Release Notes
Release Notes Summary
Release Notes
Release Notes Summary
This article contains an overview of all release note summaries. Check out individual release notes for details.
| Release | BloodHound | SharpHound | AzureHound |
| 2025-04-04 (v7.3.1) | Bug Fixes * Updated logic in query translation to resolve an excessive CPU-consumption issue during queries. | No new release. | No new release. |
| 2025-04-22 (v7.3.0) | BloodHound (v7.3.0) New and Improved Features * Deep-linking Early Access for all BloodHound! * NTLM relay is generally available. * [BHE Only] Introducing a new Collector Downloads page! Bug Fixes * Resolved latent false positives related to CoerceAndRelayNTLMtoSMB (this fix will require recollecting SMB data). * [CE Only] GPOLocalGroup ingestion has been fixed (Huge thank you to @martanne!). * Resolved an ingestion issue with AD trusts inaccurately setting the trust attributes to “0”. | SharpHound (v2.6.5) New and Improved Features * GenericAll, WriteDacl, or WriteOwner edges now validate ObjectType (aceType) settings for creating edges, reducing false positives. * ADCSESCx edges now requires an enabled Computer with a HostCAService edge to the EnterpriseCA, reducing false positives for when the CA host has been decommissioned. * SharpHound will no longer attempt to resolve objects with a domain of ”.” to improve collection performance. Bug Fixes * HostsCAService edges will now generate as a result of CertServices collections. * Resolved an issue where timezone offsets would occasionally be applied twice on object creation timestamps. * [CE Only] SMB information will no longer be collected in DCOnly collections. | AzureHound (v2.3.1) This release utilizes an updated signing certificate for BloodHound Enterprise customers. It does not contain any functional modifications. |
| 2025-04-08 (v7.2.4 - CE Only) | Bug Fixes * [CE Only] Republishing container with SharpHound v2.6.2 included. | No new release. | No new release. |
| 2025-04-04 (v7.2.2) | Bug Fixes * Reverted a fix to string coalesce operations for Cypher on PostgreSQL graph backend databases which caused unintended performance issues. * NTLM Relay edges will now be properly recreated during post-processing. | No new release. | No new release. |
| 2025-04-03 (v7.2.1) | New and Improved Features * Added the “Composition” accordion to CoerceandRelayNTLMtoSMB edges to aid defenders in remediation. * Renamed “Relay Targets” to “Coercion Targets” edge accordion on CoerceandRelayNTLMtoSMB to more accurately describe the contained objects. Bug Fixes * Resolved an issue where “Composition,” “Relay Targets,” or “Coercion Targets” accordions would fail immediately in very large environments. * Note: CoerceandRelayNTLMtoLDAP and CoerceandRelayNTLMtoLDAPs post-processing was fixed in v7.2.0, apologies for the missed release note. * Performance improvements on shortestpath and allshortestpathqueries in Cypher on PostgreSQL graph database backends.* Fixed a bug when converting an EnterpriseCA node with an HTTP Enrollment Endpoint. | SharpHound (v2.6.1) New and Improved Features * Added support for properly filtering NTLM relay edges for members of the Protected Users group. Bug Fixes * SMB Signing requirements will now be reported correctly | No new release. |
| 2025-03-25 (v7.2.0) | New and Improved Features * [CE Only] Deep-linking Early Access! (Coming to BHE next release) * Added early access support for an additional NTLM relay Attack Path primitive, ADCS. * New BloodHound documentation portal. * Performance improvements for Pathfinding and Cypher searches with PostgreSQL backend graph databases. * Added support for ACEs on EnterpriseCA objects. * Updated finding and entity panel texts for NTLM relay paths. Bug Fixes * Administrators may no longer delete themselves. | No new release. | No new release. |
| 2025-03-17 (v7.1.1) | No new release. | SharpHound (v2.6.1) Bug Fixes * Resolved an issue causing SharpHound to hang during the collection of SMB relay information | No new release. |
| 2025-03-06 (v7.1.0) | New and Improved Features * Early access for NTLM relay Attack Path primitives! (Requires SharpHound upgrade, enabling functionality) * Rewrite of Owns/WriteOwner Attack Path primitives for improved accuracy (Requires SharpHound upgrade) * Added support for collecting last login time for BloodHound users via the API * BloodHound user email addresses are now uniquely enforced * Added support for ingesting empty local group objects (better support for Citrix RDP processing) * Improved logic for post-processing edges across domains, specifically related to special groups (Authenticated Users, etc) within ADCS * Added support for just-in-time role assignments by IDP on every login via SSO * [BHE Only] Added the ability to sort the findings chart on the Posture page by Severity and Finding Count columns * [BHE Only] The default Administration page has been set to “Manage Clients” * Removed visibility of several Admin-only buttons from Read Only users. * [CE Only] Added support for recreating a default Admin user via environment variable Bug Fixes *Text will no longer overflow buttons on the Explore page * Resolved several Cypher syntax errors for customers running on PostgreSQL graph databases * [BHE Only] Opening Remediation plans in a new tab will now correctly include all UI elements | SharpHound (v2.6.0) New and Improved Features * Added support for NTLM relay Attack Path primitives! * Updated support for Owns/WriteOwner Attack Path primitives. * [BHE Only] SharpHound Enterprise will no longer update setting.json during collection runs with the current job information. | AzureHound (v2.3.0) New and Improved Features * AzureHound now supports Managed Identities for authentication! |
