Skip to content

Release 0.72

Compare
Choose a tag to compare
@scudette scudette released this 11 Mar 13:55
· 315 commits to master since this release
bb90be3

I am very excited to announce that the latest Velociraptor release 0.72 is now live!

Detailed release notes are at https://docs.velociraptor.app/blog/2024/2024-03-10-release-notes-0.72/

This release brings many new features:

  1. EWF Support - In this release, Velociraptor supports EWF (AKA E01) format using the
    ewf accessor. This allows Velociraptor to analyze E01 image sets.

  2. Allow remapping clients to use SSH accessor - This release added the ability to apply remapping in a similar way to
    the dead disk image method above to run a Virtual Client which
    connects to the remote system via SSH and emulates filesystem access
    over the sftp protocol.

  3. Undo/Redo for notebook cells

  4. Hunt view GUI is now paged

  5. Secret Management - This release introduces Secrets as a first class concept within
    VQL. A Secret is a specific data object (key/value pairs) given a
    name which is used to configure credentials for certain plugins

  6. Implemented Websocket based communication mechanism - In this release, Velociraptor introduces support for websockets as a
    communications protocol. The websocket protocol is designed for low
    latency and low overhead continouus communications method between
    clients and server (and is already used by e.g. most major social
    media platforms).

  7. Dynamic DNS providers - The 0.72 release has now switched to CloudFlare as our default
    preferred Dynamic DNS provider. We also added noip.com as a second
    option.

  8. Enhanced proxy support - The 0.72 release introduces more complex proxy condition
    capabilities. It is now possible to specify which proxy to use for
    which URL based on a set of regular expressions. Also PAC files are now supported.

  9. Process memory access on MacOS

  10. Multipart uploaders to http_client() - This release adds the files parameter to the http_client()
    plugin. This simplifies uploading multiple files and automatically
    streams those files without memory buffering - allowing very large
    files to be uploaded this way.

  11. Yara plugin can now accept compiled rules.

There are many more changes, bug fixes and features - please review the blog post here for the full details.

If you find any issues please file an issue on GitHub or chat with us on our discord server.

Version scheme update

Note that this release is 0.72 which is a different scheme from previous releases. You can read more about the reasons for this version scheme changes here

Known issues

Release 0.72.1 addresses a number of issues:

  1. Bugfix: Dashboard ignores the StartTime (#3464)
  2. Bugfix: Hunt dispatcher did not expire hunts (#3468)
  3. Bugfixes: Handle empty timelines (#3456)
  4. Enabled panic file for windows service. (#3463)
  5. Make Logging from Windows service optional (#3480)
  6. Added housekeep loop for client info manager. (#3479)

Release 0.72.3 addresses the following:

  1. Bugfix: Deadlock in accessor LRU - this could sometimes cause the client to take a long time or fail to complete artifacts with very heavy IO processing
  2. Remove group by in event artifacts and fixed MacOS WiFi artifacts
  3. Rewrote MemcacheFileDataStore to be more efficient. - The Memcache filestore is only used in Master/Minion configurations and this fixed a number of critical bugs in this implementation.

Release 0.72.4 addresses the following:

  1. Bugfix: Usernames can now contain unicode for i8n support.
  2. Bugfix: Update index when processing automated client metadata
  3. Bugfix: Automatic import of x509 encrypted offline collections.
  4. Bugfix: Handle NULL in stacking
  5. Optimize hunt_dispatcher GetFlows() API
  6. Thread pool flow deletion
  7. Bugfix: Memory leak in diff plugin
  8. Bugfix: S3 accessor was unable to handle 416 byte range error.
  9. Added ext4 and raw_ext4 accessors.