Release Notes
Release Notes Summary
Release Notes
Release Notes Summary
This article contains an overview of all release note summaries. Check out individual release notes for details.
| Release | BloodHound | SharpHound | AzureHound |
| 2025-04-04 Release Notes (v7.2.2) | Bug Fixes * Reverted a fix to string coalesce operations for Cypher on PostgreSQL graph backend databases which caused unintended performance issues. * NTLM Relay edges will now be properly recreated during post-processing. | No new release. | No new release. |
| 2025-04-03 Release Notes (v7.2.1) | New and Improved Features * Added the “Composition” accordion to CoerceandRelayNTLMtoSMB edges to aid defenders in remediation. * Renamed “Relay Targets” to “Coercion Targets” edge accordion on CoerceandRelayNTLMtoSMB to more accurately describe the contained objects. Bug Fixes * Resolved an issue where “Composition,” “Relay Targets,” or “Coercion Targets” accordions would fail immediately in very large environments. * Note: CoerceandRelayNTLMtoLDAP and CoerceandRelayNTLMtoLDAPs post-processing was fixed in v7.2.0, apologies for the missed release note. * Performance improvements on shortestpath and allshortestpathqueries in Cypher on PostgreSQL graph database backends.* Fixed a bug when converting an EnterpriseCA node with an HTTP Enrollment Endpoint. | SharpHound (v2.6.1) New and Improved Features * Added support for properly filtering NTLM relay edges for members of the Protected Users group. Bug Fixes * SMB Signing requirements will now be reported correctly | No new release. |
| 2025-03-25 Release Notes (v7.2.0) | New and Improved Features * [CE Only] Deep-linking Early Access! (Coming to BHE next release) * Added early access support for an additional NTLM relay Attack Path primitive, ADCS. * New BloodHound documentation portal. * Performance improvements for Pathfinding and Cypher searches with PostgreSQL backend graph databases. * Added support for ACEs on EnterpriseCA objects. * Updated finding and entity panel texts for NTLM relay paths. Bug Fixes * Administrators may no longer delete themselves. | No new release. | No new release. |
| 2025-03-17 (v7.1.1) | No new release. | SharpHound (v2.6.1) Bug Fixes * Resolved an issue causing SharpHound to hang during the collection of SMB relay information | No new release. |
| 2024-11-20 (v6.2.2) | Bug Fixes * Fixed an excessive resource utilization issue during post-processing. * After migrating a user to login via SSO, their old password will be invalidated immediately. | No new release. | No new release. |
| 2024-11-15 (v6.2.1) | Bug Fixes * Reverted the Azure post-processing changes due to excessive resource utilization. | No new release. | No new release. |
| 2024-11-14 Release Notes (v6.2.0) | New and Improved Features * Added multiple pre-saved Cypher queries regarding objects marked “Owned.” * Added the “Map OU structure” pre-saved query, previously available in BloodHound Legacy. * Updated the “Kerberoastable Users” pre-saved cypher query to properly filter out disabled objects, MSAs, GMSAs, and the KRBTGT object. * Updated all pre-saved Cypher queries to use consistent quotation marks for easier use in API integrations. * Clicking the “Login via SSO” button will automatically redirect if only a single SSO provider is configured. * Updated the permissions for the “Upload only” role to align more accurately with what the name implies. This role will no longer be able to modify asset group membership or trigger analysis runs. * Renamed the “RemoteInteractiveLoginPrivilege” edge to “RemoveInteractiveLogonRight” to match the Microsoft naming schema. * Improved performance of EntraID post-processing. Bug Fixes * Logins via SAML will now correctly appear in the Audit log. * Corrected several property type errors in data coming from SharpHound. * [CE Only] Docker Compose health check will now work with a modified Neo4J web port set (Thank you, @yannis-srl, for your contribution!). * [BHE Only] SyncedToEntraUser, SyncedToADUser, ADCSESC9b, and ExtendedByPolicy edges will now reconcile properly. | No new release. | No new release. |
| 2024-10-22 Release Notes (v6.1.0) | No new features or fixes. | SharpHound v2.5.11 - BHE, v2.5.8 - CE New and Improved Features * Migrated ACL hashing functionality to utilize SHA1 to support environments that enforce FIPS-compliant algorithms. Bug Fixes * Fixed collection of LAPS edges in both legacy and modern systems. | No new release. |
| 2024-09-30 Release Notes (v6.0.0) | New and Improved Features * Dark mode is now generally available! * Introducing optional support for Citrix Direct Access Users group in CanRDP logic! * [BHE Only] Reconciliation timelines are now configurable! * Improved logic for identifying and creating complex edges requiring multiple permissions (including ADCS ESC, DCSync, etc.) when Authenticated Users@ or Everyone@ groups are involved. * Improved accuracy on ADCS ESC9 and ESC10 processing logic * CanRDP edges will now appropriately appear from Computer objects with permission to RDP to another computer. * Provided additional abuse information to ADCSESC9b, ADCSESC10b, GenericAll, GenericWrite, Contains, Owns, WriteDacl, AllExtendedWrites, and WriteOwner Attack Path primitives. * Support for .zip file uploads that include UTFBOM markings within contained JSON files has been added. Bug Fixes * Resolved an intermittent issue with the parallelization of ADCS post-processing. * Applying multiple filter predicates to an API query will no longer throw an error. * Admin Audit log API endpoints now correctly support the “skip” query parameter. * The Cypher query window will no longer extend beyond the end of the browser. * [BHE Only] Resolved some duplicate collection issues related to highly available deployments. | SharpHound (v2.5.10 - BHE) Bug Fixes * [BHE Only] Resolved several installation issues for specific scenarios. | No new release. |
