⚠ PSA: Recent Bugs May Cause Loss of Files, Configurations

grb · April 9, 2025, 6:41pm

I thought these recent bug reports were sufficiently serious to warrant a Public Service Announcement. Pinned for visibility.

Deleting Attachments May Result in Loss of Other File Attachments

github.com/bitwarden/clients

Deleting an attachment from a note item with multiple attachments causes other attachments to no longer visible

opened 04:06AM - 07 Apr 25 UTC

rmcdowell-bitwarden

bug web

### Steps To Reproduce 1. Login to Bitwarden's web vault (https://vault.bitward…en.com) 2. Attach multiple attachments to a note item in the vault 3. Delete one attachment ### Expected Result The remaining attachments are accessible. ### Actual Result The item shows no attachments attached to it and are no longer accessible. ### Screenshots or Videos _No response_ ### Additional Context The vault item was viewed through multiple clients and does not display the attachments in any client. ### Operating System macOS ### Operating System Version 15.4 (24E248) ### Web Browser Chrome ### Browser Version Version 135.0.7049.42 (Official Build) (arm64) ### Build Version 2025.3.1 ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Re-Ordering URLs May Result in Loss of Match Detection Configurations

github.com/bitwarden/clients

Reordering URIs in an item loses match detection for all URIs

opened 07:23AM - 09 Apr 25 UTC

kpiris

bug web

### Steps To Reproduce Reorder URIs on any item with at least one of them which… has match detection to something else than default. ### Expected Result All URIs match detection is preserved. ### Actual Result All URIs match detection is resseted to Default. ### Screenshots or Videos https://github.com/user-attachments/assets/f42c4e20-ba8d-438d-9425-0b0c9b6fc6dd ### Additional Context The attached video shows the web vault. It also happens with the browser extension. ### Operating System Linux ### Operating System Version does not matter ### Web Browser Chrome ### Browser Version 135.0.7049.84 ### Build Version 2025.3.1 ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

kpiris · April 9, 2025, 7:06pm

I would advise about this one also:

github.com/bitwarden/clients

New device login protection should not be enforced after an emergency access account takeover

opened 07:08AM - 23 Mar 25 UTC

kpiris

bug web

### Steps To Reproduce An emergency access account takeover removes all two-ste…p login providers from the account that is being taken over. After the takeover, when one tries to login with the newly set master password, new device login protection kicks in, and email access is needed to complete the login. Which one, probably, won't have. ### Expected Result New device login protection should be bypassed. (Whether the account being taken over had previously two-step login configured or not). ### Actual Result The emailed new device protection access code is required. ### Screenshots or Videos _No response_ ### Additional Context _No response_ ### Operating System Linux ### Operating System Version _No response_ ### Web Browser Chrome ### Browser Version _No response_ ### Build Version 2025.3.0 ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Not leading to an information loss; but, potentially, could lead to a loss of vault access.

The truth is that I have the feeling that, in recent months, the quality of Bitwarden’s software has declined considerably.

Add to that the new browser extension redesign fiasco. It doesn’t give me peace of mind.

EDIT: in my opinion, what is most worrisome about that browser extension redesign is not the rejection it caused, but the fact that the new browser extension is plagued with bugs and regressions, all over the place.

Nail1684 · April 9, 2025, 8:43pm

I think loosing access to a vault, qualifies as some kind of information loss…

Neuron5569 · April 9, 2025, 8:44pm

I do agree with the experience of buggy releases. For example, I think the Android Refresh would have gone swimmingly well without the newly introduced / regressed bugs. Instead, we are having a portion of the entire userbase having to live with the bugs.

Consider putting more resources into QA, or having a longer beta/rollout periods ignoring the complaints of the users who can’t wait; there are going to be fewer of those compared to the entire userbase complaining/filing about the bugs.

Nail1684 · April 10, 2025, 1:19pm

I would add this bug also (though it seems only to be relevant for login items with only the TOTP seed code - i.e. without username and password - stored in them, but if you copy & paste your TOTP seed code somewhere unwanted, that could be also pretty serious):

github.com/bitwarden/clients

TOTP Secret being copied instead of TOTP Code

opened 05:36PM - 07 Apr 25 UTC

nmbgeek

bug browser

### Steps To Reproduce 1. On Chrome and Edge Bitwarden Extension 2025.3.2 login… to Bitwarden Vault. 2. Create a Login with no username or password, only a TOTP Secret. 3. Click the copy icon beside of the Autofill suggestions. 4. Authenticator Secret is copied instead of the TOTP code. ![Image](https://github.com/user-attachments/assets/9d8290ae-e4ab-4903-8d59-dc3d6087af7a) ### Expected Result TOTP code to be copied. When an entry has username/password the TOTP code copies as expected instead of the secret. ![Image](https://github.com/user-attachments/assets/4000e831-41a3-4c37-afb4-9e8d2ce04caf) ### Actual Result TOTP Secret is copied instead of the one time code. ### Screenshots or Videos _No response_ ### Additional Context This issue appears to be new to 2025.3.2 as another PC with 2025.3.1 didn't have this issue until it was updated to 2025.3.2 ### Operating System Windows ### Operating System Version WIndows 11 24H2 ### Web Browser Chrome ### Browser Version 135.0.7049.42 ### Environment Versions Version: 2025.3.2 SDK: 'main (50f5a17)' Server version: 2025.3.3 ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

PS: @grb If you deem that also “serious” enough, you may add that to your original post.

dwbit · April 11, 2025, 12:39pm

Thanks everyone, the team is hard at work on these issues.

DenBesten · April 16, 2025, 3:51am

About an hour ago, a maintenance window completed. Now, my “server version” (visible in settings >> about >> about bitwarden) is 2025.4.1. I just tried attaching three (dummy) files to a vault entry, saving/reopening the entry and then deleting the “middle” attachment. The other two remained.

As a result of the upgrade, it might be worth checking if the issue still exists for you.

DenBesten · April 16, 2025, 4:06am

Ran across a redditor reporting that attachment loss upon reordering affects his company vault, but not his personal vault. Unknown if software/servers were held steady between his tests and don’t know how this detail helps most of us, but I thought it a significant observation.