Bitwarden CLI compromised (News)

Bitwarden CLI compromised (News)

From The Changelog: Software Development, Open Source by Changelog Media

April 29, 2026 · 9 min

About this episode

The episode discusses recent security and performance issues in software development, including the Bitwarden CLI compromise and updates in TypeScript and Ruby.

Bitwarden's CLI got hit by the Checkmarx supply-chain campaign, TypeScript 7.0 beta lands with the Go-rewritten compiler running ~10x faster than 6.0, and pgBackRest lost its maintainer of thirteen years leaving anyone running production Postgres with a real dependency-trust task this week. We've also got Ubuntu 26.04 LTS shipping with TPM-backed full-disk encryption, and Matz dropping Spinel as an AOT path that takes Ruby to native binaries. This week was a good reminder that the tools we depend on are all moving at once. Security, performance, and maintenance aren't isolated threads.

Topics covered

  • supply-chain security
  • software performance
  • open source maintenance
  • encryption
  • programming languages

Keywords

  • Bitwarden
  • Checkmarx
  • TypeScript
  • pgBackRest
  • Ubuntu
  • Matz
  • Spinel
  • Ruby
  • encryption
  • supply-chain

Mentioned in this episode

Organizations: Bitwarden, Checkmarx, Ubuntu

Products: TypeScript 7.0, pgBackRest, Spinel, Ruby

More episodes of The Changelog: Software Development, Open Source

Explore listener stats, chart rankings, contacts and more on the The Changelog: Software Development, Open Source podcast page.