Release Notes Summary Overview

This article contains an overview of all release note summaries. Check out individual release notes for details.

Release BloodHound SharpHound AzureHound
2025-01-14 Release Notes (v6.4.0)

New and Improved Features

  • Just-in-time user provisioning and role assertion via Single Sign-On (SSO).
  • SSO providers are now updateable.
  • Added "Download SAML SP Certificate" to SSO configuration windows to improve the ability to utilize certificate pinning or encrypted assertions.
  • Administrators may no longer modify their own accounts.
  • Removed Performance Log Users, DNSAdmins, and Distributed COM Users from default Tier Zero / High Value.
  • [BHE Only] Enabled Improved Analysis Algorithm by default on all environments that have not manually disabled it.
  • [BHE Only] Improved finding sort order on the Attack Paths page.
  • [BHE Only] Multiple consistency improvements on the updated Posture page.

Bug Fixes

  • The Foreign Members accordion on Domain entity panels should now load correctly.
  • Fixed the Reader count for AZKeyVault objects.
  • Fixed abuse info data for AllExtendedRights and ReadLAPSPassword edges.
  • [BHE Only] Resolved an issue that prevented ingesting AzureHound data via file upload.

SharpHound (v2.5.13)

 

New and Improved Features

  • SharpHound will no longer attempt to connect to the same domain multiple times after a failure, improving performance under specific circumstances.

 

 

2025-01-07 (v6.3.4)

New and Improved Features

  • Improved Cypher type-checking and error reporting when running a query.

Bug Fixes

  • [BHE Only] Resolved an issue preventing the Attack Paths page from rendering data.
  • Resolved several issues with running Cypher statements for environments on PostgreSQL backend database.

No new release.

No new release.

2024-12-23 (v6.3.2 - BHE only)

Bug Fixes

  • [BHE Only] Resolved an issue in the improved analysis algorithm that resulted in inconsistent measurements between analysis runs.

No new release.

No new release.

2024-12-19 (v6.3.1)

New and Improved Features

  • [BHE Only] Performance and coverage enhancements within the Improved analysis algorithm.

Bug Fixes

  • [BHE Only] Tenants running on the improved analysis algorithm should see consistent findings and counts between Attack Paths and Posture pages.
  • Resolved several Cypher errors for environments running on PostgreSQL backends.

No new release.

No new release.

2024-12-09 (v6.3.0)

New and Improved Features

  • [BHE Only] Completely new Posture page!
  • [BHE Only] Early access opportunity: Improved analysis algorithm!
  • Hide node/edge label toggle makes a comeback (Thank you, @palt, for your contribution)!
  • New CoerceToTGT edge type (with replacement for the UnconstrainedDelegation findings for BHE users)
  • Added AdminSDHolder, Distributed COM Users group, Performance Log Users group, and DnsAdmins group to default Tier Zero / High Value members.
  • Introducing OIDC support for Single Sign-On (SSO)
    Environments configured with a single SSO provider will automatically redirect when clicking the "Login via SSO" button.
  • [BHE Only] Updated wording on the "Accept" dialog for accuracy.
  • Improved consistency when creating the Enterprise Domain Controllers group (Requires SharpHound upgrade).

Bug Fixes

  • As you scroll, long lists on entity panels will no longer shift their highlights.
  • File uploads should no longer get stuck on "Running."
  • Resolved an issue with the logic on the "Kerberoastable users with most privileges" pre-saved Cypher query.

SharpHound v2.5.12 - BHE, v2.5.9 - CE

New and Improved Features

  • Improved consistency when creating the Enterprise Domain Controllers group.
  • Improved logic to prevent errors during group membership collection from impacting the entire data collection.

Bug Fixes

  • Corrected data types of several collected properties.

No new release.

2024-11-20 (v6.2.2)

Bug Fixes

  • Fixed an excessive resource utilization issue during post-processing.
  • After migrating a user to login via SSO, their old password will be invalidated immediately.

No new release.

No new release.

2024-11-15  (v6.2.1)

Bug Fixes

  • Reverted the Azure post-processing changes due to excessive resource utilization.

No new release.

No new release.

