diff --git a/docs/docs.json b/docs/docs.json
index 7aa1d9f3..e32dc21c 100644
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -430,67 +430,87 @@
{
"group": "Release Notes",
"pages": [
- "resources/release-notes/overview",
"resources/release-notes/summary",
- "resources/release-notes/v8-4-0",
- "resources/release-notes/v8-3-0",
- "resources/release-notes/v8-2-0",
- "resources/release-notes/v8-1-0",
- "resources/release-notes/v8-0-0",
- "resources/release-notes/v7-6-0",
- "resources/release-notes/v7-5-0",
- "resources/release-notes/v7-4-1",
- "resources/release-notes/v7-4-0",
- "resources/release-notes/v7-3-0",
- "resources/release-notes/v7-2-1",
- "resources/release-notes/v7-2-0",
- "resources/release-notes/v7-1-0",
- "resources/release-notes/v7-0-0",
- "resources/release-notes/v6-4-0",
+ "resources/release-notes/2026-01-21",
{
"group": "Archive",
"pages": [
- "resources/release-notes/2024-12-09-v6-3-0",
- "resources/release-notes/2024-11-14-v6-2-0",
- "resources/release-notes/2024-10-22-v6-1-0",
- "resources/release-notes/2024-09-30-v6-0-0",
- "resources/release-notes/2024-09-10-v5-15-0",
- "resources/release-notes/2024-08-20-v5-14-0",
- "resources/release-notes/2024-08-06-v5-13-1",
- "resources/release-notes/2024-08-01-v5-13-0",
- "resources/release-notes/2024-07-17-v5-12-0",
- "resources/release-notes/2024-06-17-v5-11-0",
- "resources/release-notes/2024-05-28-v5-10-0",
- "resources/release-notes/2024-05-09-v5-9-0",
- "resources/release-notes/2024-04-15-v5-8-1",
- "resources/release-notes/2024-03-27-v5-8-0",
- "resources/release-notes/2024-03-04-v5-7-0",
- "resources/release-notes/2024-02-14-v5-6-0",
- "resources/release-notes/2024-01-23-v5-5-0",
- "resources/release-notes/2024-01-04-v5-4-0",
- "resources/release-notes/2023-12-05-v5-3-0",
- "resources/release-notes/2023-11-06-v5-2-0",
- "resources/release-notes/2023-10-16-v5-1-0",
- "resources/release-notes/2023-09-19-v5-0-9",
- "resources/release-notes/2023-08-31-v5-0-8",
- "resources/release-notes/2023-08-30-v5-0-7",
- "resources/release-notes/2023-08-08",
- "resources/release-notes/2023-06-20",
- "resources/release-notes/2023-05-16",
- "resources/release-notes/2023-04-25",
- "resources/release-notes/2023-04-13",
- "resources/release-notes/2023-03-27",
- "resources/release-notes/2023-03-06",
- "resources/release-notes/2023-02-21",
- "resources/release-notes/2023-02-07",
- "resources/release-notes/2023-01-31",
- "resources/release-notes/2023-01-18",
- "resources/release-notes/2022-12-19",
- "resources/release-notes/2022-12-13",
- "resources/release-notes/2022-11-21",
- "resources/release-notes/2022-11-03",
- "resources/release-notes/2022-10-24",
- "resources/release-notes/2022-10-11"
+ {
+ "group": "2025",
+ "pages": [
+ "resources/release-notes/v8-4-0",
+ "resources/release-notes/v8-3-0",
+ "resources/release-notes/v8-2-0",
+ "resources/release-notes/v8-1-0",
+ "resources/release-notes/v8-0-0",
+ "resources/release-notes/v7-6-0",
+ "resources/release-notes/v7-5-0",
+ "resources/release-notes/v7-4-1",
+ "resources/release-notes/v7-4-0",
+ "resources/release-notes/v7-3-0",
+ "resources/release-notes/v7-2-1",
+ "resources/release-notes/v7-2-0",
+ "resources/release-notes/v7-1-0",
+ "resources/release-notes/v7-0-0",
+ "resources/release-notes/v6-4-0"
+ ]
+ },
+ {
+ "group": "2024",
+ "pages": [
+ "resources/release-notes/2024-12-09-v6-3-0",
+ "resources/release-notes/2024-11-14-v6-2-0",
+ "resources/release-notes/2024-10-22-v6-1-0",
+ "resources/release-notes/2024-09-30-v6-0-0",
+ "resources/release-notes/2024-09-10-v5-15-0",
+ "resources/release-notes/2024-08-20-v5-14-0",
+ "resources/release-notes/2024-08-06-v5-13-1",
+ "resources/release-notes/2024-08-01-v5-13-0",
+ "resources/release-notes/2024-07-17-v5-12-0",
+ "resources/release-notes/2024-06-17-v5-11-0",
+ "resources/release-notes/2024-05-28-v5-10-0",
+ "resources/release-notes/2024-05-09-v5-9-0",
+ "resources/release-notes/2024-04-15-v5-8-1",
+ "resources/release-notes/2024-03-27-v5-8-0",
+ "resources/release-notes/2024-03-04-v5-7-0",
+ "resources/release-notes/2024-02-14-v5-6-0",
+ "resources/release-notes/2024-01-23-v5-5-0",
+ "resources/release-notes/2024-01-04-v5-4-0"
+ ]
+ },
+ {
+ "group": "2023",
+ "pages": [
+ "resources/release-notes/2023-12-05-v5-3-0",
+ "resources/release-notes/2023-11-06-v5-2-0",
+ "resources/release-notes/2023-10-16-v5-1-0",
+ "resources/release-notes/2023-09-19-v5-0-9",
+ "resources/release-notes/2023-08-31-v5-0-8",
+ "resources/release-notes/2023-08-30-v5-0-7",
+ "resources/release-notes/2023-08-08",
+ "resources/release-notes/2023-06-20",
+ "resources/release-notes/2023-05-16",
+ "resources/release-notes/2023-04-25",
+ "resources/release-notes/2023-04-13",
+ "resources/release-notes/2023-03-27",
+ "resources/release-notes/2023-03-06",
+ "resources/release-notes/2023-02-21",
+ "resources/release-notes/2023-02-07",
+ "resources/release-notes/2023-01-31",
+ "resources/release-notes/2023-01-18"
+ ]
+ },
+ {
+ "group": "2022",
+ "pages": [
+ "resources/release-notes/2022-12-19",
+ "resources/release-notes/2022-12-13",
+ "resources/release-notes/2022-11-21",
+ "resources/release-notes/2022-11-03",
+ "resources/release-notes/2022-10-24",
+ "resources/release-notes/2022-10-11"
+ ]
+ }
]
}
]
@@ -977,6 +997,11 @@
"anchor": "Blog",
"href": "https://specterops.io/blog/?_gl=1*1qw21rw*_up*MQ..*_ga*NTYxMzY4OTkxLjE3MzMzMDkyNTk.*_ga_53SGLN9EBJ*MTczMzMwOTI1Ny4xLjAuMTczMzMwOTI1Ny4wLjAuMA..",
"icon": "newspaper"
+ },
+ {
+ "anchor": "Release Notes",
+ "href": "https://bloodhound.specterops.io/resources/release-notes/summary",
+ "icon": "notes"
}
]
}
@@ -1082,6 +1107,10 @@
"source": "/integrations/integrations/splunk",
"destination": "/integrations/splunk/install"
},
+ {
+ "source": "/resources/release-notes/overview",
+ "destination": "/resources/release-notes/summary"
+ },
{
"source": "/analyze-data/explore-objects",
"destination": "/analyze-data/explore/search"
diff --git a/docs/images/release_notes/8_5_0/cypher-rules.png b/docs/images/release_notes/8_5_0/cypher-rules.png
new file mode 100644
index 00000000..f2b171d2
Binary files /dev/null and b/docs/images/release_notes/8_5_0/cypher-rules.png differ
diff --git a/docs/images/release_notes/8_5_0/cypher-run-status.gif b/docs/images/release_notes/8_5_0/cypher-run-status.gif
new file mode 100644
index 00000000..e5a6d941
Binary files /dev/null and b/docs/images/release_notes/8_5_0/cypher-run-status.gif differ
diff --git a/docs/images/release_notes/8_5_0/details-panel.gif b/docs/images/release_notes/8_5_0/details-panel.gif
new file mode 100644
index 00000000..12aa0233
Binary files /dev/null and b/docs/images/release_notes/8_5_0/details-panel.gif differ
diff --git a/docs/images/release_notes/8_5_0/direct-expanded-objects.png b/docs/images/release_notes/8_5_0/direct-expanded-objects.png
new file mode 100644
index 00000000..a0542045
Binary files /dev/null and b/docs/images/release_notes/8_5_0/direct-expanded-objects.png differ
diff --git a/docs/images/release_notes/8_5_0/enable-rule.png b/docs/images/release_notes/8_5_0/enable-rule.png
new file mode 100644
index 00000000..5e2f7831
Binary files /dev/null and b/docs/images/release_notes/8_5_0/enable-rule.png differ
diff --git a/docs/images/release_notes/8_5_0/keyboard-shortcuts.png b/docs/images/release_notes/8_5_0/keyboard-shortcuts.png
new file mode 100644
index 00000000..7c0128dd
Binary files /dev/null and b/docs/images/release_notes/8_5_0/keyboard-shortcuts.png differ
diff --git a/docs/images/release_notes/8_5_0/label-dropdown.png b/docs/images/release_notes/8_5_0/label-dropdown.png
new file mode 100644
index 00000000..66562d1a
Binary files /dev/null and b/docs/images/release_notes/8_5_0/label-dropdown.png differ
diff --git a/docs/images/release_notes/8_5_0/rule-categories.png b/docs/images/release_notes/8_5_0/rule-categories.png
new file mode 100644
index 00000000..9a59aaa9
Binary files /dev/null and b/docs/images/release_notes/8_5_0/rule-categories.png differ
diff --git a/docs/images/release_notes/8_5_0/time-picker.png b/docs/images/release_notes/8_5_0/time-picker.png
new file mode 100644
index 00000000..f66e00a0
Binary files /dev/null and b/docs/images/release_notes/8_5_0/time-picker.png differ
diff --git a/docs/images/release_notes/8_5_0/zone-builder.png b/docs/images/release_notes/8_5_0/zone-builder.png
new file mode 100644
index 00000000..99f8320a
Binary files /dev/null and b/docs/images/release_notes/8_5_0/zone-builder.png differ
diff --git a/docs/images/release_notes/8_5_0/zone-form.png b/docs/images/release_notes/8_5_0/zone-form.png
new file mode 100644
index 00000000..ff472b01
Binary files /dev/null and b/docs/images/release_notes/8_5_0/zone-form.png differ
diff --git a/docs/images/release_notes/8_5_0/zone-icon.png b/docs/images/release_notes/8_5_0/zone-icon.png
new file mode 100644
index 00000000..72fb8572
Binary files /dev/null and b/docs/images/release_notes/8_5_0/zone-icon.png differ
diff --git a/docs/resources/overview.mdx b/docs/resources/overview.mdx
index 4da53216..23a095fb 100644
--- a/docs/resources/overview.mdx
+++ b/docs/resources/overview.mdx
@@ -8,5 +8,5 @@ description: Access comprehensive documentation about BloodHound graph component
-
+
\ No newline at end of file
diff --git a/docs/resources/release-notes/2026-01-21.mdx b/docs/resources/release-notes/2026-01-21.mdx
new file mode 100644
index 00000000..f618d71b
--- /dev/null
+++ b/docs/resources/release-notes/2026-01-21.mdx
@@ -0,0 +1,273 @@
+---
+title: 2026-01-21 Release Notes
+description: Learn about new features, enhancements, and fixed issues in BloodHound.
