Steps To Reproduce
To reproduce, you likely need to deploy an earlier version of bitwarden-lite (maybe 2025.1 or so) on a MariaDB server with a version before they changed the default collation - perhaps MariaDB 11.3 or 11.4. Then, upgrade the MariaDB server to 12.2.2 and upgrade the bitwarden-lite container to 2026.4.1. This should create the new database tables using the new default collation and that likely creates this issue.
This issue can be seen when logging into an existing user or can be triggered for a similar query by attempting to go to /settings/security/device-management.
There is a similar query error in api.log when trying to view users of an organization at /organizations/{ID}/members. This page does not load, not even providing an error popout.
Expected Result
No server errors/errors in api.log. Other pages work properly and populate.
Actual Result
When logging in, the following MySQL/MariaDB database query error in api.log:
fail: Microsoft.EntityFrameworkCore.Database.Command[20102]
=> SpanId:8212df98c5086e35, TraceId:cc32d07948d9bc7026c48397d773fea1, ParentId:6460626bc5cfda97 => ConnectionId:0HNLD504GEI8F => RequestPath:/auth-requests/pending RequestId:0HNLD504GEI8F:00000001 => IpAddress:::ffff:127.0.0.1 UserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 DeviceType:9 Origin:9 ClientVersion:2026.4.0 => Bit.Api.Auth.Controllers.AuthRequestsController.GetPendingAuthRequestsAsync (Api)
Failed executing DbCommand (6ms) [Parameters=[@__userId_0='?' (DbType = Guid), @__p_1='?' (DbType = Double)], CommandType='Text', CommandTimeout='30']
SELECT `t0`.`Id`, `t0`.`AccessCode`, `t0`.`Approved`, `t0`.`AuthenticationDate`, `t0`.`CreationDate`, `t0`.`Key`, `t0`.`MasterPasswordHash`, `t0`.`OrganizationId`, `t0`.`PublicKey`, `t0`.`RequestCountryName`, `t0`.`RequestDeviceIdentifier`, `t0`.`RequestDeviceType`, `t0`.`RequestIpAddress`, `t0`.`ResponseDate`, `t0`.`ResponseDeviceId`, `t0`.`Type`, `t0`.`UserId`, `t0`.`Id0`, `t0`.`c`
FROM (
SELECT `a`.`RequestDeviceIdentifier`
FROM `AuthRequest` AS `a`
WHERE (`a`.`Type` IN (0, 1) AND (`a`.`UserId` = @__userId_0)) AND (DATE_ADD(`a`.`CreationDate`, INTERVAL CAST(@__p_1 AS signed) minute) >= UTC_TIMESTAMP())
GROUP BY `a`.`RequestDeviceIdentifier`
) AS `t`
LEFT JOIN (
SELECT `t1`.`Id`, `t1`.`AccessCode`, `t1`.`Approved`, `t1`.`AuthenticationDate`, `t1`.`CreationDate`, `t1`.`Key`, `t1`.`MasterPasswordHash`, `t1`.`OrganizationId`, `t1`.`PublicKey`, `t1`.`RequestCountryName`, `t1`.`RequestDeviceIdentifier`, `t1`.`RequestDeviceType`, `t1`.`RequestIpAddress`, `t1`.`ResponseDate`, `t1`.`ResponseDeviceId`, `t1`.`Type`, `t1`.`UserId`, `t1`.`Id0`, `t1`.`c`
FROM (
SELECT `a0`.`Id`, `a0`.`AccessCode`, `a0`.`Approved`, `a0`.`AuthenticationDate`, `a0`.`CreationDate`, `a0`.`Key`, `a0`.`MasterPasswordHash`, `a0`.`OrganizationId`, `a0`.`PublicKey`, `a0`.`RequestCountryName`, `a0`.`RequestDeviceIdentifier`, `a0`.`RequestDeviceType`, `a0`.`RequestIpAddress`, `a0`.`ResponseDate`, `a0`.`ResponseDeviceId`, `a0`.`Type`, `a0`.`UserId`, `d`.`Id` AS `Id0`, 1 AS `c`, ROW_NUMBER() OVER(PARTITION BY `a0`.`RequestDeviceIdentifier` ORDER BY `a0`.`CreationDate` DESC) AS `row`
FROM `AuthRequest` AS `a0`
LEFT JOIN `Device` AS `d` ON (`a0`.`RequestDeviceIdentifier` = `d`.`Identifier`) AND (`a0`.`UserId` = `d`.`UserId`)
WHERE (((`a0`.`Type` = 0) OR (`a0`.`Type` = 1)) AND (`a0`.`UserId` = @__userId_0)) AND (DATE_ADD(`a0`.`CreationDate`, INTERVAL CAST(@__p_1 AS signed) minute) >= UTC_TIMESTAMP())
) AS `t1`
WHERE `t1`.`row` <= 1
) AS `t0` ON `t`.`RequestDeviceIdentifier` = `t0`.`RequestDeviceIdentifier`
fail: Microsoft.EntityFrameworkCore.Query[10100]
