Release Notes Summary Overview

This article contains an overview of all release note summaries. Check out individual release notes for details.

Release BloodHound SharpHound AzureHound
2024-05-09 Release Notes (v5.9.0)

New and Improved Features

  • Support for ADCS ESC 13 (Requires SharpHound v2.4.1+)
  • Added support for GenericWrite edges to ADCS node types
  • Improved performance of AZAddSecret paths

Bug Fixes

  • DCSync edges will no longer be filtered out from Tier Zero / High-Value principals
  • ADCS ESC 1 edges will now generate properly across multiple domains regardless of domain collection status
  • Several fixes to Edge Composition responses
  • [BHE Only] Collection schedules should now consistently display their scheduled start time
  • [BHE Only] Finished Jobs Log pagination controls no longer scroll
  • [BHE Only] Improved fallback logic for the Attack Paths page in the event of an unexpected failure
  • [CE OnlyModifying the default_admin fields will now properly reflect in a newly created environment

SharpHound (v2.4.1 - BHE, v2.4.1 - CE)

New and Improved Features

  • Collection support for Issuance Policy Nodes
  • Improved identification logic for Contains edges
  • Added support for specific obsolete Trust type values

Bug Fixes

  • Resolved several issues related to cross-trust collections

 

AzureHound (v2.1.9)

New and Improved Features

  • Added backoff/retry logic to several calls for improved stability and resiliency

Bug Fixes

  • AZAppAdmin and AZCloudAppAdmin edges will now properly link to the AzApps they target

 

2024-04-15 Release Notes (v5.8.1)

New and Improved Features

  • Improved status messaging for the File Ingest Log
  • Added additional node-type statistics to Data Quality
  • [BHE Only] Improved performance for collection schedules for extremely large environments

Bug Fixes

  • [BHE Only] DcFor edges will no longer appear in the Attack Path tree view
  • Resolved multiple vulnerabilities identified across the product

v2.3.10 - BHE, v2.3.3 - CE

Bug Fixes

  • [BHE Only] Resolved an issue where the SharpHound service would restart in specific scenarios.

No new release.

2024-03-27 Release Notes (v5.8.0)

New and Improved Features

  • File Ingest now supports .ZIP format and large files!
  • Option to clear database from within Administration!
  • Support for ADCS ESC4 Attack Path
  • [BHE Only] BUILTIN\Users group will now appear within Large Default Groups findings
  • Improved accuracy on several ADCS components
  • Several API performance consistency improvements
  • Various minor UI improvements

Bug Fixes

  • Custom asset groups will no longer allow whitespace in tag property
  • [CE Only] Improved alignment of arrows and edges on graph canvas
  • Various minor UI bug fixes
  • [BHE Only] Added finding documentation for the "Add Secret to Tier Zero Service Principal" finding

v2.3.7 - BHE, v2.3.3 - CE

New and Improved Features

  • [BHE Only] SharpHound Enterprise will now properly throw an error if SharpHoundRPC.dll is missing

Bug Fixes

  • Failure to resolve SIDs from hostname will no longer result in errant object creation in BloodHound
  • [BHE Only] Resolved an issue where attempting to collect from uncollectible domains would result in SharpHound service restart.

v2.1.8

New and Improved Features

  • Improved logging outputs on application panic
2024-03-05 (v5.7.1)

Bug Fixes

  • Resolved an issue with group name ingestion

No new release.

No new release.

2024-03-04 Release Notes (v5.7.0)

New and Improved Features

  • Added support for AD Certificate Services ESC 6b / 9b / 10b Attack Paths
  • Reduced memory impact during data ingest
  • Improved performance on the Group Management view
  • Improved visualization of edges that begin and end at the same node

Bug Fixes

  • [BHE Only] Fixed an issue with Microsoft Graph App Role reconciliation
  • [BHE Only] Truncated exposure measurements to two decimal places on the Attack Paths view
  • Resolved several issues related to unexpected timeouts
  • Improved handling of invalid JSON during ingest
  • Creating custom asset groups no longer allows whitespace in the "tag" property

No new release.