2024-11-14 Release Notes (v6.2.0)

New and Improved Features

  • Added multiple pre-saved Cypher queries regarding objects marked "Owned."
  • Added the "Map OU structure" pre-saved query, previously available in BloodHound Legacy.
  • Updated the "Kerberoastable Users" pre-saved cypher query to properly filter out disabled objects, MSAs, GMSAs, and the KRBTGT object.
  • Updated all pre-saved Cypher queries to use consistent quotation marks for easier use in API integrations.
  • Clicking the "Login via SSO" button will automatically redirect if only a single SSO provider is configured.
  • Updated the permissions for the "Upload only" role to align more accurately with what the name implies. This role will no longer be able to modify asset group membership or trigger analysis runs.
  • Renamed the "RemoteInteractiveLoginPrivilege" edge to "RemoveInteractiveLogonRight" to match the Microsoft naming schema.
  • Improved performance of EntraID post-processing.

Bug Fixes

  • Logins via SAML will now correctly appear in the Audit log.
  • Corrected several property type errors in data coming from SharpHound.
  • [CE Only] Docker Compose health check will now work with a modified Neo4J web port set (Thank you, @yannis-srl, for your contribution!).
  • [BHE Only] SyncedToEntraUser, SyncedToADUser, ADCSESC9b, and ExtendedByPolicy edges will now reconcile properly.

No new release.

No new release.

2024-10-22 Release Notes (v6.1.0)

No new features or fixes.

SharpHound v2.5.11 - BHE, v2.5.8 - CE

New and Improved Features

  • Migrated ACL hashing functionality to utilize SHA1 to support environments that enforce FIPS-compliant algorithms.

Bug Fixes

  • Fixed collection of LAPS edges in both legacy and modern systems.

 

No new release.

2024-09-30 Release Notes (v6.0.0)

New and Improved Features

  • Dark mode is now generally available!
  • Introducing optional support for Citrix Direct Access Users group in CanRDP logic!
  • [BHE Only] Reconciliation timelines are now configurable!
  • Improved logic for identifying and creating complex edges requiring multiple permissions (including ADCS ESC, DCSync, etc.) when Authenticated Users@ or Everyone@ groups are involved.
  • Improved accuracy on ADCS ESC9 and ESC10 processing logic
  • CanRDP edges will now appropriately appear from Computer objects with permission to RDP to another computer.
  • Provided additional abuse information to ADCSESC9b, ADCSESC10b, GenericAll, GenericWrite, Contains, Owns, WriteDacl, AllExtendedWrites, and WriteOwner Attack Path primitives.
  • Support for .zip file uploads that include UTFBOM markings within contained JSON files has been added.

Bug Fixes

  • Resolved an intermittent issue with the parallelization of ADCS post-processing.
  • Applying multiple filter predicates to an API query will no longer throw an error.
  • Admin Audit log API endpoints now correctly support the "skip" query parameter.
  • The Cypher query window will no longer extend beyond the end of the browser.
  • [BHE Only] Resolved some duplicate collection issues related to highly available deployments.

 

SharpHound (v2.5.10 - BHE)

Bug Fixes

  • [BHE Only] Resolved several installation issues for specific scenarios.

 

No new release.

2024-09-19 (v5.15.1)

No changes.

SharpHound (v2.5.9 - BHE, v2.5.7 - CE)

Bug Fixes

  • Resolved an issue with enumerating domain objects where password rotation is not enforced.
  • Improved collection performance related to the collection of ACEs with unresolvable SIDs.

No new release.

2024-09-10 Release Notes (v5.15.0)

New and Improved Features

  • New Attack Path: WriteGPLink (Thank you, @q-roland, for your contribution! Requires SharpHound v2.5.6+).
  • Added 22 additional AD properties, including information about authentication, passwords, and extra domain/trust information with supporting saved queries (Requires SharpHound v2.5.6+).
  • Added support for GenericWrite Attack Paths targetting OUs and Domain objects (Thank you, @q-roland, for your contribution! Requires SharpHound v2.5.6+).
  • Updated ESC6a logic to no longer require weak certificate mapping after confirming that it no longer prevents the escalation.
  • OUs that contain Tier Zero / High Value objects will now be automatically tagged as Tier Zero objects, too.
  • ESC6/9/10 analysis logic will now include domain controllers from child domains as well.
  • Added a Login URL property to Entra Users to show the user's SSO URL.
  • Removed all "CanAbuse" non-transitive edges from the graph schema and updated ESC logic accordingly.
  • [CE Only] Owned objects will now show an associated glyph icon in Explore (Thank you, @palt, for your contribution!).

Bug Fixes

  • Fixed abuse info on multiple Attack Paths that grant the ability to abuse LAPS settings.
  • Improved JSON error handling for file uploads.
  • File uploads should no longer get stuck on "Analyzing."
  • [BHE Only] Fixed an issue where specific collection jobs would trigger twice.
  • [BHE Only] Attack Path titles may now easily be copied again.

