version v9 (#2590)

williballenthin · web-flow · commit 736ad1cbc8f5 · 2025-02-05T09:41:32.000+01:00
* v9.0.0

* changelog: remove testing rule file

* changelog: v9

* changelog: v9

* update homepage with v9 release
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,35 @@
 
 ### New Features
 
+### Breaking Changes
+
+### New Rules (0)
+
+-
+
+### Bug Fixes
+
+### capa Explorer Web
+
+### capa Explorer IDA Pro plugin
+
+### Development
+
+### Raw diffs
+- [capa v9.0.0...master](https://github.com/mandiant/capa/compare/v9.0.0...master)
+- [capa-rules v9.0.0...master](https://github.com/mandiant/capa-rules/compare/v9.0.0...master)
+
+## v9.0.0
+
+This release introduces a new scope for dynamic analysis, "span of calls",
+ that matches features against a across a sliding window of API calls within a thread.
+Its useful for identifying behaviors that span multiple API calls,
+ such as `OpenFile`/`ReadFile`/`CloseFile`, without having to analyze an entire thread, which may be very long.
+
+The release also contains a number of bug fixes and enhancements by new contributors: @v1bh475u and @dhruvak001. Welcome and thank you!
+
+### New Features
+
 - add warning for dynamic .NET samples #1864 @v1bh475u
 - add lint for detecting duplicate features in capa-rules #2250 @v1bh475u
 - add span-of-calls scope to match features against a across a sliding window of API calls within a thread @williballenthin #2532
@@ -15,13 +44,12 @@
 - add span-of-calls scope to rule format
 - capabilities functions return dataclasses instead of tuples
 
-### New Rules (4)
+### New Rules (3)
 
 - data-manipulation/encryption/rsa/encrypt-data-using-rsa-via-embedded-library @Ana06
 - data-manipulation/encryption/use-bigint-function @Ana06
-- nursery/dynamic-add-veh wballenthin@google.com
 - internal/limitation/dynamic/internal-dotnet-file-limitation @v1bh475u
--
+
 
 ### Bug Fixes
 
@@ -45,8 +73,8 @@
 - documentation: Improve CLA and Code of Conduct information in CONTRIBUTING @Ana06
 
 ### Raw diffs
-- [capa v8.0.1...master](https://github.com/mandiant/capa/compare/v8.0.1...master)
-- [capa-rules v8.0.1...master](https://github.com/mandiant/capa-rules/compare/v8.0.1...master)
+- [capa v8.0.1...v9.0.0](https://github.com/mandiant/capa/compare/v8.0.1...v9.0.0)
+- [capa-rules v8.0.1...v9.0.0](https://github.com/mandiant/capa-rules/compare/v8.0.1...v9.0.0)
 
 ## v8.0.1
 
diff --git a/capa/version.py b/capa/version.py
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-__version__ = "8.0.1"
+__version__ = "9.0.0"
 
 
 def get_major_version():
diff --git a/rules b/rules
@@ -1 +1 @@
-Subproject commit c0aa922f208dba7fdba0e3774ffecbd7cb9bfe7e
+Subproject commit 79afc557f1651971ac0e70b9352f0cfed24b5645
diff --git a/web/public/index.html b/web/public/index.html
@@ -216,22 +216,35 @@ <h2 class="mt-3">Rule Updates</h2>
         <!-- TODO(williballenthin): add date -->
         <li>
           added:
-          <a href="./rules/overwrite DLL .text section to remove hooks/">
-            overwrite DLL .text section to remove hooks
+          <a href="./rules/use bigint function/">
+            use bigint function
           </a>
         </li>
 
         <li>
           added:
-          <a href="./rules/attach BPF to socket on Linux/">
-            attach BPF to socket on Linux
+          <a href="./rules/encrypt data using RSA via embedded library/">
+            encrypt data using RSA via embedded library
           </a>
         </li>
       </ul>
 
       <h2 class="mt-3">Tool Updates</h2>
 
-      <h3 class="mt-2">v8.0.0 (<em>2024-12-09</em>)</h3>
+      <h3 class="mt-2">v9.0.0 (<em>2025-02-05</em>)</h3>
+      <p class="mt-0">
+        This release introduces a new scope for dynamic analysis, "span of calls",
+         that matches features against a across a sliding window of API calls within a thread.
+        Its useful for identifying behaviors that span multiple API calls,
+         such as <code>OpenFile</code>/<code>ReadFile</code>/<code>CloseFile</code>,
+        without having to analyze an entire thread, which may be very long.
+
+        The release also contains a number of bug fixes and enhancements by new contributors:
+         <a href="https://github.com/v1bh475u">@v1bh475u</a> and <a href="https://github.com/dhruvak001">@dhruvak001</a>.
+        Welcome and thank you!
+      </p>
+
+      <h3 class="mt-2">v8.0.1 (<em>2024-12-09</em>)</h3>
       <p class="mt-0">
         This point release fixes an issue with the IDAPython API to now handle IDA Pro 8.3, 8.4, and 9.0 correctly.
       </p>