+sidebarTitle: "2026-01-21"
+---
+
+| | | | |
+| --- | --- | --- | --- |
+| **Release** | **BloodHound** | **SharpHound** | **AzureHound** |
+| 2026-01-21 | v8.5.0 | v2.9.0 | v2.8.3 |
+
+Use the filters on the right side of this page to narrow down the updates by component. You can select multiple filters at the same time to refine your results.
+
+
+ {/*BED-5787*/}
+
+ ## Keyboard Shortcuts
+
+ Navigate and interact with BloodHound using keyboard shortcuts.
+
+ BloodHound now includes a variety of [keyboard shortcuts](/manage-bloodhound/bh-shortcuts) to enhance navigation and streamline interactions across the platform.
+
+ These shortcuts allow you to quickly access features, execute commands, and navigate between pages without relying solely on mouse input, improving accessibility and efficiency for power users.
+
+
+ 
+
+
+
+
+ {/*BED-6992*/}
+
+ ## Cypher
+
+ See the progress of Cypher queries with enhanced visual feedback.
+
+ The **Run** button in the [Cypher](/analyze-data/cypher-search) search tab now provides a _Running..._ status that indicates when a query is in progress, improving the overall query execution experience.
+
+ 
+
+
+
+ {/*BED-5719*/}
+
+ ## Custom Date Range Time Input
+
+ Customize time values in posture date range filters.
+
+ The custom date range filter on the [Posture](/analyze-data/posture-page) page now includes a time picker that allows you to specify the exact time when filtering attack paths by date range.
+
+ This resolves an issue where the preset date range options used different times of day than the custom date range, which caused inconsistencies in attack path visibility between preset and custom date ranges.
+
+
+ 
+
+
+
+
+ {/*BED-7030, BED-6924, BED-6844, BED-6846, BED-6845, BED-6841, BED-6836, BED-6385, BED-6387, BED-6627, BED-6517*/}
+
+ ## Privilege Zone Management (Renamed)
+
+ Build and manage privilege zones with the newly renamed **Zone Builder**.
+
+ The **Privilege Zone Management** page has been renamed **Zone Builder** to better reflect its purpose as a tool for [building and managing zones](/analyze-data/privilege-zones/overview) that represent different levels of privilege within your environment.
+
+
+ 
+
+
+ This enhancement includes several layout and navigation improvements, as well as updates to terminology. Keep reading for details!
+
+ ### Zone and Label Dropdown Menus
+
+ The zone and label **Details View** now includes dropdown menus for navigating between different zones and labels, providing a more intuitive and efficient way to explore zone and label details.
+
+ #### Zones
+
+ Enterprise Edition
+
+ The zone dropdown menu in the [Details View](/analyze-data/privilege-zones/zones#detail-view) now uses consistent iconography to improve visual recognition and navigation.
+
+ The (gem) icon represents the default Tier Zero zone. A new zone icon represents all other zones (unless you've applied a custom glyph to the zone configuration).
+
+
+ 
+
+
+ #### Labels
+
+ The label [Details View](/analyze-data/privilege-zones/labels#detail-view) also includes a similar dropdown menu, but does not include icons.
+
+
+ 
+
+
+ ### Rules
+
+ Navigating the zone and label **Details View** is now more intuitive with categories that group rules based on function:
+
+ - **All Rules**: View all rules that apply to the zone or label
+ - **Custom Rules**: View rules that you have created
+ - **Default Rules** (zones only): View [default rules](/analyze-data/privilege-zones/default-rules) that come pre-configured with BloodHound
+ - **Disabled Rules**: View rules that are currently disabled, regardless of whether they are default or custom
+
+ To see objects for disabled rules, you must re-enable the rule.
+
+
+ 
+
+
+ ### Members (Renamed)
+
+ The **Zone Builder** (formerly _Privilege Zone Management_) page and tabs now use the term "objects" instead of "members" to refer to the objects that rules pull into zones and labels.
+
+ This change provides more accurate terminology because "members" can be misleading. Rules can tag both objects that directly match object IDs or Cypher queries _and_ objects that BloodHound tags through [expansion](/analyze-data/privilege-zones/rules#rule-expansion).
+
+ The new term "objects" encompasses both directly matched and expanded objects, providing clearer communication about how rules function and the resulting tagged objects in zones and labels.
+
+ ### Zone and Label Details
+
+ The zone and label **Details View** now displays details in the following tabs:
+
+ - **Zone**: Displayed by default when opening the zone [Details View](/analyze-data/privilege-zones/zones#detail-view). This tab includes name, description, update history, and status.
+ - **Label**: Displayed by default when opening the label [Details View](/analyze-data/privilege-zones/labels#detail-view). This tab includes name, description, and update history.
+ - **Rule**: Displayed after selecting a rule. This tab includes name, description, update history, certification state (for zones), type, status, and Cypher query (if applicable).
+ - **Object**: Displayed after selecting an object. This tab shows the **Entity** panel containing object properties and relationships.
+
+
+ 
+
+
+
+
+
+ {/*BED-6921, BED-6918, BED-6856*/}
+
+ ## Rules Form
+
+ Create and edit rules with enhanced form features and clearer insights.
+
+ The form for creating and editing rules in the Zone Builder now includes several enhancements to improve usability and provide clearer insights into rule configuration and results.
+
+ ### Rule Status
+
+ This is a minor enhancement, but one that provides a concise call-to-action for users [managing rules](/analyze-data/privilege-zones/rules#edit-or-delete-a-rule).
+
+ When enabling or disabling rules, you'll now see **Enable Rule** instead of **Rule Status** with the status on the same line as the toggle.
+
+
+ 
+
+
+ ### Direct and Expanded Objects in Sample Results
+
+ BloodHound now separates direct matches (objects that directly match the rule criteria) from expanded matches (objects that are connected to direct matches based on [expansion](/analyze-data/privilege-zones/rules#rule-expansion)) in the **Sample Results** panel when defining rules.
+
+ This enhancement provides clearer insights into how rules are applied and which objects are being tagged as a result.
+
+
+ 
+
+
+ ### Improved In-Product Guidance for Creating Rules
+
+ BloodHound now provides improved messaging when you [define Cypher-based rules](/analyze-data/privilege-zones/rules#cypher) for zones and labels. If you try to save a Cypher-based rule without first clicking **Update Sample Results**, you'll see a prompt to do so before allowing you to save the rule.
+
+
+ 
+
+
+
+
+ {/*BED-6854, BED-6628*/}
+
+ ## Zone and Label Forms
+
+ Manage zones and labels with an improved form layout and clearer messaging.