| 2025-02-18 (CE: v7.0.1, BHE: v7.0.2) | New and Improved Features * [BHE Only] General availability of the Improved Analysis Algorithm Bug Fixes * Fixed several issues with Cypher for environments running on PostgreSQL graph databases. * [CE Only] Resolved an issue that resulted in CE deployments defaulting to PostgreSQL use for the graph database. | SharpHound (v2.5.15) Bug Fixes * SharpHound will once again collect deleted objects | No new release. |
| 2025-02-05 (v7.0.0) | New and Improved Features * New vertical navigation! * [BHE Only] Improved analysis algorithm performance improvements and general availability. * [BHE Only] Added support for viewing all environments by type to the Posture page. * [BHE Only] New “Attack Paths” metric on the Posture page to track remediation progress. * [BHE Only] Improved CSV export functionality for all findings. * [BHE Only] Increased visibility to the number of findings created and resolved on the Posture page. Bug Fixes * [BHE Only] Resolved multiple issues resulting in inaccurate “Timed Out” statuses in the Finished Jobs Log. * Added support for most multi-part cypher queries for customers running with a PostgreSQL backend. * Fixed an issue preventing the migration of users from one SSO provider to another * Updated all pre-saved queries to exclude gMSAs and MSAs from Kerberoastable users consistently. *Updated GPO Inheritance tracking for OUs to ensure consistency between Affected OUs on GPO objects and Affecting GPOs on OU objects. | No new release. | No new release. |
| 2025-01-21 (v6.4.1) | New and Improved Features * Added support for Entra ID login flows for OIDC. * [BHE Only] Improved performance for Improved Analysis Algorithm execution. Bug Fixes * Fixed type mismatches in default Kerberoastable users queries. | No new release. | No new release. |
| 2025-01-14 (v6.4.0) | New and Improved Features * Just-in-time user provisioning and role assertion via Single Sign-On (SSO). * SSO providers are now updateable. * Added “Download SAML SP Certificate” to SSO configuration windows to improve the ability to utilize certificate pinning or encrypted assertions. * Administrators may no longer modify their own accounts. * Removed Performance Log Users, DNSAdmins, and Distributed COM Users from default Tier Zero / High Value. * [BHE Only] Enabled Improved Analysis Algorithm by default on all environments that have not manually disabled it. * [BHE Only] Improved finding sort order on the Attack Paths page. * [BHE Only] Multiple consistency improvements on the updated Posture page. Bug Fixes * The Foreign Members accordion on Domain entity panels should now load correctly. * Fixed the Reader count for AZKeyVault objects. * Fixed abuse info data for AllExtendedRights and ReadLAPSPassword edges. * [BHE Only] Resolved an issue that prevented ingesting AzureHound data via file upload. | SharpHound (v2.5.13) New and Improved Features * SharpHound will no longer attempt to connect to the same domain multiple times after a failure, improving performance under specific circumstances. | No new release. |
| 2025-01-07 (v6.3.4) | New and Improved Features * Improved Cypher type-checking and error reporting when running a query. Bug Fixes * [BHE Only] Resolved an issue preventing the Attack Paths page from rendering data. * Resolved several issues with running Cypher statements for environments on PostgreSQL backend database. | No new release | No new release |
| 2024-12-23 (v6.3.2 - BHE only) | Bug Fixes * [BHE Only] Resolved an issue in the improved analysis algorithm that resulted in inconsistent measurements between analysis runs. | No new release. | No new release. |
| 2024-12-19 (v6.3.1) | New and Improved Features * [BHE Only] Performance and coverage enhancements within the Improved analysis algorithm. Bug Fixes * [BHE Only] Tenants running on the improved analysis algorithm should see consistent findings and counts between Attack Paths and Posture pages. * Resolved several Cypher errors for environments running on PostgreSQL backends. | No new release. | No new release. |