SharpHound (v2.5.8 - BHE, v2.5.6 - CE)

New and Improved Features

  • Complete re-write of LDAP connection and collection logic, resulting in improved consistency and performance.
  • Add support for the collection of 22 additional properties and for GenericWrite Attack Paths targeting OU and Domain objects.
  • [BHE Only] Moved auth.json and settings.json to the service user's APPDATA directory.

Bug Fixes

  • [BHE Only] Resolved several cross-trust collection issues.

 

AzureHound (v2.2.1)

New and Improved Features

  • Reduced default number of concurrent connections opened with Entra/Azure APIs (Thank you, @olafhartong, for your support in identifying the cause of these issues)
  • Added several optional performance-tuning settings
  • Reduced volume of data output by pruning empty or unnecessary fields (Thank you, @malacupa, for your support in identifying the cause of these issues)
  • [BHE Only] Reduced default batch size for upload of data to BloodHound Enterprise

 

2024-08-20 Release Notes (v5.14.0)

New and Improved Features

  • Added support for ADCS certificate chains crossing AIA Certificate Authorities
  • Improved logic across all included cypher queries for improved performance
  • Clarified the "blocksinheritance" property on OUs is specific to GPO inheritance
  • Users without administrative privileges will no longer see Group Management actions in right-click context menus
  • Added support for ingesting JSON files which include UTFBOM encoding

Bug Fixes

  • Improved visibility of several buttons and elements in dark mode
  • Added abuse information for the GPLink edge
  • Fixed the count of objects displayed in the Group Management page

Note: We are working on a new version of SharpHound that has improved performance and reliability when querying data via LDAP. If you would like to test that version, please get in touch with your TAM.

No new release.

2024-08-06 Release Notes (v5.13.1)

Bug Fixes

  • Resolved an issue where hybrid paths were not created when the AD object did not have a known object type during path creation.
  • The 2FA login screen will no longer return to the username/password screen if the browser window is unselected before completing the login flow.
  • [BHE Only] Resolved a race condition during analysis in highly-available deployments

Note: We have reverted the available SharpHound build to v2.4.1 while we address issues identified in v2.5.4.

 

No new release.

2024-08-01 Release Notes (v5.13.0)

New and Improved Features

  • New Attack Paths: Entra-AD User Syncing
  • Improved analysis performance - DCSync
  • Added visibility of the current API version to the My Profile page
  • [Early Access] BloodHound dark mode

Bug Fixes

  • Resolved an issue that resulted in objects having multiple types after import to BloodHound (A collection will be required to reintroduce appropriate object types on affected principals)
  • File ingest will now show partial errors on upload
  • Hovering errors in the Cypher query editor will no longer overflow the viewable area
  • Negative numbers will now compare properly in Cypher
  • Fixed a logic issue on composition panels for ESC3, 4, and 6 for multi-tier PKI environments
  • Updated logic for EnrollOnBehalfOf to utilize the proper EKU property
  • Improved error handling in specific circumstances on file ingest
  • [BHE Only] Resolved an issue with collectors improperly incrementing job counts

SharpHound (v2.5.4 - BHE, v2.5.4 - CE)

Note: SharpHound's LDAP libraries have undergone a complete rewrite to improve stability and resolve issues. This will resolve issues that are not explicitly captured in these release notes. We will continue to iterate as we find more issues. Please work with your TAM if you have any questions about upgrading.

New and Improved Features

  • Improved logic for identifying and querying available DCs (when a DC is not specified)
  • Reduced reliance on paged LDAP queries for improved LDAP query performance
  • Introduced a connection pool for improved LDAP query performance
  • Improved fallback and retry logic for LDAP ServerDown message
  • Computer availability for Local Group and Session collection will now be based on the last logon instead of the last password rotation
  • Improved logging levels and message outputs

Bug Fixes

  • [BHE Only] Resolved an issue where allowing LDAPS connections would only attempt connections on the LDAPS-specified port
  • [CE Only] Improved handling of control characters using the "collectallproperties" flag to resolve ingestion issues

 

No new release.

2024-07-17 Release Notes (v5.12.0)

New and Improved Features

  • [BHE Only] Visual overhaul of the Attack Paths view
  • Added documentation hints to all administrative pages
  • Improved analysis performance - SyncLAPSPassword
  • Example Azure data is now available

Bug Fixes

  • Improved resolution of AzApp object names
  • Reverted a change in Azure ingest that was resulting in inconsistent results in BloodHound

No new release.