+
+ BloodHound now provides improved layout and messaging for managing zones and labels, including the following updates:
+
+ - The **Delete Zone** button has been moved to the top of the form.
+ - A new message at the top of the form specifies the remaining number of zones or labels that you can create and a link to contact sales to increase the limit.
+ - A (lock) icon now appears next to the Tier Zero zone in the **Zone Order** panel to indicate its protected status.
+
+ For zones specifically, the form now also includes the following updates:
+
+ - The **Enable Analysis** option has been moved to the top of the form for better visibility.
+ - The **Require Certification** option has been renamed to **Enable Certification** for consistency across other forms.
+
+
+ 
+
+
+
+
+ {/*BED-6818*/}
+
+ ## Count by Kind for Selectors
+
+ Retrieve member counts by primary kind for asset group tag selectors using a new API endpoint.
+
+ [/api/v2/asset-group-tags/\{asset_group_tag_id}/selectors/\{asset_group_tag_selector_id}/members/counts](/reference/asset-isolation/list-asset-group-tag-selector-member-count-by-kind)
+
+
+
+
+
+ ## Attack Path Analysis
+
+ Enterprise Edition
+
+ {/*BED-5719*/} Resolved an issue causing inconsistent attack path visibility. Previously, the preset _date_ range options on the **Posture** page used different _times of day_ than the **Custom Range** option. A new [time picker](#bloodhound-4) is now available for custom date ranges to resolve this inconsistency.
+
+ ## Explore
+
+ {/*BED-6940*/} Resolved an issue where the search option at the bottom of the **Explore** page on the **Pathfinding** or **Cypher** tabs displayed "unknown" edges in suggested results. Suggested results now return nodes only.
+
+ ## OpenGraph
+
+ {/*BED-6589*/} Resolved an issue where OpenGraph file ingestion reported "All files failed to ingest as JSON Content" when files contained unresolved relationships. The [file upload API](http://localhost:3000/reference/collection-uploads/upload-file-to-job) now properly handles partial failures.
+
+ ## Zone Builder
+
+ - {/*BED-7084*/} Resolved an issue where creating a large number of rules could exceed database connection limits, fail silently, and prevent tagging objects as expected.
+
+ - {/*BED-7083*/} Resolved an issue where object [expansion](/analyze-data/privilege-zones/rules#rule-expansion) in rules fails silently and prevents tagging members as expected.
+
+ - {/*BED-6874*/} Resolved an issue where the **Total Count** (renamed to **Total Objects** this release) on the zone and label **Details View** displayed inaccurate object totals when filtering between domains.
+
+ - {/*BED-6458*/} Enterprise Edition Resolved an issue where the **Tier Zero Exposure** value in the domain filter on the **Attack Paths** and **Posture** pages displayed the same percentage across all zones, preventing an accurate assessment of exposure metrics for individual zones.
+
+ - {/*BED-6931*/} Enterprise Edition Resolved an issue on the **Certifications** page where clicking **Certify** or **Revoke** without first selecting an object displayed the **Add Note** modal. The buttons are now deactivated until you select an object.
+
+ - {/*BED-7150*/}Enterprise Edition Resolved an issue where analysis failed on Cypher-based rules. Rules now properly ignore edges and select nodes only.
+
+
diff --git a/docs/resources/release-notes/overview.mdx b/docs/resources/release-notes/overview.mdx
deleted file mode 100644
index 7fd79bda..00000000
--- a/docs/resources/release-notes/overview.mdx
+++ /dev/null
@@ -1,11 +0,0 @@
----
-title: BloodHound Release Notes
-description: Stay informed about new features, enhancements, bug fixes, and known issues for each BloodHound release.
-mode: wide
-sidebarTitle: Overview
----
-
-
-
-
-
diff --git a/docs/resources/release-notes/summary.mdx b/docs/resources/release-notes/summary.mdx
index 1fc6a855..2393c654 100644
--- a/docs/resources/release-notes/summary.mdx
+++ b/docs/resources/release-notes/summary.mdx
@@ -1,61 +1,38 @@
---
-title: Release Notes Summary
-description: This article contains an overview of all release note summaries. Check out individual release notes for details.
-mode: wide
+title: Release Summary
+description: Stay informed about new features, enhancements, fixed issues for each BloodHound release.
+sidebarTitle: Summary
---
-| | | | |
-| --- | --- | --- | --- |
-| **Release** | **BloodHound** | **SharpHound** | **AzureHound** |
-| 2025-12-18 (v8.4.2) | **BloodHound (v8.4.2)**
Bug Fixes
* _[BHE Only]_ Fixed an issue causing a "Loading..." message in the **Attack Path Summary** panel on the **Posture** page after disabling Privilege Zone Management.
* Fixed an issue preventing Cypher queries on PostgreSQL from respecting minimum and maximum path length limits. Some off-by-one edge cases may remain where maximum path length extends one step further than specified.
* Fixed an issue where Cypher queries on PostgreSQL failed when a `WHERE` clause included a left-facing relationship pattern.
* Fixed an issue where attempting to add an object to the **Owned** label from the **Explore** page using the context menu would result in an error.
* Fixed an issue where post-processed edges (such as DCSync) were incorrectly reconciled during scheduled analysis, causing them to disappear until the next analysis run.
* Fixed an issue preventing the gem glyph from rendering on objects in the Tier Zero zone. | _No new release._ | _No new release._ |
-| 2025-12-02 (v8.4.1) | **BloodHound (v8.4.1)**
Updated SharpHound and AzureHound data collector versions. | _No new release._ | _No new release._ |
-| [2025-12-02 (v8.4.0)](/resources/release-notes/v8-4-0) | **BloodHound (v8.4.0)**
New and Improved Features
* Renamed "Selectors" to "Rules" in the UI to improve understanding.
* Dynamic **Edit** button now reflects editing context (Zone, Label, or Rule).
* Refined selection UI to clearly highlight only the currently selected item.
* Certification for rules now defaults to **Initial Members** (instead of **Off**).
* Added an **Environment** filter to the **Certifications** tab.
* Added default glyph values for built-in **Tier Zero** zone (gem) and **Owned** (skull) label.
* Added icons to the **Object Count** panel.
* Renamed `SYSTEM` to `BloodHound` for system-generated actions.
* Replaced references to "tier" with "zone".
* Added a tooltip for the **Enable Analysis** zone configuration option and polished **Details** panel field naming.
* Added a new **Auditor** role to provide users with read-only access to all application settings and configurations, including audit log viewing capabilities.
* Modified session and group completeness calculation to align with actual active user/session counts. **Local Group** and **Session Completeness** tooltips now clarify that active computers are those that are enabled and have logged in within the last 14 days.
* _[BHE only]_ Renamed and re-wrote the legacy "Kerberos Delegation on Tier Zero Objects" finding to "Tier Zero Objects Lack Kerberos Delegation Protection" to more accurately communicate the risk presented by the finding. Additionally, this finding only applies to Tier Zero going forward.
* Added a `product_edition` field to the `/api/version` response body to identify the edition of BloodHound being queried (community or enterprise).
Bug Fixes
* Improved clarity of error messaging when users attempt to add a rule that already exists.
* _[BHE only]_ Removed outdated Tier Zero/non-Tier Zero labels for non-Tier Zero zones in **Findings** panel titles.
* Fixed an issue where changing rule certification from **Initial Members** to **Off** left existing members certified instead of pending.
* Fixed an issue causing duplicate rules across zones and labels.
* Ensured `CanRDP` edges are properly created when Citrix RDP support is enabled and resolved stale edges behavior.
* _[BHE only]_ Removed unnecessary Tier Zero verbiage from remediation long descriptions.
* _[BHE only]_ Updated the messaging in the **Client Token Info** modal to provide relevant guidance based on collector client type (AzureHound or SharpHound).
* _[BHE only]_ Resolved missing graph icons when opening **Explore** page deep links in a new tab.
* Fixed an issue where date range validation errors in the **Finished Jobs** filter could only be resolved by changing the start date, not the end date.
* Fixed an issue preventing users with the Admin role from deleting users who have uploaded data on the **File Ingest** page.
* Corrected inaccurate description of the `asset_group_tag_id` query parameter for the `GET /api/v2/posture-history/{data_type}` API operation.
* Fixed an issue preventing the API from returning results for multiple environments.
* Fixed an issue causing a "_Failed to upload_" error message when Windows users attempted to upload `.zip` files in the **Saved Queries** import dialog.
* Fixed an issue where uploaded OpenGraph files with invalid edge kinds caused Cypher queries to fail. Validation now ensures that only alphanumeric characters and underscores are allowed.
* Fixed an issue preventing SSO-authenticated administrators from removing MFA for managed users. | **SharpHound (v2.8.1)**
* _[BHE only]_ Added two-minute timeout protection to prevent jobs from hanging or taking a long time to complete (especially for local groups and sessions).
* _[BHE only]_ Added log archiving for failed jobs to prevent loss between jobs and improve troubleshooting.
* Added a startup log entry that records the running SharpHound and SharpHound Common versions in the `run.log` file.
