> ## Documentation Index > Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt > Use this file to discover all available pages before exploring further. # 2026-04-13 Release Notes > Learn about new features, enhancements, and fixed issues in BloodHound. | | | | | | | ----------- | -------------- | ------------- | -------------- | -------------- | | **Release** | **BloodHound** | **OpenHound** | **SharpHound** | **AzureHound** | | 2026-04-13 | v9.0.0 | v0.1.0 | v2.12.0 | v2.12.0 | Use the filters on the right side of this page to narrow down the updates by component. You can select multiple filters at the same time to refine your results. ## OpenHound Data Collector Framework Collect and convert data from GitHub, Jamf, and Okta with [OpenHound](/openhound/overview), a standardized framework for building and running OpenGraph collectors and converters. OpenHound is built in Python and powered by the [Data Load Tool (DLT)](https://dlthub.com/docs/intro) library so you can follow a consistent workflow to collect, process, and convert data from external sources into BloodHound-compatible graphs. You can run OpenHound as a containerized service or as a standalone CLI application. ## OpenGraph Extension Management Use the new [OpenGraph Management](/opengraph/extensions/manage) page to upload, view, update, and delete OpenGraph extensions so you can manage structured graph support. OpenGraph extensions define the schema for your custom graph data, including node and edge types, icons, properties, and relationships, so ingestion stays consistent and predictable. This release also exposes experimental OpenGraph Management APIs so you can evaluate and automate extension workflows: | Method | Endpoint | Description | | -------- | --------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | | `GET` | [/api/v2/extensions](/reference/opengraph-experimental/list-opengraph-extensions-information) | Get a list of all OpenGraph extensions. | | `PUT` | [/api/v2/extensions](/reference/opengraph-experimental/upserts-the-opengraph-extension) | Upserts the OpenGraph extension. | | `DELETE` | [/api/v2/extensions/\{extension\_id}](/reference/opengraph-experimental/delete-opengraph-extension) | Delete an OpenGraph extension. | | `GET` | [/api/v2/extension-edges](/reference/opengraph-experimental/list-edge-kinds) | Get a list of all edge kinds across OpenGraph schemas. | {/*BED-7651*/} ## OpenGraph Findings

This release integrates OpenGraph data into analysis, metrics, and findings reporting. OpenGraph extensions now have explicit support for platform-specific findings (and remediation guidance) beyond Active Directory and Entra ID. Support for findings provides a more comprehensive picture of your organization's risks and vulnerabilities with a cross-platform view that will continue to cover more systems. It provides more visibility into issues, and empowers you to strengthen your security posture with confidence in ways that haven't been possible before. This is a SpecterOps-managed feature. If it is not enabled in your environment, contact your account team for assistance. ## Environment Targeted Access Control

Configure access control policies in BloodHound Enterprise with [Environment Targeted Access Control (ETAC)](/manage-bloodhound/auth/environment-targeted-access-control), a new premium add-on that dynamically limits environment access for **User** and **Read-only** roles. ETAC allows you to scope user access by environment, restricting which environments users can explore and analyze. This is especially useful in large, complex environments where users only need access to a specific subset of environments to perform their work. This is a SpecterOps-managed feature. If it is not enabled in your environment, contact your account team for assistance. ## SharpHound Integrated Windows Authentication

Authenticate SharpHound Enterprise with Active Directory Federation Services (ADFS) using Integrated Windows Authentication (IWA). This release adds an [IWA-based authentication](/install-data-collector/install-sharphound/configure-adfs-iwa) path for SharpHound Enterprise deployments that rely on ADFS for Windows-based authentication workflows. {/*BED-7523*/} ## Graph Readability Improvements Explore graphs with improved node labels, clearer directional arrows, and more intuitive selection behavior: * Node labels now display below nodes and include a second line identifying the source platform and type (for example, *Active Directory | Group*). Long labels are truncated with an ellipsis and show the full text on selection. * Edges now feature higher-contrast directional arrows that connect directly to nodes instead of node labels, making it easier to follow relationship paths at default zoom levels. * The Entity panel now closes when clicking on the graph background to clear selection, giving you more space to explore the graph without manually closing the panel. Screenshot of graph readability improvements, including updated node labels and directional arrows

