Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion docs/docs.json
Original file line number Diff line number Diff line change
Expand Up @@ -894,14 +894,15 @@
"group": "Release Notes",
"pages": [
"resources/release-notes/summary",
"resources/release-notes/2026-07-07",
"resources/release-notes/2026-06-17",
"resources/release-notes/2026-05-28",
{
"group": "Archive",
"pages": [
{
"group": "2026",
"pages": [
"resources/release-notes/2026-05-28",
"resources/release-notes/2026-05-06",
"resources/release-notes/2026-04-13",
"resources/release-notes/2026-03-23",
Expand Down
2 changes: 1 addition & 1 deletion docs/manage-bloodhound/auth/users-and-roles.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -69,5 +69,5 @@ For OpenGraph extensions, BloodHound separates read and write permissions. Users
| Run collector client on-demand scan \[BHE\] | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | - | - | - | - |
| Add, modify, and remove a collector client \[BHE\] | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | - | - | - | - |
| Regenerate collector client credentials \[BHE\] | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | - | - | - | - |
| File Ingest | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | - | - | - | <Icon icon="square-check" iconType="solid" color="#22c55e"/> |
| File Ingest | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | - | - | <Icon icon="square-check" iconType="solid" color="#22c55e"/> |

154 changes: 154 additions & 0 deletions docs/resources/release-notes/2026-07-07.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
---
title: 2026-07-07 Release Notes
description: Learn about new features, enhancements, and fixed issues in BloodHound.
sidebarTitle: "2026-07-07"
---

| | | | | |
| --- | --- | --- | --- | --- |
| **Release** | **BloodHound** | **OpenHound** | **SharpHound** | **AzureHound** |
| 2026-07-07 | v9.4.0 | v0.2.11 | No release | No release |

<Tip>
Use the filters on the right side of this page to narrow down the updates by component. You can select multiple filters at the same time to refine your results.
</Tip>

<Update label="BloodHound" description="New Feature" tags={["API"]}>
{/*BED-8608, BED-8609*/}
## Graph ID Lookup APIs

@jeff-matthews jeff-matthews Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR for supporting docs: #332


Retrieve details for specific OpenGraph nodes and relationships by their graph-assigned integer IDs.

BloodHound now exposes the following experimental OpenGraph API endpoints:

- [`GET /api/v2/nodes/{node_id}`](/reference/opengraph-experimental/get-node-by-graph-node-id)
- [`GET /api/v2/relationships/{relationship_id}`](/reference/opengraph-experimental/get-relationship-by-graph-relationship-id)
</Update>

<Update label="BloodHound" description="Enhancement" tags={["Administration"]}>
{/*BED-8518, BED-8519, BED-8588*/}
## Auditor Role Access Improvements

Allow auditors to review **File Ingest** activity and **SSO Configuration** details.

Auditors can now access these administration views in a read-only state while actions, such as uploading files or creating providers, remain restricted to [roles](/manage-bloodhound/auth/users-and-roles) with write access.
</Update>

<Update label="BloodHound" description="Enhancement" tags={["Administration"]}>
{/*BED-8189*/}
## Updated Default Admin Email Address

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR for supporting docs: #303


Use a more appropriate default admin email address in BloodHound Community configuration and example files.

BloodHound Community now uses `admin@example.com` instead of `spam@example.com` for the [`default_admin.email_address`](/manage-bloodhound/bh-config#default_admin-email_address) configuration property and related examples.

<Warning>
Existing workflows that still rely on the previous email address for initial login may need to be updated.
</Warning>
</Update>

<Update label="OpenHound" description="Enhancement" tags={["Data Collection"]}>
{/*BED-8777, BED-8747, BED-8746, BED-8744, BED-8693*/}
## More Resilient OpenHound Operations

Keep long-running OpenHound jobs alive, identify deployed client versions more easily, and troubleshoot failures with clearer logs.

OpenHound now:

- Continues checking in during active collections to reduce unintended job timeouts
- Continues collection more often when single-object errors occur
- Handles deferred pipeline failures more consistently
- Reports its version to BloodHound for visibility on the **Manage Clients** page
- Uses human-readable plain-text [log format](/openhound/configuration#log-format) by default for file and stdout output, while keeping structured JSON as an opt-in format
</Update>

<Update label="BloodHound" description="Enhancement" tags={["Zone Builder"]}>
{/*BED-8303, BED-7739, BED-8520*/}
## Privilege Zone Rule Authoring Improvements

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR for supporting docs: #336


Build and validate Privilege Zone [rules](/analyze-data/privilege-zones/rules) with less rework when you switch rule types or refine Cypher-based rules.

