Skip to content

Release 0.72

Latest
Latest
Compare
Choose a tag to compare
@scudette scudette released this 11 Mar 13:55
· 96 commits to master since this release
v0.72
bb90be3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

I am very excited to announce that the latest Velociraptor release 0.72 is now live!

Detailed release notes are at https://docs.velociraptor.app/blog/2024/2024-03-10-release-notes-0.72/

This release brings many new features:

  1. EWF Support - In this release, Velociraptor supports EWF (AKA E01) format using the
    ewf accessor. This allows Velociraptor to analyze E01 image sets.

  2. Allow remapping clients to use SSH accessor - This release added the ability to apply remapping in a similar way to
    the dead disk image method above to run a Virtual Client which
    connects to the remote system via SSH and emulates filesystem access
    over the sftp protocol.

  3. Undo/Redo for notebook cells

  4. Hunt view GUI is now paged

  5. Secret Management - This release introduces Secrets as a first class concept within
    VQL. A Secret is a specific data object (key/value pairs) given a
    name which is used to configure credentials for certain plugins

  6. Implemented Websocket based communication mechanism - In this release, Velociraptor introduces support for websockets as a
    communications protocol. The websocket protocol is designed for low
    latency and low overhead continouus communications method between
    clients and server (and is already used by e.g. most major social
    media platforms).

  7. Dynamic DNS providers - The 0.72 release has now switched to CloudFlare as our default
    preferred Dynamic DNS provider. We also added noip.com as a second
    option.

  8. Enhanced proxy support - The 0.72 release introduces more complex proxy condition
    capabilities. It is now possible to specify which proxy to use for
    which URL based on a set of regular expressions. Also PAC files are now supported.

  9. Process memory access on MacOS

  10. Multipart uploaders to http_client() - This release adds the files parameter to the http_client()
    plugin. This simplifies uploading multiple files and automatically
    streams those files without memory buffering - allowing very large
    files to be uploaded this way.

  11. Yara plugin can now accept compiled rules.

There are many more changes, bug fixes and features - please review the blog post here for the full details.

If you find any issues please file an issue on GitHub or chat with us on our discord server.

Version scheme update

Note that this release is 0.72 which is a different scheme from previous releases. You can read more about the reasons for this version scheme changes here

Known issues

Release 0.72.1 addresses a number of issues:

  1. Bugfix: Dashboard ignores the StartTime (#3464)
  2. Bugfix: Hunt dispatcher did not expire hunts (#3468)
  3. Bugfixes: Handle empty timelines (#3456)
  4. Enabled panic file for windows service. (#3463)
  5. Make Logging from Windows service optional (#3480)
  6. Added housekeep loop for client info manager. (#3479)
Assets 42