| 2024-12-09 (v6.3.0) | New and Improved Features * [BHE Only] Completely new Posture page! * [BHE Only] Early access opportunity: Improved analysis algorithm! * Hide node/edge label toggle makes a comeback (Thank you @palt for your contribution!) * New CoerceToTGT edge type (with replacement for the UnconstrainedDelegation findings for BHE users) * Added AdminSDHolder, Distributed COM Users group, Performance Log Users group, and DnsAdmins group to default Tier Zero / High Value members. * Introducing OIDC support for Single Sign-On (SSO) * Environments configured with a single SSO provider will automatically redirect when clicking the “Login via SSO” button. * [BHE Only] Updated wording on the “Accept” dialog for accuracy. * Improved consistency when creating the Enterprise Domain Controllers group (Requires SharpHound upgrade). Bug Fixes * As you scroll, long lists on entity panels will no longer shift their highlights. * File uploads should no longer get stuck on “Running.” * Resolved an issue with the logic on the “Kerberoastable users with most privileges” pre-saved Cypher query. | SharpHound v2.5.12 - BHE, v2.5.9 - CE New and Improved Features * Improved consistency when creating the Enterprise Domain Controllers group. * Improved logic to prevent errors during group membership collection from impacting the entire data collection. Bug Fixes *Corrected data types of several collected properties. | No new release. |
| 2024-11-20 (v6.2.2) | Bug Fixes * Fixed an excessive resource utilization issue during post-processing. * After migrating a user to login via SSO, their old password will be invalidated immediately. | No new release. | No new release. |
| 2024-11-15 (v6.2.1) | Bug Fixes * Reverted the Azure post-processing changes due to excessive resource utilization. | No new release. | No new release. |
| 2024-11-14 (v6.2.0) | New and Improved Features * Added multiple pre-saved Cypher queries regarding objects marked “Owned.” * Added the “Map OU structure” pre-saved query, previously available in BloodHound Legacy. * Updated the “Kerberoastable Users” pre-saved cypher query to properly filter out disabled objects, MSAs, GMSAs, and the KRBTGT object. * Updated all pre-saved Cypher queries to use consistent quotation marks for easier use in API integrations. * Clicking the “Login via SSO” button will automatically redirect if only a single SSO provider is configured. * Updated the permissions for the “Upload only” role to align more accurately with what the name implies. This role will no longer be able to modify asset group membership or trigger analysis runs. * Renamed the “RemoteInteractiveLoginPrivilege” edge to “RemoveInteractiveLogonRight” to match the Microsoft naming schema. * Improved performance of EntraID post-processing. Bug Fixes * Logins via SAML will now correctly appear in the Audit log. * Corrected several property type errors in data coming from SharpHound. * [CE Only] Docker Compose health check will now work with a modified Neo4J web port set (Thank you, @yannis-srl, for your contribution!). * [BHE Only] SyncedToEntraUser, SyncedToADUser, ADCSESC9b, and ExtendedByPolicy edges will now reconcile properly. | No new release. | No new release. |
| 2024-10-22 (v6.1.0) | No new features or fixes. | SharpHound v2.5.11 - BHE, v2.5.8 - CE New and Improved Features * Migrated ACL hashing functionality to utilize SHA1 to support environments that enforce FIPS-compliant algorithms. Bug Fixes * Fixed collection of LAPS edges in both legacy and modern systems. | No new release. |
| 2024-09-30 (v6.0.0) | New and Improved Features * Dark mode is now generally available! * Introducing optional support for Citrix Direct Access Users group in CanRDP logic! * [BHE Only] Reconciliation timelines are now configurable! * Improved logic for identifying and creating complex edges requiring multiple permissions (including ADCS ESC, DCSync, etc.) when Authenticated Users@ or Everyone@ groups are involved. * Improved accuracy on ADCS ESC9 and ESC10 processing logic * CanRDP edges will now appropriately appear from Computer objects with permission to RDP to another computer. * Provided additional abuse information to ADCSESC9b, ADCSESC10b, GenericAll, GenericWrite, Contains, Owns, WriteDacl, AllExtendedWrites, and WriteOwner Attack Path primitives. * Support for .zip file uploads that include UTFBOM markings within contained JSON files has been added. Bug Fixes * Resolved an intermittent issue with the parallelization of ADCS post-processing. * Applying multiple filter predicates to an API query will no longer throw an error. * Admin Audit log API endpoints now correctly support the “skip” query parameter. * The Cypher query window will no longer extend beyond the end of the browser. * [BHE Only] Resolved some duplicate collection issues related to highly available deployments. | SharpHound (v2.5.10 - BHE) Bug Fixes * [BHE Only] Resolved several installation issues for specific scenarios. | No new release. |
| 2024-09-19 (v5.15.1) | No changes. | SharpHound (v2.5.9 - BHE, v2.5.7 - CE) Bug Fixes * Resolved an issue with enumerating domain objects where password rotation is not enforced. * Improved collection performance related to the collection of ACEs with unresolvable SIDs. | No new release. |
