
Bitwarden CLI compromised (News)
From The Changelog: Software Development, Open Source by Changelog Media
April 29, 2026 · 9 min
About this episode
The episode discusses recent security and performance issues in software development, including the Bitwarden CLI compromise and updates in TypeScript and Ruby.
Bitwarden's CLI got hit by the Checkmarx supply-chain campaign, TypeScript 7.0 beta lands with the Go-rewritten compiler running ~10x faster than 6.0, and pgBackRest lost its maintainer of thirteen years leaving anyone running production Postgres with a real dependency-trust task this week. We've also got Ubuntu 26.04 LTS shipping with TPM-backed full-disk encryption, and Matz dropping Spinel as an AOT path that takes Ruby to native binaries. This week was a good reminder that the tools we depend on are all moving at once. Security, performance, and maintenance aren't isolated threads.
Topics covered
- supply-chain security
- software performance
- open source maintenance
- encryption
- programming languages
Keywords
- Bitwarden
- Checkmarx
- TypeScript
- pgBackRest
- Ubuntu
- Matz
- Spinel
- Ruby
- encryption
- supply-chain
Mentioned in this episode
Organizations: Bitwarden, Checkmarx, Ubuntu
Products: TypeScript 7.0, pgBackRest, Spinel, Ruby
More episodes of The Changelog: Software Development, Open Source
- From open source hits to OpenAI (Interview) · June 5, 2026 · 1h 46m
- MCP on Code Mode (Interview) · May 15, 2026 · 1h 55m
- Automation at the speed of Swamp (Friends) · May 13, 2026 · 2h 26m
- Exploring with agents (Interview) · April 24, 2026 · 1h 37m
- Astral has been acquired by OpenAI (News) · March 27, 2026 · 11 min
- From Tailnet to platform (Interview) · March 11, 2026 · 1h 42m
Explore listener stats, chart rankings, contacts and more on the The Changelog: Software Development, Open Source podcast page.