This is the next point release for Velociraptor - Digging deeper!
This change addresses a number of bug fixes and new features:
- Raw registry accessor leaked file handles causing issues with logon.
- Direct endpoint VQL option added to shell screen.
- GUI: Time selector is now in both UTC and Local time
- GUI: A new dark mode is available by clicking the user label (top right corner).
- Performance improvements for high scalability (>5k clients)
As always please file issues on the Github bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord
Check out the new dark mode here is a sample below.
Note: Due to the EOL of Centos 6 we started building Linux releases with Go 1.16 on Ubuntu 18.04. If you still need Centos binaries you can download those separately below for the time being but they will probably be deprecated soon.
Known issues
-
MacOS binary was built without sqlite and yara support. These were corrected and a new binary is released below.
-
If upgrading from an old release you might come across this error in the GUI:
Error: connection error: desc = "transport: authentication handshake failed: x509: certificate relies
on legacy Common Name field, use SANs or temporarily enable Common Name matching
with GODEBUG=x509ignoreCN=0"
This is because the new binary is built with Go 1.16 which enforces SAN checking on certs. If you hit this issue you have two options:
- Add
export GODEBUG=x509ignoreCN=0to the shell script in /usr/local/bin/velociraptor to accept the old behavior. - Rotate your server keys using
velociraptor --config server.config.yaml config rotate_key > new_server.config.yaml(make sure to backup your old config file).