=> SpanId:6460626bc5cfda97, TraceId:cc32d07948d9bc7026c48397d773fea1, ParentId:0000000000000000 => ConnectionId:0HNLD504GEI8F => RequestPath:/auth-requests/pending RequestId:0HNLD504GEI8F:00000001 => IpAddress:::ffff:127.0.0.1 UserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 DeviceType:9 Origin:9 ClientVersion:2026.4.0 => Bit.Api.Auth.Controllers.AuthRequestsController.GetPendingAuthRequestsAsync (Api)
An exception occurred while iterating over the results of a query for context type 'Bit.Infrastructure.EntityFramework.Repositories.DatabaseContext'.
MySqlConnector.MySqlException (0x80004005): Illegal mix of collations (utf8mb4_general_ci,IMPLICIT) and (utf8mb4_uca1400_ai_ci,IMPLICIT) for operation '='
at MySqlConnector.Core.ServerSession.ReceiveReplyAsync(IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/ServerSession.cs:line 894
at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /_/src/MySqlConnector/Core/ResultSet.cs:line 37
at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 130
at MySqlConnector.MySqlDataReader.InitAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary`2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 483
at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 56
at MySqlConnector.MySqlCommand.ExecuteReaderAsync(CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 357
at MySqlConnector.MySqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 350
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken)
at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
MySqlConnector.MySqlException (0x80004005): Illegal mix of collations (utf8mb4_general_ci,IMPLICIT) and (utf8mb4_uca1400_ai_ci,IMPLICIT) for operation '='
at MySqlConnector.Core.ServerSession.ReceiveReplyAsync(IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/ServerSession.cs:line 894
at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /_/src/MySqlConnector/Core/ResultSet.cs:line 37
at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 130
at MySqlConnector.MySqlDataReader.InitAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary`2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 483
at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 56
at MySqlConnector.MySqlCommand.ExecuteReaderAsync(CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 357
at MySqlConnector.MySqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 350
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken)
at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
fail: Bit.Api.Utilities.ExceptionHandlerFilterAttribute[0]
=> SpanId:6460626bc5cfda97, TraceId:cc32d07948d9bc7026c48397d773fea1, ParentId:0000000000000000 => ConnectionId:0HNLD504GEI8F => RequestPath:/auth-requests/pending RequestId:0HNLD504GEI8F:00000001 => IpAddress:::ffff:127.0.0.1 UserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 DeviceType:9 Origin:9 ClientVersion:2026.4.0 => Bit.Api.Auth.Controllers.AuthRequestsController.GetPendingAuthRequestsAsync (Api)
Unhandled exception
MySqlConnector.MySqlException (0x80004005): Illegal mix of collations (utf8mb4_general_ci,IMPLICIT) and (utf8mb4_uca1400_ai_ci,IMPLICIT) for operation '='
at MySqlConnector.Core.ServerSession.ReceiveReplyAsync(IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/ServerSession.cs:line 894
at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /_/src/MySqlConnector/Core/ResultSet.cs:line 37
at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 130
at MySqlConnector.MySqlDataReader.InitAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary`2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 483
at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 56
at MySqlConnector.MySqlCommand.ExecuteReaderAsync(CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 357
at MySqlConnector.MySqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 350