* Added optional runtime logging, improved delegation data validation, and strengthened SID validation to reduce false positives. | **AzureHound (v2.8.2)**
* Resolved an issue where certificates used for SSL inspection prevented AzureHound from communicating via TLS. |
-| 2025-11-12 (v8.3.1) | **BloodHound (v8.3.1)**
Bug Fixes
* _[BHE Only]_ Fixed an issue where unexpected "Non-Certified Structure" findings would appear in Attack Paths.
* _[BHE Only]_ The Finished Jobs Log page will no longer crash when opening details of specific jobs. | _No new release._ | _No new release._ |
-| [2025-10-30 (v8.3.0)](/resources/release-notes/v8-3-0) | **BloodHound (v8.3.0)**
New and Improved Features
* Added new `ProtectAdminGroups` edge for AdminSDHolder modeling _(requires SharpHound v2.8.0+)_.
* Privilege Zones updates:
* _[BHE Only]_ Added support for **Certifications** tab to allow Administrators the ability to interrupt automatic expansions in Privilege Zones.
* Added a new **History** tab to show changes to zones and labels.
* _[BHE Only]_ Added support for assigning custom glyphs to additional zones.
* Various UI improvements for readability and usability.
* Read-only users can now view selector sample results in the **Selector** details view.
* Selector names are now unique - any existing selectors with naming collisions will have a unique numeral appended.
* _[CE Only]_ Privilege Zones are now enabled by default on all new deployments.
* Added a new **Finished Job Logs** and **File Ingest** details panel and filtering capability.
* Updated the environment selector on the Data Quality page to support longer lists of active environments.
* _[BHE Only]_ Added the ability to scale charts on the Posture view by logarithmic scale to help with readability if needed.
Bug Fixes
* _[BHE Only]_ Resolved an issue in specific environments that prevented data age-out reconciliation from running properly.
* Resolved an issue with the [`attack-paths/details`](/reference/attack-paths/get-all-attack-path-findings) API endpoint that was causing occasional inconsistent data return.
* `AZServicePrincipal` nodes now properly set `AZAddMembers` edges to `AZGroups` with an assigned `AZRole`.
* Resolved an issue preventing the **View in Explore** button on a Privilege Zone selector Cypher statement from properly redirecting users to the **Explore** view and executing the query.
* Updated pre-saved "Dangerous privileges for Domain users" to exclude `MemberOf` paths.
* Updated pre-saved Azure queries to include the Privileged Role Administrator role by default.
*Resolved an issue that prevented exporting multiple saved queries using the API.
| **SharpHound (v2.8.0)**
New and Improved Features
* Added collection support for:
* `AdminSDHolderProtected` status for users, groups, and computers to support new BloodHound v8.3.0 modeling of the [`AdminSDHolder`](/resources/edges/protect-admin-groups) system in Active Directory
* [GPO Status](/resources/nodes/gpo#node-properties) to exclude disabled GPOs (or those which do not apply computer configurations) during local group processing
* Domain controller registry key for the `Netlogon` service security descriptor
* _[CE Only]_ GPO Local Group processing will now exclude disabled GPOs or those which do not apply computer configurations.
* CompStats output will now include the SID of tested computers for easier correlation.
* Disabled adaptive timeouts for LDAP queries to improve reliability.
| **AzureHound (v2.8.1)**
New and Improved Features
* Added support for Azure Managed Identity authentication.
Bug Fixes
* Resolved an issue preventing JWT authentication for AzureHound. |
-| [2025-09-23 (v8.2.0)](/resources/release-notes/v8-2-0) | **BloodHound (v8.2.0)**
New and Improved Features
* Introducing a brand-new UI to view, save, and share Cypher queries:
* Added search and filter support for saved Cypher queries.
* Saved Cypher queries may now be shared with other users in your environment.
* Added import and export support for Cypher queries.
* Added an option to disable or enable auto-run on selected, saved Cypher queries.
* _[BHE Only]_ Privilege Zones updates:
* Detail view now supports searching for objects and selectors.
* Detail view now supports filtering by environment.
* Improved the clarity of Zones which have been disabled from analysis.
* Updated selector creation previews to more accurately present which objects are selected.
* Selectors are now default sorted alphabetically.
* Clarified the requirement that Zone and Label tag names may only contain certain characters.
* Added a notice that utilizing Labels as a Cypher filter criteria for a Zone may result in incomplete data.
* Added "Quick Upload" and "Drag and drop upload" functionality to make uploading data to BloodHound faster.
* `ManageCA` and `ManageCertificates` edges are now marked traversable, will appear in pathfinding filters, and impact risk in the Attack Paths views in BloodHound Enterprise.
* Added new Entity Panel sections to provide more context:
* PKI hierarchy relationships on AIACA, RootCA, and EnterpriseCA objects.
* Template tracking for EnterpriseCA and CertTemplate objects.
* Trusted CA relationships for NTAuthStore objects.
* ADCS escalation paths for Domain objects.
* Improved several pre-saved queries around ADCS, adding searches for ADCSESC5 and ADCSESC8, and clarifying the searches which return data for ADCSESC6, and ADCSESC7.
* Clarified that the "Search" button on the Explore view searches only currently displayed results.
* Updated layouts in Table view to make it more compact, showing more results in the same screen space.
* _[BHE Only]_ Large numbers in the Posture view will now have appropriate comma-separation for improved readability.
* Updated formatting for links in Entity Panels to make them more distinct.
* BloodHound and BloodHound Enterprise will now utilize the same logo.
Bug Fixes
* Tier Zero zone description may now be modified as expected.
* _[BHE Only]_ Azure tenant objects should once again display significant impact in the Attack Paths view.
* _[BHE Only]_ Updated rounding logic between the Attack Paths and Posture pages to ensure exposure numbers appear consistently.
* Users with the "Upload Only" role can once again upload data via File Ingest.
* The `DCFor` edge will once again appear within Pathfinding in Explore, as expected.
* The `CoerceAndRelayNTLMToSMB` "Coercion Targets" list now consistently populates.
* The `serviceprincipalnames` property will appear as expected in Cypher autocomplete suggestions.
* _[BHE Only]_ The "Tier Zero Role Activation Does Not Require MFA" Attack Path finding type will now properly summarize the risk of the findings within the path.
* _[BHE Only]_ Remediation documentation will once again properly display bulleted and numbered list headings.
| **SharpHound (v2.7.2)**
Bug Fixes
* Resolved an issue where SharpHound did not properly collect ACEs from AD Domain objects. | _No new release._ |
-| 2025-09-15 (v8.1.3) | **BloodHound (v8.1.3)**
Bug Fixes
* Reverted the new `MemberOf` linking between large default groups in Active Directory to address performance concerns in the graph. | _No new release._ | _No new release._ |
-| 2025-09-06 (v8.1.2 - BHE Only) | **BloodHound (v8.1.2)**
Bug Fixes
* Resolved an issue that resulted in analysis taking unnecessarily long to complete. | _No new release._ | _No new release._ |
-| 2025-09-02 (v8.1.1) | **BloodHound (v8.1.1)**
New and Improved Features
* Added several minor logging improvements
* Introduced a new config option for logging output to a file. | _No new release._ | _No new release._ |
-| [2025-08-26 (v8.1.0)](/resources/release-notes/v8-1-0) | **BloodHound (v8.1.0)**
New and Improved Features
* Cypher on PostgreSQL graph databases now supports quantifiers (ANY, SINGLE, NONE, ALL)!
* New "Analyze Now" button to kick off ad-hoc analysis of data.
* Improved linking of the Everyone and Authenticated Users groups across domain trusts.
* Added the `ClaimSpecialIdentity` Attack Path to indicate where special AD identities hold compromising permissions.
* Improved performance and UX in Privilege Zone Management screens.
* Improved performance and UX in the Explore table layout view.
* Entity Panels may now be closed, deselecting a previously selected object or edge in the graph.
* ADCS and GoldenCert abuse information now utilizes Certify 2.0 for all instructions.
* _[BHE Only]_ APIv1 has been removed from BloodHound Enterprise.
* _[BHE Only]_ Clarified the columns displayed in the environment selector view.
* _[BHE Only]_ Findings in non-Tier Zero zones now display zone-specific finding names.
* Improved performance of the API Explorer page.
Bug Fixes
* Clicking the Download button on the Explore table layout view will now consistently download a CSV export.
* The "All Global Administrators" pre-saved query will now consistently display all users with Global Administrator role assignments.
* Cypher queries on PostgreSQL graph databases now correctly return expected nodes and edges on directionless traversal between two nodes of the same kind.
* Resolved an issue where AZRoleEligible edges would appear for non-directory scoped eligibility.
* _[BHE Only]_ Resolved an issue that resulted in inaccurate risk measurements involving the contains edge in Active Directory environments.
* _[BHE Only]_ The impacted principals tables on remediation pages for Hygiene findings will once again display the list of principals.
* _[BHE Only]_ Fixed an issue with sorting Finding details views, resulting in occasionally seeing the same finding twice.