| 2024-09-10 (v5.15.0) | New and Improved Features * New Attack Path: WriteGPLink (Thank you, @q-roland, for your contribution! Requires SharpHound v2.5.6+). * Added 22 additional AD properties, including information about authentication, passwords, and extra domain/trust information with supporting saved queries (Requires SharpHound v2.5.6+). * Added support for GenericWrite Attack Paths targetting OUs and Domain objects (Thank you, @q-roland, for your contribution! Requires SharpHound v2.5.6+). * Updated ESC6a logic to no longer require weak certificate mapping after confirming that it no longer prevents the escalation. * OUs that contain Tier Zero / High Value objects will now be automatically tagged as Tier Zero objects, too. * ESC6/9/10 analysis logic will now include domain controllers from child domains as well. * Added a Login URL property to Entra Users to show the user’s SSO URL. * Removed all “CanAbuse” non-transitive edges from the graph schema and updated ESC logic accordingly. * [CE Only] Owned objects will now show an associated glyph icon in Explore (Thank you, @palt, for your contribution!). Bug Fixes * Fixed abuse info on multiple Attack Paths that grant the ability to abuse LAPS settings. * Improved JSON error handling for file uploads. * File uploads should no longer get stuck on “Analyzing.” * [BHE Only] Fixed an issue where specific collection jobs would trigger twice. * [BHE Only] Attack Path titles may now easily be copied again. | SharpHound (v2.5.8 - BHE, v2.5.6 - CE) New and Improved Features * Complete re-write of LDAP connection and collection logic, resulting in improved consistency and performance. * Add support for the collection of 22 additional properties and for GenericWrite Attack Paths targeting OU and Domain objects. * [BHE Only] Moved auth.json and settings.json to the service user’s APPDATA directory. Bug Fixes * [BHE Only] Resolved several cross-trust collection issues. | AzureHound (v2.2.1) New and Improved Features * Reduced default number of concurrent connections opened with Entra/Azure APIs (Thank you, @olafhartong, for your support in identifying the cause of these issues) * Added several optional performance-tuning settings * Reduced volume of data output by pruning empty or unnecessary fields (Thank you, @malacupa, for your support in identifying the cause of these issues) * [BHE Only] Reduced default batch size for upload of data to BloodHound Enterprise |
| 2024-08-20 (v5.14.0) | New and Improved Features * Added support for ADCS certificate chains crossing AIA Certificate Authorities * Improved logic across all included cypher queries for improved performance * Clarified the “blocksinheritance” property on OUs is specific to GPO inheritance * Users without administrative privileges will no longer see Group Management actions in right-click context menus * Added support for ingesting JSON files which include UTFBOM encoding Bug Fixes * Improved visibility of several buttons and elements in dark mode * Added abuse information for the GPLink edge * Fixed the count of objects displayed in the Group Management page | Note: We are working on a new version of SharpHound that has improved performance and reliability when querying data via LDAP. If you would like to test that version, please get in touch with your TAM. | No new release. |
| 2024-08-06 (v5.13.1) | Bug Fixes * Resolved an issue where hybrid paths were not created when the AD object did not have a known object type during path creation. * The 2FA login screen will no longer return to the username/password screen if the browser window is unselected before completing the login flow. * [BHE Only] Resolved a race condition during analysis in highly-available deployments | Note: We have reverted the available SharpHound build to v2.4.1 while we address issues identified in v2.5.4. | No new release. |
| 2024-08-01 (v5.13.0) | New and Improved Features * New Attack Paths: Entra-AD User Syncing * Improved analysis performance - DCSync * Added visibility of the current API version to the My Profile page * [Early Access] BloodHound dark mode Bug Fixes * Resolved an issue that resulted in objects having multiple types after import to BloodHound (A collection will be required to reintroduce appropriate object types on affected principals) * File ingest will now show partial errors on upload * Hovering errors in the Cypher query editor will no longer overflow the viewable area * Negative numbers will now compare properly in Cypher * Fixed a logic issue on composition panels for ESC3, 4, and 6 for multi-tier PKI environments * Updated logic for EnrollOnBehalfOf to utilize the proper EKU property * Improved error handling in specific circumstances on file ingest * [BHE Only] Resolved an issue with collectors improperly incrementing job counts | SharpHound (v2.5.4 - BHE, v2.5.4 - CE) Note: SharpHound’s LDAP libraries have undergone a complete rewrite to improve stability