v9.1.0 (#2614)

Co-authored-by: Mike Hunhoff <[email protected]>

Author: Willi Ballenthin

CHANGELOG.md

@@ -6,18 +6,11 @@
 
 ### Breaking Changes
 
-### New Rules (4)
+### New Rules (0)
 
-- host-interaction/registry/change-registry-key-timestamp [email protected]
-- host-interaction/mutex/check-mutex-and-terminate-process-on-windows @_re_fox [email protected] [email protected]
-- anti-analysis/anti-forensic/clear-logs/clear-windows-event-logs-remotely [email protected]
 -
 
 ### Bug Fixes
-- only parse CAPE fields required for analysis @mike-hunhoff #2607
-- main: render result document without needing associated rules @williballenthin #2610
-- vmray: only verify process OS and monitor IDs match @mike-hunhoff #2613
-- render: don't assume prior matches exist within a thread @mike-hunhoff #2612
 
 ### capa Explorer Web
 
@@ -26,8 +19,30 @@
 ### Development
 
 ### Raw diffs
-- [capa v9.0.0...master](https://github.com/mandiant/capa/compare/v9.0.0...master)
-- [capa-rules v9.0.0...master](https://github.com/mandiant/capa-rules/compare/v9.0.0...master)
+- [capa v9.1.0...master](https://github.com/mandiant/capa/compare/v9.1.0...master)
+- [capa-rules v9.1.0...master](https://github.com/mandiant/capa-rules/compare/v9.1.0...master)
+
+## v9.1.0
+
+This release improves a few aspects of dynamic analysis, relaxing our validation on fields across many CAPE versions, for example.
+It also includes an updated rule pack in which many dynamic rules make better use of the "span of calls" scope.
+
+
+### New Rules (3)
+
+- host-interaction/registry/change-registry-key-timestamp [email protected]
+- host-interaction/mutex/check-mutex-and-terminate-process-on-windows @_re_fox [email protected] [email protected]
+- anti-analysis/anti-forensic/clear-logs/clear-windows-event-logs-remotely [email protected]
+
+### Bug Fixes
+- only parse CAPE fields required for analysis @mike-hunhoff #2607
+- main: render result document without needing associated rules @williballenthin #2610
+- vmray: only verify process OS and monitor IDs match @mike-hunhoff #2613
+- render: don't assume prior matches exist within a thread @mike-hunhoff #2612
+
+### Raw diffs
+- [capa v9.0.0...v9.1.0](https://github.com/mandiant/capa/compare/v9.0.0...v9.1.0)
+- [capa-rules v9.0.0...v9.1.0](https://github.com/mandiant/capa-rules/compare/v9.0.0...v9.1.0)
 
 ## v9.0.0
 

capa/version.py

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-__version__ = "9.0.0"
+__version__ = "9.1.0"
 
 
 def get_major_version():

web/public/index.html

@@ -214,22 +214,36 @@ <h2 class="mt-3">Rule Updates</h2>
 
       <ul class="mt-2 ps-5">
         <!-- TODO(williballenthin): add date -->
+
+        <li>
+          added:
+          <a href="./rules/change registry key timestamp/">
+            change registry key timestamp
+          </a>
+        </li>
+
         <li>
           added:
-          <a href="./rules/use bigint function/">
-            use bigint function
+          <a href="./rules/check mutex and terminate process on windows/">
+            check mutex and terminate process on Windows
           </a>
         </li>
 
         <li>
           added:
-          <a href="./rules/encrypt data using RSA via embedded library/">
-            encrypt data using RSA via embedded library
+          <a href="./rules/clear windows event logs remotely/">
+            clear windows event logs remotely
           </a>
         </li>
       </ul>
 
       <h2 class="mt-3">Tool Updates</h2>
+      
+      <h3 class="mt-2">v9.1.0 (<em>2025-03-02</em>)</h3>
+      <p class="mt-0">
+        This release improves a few aspects of dynamic analysis, relaxing our validation on fields across many CAPE versions, for example.
+        It also includes an updated rule pack in which many dynamic rules make better use of the "span of calls" scope.
+      </p>
 
       <h3 class="mt-2">v9.0.0 (<em>2025-02-05</em>)</h3>
       <p class="mt-0">