* _[BHE Only]_ CoerceAndRelayNTLMtoADCS edges will now resolve properly within BloodHound Enterprise after following recommended remediation steps. | **SharpHound (v2.7.1)**
Bug Fixes
* Resolved an issue where any timeouts during LDAP connection tests would result in excluding a domain entirely from any additional collection. | **AzureHound (v2.7.1)**
Bug Fixes
* AzureHound will now properly track requests per connection and handle GOAWAY responses cleanly instead of failing the collection. |
-| 2025-08-06 (v8.0.2) | **BloodHound (v8.0.2)**
Bug Fixes
* Resolved an issue where analysis may not begin as expected. | **SharpHound (v2.7.1)**
Bug Fixes
* Resolved an issue where any timeouts during LDAP connection tests would result in excluding a domain entirely from any additional collection. | _No new release._ |
-| 2025-07-29 (v8.0.1) | **BloodHound (v8.0.1)**
Bug Fixes
* Resolved an issue where Group membership expansion utilized excessive resources during post-processing. | _No new release._ | _No new release._ |
-| [2025-07-29 (v8.0.0)](/resources/release-notes/v8-0-0) | **BloodHound (v8.0.0)**
New and Improved Features
* Introducing BloodHound OpenGraph, enabling expansion and flexibility of BloodHound to Attack Paths in any system!
* New "Table" layout in Explore!
* Attack Paths created through inherited ACEs can now display and trace inheritance root (Requires SharpHound v2.5.4+).
* Added support for collecting the msDS-isRODC attribute to more accurately identify Read-Only Domain Controllers (Requires SharpHound v2.7.0).
* Added support for HasSIDHistory edges against Group objects (Requires SharpHound v2.7.0).
* _[BHE Only]_ Added a new API endpoint to pull all Attack Path findings at once.
* Added the ability to delete graph data by type.
* Renamed the "Copy -> Display Name" right click option in Explore to "Copy -> Name" to prevent confusion.
* _[BHE Only]_ Renamed several Attack Path finding titles for improved accuracy.
* Improved workflow for File Ingest.
Bug Fixes
* Reverted the changes to `Contains` edges from v7.6.0 due to performance issues.
* Selecting a section within the Administration menu will no longer deselect Administration from the main nav bar.
* _[BHE Only]_ Fixed an inaccurate cypher statement within ADCSESC1 remediation documentation. | **SharpHound (v2.7.0)**
New and Improved Features
* Collection support for msDS-RODC attribute for Read-Only Domain Controller identification.
* Introduced new adaptive timeout logic to reduce collection time and to help prevent collection timeouts reported into BloodHound Enterprise.
* Added additional logging to the compstats export file to better capture all outbound connection attempts and results.
* Added collection support for HasSIDHistory edges inbound to Group objects.
Bug Fixes
* HasSIDHistory edges will once again be generated against User and Computer objects.
* _[BHE Only]_ Resolves an issue where SharpHound Enterprise v2.6.7 added an additional entry in Programs and Features.| _No new release._ |
-| 2025-07-17 (v7.6.2 - BHE Only) | **BloodHound (v7.6.2)**
Bug Fixes
* _[BHE Only]_ Fixed an issue where Hygiene findings all appeared with a "Low" severity. | _No new release._ | _No new release._ |
-| 2025-07-14 (v7.6.1 - BHE Only) | **BloodHound (v7.6.1)**
Bug Fixes
* _[BHE Only]_ Fixed an issue where Hygiene findings would not appear without the Tier Management early access feature enabled. | _No new release._ | _No new release._ |
-| [2025-07-09 (v7.6.0)](/resources/release-notes/v7-6-0) | **BloodHound (v7.6.0)**
New and Improved Features
* _[BHE Only]_ Privilege Zone Analysis Early Access trials are now available!
* Added support for PIM Role and Role Eligibility coverage.
* Added new edges in support of understanding Attack Paths through GPOs, containers, and OUs.
* _[BHE Only]_ Moved several Attack Path Findings to their own "Hygiene" section.
* Privilege Zone Management Early Access updates:
* Introduced a new Summary view of Privilege Zones and selected objects.
* Automatic rename of migrated selectors to match their targeted objects.
* Introduced a new, default-disabled selector for Read-Only Domain Controllers.
* Added support for the new "PropogatesACEsTo" and "GPOAppliesTo" Attack Paths for identifying OUs, Containers, and GPOs which should be included in a Privilege Zone.
* Added audit log coverage for several additional in-product actions.
* Retired the "Automatically add parent OUs and containers of Tier Zero AD objects to Tier Zero" early access setting.
Bug Fixes
* _[CE Only]_ Pinch-to-zoom now works as expected (and with reasonable speed) for trackpad users.
* AZContains edges will consistently indicate the hierarchy of Subscriptions and Management Groups within an Azure Tenant. | _No new release._ | **AzureHound (v2.6.0)**
New and Improved Features
* Collection support for PIM Roles.
Bug Fixes
* Subscriptions and Management Groups will consistently link to the proper Tenant ID.|
-| 2025-06-25 (v7.5.1 - CE Only) | **BloodHound (v7.5.1)**
Bug Fixes
* Fixed an ingest regression issue when importing large datasets. | _No new release._ | _No new release._ |
-| [2025-06-17 (v7.5.0)](/resources/release-notes/v7-5-0) | **BloodHound (v7.5.0)**
New and Improved Features
* New Attack Path primitive: HasTrustKeys.
* The "Search Current Results" feature of the Explore page will now highlight and zoom into the selected object.
* _[BHE Only]_ Added the ability to create multiple Zones and Labels in the Privilege Zones Early Access feature.
* Added several audit log entries related to user behavior in BloodHound.
* Explore view layout selections are now sticky across queries.
* Clarified the logic of the Database Management confirmation dialog, making it more accessible.
* The "No Data" dialog will now disappear if data of any type is added to a BloodHound environment; a Domain or Tenant object is no longer required.
Bug Fixes
* Resolved an issue in Zone Management where disabling the Early Access feature would not appear to change the selected objects in Explore view.
* Updated links in several edge entity panels, which no longer resolved.
* Zone Management view should no longer flash on reload.
* Search results on the Explore page will no longer overrun the nav bar.
* Updated query logic for shortestPath queries on PostgreSQL graph databases.
* Resolved an issue with excluding objects matched using the COLLECT verb in Cypher.
* _[BHE Only]_ Fixed an issue with missing deterministic sorting in the Attack Path Details API endpoint.| **SharpHound (v2.6.7)**
New and Improved Features
* SharpHound will now validate the currently installed version of the .NET framework before execution.
* Introduced support for Trust Account objects.
* Added additional SMB Signing query transparency in logging output.
Bug Fixes
* Resolved an issue with the -ldapfilter command line argument.
* AddSelf edges will once again appear against Group objects.| **AzureHound (v2.5.0)**
New and Improved Features
* Added collection support for the upcoming PIM Roles coverage support.|
-| [2025-06-02 (v7.4.1)](/resources/release-notes/v7-4-1) | **BloodHound (v7.4.1)**
New and Improved Features
* Clarified the "Clear Database" confirmation prompt to prevent user confusion.
Bug Fixes
* Resolved an upgrade issue for deployments utilizing Neo4j backend databases in migrating to the new domain trust edges.
* _[BHE Only]_ Collection schedules may be deleted once again.
* _[BHE Only]_ Fixed a bug that caused "undefined%" to appear in exposure percentages within the Attack Paths graph and Environment Selector. | _No new release._ | _No new release._ |
-| [2025-05-27 (v7.4.0)](/resources/release-notes/v7-4-0)| **BloodHound (v7.4.0)**
New and Improved Features
* Tier Management early access is now available (see notes for details)!
* General availability of the back button (deep-linking)\!
* TrustedBy edge replaced with SameForestTrust, CrossForestTrust, SpoofSIDHistory, and AbuseTGTDelegation edges to more accurately reflect traversable Attack Paths (enhanced by SharpHound upgrade).
* Improved Cypher query performance.
* Added validation to HostsCAService edge to require the presence of the hosting computer.
Bug Fixes
* Resolved an issue with ingesting numeric properties on Domain objects (Huge thank you to [@mwstock](https://github.com/mwstock)!).
* Numbers will no longer appear as dates in Entity panels.
* Database Management under Administration will now properly warn when unavailable to the current user.
* _[BHE Only]_ Users with the "User" role may now see Client details.
* _[BHE Only]_ Collection schedules will now always display in the current user's timezone.
* _[BHE Only]_ Resolved an issue improper reconciliation on PublishedTo edges.
* _[BHE Only]_ Filtering environments by Risk in the Environment Selector will now consistently show all intended results.| **SharpHound (v2.6.6)**
New and Improved Features
* Extended trust collection support and visibility.
* Updated the logging level of certain edge-case handling logs to more accurately indicate whether they impacted a collection.| **AzureHound (v2.4.1)**
AzureHound v2.4.1 supports preparing for upcoming functionality, but has no functional changes.|
-| 2025-04-30 (v7.3.1) | **BloodHound (v7.3.1)**
Bug Fixes
* Updated logic in query translation to resolve an excessive CPU-consumption issue during queries. | _No new release._ | _No new release._ |
-| [2025-04-22 (v7.3.0)](/resources/release-notes/v7-3-0)| **BloodHound (v7.3.0)**
New and Improved Features
* Deep-linking Early Access for all BloodHound!