No new release.

2024-02-14 Release Notes (v5.6.0)

New and Improved Features

  • General Availability of AD Certificate Services paths: GoldenCert, ESC1, ESC3, ESC6a, ESC9a, ESC10a (requires latest version of SharpHound)
  • New "Power User" role was added in BloodHound as a bridge between "User" and "Administrator"
  • Added filtering capabilities to the Group Management view
  • Significant expansion of data available in BloodHound audit logs
  • Improved accuracy in the "... where Domain Users can RDP" default cypher queries
  • [BHE Only] Analysis will now separate warnings from errors in completion, leading to more accurate completion of analysis in environments

Bug Fixes

  • Data Quality page fails to count Azure tenant objects in specific scenarios
  • Improved accuracy of the "count" responses from paginated API queries
  • Resolved a specific issue with SAML implementations resulting in inaccurate "NotAuthorized" responses
  • Resolved several role-privilege issues with BloodHound roles (The "User" role can no longer perform actions in the Manage Clients page, the "Upload Only" role can no longer view Experimental Features)
  • Moving from "Pathfinding" to "Search" on the "Explore" page will now properly disable pathfinding
  • Cursors will no longer jump to the end of the search fields on "Explore"
  • [BHE Only] TrustedBy edges should now reconcile appropriately

v2.3.5 - BHE, v2.3.2 - CE

New and Improved Features

  • Additional ADCS property collection

Bug Fixes

  • Resolved issues with hitting KERNELFAULT errors during collection
  • Improved handling and retries for LDAP ServerDown responses, preventing cross-trust collection

 

v2.1.7

New and Improved Features

  • Significant reduction in memory consumption when processing Azure group membership information

Bug Fixes

  • [BHE Only] AzureHound will now properly respect the verbosity setting set in config.json

 

2024-01-23 Release Notes (v5.5.0)

New and Improved Features

  • AD Certificate Services ESC3 Early Access support (Requires latest version of SharpHound)
  • Expanded memory limit for query execution (Including Cypher and Entity Panel queries)
  • Added Group Management tab for reviewing and modifying members of Tier Zero / High Value / Owned
  • Improved performance of AZResetPassword paths
  • The Azure role Partner Tier2 Support is now a default member of Tier Zero / High Value asset groups.
  • [CE Only] Added ability to mark objects as "Owned"

Bug Fixes

  • Container nodes will now properly display an Entity Panel when selected in Explore.
  • The "Affected Objects" section of GPO Entity Panels will no longer display "NaN" when no objects are affected.
  • [BHE Only] Attack Paths table and path view now use the same boundaries for severity highlighting.
  • [BHE Only] The AzureT0MgmtGroupControl finding will no longer appear, and historical records have been removed.
  • [CE Only] Resolved an issue impacting the use of multi-underscore environment variables when running an environment.

v2.3.3 - BHE, v2.3.1 - CE

New and Improved Features

  • Additional support for ADCS collection capabilities.

Bug Fixes

  • Updated logic for collection and reconciliation of ADCS objects.
  • Resolving a SID to a domain will now appropriately utilize cache entries (@uidzeroo).
  • [CE Only] GPO Local Group processing will no longer stop processing on a failed account name resolution (@nurfed1).
  • [CE Only] Updated use of LDAP credentials when collecting domain details to prevent invalid username/password issues (@nurfed1).

 

No new release.

2024-01-10 (v5.4.1)

Bug Fixes

  • Analysis will no longer fail when expected properties do not exist in AD CS objects.
  • Resolved a potential deadlock state for API access of backend databases.
  • Improved accuracy of post-processing of CanRDP edges. This notably impacted BUILTIN\Remote Desktop Users and Domain Controllers.