Screenshot of graph readability improvements, including updated node labels and directional arrows

{/*BED-7000*/} ## Table View Column Organization Work through table data faster with better control over column layout. This release adds stronger column organization options for table-heavy analysis tasks. You can now drag-and-drop columns to reorder them. By default, the Node Type and Name columns are pinned. Moving an unpinned column into a group of pinned columns pins it. Similarly, moving a pinned column out of a pinned group unpins it. You can manage pinned columns and reset column order and size from the **Columns** menu. An animated view showing the column organization options in the table view, including drag-and-drop reordering

An animated view showing the column organization options in the table view, including drag-and-drop reordering

## Improved Graph Export Filenames Export graph data with more useful filenames to avoid repeated `bh-graph.json` collisions in your local filesystem. Exported graph files now include a timestamp in the filename to make it easier to manage multiple exports without manually renaming files. For example: ```txt theme={null} bh-graph-2026-04-07_13-27-14.json ``` ## Navigation Sidebar Modernization Use a more predictable navigation experience with improved expand and collapse behavior in the primary sidebar. The updated navigation sidebar defaults to expanded for new users, supports persistent collapse state, and improves discoverability of menu items and submenus. Animated view of the updated navigation sidebar with improved expand and collapse behavior

Animated view of the updated navigation sidebar with improved expand and collapse behavior

{/*BED-7710*/} ## Azure Hybrid Post-Processing and Data Hygiene Keep hybrid Azure and Active Directory (AD) relationship data cleaner with less unnecessary graph churn during post-processing. This release optimizes role-assignment processing and stops creating placeholder AD objects during Azure ingest and hybrid post-processing so relationships are only created when both Azure and AD context is available. This significantly improves analysis time for tenants with large Azure environments. ## OpenGraph Node Type Filtering in Search Filter search results by node type to find relevant OpenGraph data faster. This enhancement adds support for [node type filtering](/analyze-data/explore/search#filter-by-node-type) for OpenGraph nodes. ## HasSession Edge Deletion Refresh time-sensitive session data without clearing the entire graph by deleting only **HasSession** edges from the database. This enhancement adds a dedicated **HasSession** checkbox to the **Database Management** page so you can remove stale session relationships before recollecting updated session data. Screenshot of the HasSession edge deletion checkbox on the Database Management page

Screenshot of the HasSession edge deletion checkbox on the Database Management page

{/*BED-5690*/} ## Accessibility Improvements Navigate BloodHound more effectively with assistive technologies through clearer component naming and better non-text content labeling across the interface. This accessibility work strengthens screen reader compatibility by improving role, state, and value semantics and adding or refining labels for visual UI elements. ## Certification Selection Behavior

Certify objects in Privilege Zones with clearer list selection behavior that stays aligned with the object details panel. Clicking either a row or a checkbox now opens that object's details in the object details panel. When multiple checkboxes are selected, the most recently checked object takes focus until you select a row; unchecking an item does not clear the current focused object. Selections persist through page refresh, but navigating away from the page and back will reset selection to the default state with no objects selected. Animated view of the updated Privilege Zone certification selection behavior, showing checkbox-driven focus and persistence through page refresh

Animated view of the updated Privilege Zone certification selection behavior, showing checkbox-driven focus and persistence through page refresh