* NTLM relay is generally available.
* *[BHE Only]* Introducing a new Collector Downloads page!
Bug Fixes
* Resolved latent false positives related to CoerceAndRelayNTLMToSMB (this fix will require recollecting SMB data).
* *[CE Only]* GPOLocalGroup ingestion has been fixed (Huge thank you to @martanne!).
* Resolved an ingestion issue with AD trusts inaccurately setting the trust attributes to “0”.| **SharpHound (v2.6.5)**
New and Improved Features
* GenericAll, WriteDacl, or WriteOwner edges now validate ObjectType (aceType) settings for creating edges, reducing false positives.
* ADCSESCx edges now requires an enabled Computer with a HostCAService edge to the EnterpriseCA, reducing false positives for when the CA host has been decommissioned.
* SharpHound will no longer attempt to resolve objects with a domain of ”.” to improve collection performance.
Bug Fixes
* HostsCAService edges will now generate as a result of CertServices collections.
* Resolved an issue where timezone offsets would occasionally be applied twice on object creation timestamps.
* *[CE Only]* SMB information will no longer be collected in DCOnly collections.| **AzureHound (v2.3.1)**
This release utilizes an updated signing certificate for BloodHound Enterprise customers. It does not contain any functional modifications.|
-| 2025-04-08 (v7.2.4 - CE Only) | **BloodHound (v7.2.4)**
Bug Fixes
* _\[CE Only\]_ Republishing container with SharpHound v2.6.2 included. | _No new release._ | _No new release._ |
-| 2025-04-04 (v7.2.2) | **BloodHound (v7.2.2)**
Bug Fixes
* Reverted a fix to string coalesce operations for Cypher on PostgreSQL graph backend databases which caused unintended performance issues.
* NTLM Relay edges will now be properly recreated during post-processing. | _No new release._ | _No new release._ |
-| [2025-04-03 (v7.2.1)](/resources/release-notes/v7-2-1) | **BloodHound (v7.2.1)**
New and Improved Features
* Added the "Composition" accordion to CoerceandRelayNTLMtoSMB edges to aid defenders in remediation.
* Renamed "Relay Targets" to "Coercion Targets" edge accordion on CoerceandRelayNTLMtoSMB to more accurately describe the contained objects.
Bug Fixes
* Resolved an issue where "Composition," "Relay Targets," or "Coercion Targets" accordions would fail immediately in very large environments.
* Note: CoerceandRelayNTLMtoLDAP and CoerceandRelayNTLMtoLDAPs post-processing was fixed in v7.2.0, apologies for the missed release note.
* Performance improvements on `shortestpath` and `allshortestpathqueries` in Cypher on PostgreSQL graph database backends.
* Fixed a bug when converting an EnterpriseCA node with an HTTP Enrollment Endpoint. | **SharpHound (v2.6.2)**
New and Improved Features
* Added support for properly filtering NTLM relay edges for members of the Protected Users group.
Bug Fixes
* SMB Signing requirements will now be reported correctly | _No new release._ |
-| [2025-03-25 (v7.2.0)](/resources/release-notes/v7-2-0) | **BloodHound (v7.2.0)**
New and Improved Features
* _\[CE Only\]_ Deep-linking Early Access! (Coming to BHE next release)
* Added early access support for an additional NTLM relay Attack Path primitive, ADCS.
* New BloodHound documentation portal.
* Performance improvements for Pathfinding and Cypher searches with PostgreSQL backend graph databases.
* Added support for ACEs on EnterpriseCA objects.
* Updated finding and entity panel texts for NTLM relay paths.
Bug Fixes
* Administrators may no longer delete themselves. | _No new release._ | _No new release._ |
-| 2025-03-17 (v7.1.1) | _No new release._ | **SharpHound (v2.6.1)**
Bug Fixes
* Resolved an issue causing SharpHound to hang during the collection of SMB relay information | _No new release._ |
-| [2025-03-06 (v7.1.0)](/resources/release-notes/v7-1-0) | New and Improved Features
* Early access for NTLM relay Attack Path primitives! *(Requires SharpHound upgrade, enabling functionality)*
* Rewrite of Owns/WriteOwner Attack Path primitives for improved accuracy *(Requires SharpHound upgrade)*
* Added support for collecting last login time for BloodHound users via the API
* BloodHound user email addresses are now uniquely enforced
* Added support for ingesting empty local group objects (better support for Citrix RDP processing)
* Improved logic for post-processing edges across domains, specifically related to special groups (Authenticated Users, etc) within ADCS
* Added support for just-in-time role assignments by IDP on every login via SSO
* *[BHE Only]* Added the ability to sort the findings chart on the Posture page by Severity and Finding Count columns
* *[BHE Only]* The default Administration page has been set to "Manage Clients"
* Removed visibility of several Admin-only buttons from Read Only users.
* *[CE Only]* Added support for recreating a default Admin user via environment variable
Bug Fixes
*Text will no longer overflow buttons on the Explore page
* Resolved several Cypher syntax errors for customers running on PostgreSQL graph databases
* *[BHE Only]* Opening Remediation plans in a new tab will now correctly include all UI elements | **SharpHound (v2.6.0)**
New and Improved Features
* Added support for NTLM relay Attack Path primitives!
* Updated support for Owns/WriteOwner Attack Path primitives.
* *[BHE Only]* SharpHound Enterprise will no longer update setting.json during collection runs with the current job information. | **AzureHound (v2.3.0)**
New and Improved Features
* AzureHound now supports Managed Identities for authentication! |
-| 2025-02-18 (CE: v7.0.1, BHE: v7.0.2) | New and Improved Features
* *[BHE Only]* General availability of the Improved Analysis Algorithm
Bug Fixes
* Fixed several issues with Cypher for environments running on PostgreSQL graph databases.
* *[CE Only]* Resolved an issue that resulted in CE deployments defaulting to PostgreSQL use for the graph database. | **SharpHound (v2.5.15)**
Bug Fixes
* SharpHound will once again collect deleted objects | No new release. |
-| [2025-02-05 (v7.0.0)](/resources/release-notes/v7-0-0) | New and Improved Features
* New vertical navigation!
* *[BHE Only]* Improved analysis algorithm performance improvements and general availability.
* *[BHE Only]* Added support for viewing all environments by type to the Posture page.
* *[BHE Only]* New "Attack Paths" metric on the Posture page to track remediation progress.
* *[BHE Only]* Improved CSV export functionality for all findings.
* *[BHE Only]* Increased visibility to the number of findings created and resolved on the Posture page.
Bug Fixes
* *[BHE Only]* Resolved multiple issues resulting in inaccurate "Timed Out" statuses in the Finished Jobs Log.
* Added support for most multi-part cypher queries for customers running with a PostgreSQL backend.
* Fixed an issue preventing the migration of users from one SSO provider to another
* Updated all pre-saved queries to exclude gMSAs and MSAs from Kerberoastable users consistently.
*Updated GPO Inheritance tracking for OUs to ensure consistency between Affected OUs on GPO objects and Affecting GPOs on OU objects. | No new release.| No new release. |
-| 2025-01-21 (v6.4.1) | New and Improved Features
* Added support for Entra ID login flows for OIDC.
* *[BHE Only]* Improved performance for Improved Analysis Algorithm execution.
Bug Fixes
* Fixed type mismatches in default Kerberoastable users queries. | No new release. | No new release. |
-| [2025-01-14 (v6.4.0)](/resources/release-notes/v6-4-0) | New and Improved Features
* Just-in-time user provisioning and role assertion via Single Sign-On (SSO).
* SSO providers are now updateable.
* Added "Download SAML SP Certificate" to SSO configuration windows to improve the ability to utilize certificate pinning or encrypted assertions.
* Administrators may no longer modify their own accounts.
* Removed Performance Log Users, DNSAdmins, and Distributed COM Users from default Tier Zero / High Value.
* *[BHE Only]* Enabled Improved Analysis Algorithm by default on all environments that have not manually disabled it.
* *[BHE Only]* Improved finding sort order on the Attack Paths page.
* *[BHE Only]* Multiple consistency improvements on the updated Posture page.
Bug Fixes
* The Foreign Members accordion on Domain entity panels should now load correctly.
* Fixed the Reader count for AZKeyVault objects.
* Fixed abuse info data for AllExtendedRights and ReadLAPSPassword edges.
* *[BHE Only]* Resolved an issue that prevented ingesting AzureHound data via file upload. | **SharpHound (v2.5.13)**
New and Improved Features
* SharpHound will no longer attempt to connect to the same domain multiple times after a failure, improving performance under specific circumstances. | No new release. |
-| 2025-01-07 (v6.3.4) | New and Improved Features
* Improved Cypher type-checking and error reporting when running a query.
Bug Fixes
* *[BHE Only]* Resolved an issue preventing the Attack Paths page from rendering data.