| 2024-09-19 (v5.15.1) | No changes. | SharpHound (v2.5.9 - BHE, v2.5.7 - CE) Bug Fixes * Resolved an issue with enumerating domain objects where password rotation is not enforced. * Improved collection performance related to the collection of ACEs with unresolvable SIDs. | No new release. |
| 2024-09-10 Release Notes (v5.15.0) | New and Improved Features * New Attack Path: WriteGPLink (Thank you, @q-roland, for your contribution! Requires SharpHound v2.5.6+). * Added 22 additional AD properties, including information about authentication, passwords, and extra domain/trust information with supporting saved queries (Requires SharpHound v2.5.6+). * Added support for GenericWrite Attack Paths targetting OUs and Domain objects (Thank you, @q-roland, for your contribution! Requires SharpHound v2.5.6+). * Updated ESC6a logic to no longer require weak certificate mapping after confirming that it no longer prevents the escalation. * OUs that contain Tier Zero / High Value objects will now be automatically tagged as Tier Zero objects, too. * ESC6/9/10 analysis logic will now include domain controllers from child domains as well. * Added a Login URL property to Entra Users to show the user’s SSO URL. * Removed all “CanAbuse” non-transitive edges from the graph schema and updated ESC logic accordingly. * [CE Only] Owned objects will now show an associated glyph icon in Explore (Thank you, @palt, for your contribution!). Bug Fixes * Fixed abuse info on multiple Attack Paths that grant the ability to abuse LAPS settings. * Improved JSON error handling for file uploads. * File uploads should no longer get stuck on “Analyzing.” * [BHE Only] Fixed an issue where specific collection jobs would trigger twice. * [BHE Only] Attack Path titles may now easily be copied again. | SharpHound (v2.5.8 - BHE, v2.5.6 - CE) New and Improved Features * Complete re-write of LDAP connection and collection logic, resulting in improved consistency and performance. * Add support for the collection of 22 additional properties and for GenericWrite Attack Paths targeting OU and Domain objects. * [BHE Only] Moved auth.json and settings.json to the service user’s APPDATA directory. Bug Fixes * [BHE Only] Resolved several cross-trust collection issues. | AzureHound (v2.2.1) New and Improved Features * Reduced default number of concurrent connections opened with Entra/Azure APIs (Thank you, @olafhartong, for your support in identifying the cause of these issues) * Added several optional performance-tuning settings * Reduced volume of data output by pruning empty or unnecessary fields (Thank you, @malacupa, for your support in identifying the cause of these issues) * [BHE Only] Reduced default batch size for upload of data to BloodHound Enterprise |
| 2024-08-20 Release Notes (v5.14.0) | New and Improved Features * Added support for ADCS certificate chains crossing AIA Certificate Authorities * Improved logic across all included cypher queries for improved performance * Clarified the “blocksinheritance” property on OUs is specific to GPO inheritance * Users without administrative privileges will no longer see Group Management actions in right-click context menus * Added support for ingesting JSON files which include UTFBOM encoding Bug Fixes * Improved visibility of several buttons and elements in dark mode * Added abuse information for the GPLink edge * Fixed the count of objects displayed in the Group Management page | Note: We are working on a new version of SharpHound that has improved performance and reliability when querying data via LDAP. If you would like to test that version, please get in touch with your TAM. | No new release. |
| 2024-08-06 Release Notes (v5.13.1) | Bug Fixes * Resolved an issue where hybrid paths were not created when the AD object did not have a known object type during path creation. * The 2FA login screen will no longer return to the username/password screen if the browser window is unselected before completing the login flow. * [BHE Only] Resolved a race condition during analysis in highly-available deployments | Note: We have reverted the available SharpHound build to v2.4.1 while we address issues identified in v2.5.4. | No new release. |