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken)
at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable`1 source, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable`1 source, CancellationToken cancellationToken)
at Bit.Infrastructure.EntityFramework.Auth.Repositories.AuthRequestRepository.GetManyPendingAuthRequestByUserId(Guid userId) in /source/src/Infrastructure.EntityFramework/Auth/Repositories/AuthRequestRepository.cs:line 70
at Bit.Api.Auth.Controllers.AuthRequestsController.GetPendingAuthRequestsAsync() in /source/src/Api/Auth/Controllers/AuthRequestsController.cs:line 59
at lambda_method1192(Closure, Object)
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)When attempting to go to /settings/security/device-management, met with "An error has occured. An unhandled server error has occurred." with the following in api.log (same stacktrace after):
fail: Microsoft.EntityFrameworkCore.Database.Command[20102]
=> SpanId:5cb0b1d6c87c5843, TraceId:6e56907e26bac7e990c4cfb34b553b4c, ParentId:238dc9aadca8a269 => ConnectionId:0HNLD504GEI9A => RequestPath:/devices RequestId:0HNLD504GEI9A:00000001 => IpAddress:::ffff:127.0.0.1 UserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 DeviceType:9 Origin:9 ClientVersion:2026.4.0 => Bit.Api.Controllers.DevicesController.GetAll (Api)
Failed executing DbCommand (1ms) [Parameters=[@__userId_0='?' (DbType = Guid), @__p_1='?' (DbType = Double)], CommandType='Text', CommandTimeout='30']
SELECT `d`.`Id`, `d`.`Active`, `d`.`CreationDate`, `d`.`EncryptedPrivateKey`, `d`.`EncryptedPublicKey`, `d`.`EncryptedUserKey`, `d`.`Identifier`, `d`.`LastActivityDate`, `d`.`Name`, `d`.`PushToken`, `d`.`RevisionDate`, `d`.`Type`, `d`.`UserId`, (
SELECT `a`.`Id`
FROM `AuthRequest` AS `a`
WHERE ((((`a`.`RequestDeviceIdentifier` = `d`.`Identifier`) AND `a`.`Type` IN (0, 1)) AND (`a`.`Approved` IS NULL)) AND (`a`.`UserId` = @__userId_0)) AND (DATE_ADD(`a`.`CreationDate`, INTERVAL CAST(@__p_1 AS signed) minute) > UTC_TIMESTAMP())
ORDER BY `a`.`CreationDate` DESC
LIMIT 1), (
SELECT `a0`.`CreationDate`
FROM `AuthRequest` AS `a0`
WHERE ((((`a0`.`RequestDeviceIdentifier` = `d`.`Identifier`) AND `a0`.`Type` IN (0, 1)) AND (`a0`.`Approved` IS NULL)) AND (`a0`.`UserId` = @__userId_0)) AND (DATE_ADD(`a0`.`CreationDate`, INTERVAL CAST(@__p_1 AS signed) minute) > UTC_TIMESTAMP())
ORDER BY `a0`.`CreationDate` DESC
LIMIT 1)
FROM `Device` AS `d`
WHERE (`d`.`UserId` = @__userId_0) AND `d`.`Active`When trying to view organization users at /organizations/{ID}/members:
fail: Microsoft.EntityFrameworkCore.Database.Command[20102]
=> SpanId:04e496be77b1c422, TraceId:31c21bccb5fb841fe5d47b29ce846cb9, ParentId:1a184d65f82bbc40 => ConnectionId:0HNLD504GEIAG => RequestPath:/organizations/{ID}/users RequestId:0HNLD504GEIAG:00000001 => IpAddress:::ffff:127.0.0.1 UserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 DeviceType:9 Origin:9 ClientVersion:2026.4.2 => Bit.Api.AdminConsole.Controllers.OrganizationUsersController.GetAll (Api)
Failed executing DbCommand (1ms) [Parameters=[@___organizationId_0='?' (DbType = Guid)], CommandType='Text', CommandTimeout='30']
SELECT `o`.`Id`, `o`.`AccessSecretsManager`, `o`.`CreationDate`, `o`.`Email`, `o`.`ExternalId`, `o`.`Key`, `o`.`OrganizationId`, `o`.`Permissions`, `o`.`ResetPasswordKey`, `o`.`RevisionDate`, `o`.`RevocationReason`, `o`.`Status`, `o`.`Type`, `o`.`UserId`
FROM `OrganizationUser` AS `o`
INNER JOIN `User` AS `u` ON `o`.`UserId` = `u`.`Id`
WHERE ((`o`.`OrganizationId` = @___organizationId_0) AND (`o`.`Status` <> 0)) AND EXISTS (
SELECT 1
FROM `OrganizationDomain` AS `o0`