* Resolved several issues with running Cypher statements for environments on PostgreSQL backend database. | No new release | No new release |
-| 2024-12-23 (v6.3.2 - BHE only) | Bug Fixes
* *[BHE Only]* Resolved an issue in the improved analysis algorithm that resulted in inconsistent measurements between analysis runs. | No new release. | No new release. |
-| 2024-12-19 (v6.3.1) | New and Improved Features
* *[BHE Only]* Performance and coverage enhancements within the Improved analysis algorithm.
Bug Fixes
* *[BHE Only]* Tenants running on the improved analysis algorithm should see consistent findings and counts between Attack Paths and Posture pages.
* Resolved several Cypher errors for environments running on PostgreSQL backends. | No new release. | No new release. |
-| 2024-12-09 (v6.3.0) | New and Improved Features
* *[BHE Only]* Completely new Posture page!
* *[BHE Only]* Early access opportunity: Improved analysis algorithm!
* Hide node/edge label toggle makes a comeback (Thank you @palt for your contribution!)
* New CoerceToTGT edge type (with replacement for the UnconstrainedDelegation findings for BHE users)
* Added AdminSDHolder, Distributed COM Users group, Performance Log Users group, and DnsAdmins group to default Tier Zero / High Value members.
* Introducing OIDC support for Single Sign-On (SSO)
* Environments configured with a single SSO provider will automatically redirect when clicking the "Login via SSO" button.
* *[BHE Only]* Updated wording on the "Accept" dialog for accuracy.
* Improved consistency when creating the Enterprise Domain Controllers group (Requires SharpHound upgrade).
Bug Fixes
* As you scroll, long lists on entity panels will no longer shift their highlights.
* File uploads should no longer get stuck on "Running."
* Resolved an issue with the logic on the "Kerberoastable users with most privileges" pre-saved Cypher query. | **SharpHound v2.5.12 - BHE, v2.5.9 - CE**
New and Improved Features
* Improved consistency when creating the Enterprise Domain Controllers group.
* Improved logic to prevent errors during group membership collection from impacting the entire data collection.
Bug Fixes
*Corrected data types of several collected properties. | No new release. |
-| 2024-11-20 (v6.2.2) | Bug Fixes
* Fixed an excessive resource utilization issue during post-processing.
* After migrating a user to login via SSO, their old password will be invalidated immediately. | _No new release._ | _No new release._ |
-| 2024-11-15 (v6.2.1) | Bug Fixes
* Reverted the Azure post-processing changes due to excessive resource utilization. | _No new release._ | _No new release._ |
-| [2024-11-14 (v6.2.0)](/resources/release-notes/2024-11-14-v6-2-0) | New and Improved Features
* Added multiple pre-saved Cypher queries regarding objects marked "Owned."
* Added the "Map OU structure" pre-saved query, previously available in BloodHound Legacy.
* Updated the "Kerberoastable Users" pre-saved cypher query to properly filter out disabled objects, MSAs, GMSAs, and the KRBTGT object.
* Updated all pre-saved Cypher queries to use consistent quotation marks for easier use in API integrations.
* Clicking the "Login via SSO" button will automatically redirect if only a single SSO provider is configured.
* Updated the permissions for the "Upload only" role to align more accurately with what the name implies. This role will no longer be able to modify asset group membership or trigger analysis runs.
* Renamed the "RemoteInteractiveLoginPrivilege" edge to "RemoveInteractiveLogonRight" to match the Microsoft naming schema.
* Improved performance of EntraID post-processing.
Bug Fixes
* Logins via SAML will now correctly appear in the Audit log.
* Corrected several property type errors in data coming from SharpHound.
* _\[CE Only\]_ Docker Compose health check will now work with a modified Neo4J web port set (Thank you, [@yannis-srl](https://github.com/yannis-srl), for your contribution!).
* _\[BHE Only\]_ SyncedToEntraUser, SyncedToADUser, ADCSESC9b, and ExtendedByPolicy edges will now reconcile properly. | _No new release._ | _No new release._ |
-| [2024-10-22 (v6.1.0)](/resources/release-notes/2024-10-22-v6-1-0) | _No new features or fixes._ | **SharpHound v2.5.11 - BHE, v2.5.8 - CE**
New and Improved Features
* Migrated ACL hashing functionality to utilize SHA1 to support environments that enforce FIPS-compliant algorithms.
Bug Fixes
* Fixed collection of LAPS edges in both legacy and modern systems. | _No new release.
_ |
-| [2024-09-30 (v6.0.0)](/resources/release-notes/2024-09-30-v6-0-0) | New and Improved Features
* Dark mode is now generally available!
* Introducing optional support for Citrix Direct Access Users group in CanRDP logic!
* _\[BHE Only\]_ Reconciliation timelines are now configurable!
* Improved logic for identifying and creating complex edges requiring multiple permissions (including ADCS ESC, DCSync, etc.) when Authenticated Users@ or Everyone@ groups are involved.
* Improved accuracy on ADCS ESC9 and ESC10 processing logic
* CanRDP edges will now appropriately appear from Computer objects with permission to RDP to another computer.
* Provided additional abuse information to ADCSESC9b, ADCSESC10b, GenericAll, GenericWrite, Contains, Owns, WriteDacl, AllExtendedWrites, and WriteOwner Attack Path primitives.
* Support for .zip file uploads that include UTFBOM markings within contained JSON files has been added.
Bug Fixes
* Resolved an intermittent issue with the parallelization of ADCS post-processing.
* Applying multiple filter predicates to an API query will no longer throw an error.
* Admin Audit log API endpoints now correctly support the "skip" query parameter.
* The Cypher query window will no longer extend beyond the end of the browser.
* _\[BHE Only\]_ Resolved some duplicate collection issues related to highly available deployments. | **SharpHound (v2.5.10 - BHE)**
Bug Fixes
* _\[BHE Only\]_ Resolved several installation issues for specific scenarios. | _No new release._ |
-| 2024-09-19 (v5.15.1) | _No changes._ | **SharpHound (v2.5.9 - BHE, v2.5.7 - CE)**
Bug Fixes
* Resolved an issue with enumerating domain objects where password rotation is not enforced.
* Improved collection performance related to the collection of ACEs with unresolvable SIDs. | _No new release._ |
-| [2024-09-10 (v5.15.0)](/resources/release-notes/2024-09-10-v5-15-0) | New and Improved Features
* New Attack Path: WriteGPLink (Thank you, [@q-roland](https://github.com/q-roland), for your contribution! _Requires SharpHound v2.5.6+_).
* Added 22 additional AD properties, including information about authentication, passwords, and extra domain/trust information with supporting saved queries _(Requires SharpHound v2.5.6+)._
* Added support for GenericWrite Attack Paths targetting OUs and Domain objects (Thank you, [@q-roland](https://github.com/q-roland), for your contribution! _Requires SharpHound v2.5.6+_).
* Updated ESC6a logic to no longer require weak certificate mapping after confirming that it no longer prevents the escalation.
* OUs that contain Tier Zero / High Value objects will now be automatically tagged as Tier Zero objects, too.
* ESC6/9/10 analysis logic will now include domain controllers from child domains as well.
* Added a Login URL property to Entra Users to show the user's SSO URL.
* Removed all "CanAbuse" non-transitive edges from the graph schema and updated ESC logic accordingly.
* _\[CE Only\]_ Owned objects will now show an associated glyph icon in Explore (Thank you, [@palt](https://github.com/palt), for your contribution!).
Bug Fixes
* Fixed abuse info on multiple Attack Paths that grant the ability to abuse LAPS settings.
* Improved JSON error handling for file uploads.
* File uploads should no longer get stuck on "Analyzing."
* _\[BHE Only\]_ Fixed an issue where specific collection jobs would trigger twice.
* _\[BHE Only\]_ Attack Path titles may now easily be copied again. | **SharpHound (v2.5.8 - BHE, v2.5.6 - CE)**
New and Improved Features
* Complete re-write of LDAP connection and collection logic, resulting in improved consistency and performance.
* Add support for the collection of 22 additional properties and for GenericWrite Attack Paths targeting OU and Domain objects.
* _\[BHE Only\]_ Moved auth.json and settings.json to the service user's APPDATA directory.
Bug Fixes
* _\[BHE Only\]_ Resolved several cross-trust collection issues. | **AzureHound (v2.2.1)**
New and Improved Features
* Reduced default number of concurrent connections opened with Entra/Azure APIs (Thank you, [@olafhartong,](https://github.com/olafhartong) for your support in identifying the cause of these issues)
* Added several optional performance-tuning settings
* Reduced volume of data output by pruning empty or unnecessary fields (Thank you, [@malacupa](https://github.com/malacupa), for your support in identifying the cause of these issues)
* _\[BHE Only\]_ Reduced default batch size for upload of data to BloodHound Enterprise |
-| [2024-08-20 (v5.14.0)](/resources/release-notes/2024-08-20-v5-14-0) | New and Improved Features
* Added support for ADCS certificate chains crossing AIA Certificate Authorities
* Improved logic across all included cypher queries for improved performance
* Clarified the "blocksinheritance" property on OUs is specific to GPO inheritance
* Users without administrative privileges will no longer see Group Management actions in right-click context menus
* Added support for ingesting JSON files which include UTFBOM encoding
Bug Fixes
* Improved visibility of several buttons and elements in dark mode
* Added abuse information for the GPLink edge
* Fixed the count of objects displayed in the Group Management page | _Note: We are working on a new version of SharpHound that has improved performance and reliability when querying data via LDAP. If you would like to test that version, please get in touch with your TAM.
