Bitwarden CLI compromised (Changelog News #185)

Bitwarden CLI compromised (Changelog News #185)

From Changelog Master Feed by Changelog Media

April 29, 2026 · 9 min

About this episode

The episode discusses recent security issues and performance improvements in software tools.

Bitwarden's CLI got hit by the Checkmarx supply-chain campaign, TypeScript 7.0 beta lands with the Go-rewritten compiler running ~10x faster than 6.0, and pgBackRest lost its maintainer of thirteen years leaving anyone running production Postgres with a real dependency-trust task this week. We've also got Ubuntu 26.04 LTS shipping with TPM-backed full-disk encryption, and Matz dropping Spinel as an AOT path that takes Ruby to native binaries. This week was a good reminder that the tools we depend on are all moving at once. Security, performance, and maintenance aren't isolated threads.

Topics covered

  • security
  • performance
  • maintenance
  • supply-chain
  • encryption
  • programming

Keywords

  • Bitwarden
  • Checkmarx
  • TypeScript
  • pgBackRest
  • Ubuntu
  • TPM
  • Ruby
  • Spinel

Mentioned in this episode

Organizations: Bitwarden, Checkmarx, pgBackRest, Ubuntu

Products: TypeScript 7.0, Spinel, Ruby

More episodes of Changelog Master Feed

Explore listener stats, chart rankings, contacts and more on the Changelog Master Feed podcast page.