Inside open source releases at Bitwarden
Security standards are always evolving, and so is Bitwarden.
As an open source company, our releases happen in full view! The interaction we see within our community, from users to contributors, is gratifying to watch. Our first release of 2021, which brought features such as browser biometrics and the long-awaited emergency access feature, added additional security, convenience, and usability to Bitwarden.
Bitwarden product updates can be broken into 4 simple processes:
For new features and functions, waiting until general availability, also known as a public release, when updates or features are made widely available is the best practice. An informative blog post is most often paired with these releases as well.
Community feedback often makes its way directly into our roadmap. From the forums to our subreddit, the Bitwarden community is a thriving, energetic, and genuine part of the Bitwarden DNA, and we treat the feedback we receive accordingly. Once an idea for an improvement or feature is prioritized and scoped for development, it then becomes a task for a member (or members) of our engineering team.
Code for Bitwarden resides within one of our GitHub repositories - which are linked to Bitwarden Server and Client Application code.
Once the code has
landed in a repository, it is visible to anyone. You will see many updates to this code over a release cycle, which is usually about 90 days.
Code will be added, updated, tested, changed, and reviewed in its individual
branch before being merged into the main codebase, also referred to as the
master branch. Once merged into the master branch, the code is now queued to be released, but is not yet generally available for use.
When all the coding is done - a phase known as
dev complete or
feature complete - it’s time to do final and regression testing.
You may see
issues created in the GitHub repository for the item being tested, and additional code
commits to fix detected issues.
After thoroughly testing the software, a release is prepared. You’ve seen the changes happen in near-real-time, and we’re ready to put the latest features in the hands of our community!
A new release will be available to Bitwarden cloud users first, as our DevOps team monitors to ensure smooth operations. This allows us to make updates quickly and accurately with a centrally managed and monitored deployment.
Releases usually settle over a couple of business days and once our engineering team confirms final release health, we deploy the updates to Dockerhub so our self-hosted users can start their updates.
After the Bitwarden Cloud updates go live, we usually publish the client applications within 24 hours. Client applications can take anywhere between 1-5 days to become available, depending on the particular platform and publication queues.
During this time, users may see features that are available on the Server or Web Vault, but not yet compatible with their apps. Don’t worry, they will be updated soon!
How will you know when a release or feature is generally available? The best way to stay up to date is to follow the Bitwarden Blog. In the blog,we post all the important information about a new feature, as well as any associated documentation once it reaches general availability.
To get information in a more real-time fashion, you can see up-to-date details about our releases in a variety of ways below:
Product update emails
Subscribe to Release events on GitHub by watching the following repositories. Tip: Use custom watching rules to get notified of the specific events.
NOTE FOR TECHNICAL COMMUNITY MEMBERS:
This post serves as a general overview for those who may be new to open source software or the software development life cycle in general, where software changes are visible or available before a General release. This does not encompass all workflows, processes, checks, balances, or peer, and security reviews that occur during a Bitwarden product release.
→ To secure your personal and business data, start with a Bitwarden free trial today!