No new release.

No new release.

2024-01-04 Release Notes (v5.4.0)

New and Improved Features

  • Early access for ADCS Attack Paths!
  • Edge composition support
  • [CE Only] Modified default docker compose example to bind only to localhost for improved security defaults

v2.3.2 - BHE, v2.3.0 - CE

New and Improved Features

  • Support for ADCS collection capabilities

 

No new release.

2023-12-11 (v5.3.1)

Minor database performance improvements for specific scenarios.

No new release.

No new release.

2023-12-05 Release Notes (v5.3.0)

New and Improved Features

  • Added node action right-click menu with set start/end node and copy commands!
  • Improved performance on AZResetPassword edges.
  • Expanded memory available for queries.
  • Disabling MFA on a user will provide a more explicit warning.
  • Saved custom queries are now available in CE as well as BHE.
  • [BHE Only] Collection schedules may now be modified via the text and date/time pickers.

Bug Fixes

  • Container nodes will now show an entity panel.
  • Removed aggressive timeouts on File Ingest uploads.
  • Affected Objects counts on GPO object entity panels should properly report "0" when appropriate.
  • Saved queries created using the API will now properly associate with the creating user.
  • [BHE Only] Selecting a custom range on the Posture page will now highlight "Custom".
  • [CE Only] Resolved an issue with the ingestion of sessions in specific scenarios.
  • [CE Only] Resolved an issue with multi-underscore keys breaking config values.

v2.2.2 - BHE, v2.0.2 - CE

New and Improved Features

  • [CE Only] Added the ability to perform session enumeration as a local admin user (@LuemmelSec, @eversinc33)
  • [BHE Only] Expanded signing of files to aid in AV issues.

Bug Fixes

  • Resolved an issue with collecting and processing special characters.
  • Fixed a cache (de)serialization issue with checking versions.

 

v2.1.6

New and Improved Features

  • Audited and removed additional opportunities for context-lock contention in the future.

 

2023-11-06 Release (v5.2.0 - BHE Only)

New and Improved Features

  • Custom user-saved Cypher queries

Bug Fixes

  • Fixed several inaccurate pre-saved Cypher queries
  • Azure analysis runs will now properly display error messages when they fail
  • Fixed multiple API endpoints and their documentation

No new release.

v2.1.5

Bug Fixes

  • Resolved multiple additional dead-lock resource-exhaustion condition edge cases during collection.

 

2023-10-16 Release notes (v5.1.0)

New and Improved Features

  • Explore page now supports JSON export of currently displayed data.
  • Added additional friendly names to property values in object and edge context panels.
  • Cypher auto-complete will now suggest additional fields.
  • Improved the accuracy of the "Groups with foreign domain group membership" saved query.
  • [BHE Only] Environment Posture endpoint now supports tenant filtering.

Bug Fixes

  • The BloodHound logo should no longer randomly disappear from the top left of the screen.
  • Explore page will no longer crash when specific symbols are typed into the search bar.
  • [BHE Only] Attack Paths with all findings muted will no longer disappear from the Attack Paths list.
  • [CE Only] Environment variables are now correctly pulled to container environments.

v2.2.1 [BHE Only]

New and Improved Features

  • Added LDAPS support and associated configuration options (this was previously available in CE).
  • SharpHound has improved caching performance and will automatically invalidate local cache data on newer versions.
  • Significant collection performance improvements, notably during local group and session enumeration.
  • Added support for modern LAPS collection.
  • Added a configurable timeout setting for port scan timeouts.
  • Added a configurable option for thread concurrency.

Bug Fixes

  • Enterprise Domain Controller group membership will now reconcile properly.

v2.1.3

Bug Fixes

  • Resolved multiple dead-lock resource-exhaustion condition edge cases during collection.
2023-09-20 (v5.0.10)
  • Resolved a uniqueness constraint issue with Tier Zero / High Value Target selectors.

No new release.