WHERE ((`o0`.`OrganizationId` = @___organizationId_0) AND `o0`.`VerifiedDate` IS NOT NULL) AND (RIGHT(LOWER(`u`.`Email`), CHAR_LENGTH(CONCAT('@', COALESCE(LOWER(`o0`.`DomainName`), '')))) = (CONCAT('@', COALESCE(LOWER(`o0`.`DomainName`), '')))))
fail: Microsoft.EntityFrameworkCore.Query[10100]
=> SpanId:1a184d65f82bbc40, TraceId:31c21bccb5fb841fe5d47b29ce846cb9, ParentId:0000000000000000 => ConnectionId:0HNLD504GEIAG => RequestPath:/organizations/{ID}/users RequestId:0HNLD504GEIAG:00000001 => IpAddress:::ffff:127.0.0.1 UserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 DeviceType:9 Origin:9 ClientVersion:2026.4.2 => Bit.Api.AdminConsole.Controllers.OrganizationUsersController.GetAll (Api)
An exception occurred while iterating over the results of a query for context type 'Bit.Infrastructure.EntityFramework.Repositories.DatabaseContext'.
MySqlConnector.MySqlException (0x80004005): Illegal mix of collations (utf8mb4_general_ci,IMPLICIT) and (utf8mb4_uca1400_ai_ci,IMPLICIT) for operation '='Screenshots or Videos
No response
Additional Context
This error is likely completely to do with migrated instances, but it will likely pose issues going forward as well.
utf8mb4_uca1400_ai_ci is a newer collation introduced as default in MariaDB 11.5+. Ultimately, collation seems tricky...not sure the best way to handle this. Similar discussion here: dani-garcia/vaultwarden#6694. My guess is any tables that were made on a MariaDB version greater than 11.5 inherited this new default collation, which makes them have a different collation than previous tables. Maybe this could be solved by strictly defining collations during creation?
With MySQL 8+ using utf8mb4_0900_ai_ci as default and MariaDB using utf8mb4_uca1400_ai_ci as default, there is obvious incompatibility. Also with tables created under the older default utf8mb4_general_ci.
At the moment, my database collation looks like the following:
| __EFMigrationsHistory | utf8mb4_general_ci |
| CollectionCipher | utf8mb4_general_ci |
| EmergencyAccess | utf8mb4_general_ci |
| Folder | utf8mb4_general_ci |
| ProviderOrganization | utf8mb4_general_ci |
| ProviderUser | utf8mb4_general_ci |
| OrganizationConnection | utf8mb4_general_ci |
| Project | utf8mb4_general_ci |
| ProjectSecret | utf8mb4_general_ci |
| Secret | utf8mb4_general_ci |
| ServiceAccount | utf8mb4_general_ci |
| GroupUser | utf8mb4_general_ci |
| CollectionUsers | utf8mb4_general_ci |
| CollectionGroups | utf8mb4_general_ci |
| WebAuthnCredential | utf8mb4_general_ci |
| Policy | utf8mb4_general_ci |
| ProviderPlan | utf8mb4_general_ci |
| Transaction | utf8mb4_general_ci |
| SsoConfig | utf8mb4_general_ci |
| Grant | utf8mb4_general_ci |
| AccessPolicy | utf8mb4_general_ci |
| TaxRate | utf8mb4_general_ci |
| ProviderInvoiceItem | utf8mb4_uca1400_ai_ci |
| OrganizationDomain | utf8mb4_general_ci |
| OrganizationApiKey | utf8mb4_general_ci |
| ApiKey | utf8mb4_general_ci |
| Cache | utf8mb4_uca1400_ai_ci |
| Group | utf8mb4_general_ci |
| NotificationStatus | utf8mb4_uca1400_ai_ci |
| ClientOrganizationMigrationRecord | utf8mb4_uca1400_ai_ci |
| PasswordHealthReportApplication | utf8mb4_uca1400_ai_ci |
| OrganizationInstallation | utf8mb4_uca1400_ai_ci |
| Installation | utf8mb4_general_ci |
| AuthRequest | utf8mb4_general_ci |
| OrganizationIntegration | utf8mb4_uca1400_ai_ci |
| OrganizationSponsorship | utf8mb4_general_ci |
| Notification | utf8mb4_uca1400_ai_ci |
| SecurityTask | utf8mb4_uca1400_ai_ci |
| SsoUser | utf8mb4_general_ci |
| Collection | utf8mb4_general_ci |
| OrganizationMemberBaseDetails | utf8mb4_uca1400_ai_ci |
| OrganizationApplication | utf8mb4_uca1400_ai_ci |
| OrganizationIntegrationConfiguration | utf8mb4_uca1400_ai_ci |
| Event | utf8mb4_general_ci |
| SecretVersion | utf8mb4_uca1400_ai_ci |
| UserSignatureKeyPair | utf8mb4_uca1400_ai_ci |
