
Bitwarden CLI compromised (Changelog News #185)
From Changelog Master Feed by Changelog Media
April 29, 2026 · 9 min
About this episode
The episode discusses recent security issues and performance improvements in software tools.
Bitwarden's CLI got hit by the Checkmarx supply-chain campaign, TypeScript 7.0 beta lands with the Go-rewritten compiler running ~10x faster than 6.0, and pgBackRest lost its maintainer of thirteen years leaving anyone running production Postgres with a real dependency-trust task this week. We've also got Ubuntu 26.04 LTS shipping with TPM-backed full-disk encryption, and Matz dropping Spinel as an AOT path that takes Ruby to native binaries. This week was a good reminder that the tools we depend on are all moving at once. Security, performance, and maintenance aren't isolated threads.
Topics covered
- security
- performance
- maintenance
- supply-chain
- encryption
- programming
Keywords
- Bitwarden
- Checkmarx
- TypeScript
- pgBackRest
- Ubuntu
- TPM
- Ruby
- Spinel
Mentioned in this episode
Organizations: Bitwarden, Checkmarx, pgBackRest, Ubuntu
Products: TypeScript 7.0, Spinel, Ruby
More episodes of Changelog Master Feed
- From open source hits to OpenAI (Changelog Interviews #682) · June 5, 2026 · 1h 46m
- MCP on Code Mode (Changelog Interviews #681) · May 15, 2026 · 1h 55m
- Automation at the speed of Swamp (Changelog & Friends #130) · May 13, 2026 · 2h 26m
- Exploring with agents (Changelog Interviews #680) · April 24, 2026 · 1h 37m
- Astral has been acquired by OpenAI (Changelog News #184) · March 27, 2026 · 11 min
- From Tailnet to platform (Changelog Interviews #679) · March 11, 2026 · 1h 42m
Explore listener stats, chart rankings, contacts and more on the Changelog Master Feed podcast page.