No new release.

2023-09-19 Release Notes (v5.0.9)

New and Improved Features

  • Explore tab now supports the ability to search for and highlight specific objects in the canvas.
  • Edge context menus will now display properties associated with the edge.
  • Administrators may now disable end-users' MFA tokens.
  • Users may now manage their API keys.
  • BloodHound will now utilize opportunistic GZip compression for data in transit.
  • [BHE Only] Improved accuracy in exposure calculations.

Bug Fixes

  • [BHE Only] Fixed an issue with the reconciliation of Azure roles.
  • Deconflicted and fixed post-processing of AZOwns and AZOwner edges.
  • Users may, once again, be reverted to username/password login once set to SAML.
  • In specific circumstances, built-in groups (such as Account Operators) would not appear in search results. This has been fixed.
  • Expanded Cypher memory protections to prevent over-aggressive traversals.
  • Resolved an issue where HasSession edges were not always ingested correctly.
  • Full error messages resulting from running queries will once again display properly.

 

No new release.

v2.1.0

New and Improved Features

  • [BHE Only] AzureHound will now compress data in transit when uploading to BloodHound Enterprise.

Bug Fixes

  • Fixed collection of multiple properties and resolved a socket exhaustion issue in collecting specific large environments.
2023-08-31 Release Notes (v5.0.8)

Note: BHE-Only release

Bug Fixes

  • [BHE Only] Resolved an issue in exposure calculation in Attack Paths. This resulted in inaccurately high exposures and severities displayed across Attack Paths in AD and Azure.
  • [BHE Only] Command Execution on Tier Zero VM findings will now properly display information in the Attack Paths panel when present in an environment.

No new release.

No new release.

2023-08-30 Release Notes (v5.0.7)

New and Improved Features

  • Cypher now supports auto-complete and syntax highlighting
  • Administrators can now disable user MFA tokens in case of device loss, etc
  • Improved performance on specific Cypher queries

Bug Fixes

  • Improved handling of timeouts
  • [BHE Only] Resolved an issue with exposure calculation resulting in inaccurate risk measurement
  • [CE Only] Arrows will now consistently appear in the Explore graph despite changing zoom levels

No new release.

v2.0.5

New and Improved Features

  • Additional logging to aid in troubleshooting collection issues.

Bug Fixes

  • Resolved several issues related to handling edge cases during collection.
2023-08-08

New and Improved Features

  • Open-ended Cypher search
  • Edge context menus
  • Pathfinding enhancements
  • Offline collection ingest
  • API Explorer improvements.

Bug Fixes

  • Search no longer includes ADLocalGroup objects
  • Clicking on objects of unknown types no longer crashes the UI
  • Fixed "Try it out" in API Explorer.

No release this week.

No release this week.

2023-06-20

New and Improved Features

  • Performance improvements in Inbound/Outbound Object Control in entity panels.

Bug Fixes

  • Improved accuracy in Inbound/Outbound controls
  • GetChangesInFilteredSet will no longer appear in Pathfinding.
  •  

v2.1.7

New and Improved Features

  • SharpHound will utilize a 60-second timeout for data upload to API.

v2.0.4

New and Improved Features

  • AzureHound will utilize a 60-second timeout for data upload to API.
2023-05-16

New and Improved Features

  • DumpSMSAPassword Attack Path primitive.
  • Expanded password character support.

Bug Fixes

  • Improved path-finding logic in specific scenarios.

v2.1.6

SharpHound v1 End of Life.

New and Improved Features

  • DumpSMSAPassword support.
  • LDAP queries are now split by type.
  • Improved OU structure generation logic for reduced impact on LDAP servers and improved collection times.

Bug Fixes

  • Enhanced exception handling logic to prevent service crashes.

v2.0.3

Bug Fixes

  • AzureHound will now properly back off and retry when hitting session timeouts.

Please check individual release notes to read earlier summaries.

Updated