| Cipher | utf8mb4_general_ci |
| PlayItem | utf8mb4_uca1400_ai_ci |
| SubscriptionDiscount | utf8mb4_uca1400_ai_ci |
| Send | utf8mb4_general_ci |
| Provider | utf8mb4_general_ci |
| OrganizationReport | utf8mb4_uca1400_ai_ci |
| User | utf8mb4_general_ci |
| OrganizationInviteLink | utf8mb4_uca1400_ai_ci |
| OrganizationUser | utf8mb4_general_ci |
| Organization | utf8mb4_general_ci |
| Device | utf8mb4_general_ci |
As you can see, there is a mix of the older default utf8mb4_general_ci and the newer default utf8mb4_uca1400_ai_ci. Setting the default for the database could help solve this going forward, but it won't alter existing tables. I could alter the collation of existing tables, but I'm not sure which would be appropriate necessarily. Either way, this isn't handled programmatically so even though setting it going forward would likely work, it won't help those with migrated databases.
Githash Version
3371bb6
Environment Details
Linux docker
Database Image
mariadb:12.2.2 (latest rolling)
Issue Tracking Info
Steps To Reproduce
To reproduce, you likely need to deploy an earlier version of bitwarden-lite (maybe 2025.1 or so) on a MariaDB server with a version before they changed the default collation - perhaps MariaDB 11.3 or 11.4. Then, upgrade the MariaDB server to 12.2.2 and upgrade the bitwarden-lite container to 2026.4.1. This should create the new database tables using the new default collation and that likely creates this issue.
This issue can be seen when logging into an existing user or can be triggered for a similar query by attempting to go to /settings/security/device-management.
There is a similar query error in api.log when trying to view users of an organization at /organizations/{ID}/members. This page does not load, not even providing an error popout.
Expected Result
No server errors/errors in api.log. Other pages work properly and populate.
Actual Result
When logging in, the following MySQL/MariaDB database query error in api.log:
When attempting to go to /settings/security/device-management, met with "An error has occured. An unhandled server error has occurred." with the following in api.log (same stacktrace after):
When trying to view organization users at /organizations/{ID}/members:
Screenshots or Videos
No response
Additional Context
This error is likely completely to do with migrated instances, but it will likely pose issues going forward as well.
utf8mb4_uca1400_ai_ciis a newer collation introduced as default in MariaDB 11.5+. Ultimately, collation seems tricky...not sure the best way to handle this. Similar discussion here: dani-garcia/vaultwarden#6694. My guess is any tables that were made on a MariaDB version greater than 11.5 inherited this new default collation, which makes them have a different collation than previous tables. Maybe this could be solved by strictly defining collations during creation?With MySQL 8+ using
utf8mb4_0900_ai_cias default and MariaDB usingutf8mb4_uca1400_ai_cias default, there is obvious incompatibility. Also with tables created under the older defaultutf8mb4_general_ci.At the moment, my database collation looks like the following:
As you can see, there is a mix of the older default
utf8mb4_general_ciand the newer defaultutf8mb4_uca1400_ai_ci. Setting the default for the database could help solve this going forward, but it won't alter existing tables. I could alter the collation of existing tables, but I'm not sure which would be appropriate necessarily. Either way, this isn't handled programmatically so even though setting it going forward would likely work, it won't help those with migrated databases.Githash Version
3371bb6
Environment Details
Linux docker
Database Image
mariadb:12.2.2 (latest rolling)
Issue Tracking Info