No new release.

2024-06-17 Release Notes (v5.11.0)

New and Improved Features

  • Password changes will now require validation of your current password to complete
  • Updated pre-defined queries and added a hygiene section
  • [BHE Only] Azure findings have been collapsed based on path type only, aligning with Active Directory finding types
  • [BHE Only] Clicking "Explore" on a finding will now automatically display the entity panel for the associated edge
  • [BHE Only] Findings documentation is now served by a proper API endpoint

Bug Fixes

  • Azure principals with scoped Application Administrator or scoped Cloud App Admin role assignments will no longer receive a AzHasRole edge to the AzRole nodes. These nodes are only used for Tenant-scoped role assignments.
  • Group Management view will now properly display members of custom groups
  • Resolved several erroneous timeout issues
  • Corrected inaccurate use of CONTAINS verb in several pre-defined queries
  • Updated example abuse commands on several ADCS escalation paths
  • Corrected specific certificate template names on entity panels
  • [BHE Only] Fixed several bugs in Azure finding logic

No new release.

No new release.

2024-05-28 Release Notes (v5.10.0)

New and Improved Features

  • Improved Cypher quality controls to prevent failure and errors
  • Example Active Directory data now available
  • [BHE Only] Updated reference links for all Attack Path findings
  • [CE Only] Enable graph mutation via Cypher

Bug Fixes

  • Entity panels will now appear regardless of the object type selected
  • [CE Only] Added missing package caches for offline builds

No new release.

No new release.

2024-05-09 Release Notes (v5.9.0)

New and Improved Features

  • Support for ADCS ESC 13 (Requires SharpHound v2.4.1+)
  • Added support for GenericWrite edges to ADCS node types
  • Improved performance of AZAddSecret paths

Bug Fixes

  • DCSync edges will no longer be filtered out from Tier Zero / High-Value principals
  • ADCS ESC 1 edges will now generate properly across multiple domains regardless of domain collection status
  • Several fixes to Edge Composition responses
  • [BHE Only] Collection schedules should now consistently display their scheduled start time
  • [BHE Only] Finished Jobs Log pagination controls no longer scroll
  • [BHE Only] Improved fallback logic for the Attack Paths page in the event of an unexpected failure
  • [CE OnlyModifying the default_admin fields will now properly reflect in a newly created environment

SharpHound (v2.4.1 - BHE, v2.4.1 - CE)

New and Improved Features

  • Collection support for Issuance Policy Nodes
  • Improved identification logic for Contains edges
  • Added support for specific obsolete Trust type values

Bug Fixes

  • Resolved several issues related to cross-trust collections

 

AzureHound (v2.1.9)

New and Improved Features

  • Added backoff/retry logic to several calls for improved stability and resiliency

Bug Fixes

  • AZAppAdmin and AZCloudAppAdmin edges will now properly link to the AzApps they target

 

2024-04-15 Release Notes (v5.8.1)

New and Improved Features

  • Improved status messaging for the File Ingest Log
  • Added additional node-type statistics to Data Quality
  • [BHE Only] Improved performance for collection schedules for extremely large environments

Bug Fixes

  • [BHE Only] DcFor edges will no longer appear in the Attack Path tree view
  • Resolved multiple vulnerabilities identified across the product

v2.3.10 - BHE, v2.3.3 - CE

Bug Fixes

  • [BHE Only] Resolved an issue where the SharpHound service would restart in specific scenarios.

No new release.

2024-03-27 Release Notes (v5.8.0)

New and Improved Features

  • File Ingest now supports .ZIP format and large files!
  • Option to clear database from within Administration!
  • Support for ADCS ESC4 Attack Path
  • [BHE Only] BUILTIN\Users group will now appear within Large Default Groups findings
  • Improved accuracy on several ADCS components
  • Several API performance consistency improvements
  • Various minor UI improvements

Bug Fixes

  • Custom asset groups will no longer allow whitespace in tag property
  • [CE Only] Improved alignment of arrows and edges on graph canvas
  • Various minor UI bug fixes
  • [BHE Only] Added finding documentation for the "Add Secret to Tier Zero Service Principal" finding

v2.3.7 - BHE, v2.3.3 - CE

New and Improved Features

  • [BHE Only] SharpHound Enterprise will now properly throw an error if SharpHoundRPC.dll is missing

Bug Fixes

  • Failure to resolve SIDs from hostname will no longer result in errant object creation in BloodHound
  • [BHE Only] Resolved an issue where attempting to collect from uncollectible domains would result in SharpHound service restart.

v2.1.8

New and Improved Features

  • Improved logging outputs on application panic
2024-03-05 (v5.7.1)

Bug Fixes

  • Resolved an issue with group name ingestion

No new release.

