3.16

What's Changed

• Add support for XML configuration files by @cecinestpasunepipe in #495
• Pin pytest to a version <8.0.0 for now by @pyrco in #517
• Fix hostname plugin for RedHat systems by @florisvanstal in #513
• Support Windows installations on alternative drive letters by @Schamper in #497
• Initial cookies implementation for Firefox and Chromium by @YoeriNijs in #453
• Only run CI on PR and main branch pushes by @Schamper in #512
• Fix iexplore download records to use a proper path by @pyrco in #521
• Add MUI support for timezone translations by @JSCU-CNI in #518
• Fix various unit tests with side-effects by @Schamper in #520
• Add option to add comments to keychain file by @Poeloe in #523
• Replace mimikatz binary in quarantine data with DUMMY_PAYLOAD by @Miauwkeru in #524
• Fix removing get_all_records() exports by plugin_function_index() by @pyrco in #527
• Small consistency fixes in browser plugins by @Schamper in #529
• Fix some issues with tests not being independent from other tests by @pyrco in #526
• Add mount by LABEL= for ext filesystems by @Miauwkeru in #532
• Fix escapes in Apache plugin docstring by @Schamper in #534
• Align cyber by @Schamper in #533
• Expand user home when passing a path as URI by @Schamper in #535
• Add decryption keys for FortiGate 7.0.14 and 7.4.3 by @JSCU-CNI in #536
• Add xampp paths to ApachePlugin by @JSCU-CNI in #537
• Add JSON and YAML support to configutil by @Miauwkeru in #528
• Add Brave browser plugin by @JSCU-CNI in #538
• Add docker logs plugin by @JSCU-CNI in #507
• Add Linux locate plugin by @JSCU-CNI in #505
• Add basic cpio filesystem by @JSCU-CNI in #531
• Fix bug in defender evtx that resulted in ts field value being None by @Poeloe in #543
• Apply bug workaround in plocate plugin to all PyPy versions by @Horofic in #546
• Revert back to yara-python by @Schamper in #545
• Add map_dir_from_tar and map_file_from_tar by @JSCU-CNI in #508
• Move lru_cache definitions to init by @Miauwkeru in #547
• Add a decryption function to use on a local esxi target by @Miauwkeru in #542
• Fix bug in WER plugin caused by special characters in field name by @Poeloe in #544
• Fix performance regression due to TarFilesystem by @Schamper in #552
• Fix mounting BDE GPT volumes by @Schamper in #551
• add tests for symlink logic MappedFile by @cecinestpasunepipe in #554
• Add filesystem support for vmtar by @Schamper in #553
• IIS plugin does not process logs in default dir without ApplicationHo… by @cecinestpasunepipe in #549
• Document supported configurations for the Velociraptor loader by @Zawadidone in #558
• Extend AllowedIPs in wireguard to accept multiple ip addresses by @Miauwkeru in #555
• Mount volumes to drive letters in Velociraptor loader by @Schamper in #560
• Fix consistency in HAVE_/HAS_ constants by @Schamper in #564
• Fix Carbon Black SDK dependency by @Schamper in #565
• Improve target registry tool by @JSCU-CNI in #561
• Add more FortiGate keys and decryption tests by @yunzheng in #568
• Add lru_cache for UsersPlugin's find method by @Poeloe in #567

New Contributors

• @florisvanstal made their first contribution in #513
• @YoeriNijs made their first contribution in #453

Full Changelog: 3.15...3.16