| 2024-08-01 Release Notes (v5.13.0) | New and Improved Features * New Attack Paths: Entra-AD User Syncing * Improved analysis performance - DCSync * Added visibility of the current API version to the My Profile page * [Early Access] BloodHound dark mode Bug Fixes * Resolved an issue that resulted in objects having multiple types after import to BloodHound (A collection will be required to reintroduce appropriate object types on affected principals) * File ingest will now show partial errors on upload * Hovering errors in the Cypher query editor will no longer overflow the viewable area * Negative numbers will now compare properly in Cypher * Fixed a logic issue on composition panels for ESC3, 4, and 6 for multi-tier PKI environments * Updated logic for EnrollOnBehalfOf to utilize the proper EKU property * Improved error handling in specific circumstances on file ingest * [BHE Only] Resolved an issue with collectors improperly incrementing job counts | SharpHound (v2.5.4 - BHE, v2.5.4 - CE) Note: SharpHound’s LDAP libraries have undergone a complete rewrite to improve stability and resolve issues. This will resolve issues that are not explicitly captured in these release notes. We will continue to iterate as we find more issues. Please work with your TAM if you have any questions about upgrading. New and Improved Features * Improved logic for identifying and querying available DCs (when a DC is not specified) * Reduced reliance on paged LDAP queries for improved LDAP query performance * Introduced a connection pool for improved LDAP query performance * Improved fallback and retry logic for LDAP ServerDown message * Computer availability for Local Group and Session collection will now be based on the last logon instead of the last password rotation * Improved logging levels and message outputs Bug Fixes * [BHE Only] Resolved an issue where allowing LDAPS connections would only attempt connections on the LDAPS-specified port * [CE Only] Improved handling of control characters using the “collectallproperties” flag to resolve ingestion issues | No new release. |
| 2024-07-17 Release Notes (v5.12.0) | New and Improved Features * [BHE Only] Visual overhaul of the Attack Paths view * Added documentation hints to all administrative pages * Improved analysis performance - SyncLAPSPassword * Example Azure data is now available Bug Fixes * Improved resolution of AzApp object names * Reverted a change in Azure ingest that was resulting in inconsistent results in BloodHound | No new release. | No new release. |
| 2024-06-17 Release Notes (v5.11.0) | New and Improved Features * Password changes will now require validation of your current password to complete * Updated pre-defined queries and added a hygiene section * [BHE Only] Azure findings have been collapsed based on path type only, aligning with Active Directory finding types * [BHE Only_]_ Clicking “Explore” on a finding will now automatically display the entity panel for the associated edge * [BHE Only] Findings documentation is now served by a proper API endpoint Bug Fixes * Azure principals with scoped Application Administrator or scoped Cloud App Admin role assignments will no longer receive a AzHasRole edge to the AzRole nodes. These nodes are only used for Tenant-scoped role assignments. * Group Management view will now properly display members of custom groups * Resolved several erroneous timeout issues * Corrected inaccurate use of CONTAINS verb in several pre-defined queries * Updated example abuse commands on several ADCS escalation paths * Corrected specific certificate template names on entity panels * [BHE Only] Fixed several bugs in Azure finding logic | No new release. | No new release. |
| 2024-05-28 Release Notes (v5.10.0) | New and Improved Features * Improved Cypher quality controls to prevent failure and errors * Example Active Directory data now available * [BHE Only] Updated reference links for all Attack Path findings * [CE Only_]_ Enable graph mutation via Cypher Bug Fixes * Entity panels will now appear regardless of the object type selected * [CE Only] Added missing package caches for offline builds | No new release. | No new release. |
| 2024-05-09 Release Notes (v5.9.0) | New and Improved Features * Support for ADCS ESC 13 (Requires SharpHound v2.4.1+) * Added support for GenericWrite edges to ADCS node types * Improved performance of AZAddSecret paths Bug Fixes * DCSync edges will no longer be filtered out from Tier Zero / High-Value principals * ADCS ESC 1 edges will now generate properly across multiple domains regardless of domain collection status * Several fixes to Edge Composition responses * [BHE Only] Collection schedules should now consistently display their scheduled start time * [BHE Only] Finished Jobs Log pagination controls no longer scroll * [BHE Only] Improved fallback logic for the Attack Paths page in the event of an unexpected failure * [CE Only_]_ Modifying the default_admin fields will now properly reflect in a newly created environment | SharpHound (v2.4.1 - BHE, v2.4.1 - CE) New and Improved Features * Collection support for Issuance Policy Nodes * Improved identification logic for Contains edges * Added support for specific obsolete Trust type values Bug Fixes * Resolved several issues related to cross-trust collections | AzureHound (v2.1.9) New and Improved Features * Added backoff/retry logic to several calls for improved stability and resiliency Bug Fixes * AZAppAdmin and AZCloudAppAdmin edges will now properly link to the AzApps they target |
| 2024-04-15 Release Notes (v5.8.1) | New and Improved Features * Improved status messaging for the File Ingest Log * Added additional node-type statistics to Data Quality * [BHE Only] Improved performance for collection schedules for extremely large environments Bug Fixes * [BHE Only] DcFor edges will no longer appear in the Attack Path tree view * Resolved multiple vulnerabilities identified across the product | v2.3.10 - BHE, v2.3.3 - CE Bug Fixes * [BHE Only] Resolved an issue where the SharpHound service would restart in specific scenarios. | No new release. |
| Please check individual release notes to read earlier summaries. |