No new release.

2024-03-04 Release Notes (v5.7.0)

New and Improved Features

  • Added support for AD Certificate Services ESC 6b / 9b / 10b Attack Paths
  • Reduced memory impact during data ingest
  • Improved performance on the Group Management view
  • Improved visualization of edges that begin and end at the same node

Bug Fixes

  • [BHE Only] Fixed an issue with Microsoft Graph App Role reconciliation
  • [BHE Only] Truncated exposure measurements to two decimal places on the Attack Paths view
  • Resolved several issues related to unexpected timeouts
  • Improved handling of invalid JSON during ingest
  • Creating custom asset groups no longer allows whitespace in the "tag" property

No new release.

No new release.

2024-02-14 Release Notes (v5.6.0)

New and Improved Features

  • General Availability of AD Certificate Services paths: GoldenCert, ESC1, ESC3, ESC6a, ESC9a, ESC10a (requires latest version of SharpHound)
  • New "Power User" role was added in BloodHound as a bridge between "User" and "Administrator"
  • Added filtering capabilities to the Group Management view
  • Significant expansion of data available in BloodHound audit logs
  • Improved accuracy in the "... where Domain Users can RDP" default cypher queries
  • [BHE Only] Analysis will now separate warnings from errors in completion, leading to more accurate completion of analysis in environments

Bug Fixes

  • Data Quality page fails to count Azure tenant objects in specific scenarios
  • Improved accuracy of the "count" responses from paginated API queries
  • Resolved a specific issue with SAML implementations resulting in inaccurate "NotAuthorized" responses
  • Resolved several role-privilege issues with BloodHound roles (The "User" role can no longer perform actions in the Manage Clients page, the "Upload Only" role can no longer view Experimental Features)
  • Moving from "Pathfinding" to "Search" on the "Explore" page will now properly disable pathfinding
  • Cursors will no longer jump to the end of the search fields on "Explore"
  • [BHE Only] TrustedBy edges should now reconcile appropriately

v2.3.5 - BHE, v2.3.2 - CE

New and Improved Features

  • Additional ADCS property collection

Bug Fixes

  • Resolved issues with hitting KERNELFAULT errors during collection
  • Improved handling and retries for LDAP ServerDown responses, preventing cross-trust collection

 

v2.1.7

New and Improved Features

  • Significant reduction in memory consumption when processing Azure group membership information

Bug Fixes

  • [BHE Only] AzureHound will now properly respect the verbosity setting set in config.json

 

2024-01-23 Release Notes (v5.5.0)

New and Improved Features

  • AD Certificate Services ESC3 Early Access support (Requires latest version of SharpHound)
  • Expanded memory limit for query execution (Including Cypher and Entity Panel queries)
  • Added Group Management tab for reviewing and modifying members of Tier Zero / High Value / Owned
  • Improved performance of AZResetPassword paths
  • The Azure role Partner Tier2 Support is now a default member of Tier Zero / High Value asset groups.
  • [CE Only] Added ability to mark objects as "Owned"

Bug Fixes

  • Container nodes will now properly display an Entity Panel when selected in Explore.
  • The "Affected Objects" section of GPO Entity Panels will no longer display "NaN" when no objects are affected.
  • [BHE Only] Attack Paths table and path view now use the same boundaries for severity highlighting.
  • [BHE Only] The AzureT0MgmtGroupControl finding will no longer appear, and historical records have been removed.
  • [CE Only] Resolved an issue impacting the use of multi-underscore environment variables when running an environment.

v2.3.3 - BHE, v2.3.1 - CE

New and Improved Features

  • Additional support for ADCS collection capabilities.

Bug Fixes

  • Updated logic for collection and reconciliation of ADCS objects.
  • Resolving a SID to a domain will now appropriately utilize cache entries (@uidzeroo).
  • [CE Only] GPO Local Group processing will no longer stop processing on a failed account name resolution (@nurfed1).
  • [CE Only] Updated use of LDAP credentials when collecting domain details to prevent invalid username/password issues (@nurfed1).

 

No new release.

Please check individual release notes to read earlier summaries.

Updated