• [PM-33408] Add OrganizationUser_NotificationBannerActionClicked EventType by @jengstrom-bw in #7796
• [PM-37875] Make webauthn available on all platforms by @quexten in #7801

🐛 Bug fixes

• Auth/PM-38129 by @JaredSnider-Bitwarden in #7743
• Dirt/pm 38134 access intelligence report not generating by @prograhamming in #7748
• [PM-37168] Fix missing expiration check. by @JimmyVo16 in #7760
• Auth/PM-38588 - Login and Refresh backfill CurrentContext for LaunchDarkly Feature Flag Evaluation by @JaredSnider-Bitwarden in #7766
• Auth/PM-38648 - Refactor device last-activity cache to use configurable TTL by @JaredSnider-Bitwarden in #7773
• [PM-38729] fix: Reflect all discounts in 2020-migration renewal email by @cyprain-okeke in #7786
• Aspire: Fix Self-Host Development Configuration by @sbrown-livefront in #7803
• fix broken auto confirm policyRequirement check for org scoped request by @BTreston in #7839
• fix broken auto confirm policyRequirement check for org scoped reques… by @BTreston in #7848

⚙️ Maintenance

• Auth/PM-32102 - (1) Create ConvertUserToKeyConnectorCommand (2) Remove salt and hint on key connector conversion by @JaredSnider-Bitwarden in #7692
• [PM-38116] Harden SSRF protection in IPAddressExtensions by @jengstrom-bw in #7721
• [PM-38165] Improve Data Protection error handling and constrain plaintext input by @harr1424 in #7734
• [PM-13330] Move collection SQL files to AC Team by @eliykat in #7758
• [SHOT-96] Apply new http2 directive by @mimartin12 in #7769
• [PM-38338] Drop Unused Sprocs by @sven-bitwarden in #7789
• [PM-37511] test: Add Teams 2020 + Secrets Manager migration tests by @cyprain-okeke in #7799

📦 Dependency Updates

• [deps] BRE: Update mcr.microsoft.com/mssql/server Docker tag to v2025 by @renovate in #6447
• [deps]: Update webpack-cli to v7 by @renovate in #7348
• [deps] Auth: Update Auth dotnet dependencies to v10.0.8 by @renovate in #7604
• [deps]: Update dotnet monorepo by @renovate in #7605
• [PM-36584] Bidirectional C2 in icons.bitwarden.net by @jengstrom-bw in #7668
• [AppSec] Add packages.lock.json files for dependency locking by @aikido-autofix in #7725
• Bump version to 2026.6.0 by @github-actions in #7747
• [deps]: Update sass-loader to v17 by @renovate in #7779
• PM-37021 - Fix dotnet deps version bump failure to modify packages.lock.json by @JaredSnider-Bitwarden in #7787
• Pin nginx image to a specific version by @mimartin12 in #7802
• [DBOPS-177] Update MSSQL Docker image to SQL Server 2025 CU5 by @mkincaid-bw in #7806
• [deps] Platform: Update MessagePack to v3.1.7 [SECURITY] by @renovate in #7807
• Bump version to 2026.6.1 by @github-actions in #7813

🎨 Other

• Document migration workflow in .claude/CLAUDE.md by @Hinton in #7689
• Update EmergencyAccessInviteQuery to return encoded URLs and a JSON object by @bnagawiecki in #7741
• [bre-1835] update SeederApi Base Image by @aj-bw in #7771
• Add SingleOrganizationScene to seeder by @bnagawiecki in #7781
• Add 3 more Org Scenes by @bnagawiecki in #7798

Full Changelog: v2026.6.0...v2026.6.1