and resolve issues. This will resolve issues that are not explicitly captured in these release notes. We will continue to iterate as we find more issues. Please work with your TAM if you have any questions about upgrading. New and Improved Features * Improved logic for identifying and querying available DCs (when a DC is not specified) * Reduced reliance on paged LDAP queries for improved LDAP query performance * Introduced a connection pool for improved LDAP query performance * Improved fallback and retry logic for LDAP ServerDown message * Computer availability for Local Group and Session collection will now be based on the last logon instead of the last password rotation * Improved logging levels and message outputs Bug Fixes * [BHE Only] Resolved an issue where allowing LDAPS connections would only attempt connections on the LDAPS-specified port * [CE Only] Improved handling of control characters using the “collectallproperties” flag to resolve ingestion issues | No new release. |
| 2024-07-17 (v5.12.0) | New and Improved Features * [BHE Only] Visual overhaul of the Attack Paths view * Added documentation hints to all administrative pages * Improved analysis performance - SyncLAPSPassword * Example Azure data is now available Bug Fixes * Improved resolution of AzApp object names * Reverted a change in Azure ingest that was resulting in inconsistent results in BloodHound | No new release. | No new release. |
| 2024-06-17 (v5.11.0) | New and Improved Features * Password changes will now require validation of your current password to complete * Updated pre-defined queries and added a hygiene section * [BHE Only] Azure findings have been collapsed based on path type only, aligning with Active Directory finding types * [BHE Only_]_ Clicking “Explore” on a finding will now automatically display the entity panel for the associated edge * [BHE Only] Findings documentation is now served by a proper API endpoint Bug Fixes * Azure principals with scoped Application Administrator or scoped Cloud App Admin role assignments will no longer receive a AzHasRole edge to the AzRole nodes. These nodes are only used for Tenant-scoped role assignments. * Group Management view will now properly display members of custom groups * Resolved several erroneous timeout issues * Corrected inaccurate use of CONTAINS verb in several pre-defined queries * Updated example abuse commands on several ADCS escalation paths * Corrected specific certificate template names on entity panels * [BHE Only] Fixed several bugs in Azure finding logic | No new release. | No new release. |
| 2024-05-28 (v5.10.0) | New and Improved Features * Improved Cypher quality controls to prevent failure and errors * Example Active Directory data now available * [BHE Only] Updated reference links for all Attack Path findings * [CE Only_]_ Enable graph mutation via Cypher Bug Fixes * Entity panels will now appear regardless of the object type selected * [CE Only] Added missing package caches for offline builds | No new release. | No new release. |
| 2024-05-09 (v5.9.0) | New and Improved Features * Support for ADCS ESC 13 (Requires SharpHound v2.4.1+) * Added support for GenericWrite edges to ADCS node types * Improved performance of AZAddSecret paths Bug Fixes * DCSync edges will no longer be filtered out from Tier Zero / High-Value principals * ADCS ESC 1 edges will now generate properly across multiple domains regardless of domain collection status * Several fixes to Edge Composition responses * [BHE Only] Collection schedules should now consistently display their scheduled start time * [BHE Only] Finished Jobs Log pagination controls no longer scroll * [BHE Only] Improved fallback logic for the Attack Paths page in the event of an unexpected failure * [CE Only_]_ Modifying the default_admin fields will now properly reflect in a newly created environment | SharpHound (v2.4.1 - BHE, v2.4.1 - CE) New and Improved Features * Collection support for Issuance Policy Nodes * Improved identification logic for Contains edges * Added support for specific obsolete Trust type values Bug Fixes * Resolved several issues related to cross-trust collections | AzureHound (v2.1.9) New and Improved Features * Added backoff/retry logic to several calls for improved stability and resiliency Bug Fixes * AZAppAdmin and AZCloudAppAdmin edges will now properly link to the AzApps they target |
| 2024-04-15 (v5.8.1) | New and Improved Features * Improved status messaging for the File Ingest Log * Added additional node-type statistics to Data Quality * [BHE Only] Improved performance for collection schedules for extremely large environments Bug Fixes * [BHE Only] DcFor edges will no longer appear in the Attack Path tree view * Resolved multiple vulnerabilities identified across the product | v2.3.10 - BHE, v2.3.3 - CE Bug Fixes * [BHE Only] Resolved an issue where the SharpHound service would restart in specific scenarios. | No new release. |
| Please check individual release notes to read earlier summaries. |