_ | _No new release._ |
-| [2024-08-06 (v5.13.1)](/resources/release-notes/2024-08-06-v5-13-1) | Bug Fixes
* Resolved an issue where hybrid paths were not created when the AD object did not have a known object type during path creation.
* The 2FA login screen will no longer return to the username/password screen if the browser window is unselected before completing the login flow.
* _\[BHE Only\]_ Resolved a race condition during analysis in highly-available deployments | _Note: We have reverted the available SharpHound build to v2.4.1 while we address issues identified in v2.5.4._ | _No new release.
_ |
-| [2024-08-01 (v5.13.0)](/resources/release-notes/2024-08-01-v5-13-0) | New and Improved Features
* New Attack Paths: Entra-AD User Syncing
* Improved analysis performance - DCSync
* Added visibility of the current API version to the My Profile page
* _\[Early Access\]_ BloodHound dark mode
Bug Fixes
* Resolved an issue that resulted in objects having multiple types after import to BloodHound (A collection will be required to reintroduce appropriate object types on affected principals)
* File ingest will now show partial errors on upload
* Hovering errors in the Cypher query editor will no longer overflow the viewable area
* Negative numbers will now compare properly in Cypher
* Fixed a logic issue on composition panels for ESC3, 4, and 6 for multi-tier PKI environments
* Updated logic for EnrollOnBehalfOf to utilize the proper EKU property
* Improved error handling in specific circumstances on file ingest
* _\[BHE Only\]_ Resolved an issue with collectors improperly incrementing job counts | **SharpHound (v2.5.4 - BHE, v2.5.4 - CE)**
_Note: SharpHound's LDAP libraries have undergone a complete rewrite to improve stability and resolve issues. This will resolve issues that are not explicitly captured in these release notes. We will continue to iterate as we find more issues. Please work with your TAM if you have any questions about upgrading.
_
New and Improved Features
* Improved logic for identifying and querying available DCs (when a DC is not specified)
* Reduced reliance on paged LDAP queries for improved LDAP query performance
* Introduced a connection pool for improved LDAP query performance
* Improved fallback and retry logic for LDAP ServerDown message
* Computer availability for Local Group and Session collection will now be based on the last logon instead of the last password rotation
* Improved logging levels and message outputs
Bug Fixes
* _\[BHE Only\]_ Resolved an issue where allowing LDAPS connections would only attempt connections on the LDAPS-specified port
* _\[CE Only\]_ Improved handling of control characters using the "collectallproperties" flag to resolve ingestion issues | _No new release._ |
-| [2024-07-17 (v5.12.0)](/resources/release-notes/2024-07-17-v5-12-0) | New and Improved Features
* _\[BHE Only\]_ Visual overhaul of the Attack Paths view
* Added documentation hints to all administrative pages
* Improved analysis performance - SyncLAPSPassword
* Example Azure data is now available
Bug Fixes
* Improved resolution of AzApp object names
* Reverted a change in Azure ingest that was resulting in inconsistent results in BloodHound | _No new release._ | _No new release._ |
-| [2024-06-17 (v5.11.0)](/resources/release-notes/2024-06-17-v5-11-0) | New and Improved Features
* Password changes will now require validation of your current password to complete
* Updated pre-defined queries and added a hygiene section
* _\[BHE Only\]_ Azure findings have been collapsed based on path type only, aligning with Active Directory finding types
* _\[BHE Only__\]_ Clicking "Explore" on a finding will now automatically display the entity panel for the associated edge
* _\[BHE Only\]_ Findings documentation is now served by a proper API endpoint
Bug Fixes
* Azure principals with scoped Application Administrator or scoped Cloud App Admin role assignments will no longer receive a AzHasRole edge to the AzRole nodes. These nodes are only used for Tenant-scoped role assignments.
* Group Management view will now properly display members of custom groups
* Resolved several erroneous timeout issues
* Corrected inaccurate use of CONTAINS verb in several pre-defined queries
* Updated example abuse commands on several ADCS escalation paths
* Corrected specific certificate template names on entity panels
* _\[BHE Only\]_ Fixed several bugs in Azure finding logic | _No new release._ | _No new release._ |
-| [2024-05-28 (v5.10.0)](/resources/release-notes/2024-05-09-v5-9-0) | New and Improved Features
* Improved Cypher quality controls to prevent failure and errors
* Example Active Directory data now available
* _\[BHE Only\]_ Updated reference links for all Attack Path findings
* _\[CE Only__\]_ Enable graph mutation via Cypher
Bug Fixes
* Entity panels will now appear regardless of the object type selected
* _\[CE Only\]_ Added missing package caches for offline builds | _No new release._ | _No new release._ |
-| [2024-05-09 (v5.9.0)](/resources/release-notes/2024-05-09-v5-9-0) | New and Improved Features
* Support for ADCS ESC 13 (Requires SharpHound v2.4.1+)
* Added support for GenericWrite edges to ADCS node types
* Improved performance of AZAddSecret paths
Bug Fixes
* DCSync edges will no longer be filtered out from Tier Zero / High-Value principals
* ADCS ESC 1 edges will now generate properly across multiple domains regardless of domain collection status
* Several fixes to Edge Composition responses
* _\[BHE Only\]_ Collection schedules should now consistently display their scheduled start time
* _\[BHE Only\]_ Finished Jobs Log pagination controls no longer scroll
* _\[BHE Only\]_ Improved fallback logic for the Attack Paths page in the event of an unexpected failure
* _\[CE Only__\]_ Modifying the default_admin fields will now properly reflect in a newly created environment | **SharpHound (v2.4.1 - BHE, v2.4.1 - CE)**
New and Improved Features
* Collection support for Issuance Policy Nodes
* Improved identification logic for Contains edges
* Added support for specific obsolete Trust type values
Bug Fixes
* Resolved several issues related to cross-trust collections | **AzureHound (v2.1.9)**
New and Improved Features
* Added backoff/retry logic to several calls for improved stability and resiliency
Bug Fixes
* AZAppAdmin and AZCloudAppAdmin edges will now properly link to the AzApps they target |
-| [2024-04-15 (v5.8.1)](/resources/release-notes/2024-04-15-v5-8-1) | New and Improved Features
* Improved status messaging for the File Ingest Log
* Added additional node-type statistics to Data Quality
* _\[BHE Only\]_ Improved performance for collection schedules for extremely large environments
Bug Fixes
* _\[BHE Only\]_ DcFor edges will no longer appear in the Attack Path tree view
* Resolved multiple vulnerabilities identified across the product | **v2.3.10 - BHE, v2.3.3 - CE**
Bug Fixes
* _\[BHE Only\]_ Resolved an issue where the SharpHound service would restart in specific scenarios. | _No new release._ |
-| _Please check individual release notes to read earlier summaries._ | | | |
+This page provides a a summary of recent BloodHound product releases, including release dates, version numbers, and links to detailed release notes for recent releases.
+
+See the release notes [archive](/resources/release-notes/v8-4-0) for past releases.
+
+## 2026-01-21
+
+This release includes updates for BloodHound, SharpHound, and AzureHound.
+
+| | | | |
+| ------------------------------------------------- | -------------- | -------------- | -------------- |
+| **Release** | **BloodHound** | **SharpHound** | **AzureHound** |
+| [2026-01-21](/resources/release-notes/2026-01-21) | v8.5.0 | v2.9.0 | v2.8.3 |
+
+Click the release date to see detailed release notes.
+
+### Announcements
+
+* One announcement
+* Another announcement
+
+### Features & Enhancements
+
+| Type | Component | Title |
+| --- | --- | --- |
+| New Feature | Administration
API | [Keyboard Shortcuts](/resources/release-notes/2026-01-21#bloodhound)
[Count by Kind for Selectors](/resources/release-notes/2026-01-21#bloodhound-7) |
+| Enhancement | Explore
Posture
Zone Builder | [Cypher](/resources/release-notes/2026-01-21#bloodhound-2)
[Custom Date Range Time Input](/resources/release-notes/2026-01-21#bloodhound-3)
[Privilege Zone Management (Renamed)](/resources/release-notes/2026-01-21#bloodhound-4)
[Rules Form](/resources/release-notes/2026-01-21#bloodhound-5)
[Zone and Label Forms](/resources/release-notes/2026-01-21#bloodhound-6) |
+
+### Fixed Issues
+
+9 issues resolved across BloodHound, SharpHound, and AzureHound.
+
+See the [release notes](/resources/release-notes/2026-01-21#bloodhound-8) for details.
diff --git a/docs/style.css b/docs/style.css
index f7ad5369..874999be 100644
--- a/docs/style.css
+++ b/docs/style.css
@@ -72,6 +72,11 @@ h4 {
--brand-light: #fdfeff;
}
+/* Make dark mode links more visible */
+.dark .link {
+ border-bottom-color: white;
+}
+
/* Hide previous and next links at the bottom of all pages */
#pagination {
display: none;