## Posture Metric Abbreviation

Analyze posture metrics with more precise counts. This release expands how many digits are shown before rounding for key metrics on the [Posture](/analyze-data/posture-page) page, so changes in large environments are easier to track. Posture metrics now show up to five digits before abbreviating values. * This applies to the **Count** and **Change** columns in the **Attack Paths** table, and **Attack Paths**, **Findings**, and **Tier Zero Objects** counts in the **Attack Path Summary** panel. * After values exceed five digits, BloodHound abbreviates values using standard rounding with compact suffixes (for example, `xxxK`, `y.yyyM`, and `z.zzzB`). Screenshot showing the increased metric precision on the Posture page, including examples of abbreviated values with compact suffixes

Screenshot showing the increased metric precision on the Posture page, including examples of abbreviated values with compact suffixes

## Custom Range Validation

Analyze posture trends with more reliable custom date/time range behavior. This release adds stricter validation for [Custom Range](/analyze-data/posture-page#custom-range) selections to prevent future end times that could cause confusion and inconsistent chart behavior. The time picker disables future hour selections when the end date is set to today, and manual future end time entries are blocked with an inline validation error. Screenshot showing the custom range validation improvements, including disabled future hour selections and inline validation error for manual future end time entries

Screenshot showing the custom range validation improvements, including disabled future hour selections and inline validation error for manual future end time entries

## API and Auth * {/*BED-7652*/} Resolved an issue where fuzzy search on `GET /api/v2/clients` did not consistently apply across `name`, `hostname`, and `configured_user` fields. * {/*BED-7411*/} Expanded auditor access to key collection and administration read endpoints, including completed jobs, events, file uploads, and `bloodhound-users`. This release also introduced a new `CollectionReadJobs` permission and removed an unused application configuration management permission. * {/*BED-7104*/} Strengthened authorization checks for the `/api/v2/tokens` endpoint so low-privileged users cannot enumerate token metadata for other users through filter manipulation. * {/*BED-7628*/} Resolved an issue where the `/api/v2/graphs/edge-composition` endpoint could return duplicate edges in ESC edge composition results. * {/*BED-7731*/} Resolved an issue where the **API Explorer** did not correctly validate operator-prefixed values for query parameters, such as `eq` and `neq`. ## Cypher and Explore * {/*BED-7860*/} Resolved an issue where pressing the space bar in the Cypher query editor on the **Explore** page caused unexpected behavior. * {/*BED-7038*/} Resolved an issue where the Cypher autocomplete dropdown on the **Explore** page rendered in the wrong position and may not be visible. * {/*BED-6500*/} Resolved an issue where several prebuilt "Shortest paths..." **Saved Queries** queries could hit the default query timeout and fail without returning a graceful timeout response. * {/*BED-7469*/} Resolved an issue where Cypher queries on PostgreSQL using multi-hop graph traversals with variable-length path patterns (for example, `*1..`) could fail, particularly for edges with traversal limits. * {/*BED-7054*/} Resolved an issue where `OPTIONAL MATCH` clauses could be translated without a valid prior query frame, causing some Cypher queries to return incorrect results. ## OpenGraph {/*BED-7747*/} Resolved an issue causing excessive memory use during ingestion of large OpenGraph data payloads. ## Privilege Zones and Posture * {/*BED-7716*/} Resolved an issue where long Privilege Zone rule names without spaces could overflow and stretch layout containers. * {/*BED-7755*/} Resolved an issue preventing **Affected Objects** accordions for GPO objects from expanding on the **Zone Builder** page. * {/*BED-7757*/} Resolved an issue where Large Default Group findings could appear incorrectly under the Tier Zero filter on the **Posture** page. * {/*BED-7634, BED-7664*/} Resolved an issue where AzureHound filtered `AZResourceGroupUserAccessAdmin` results by the **Owner** role instead of the **User Access Administrator** role, causing incorrect `AZUserAccessAdministrator` edges on `AZResourceGroup` nodes. * {/*BED-5023*/} Resolved an issue where `AZContributor` edges were not collected for Management Groups, Resource Groups, and Subscriptions, causing contributor role assignments to be absent from the graph for these resource types.