Skip to main content
ReleaseBloodHoundSharpHoundAzureHound
2026-03-23v8.9.0v2.11.0v2.11.0
Use the filters on the right side of this page to narrow down the updates by component. You can select multiple filters at the same time to refine your results.
BloodHound
Zone Builder
General Availability

Privilege Zones General Availability

The Privilege Zones feature is now generally available in BloodHound, providing a supported workflow for organizing objects by privilege level and monitoring violations of your network tiering model.
BloodHound
OpenGraph
Enhancement

Property-Based Edge Matching for OpenGraph

Link nodes by unique database identifiers or dynamically match them using specific attribute values.New property-based edge matching (match_by: "property") enables hybrid edge creation using cross-system attributes, such as email, username, or hostname.
BloodHound
OpenGraph
Enhancement

Flexible OpenGraph Node Ingestion

BloodHound Enterprise logoUpload nodes and edges in separate OpenGraph data payloads.Previously, BloodHound Enterprise immediately deleted OpenGraph nodes that were not connected by at least one edge during the reconciliation process that runs after ingestion.Now, disconnected nodes are subject to reconciliation and retention settings. This enables more flexible multi-step OpenGraph workflows where you upload nodes and edges in separate data payloads, without the risk of losing data after ingestion.
BloodHound
OpenGraph
Breaking Change

objectid is Now a Reserved Node Property

OpenGraph payloads that include objectid in a node’s properties object will now fail upload validation.
To keep node identity unambiguous for property-based endpoint matching workflows, objectid is now reserved and may not be defined in a node’s properties object.The root-level id field already serves as the unique identifier for every node. BloodHound automatically maps this value to objectid internally upon ingestion. Remove any objectid keys from your node properties objects and rely solely on the root-level id field.
BloodHound
Explore
Enhancement

Search Component Styling Consistency

Switch between the Search, Pathfinding, and Cypher tabs on the Explore page without layout shifts.Tabs now maintain a fixed width to prevent layout shifting and keep controls and content in a stable position while you work.
A GIF showing a user switching between Search, Pathfinding, and Cypher tabs without layout shift
BloodHound
Explore
Enhancement

Table Layout Scrollbar Visibility

Review overflowing results in the table layout graph visualization more reliably.Scrollbars now remain visible when content overflows, so you can clearly see when more items are available in the list and keep track of your scroll position.
A view of the table layout highlighting visible scrollbars when content overflows
AzureHound
Data Collection
New Feature

Azure Federated Identity Credentials

Map trust relationships from external identity providers to Azure App Registrations with new nodes and edges representing Federated Identity Credentials (FICs).An FIC is a trust configuration on an App Registration that allows an external identity provider to authenticate without a password or certificate. You can follow this trust path to the related Service Principal through AZRunsAs to understand downstream impact.AzureHound now collects FICs from Azure and adds two new graph elements in BloodHound:
  • AZFederatedIdentityCredential node: Represents each FIC as an object with properties such as audiences, issuer, and subject.
    A screenshot of the AZFederatedIdentityCredential node object properties in the BloodHound entity panel
  • AZAuthenticatesTo edge: Connects each FIC node to its associated App Registration so you can map trust relationships from external identity providers.
    A screenshot of the AZAuthenticatesTo edge in the BloodHound entity panel
SharpHound
Data Collection
Enhancement

Improved Logging for NTLM Collection

Troubleshoot NTLM collection failures faster with detailed per-machine status logging.SharpHound now reports the outcome of each WMI and Remote Registry operation attempt directly in your service and run logs, eliminating guesswork about which machines rejected collection and why.
  • Per-attempt status events: Registry operations now emit status events for each collection attempt, immediately visible in SharpHound’s service and run logs
  • Strategy visibility: Logs now expose which collection strategy (WMI or Remote Registry) succeeded for each machine
  • Enhanced error details: Failure messages include inner exception information for better troubleshooting
  • Port-scan optimization: Immediate success status is reported when port scanning is skipped
BloodHound
Fixed Issues

Cypher

  • Resolved an issue where changing or deleting saved query names did not render immediately without refreshing the page.
  • Resolved an issue on PostgreSQL backends where using Cypher colon syntax for multi-label node matching behaved with OR semantics instead of the expected AND semantics (for example, MATCH (n:User:Tag_Tier_Zero) RETURN n).

Zone Builder

  • Resolved an issue where saving an empty object ID-based rule returned an incorrect Cypher-related error message.
  • Resolved an issue where filter options on the Certifications page were not styled consistently with other filter components.
  • Resolved an issue where object icons appeared unevenly spaced in the Zone and Label Details View.
  • Resolved an issue where upgrade prompt text on the Zones page could wrap poorly in constrained layouts.
  • Resolved multiple styling inconsistencies across spacing, borders, shadows, and overflow behavior.

Posture

BloodHound Enterprise logo
  • Resolved an issue where custom time range selector labels on the Posture page had low contrast in dark mode.
  • Resolved an issue where sorting columns in the Attack Paths table on the Posture page could sort the wrong column.
  • Resolved an issue where the tooltip for the Change column in the Attack Paths table on the Posture page did not appear on hover.

Attack Paths

BloodHound Enterprise logo Resolved an issue where the tenant status indicator could overflow the panel on smaller viewports.
AzureHound
Fixed Issues
Resolved an issue where the azurehound.exe Enterprise collector was missing key Windows file properties, including product version metadata, which made it difficult for administrators to identify deployed binaries.
SharpHound
Fixed Issues
Resolved an issue where AIACA objects with empty cACertificate values (for example, {0}) could be skipped during collection.BloodHound Enterprise logo Resolved an issue where DAG group data for some machines could be dropped during post-processing, causing Large Default Groups with RDP Access findings to incorrectly include Citrix systems even when the Citrix RDP Support flag was enabled.