BloodHound now:

- Preserves rule state when you switch between Cypher and Object ID rule types
- Prompts you to rerun Cypher when the query changes
- Warns you with a confirmation dialog before saving a Cypher-based rule that returns no results

<Note>
This helps when you expect a rule to return results after future data collection or changes in your environment.
</Note>
Comment thread
coderabbitai[bot] marked this conversation as resolved.
</Update>

<Update label="BloodHound" description="Enhancement" tags={["Accessibility"]}>
{/*BED-7222, BED-7215, BED-7212, BED-8290*/}
## Accessibility Improvements

Navigate BloodHound with clearer focus states, more consistent semantic structure, and better screen-reader labeling across key workflows.

This release improves accessible names and labels in administration forms, strengthens visible keyboard focus behavior, and refines headings and page structure to better support assistive technologies.
</Update>

<Update label="BloodHound" description="Enhancement" tags={["Cypher"]}>
{/*BI-1814*/}
## Higher Memory Limits for Cypher Queries
Comment thread
jeff-matthews marked this conversation as resolved.

<img src="/assets/enterprise-edition-pill-tag.svg" alt="BloodHound Enterprise logo" style={{ width: "25%" }}/>

Run more complex Cypher queries in BloodHound Enterprise and return larger **Entity Panel** sections than were previously supported.
</Update>

<Update label="BloodHound" description="Enhancement" tags={["Zone Builder"]}>
{/*BED-8276, BED-8781*/}
## Variable Analysis Mode

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR for supporting docs: #335


<img src="/assets/enterprise-edition-pill-tag.svg" alt="BloodHound Enterprise logo" style={{ width: "25%" }}/>

See Privilege Zone updates reflected in your graph faster.

When you enable [Variable Analysis Mode](/analyze-data/findings/analysis#variable-analysis-mode) on the **Early Access** page, BloodHound Enterprise can skip post-processing after Privilege Zone changes and re-run only the analysis stages needed to update tagged objects and findings.

This reduces the time it takes for updated zone definitions and related findings to appear in the graph.
</Update>

<Update label="BloodHound" tags={["Fixed Issues"]}>
## Analysis

{/*BED-5572*/} Resolved an issue where multi-forest environments that consolidated ADCS into one forest could produce false-positive ADCS ESC attack path edges when a **Computer** node belonged to a different forest than the **Enterprise CA**.

## API

- {/*BED-8136*/} Resolved an issue where the [`GET /api/v2/datapipe/status`](/reference/datapipe/get-datapipe-status) endpoint did not reliably update `last_analysis_run_at` and did not expose the scheduled-analysis timestamps needed to track analysis cadence.
- {/*BED-4867*/} Resolved an issue where the [`related_entity_type`](/reference/azure-entities/get-azure-entity#parameter-related-entity-type) parameter on the **Get Azure entity** endpoint could respond too slowly for descendant objects of large **AZTenant** nodes and degrade the user experience in the UI.

## Explore

- {/*BED-7040*/} Resolved an issue where saved query imports could fail for JSON files that used UTF-8 BOM encoding, including files packaged in ZIP archives.
- {/*BED-7883*/} Resolved an issue where Cypher equality comparisons could fail for values that contained special characters.

## OpenGraph

- {/*BED-8656*/} Resolved an issue where dragging a file onto the **Quick Upload** dialog on the **OpenGraph Management** page could open the wrong dialog.
- {/*BED-8642*/} Resolved an issue where nodes with colons in their names could disappear from the **Search** and **Pathfinding** fields.
- {/*BED-8570*/} Resolved an issue where the OpenGraph extension deletion dialog accepted only one character at a time, preventing confirmation.
- {/*BED-8310*/} Resolved an issue where the Privilege Zone object details panel failed to load OpenGraph node data for rule-matched objects.

## UI

- {/*BED-8754*/} Resolved focus-state inconsistencies on dropdown menus that could make active controls harder to distinguish.
- {/*BED-8390*/} Resolved an issue where parts of the **Posture** page used browser localization settings inconsistently.

## Findings

<img src="/assets/enterprise-edition-pill-tag.svg" alt="BloodHound Enterprise logo" style={{ width: "25%" }}/>

{/*BED-8114*/} Resolved an issue where individual attack paths and their finding counts could appear on the **Posture** page but not on the **Attack Paths** page.
</Update>

<Update label="OpenHound" tags={["Fixed Issues"]}>
- {/*BED-8783*/} Resolved an issue where a stub `GH_Organization` node could overwrite a fully collected organization and incorrectly mark it as not collected.
- {/*BED-8687*/} Resolved an issue that could cause GitHub collections to fail during normalization.
- {/*BED-8689*/} Resolved issues that made large GitHub collections more likely to stall or fail when GitHub API rate limits were exhausted.
- {/*BED-8768, BED-8729, BED-8688*/} Resolved multiple Jamf collector failures involving preprocessing, database lookups, and ingest behavior.
- {/*BED-8692*/} Resolved an issue that could cause Okta and GitHub collections to fail in Kubernetes-based deployments.
- {/*BED-8855*/} Resolved an issue where OpenHound did not respect the default setting that disables anonymous telemetry data.
</Update>
34 changes: 34 additions & 0 deletions docs/resources/release-notes/summary.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,40 @@ SpecterOps is heading to Black Hat USA 2026 with training courses, technical bri

We're excited to share that SO-CON talks are now available [online](https://ghst.ly/SOCON26YT). We've also published the presentation slide decks in a public [GitHub repository](https://github.com/SpecterOps/presentations/tree/main/SO-CON%202026).

## 2026-07-07

| | | | | |
| --- | --- | --- | --- | --- |
| **Release** | **BloodHound** | **OpenHound** | **SharpHound** | **AzureHound** |
| 2026-07-07 | v9.4.0 | v0.2.11 | No release | No release |

This release opens more administration workflows to auditors in read-only mode, and improves OpenHound collection resilience. Key highlights include:

- **OpenHound**: Keep long-running jobs alive, identify deployed client versions more easily, and troubleshoot failures with clearer logs.
- **Cypher**: Run more complex Cypher queries in BloodHound Enterprise and return larger **Entity Panel** sections than were previously supported.

### <Icon icon="sparkles" /> New Features

| Component | Update | Summary |
| --- | --- | --- |
| API | [Graph ID Lookup APIs](/resources/release-notes/2026-07-07#graph-id-lookup-apis) | Retrieve nodes and relationships by graph-assigned integer IDs for targeted automation and investigation. |

### <Icon icon="check-circle" /> Enhancements

| Component | Update | Summary |
| --- | --- | --- |
| Administration | [Auditor Role Access Improvements](/resources/release-notes/2026-07-07#auditor-role-access-improvements) | Auditors may now review **File Ingest** activity and **SSO Configuration** details. |
| Administration | [Updated Default Admin Email Address](/resources/release-notes/2026-07-07#updated-default-admin-email-address) | BloodHound Community now uses `admin@example.com` instead of `spam@example.com` in configuration and example files. |
| Data Collection | [More Resilient OpenHound Operations](/resources/release-notes/2026-07-07#more-resilient-openhound-operations) | Keep OpenHound jobs alive longer, surface installed versions in BloodHound, and improve logging and failure handling. |
| Cypher (Enterprise) | [Higher Memory Limits for Cypher Queries](/resources/release-notes/2026-07-07#higher-memory-limits-for-cypher-queries) | BloodHound Enterprise now uses a higher memory limit for Cypher queries. |
| Zone Builder | [Privilege Zone Rule Authoring Improvements](/resources/release-notes/2026-07-07#privilege-zone-rule-authoring-improvements) | Preserve rule state across rule types and warn before saving Cypher-based rules that return no results. |
| Zone Builder | [Variable Analysis Mode](/resources/release-notes/2026-07-07#variable-analysis-mode) | Skip post-processing after Privilege Zone changes so updated zone definitions and related findings appear faster in the graph. |
| Accessibility | [Accessibility Improvements](/resources/release-notes/2026-07-07#accessibility-improvements) | Navigate key workflows with clearer focus states, semantic structure, and screen-reader labels. |

### <Icon icon="wrench" /> Fixed Issues

See the [release notes](/resources/release-notes/2026-07-07#bloodhound-8) for a full list of fixed issues in this release.

## 2026-06-17

| | | | | |
Expand Down
Loading