Release Notes¶

Mayhem 2.10.02¶

October 09, 2024

Revised Web Console UI and run result displays
Mayhem can now ingest third-party SBOMs and generate a Dynamic SBOM of container attack surface from within the UI. To use this, Mayhem must already have a profile of your container's runtime behavior. Currently supports SPDX and CycloneDX.
Native support for analyzing virtualized electronic control units (vECUs). Supports vECUs generated with Vector's vVirtualTarget or exposing the Vector OpenSUT API. Use mayhem init --template=opensut to configure Mayhem to trigger and record vECU pins.
Harness templates for C/C++ can be automatically generated using mayhem init --template and its subcommands. Currently supports uninstrumented binaries and common fuzz testing instrumentation
New defects in Mayhem projects now trigger email alerts to project members. Alerts are sent nightly and include all new defects found by Mayhem.
Mayhem's internal registry now inherits access control from the roles and access levels of Mayhem projects. Users can only view/retrievew/analyze artificats associated with projects they have access to. Admins must enable Internal Registry Auth Scoping in the web console for this to take effect.

Significant performance improvements for analysis and triage of all Windows binaries, along with improved performance for analyzing msvc compiled binaries
Fixed an issue that slowed and/or blocked analysis of multi-threaded targets with network I/O
Fixed an issue where counts of analysis runs and active analysis runs were transposed in the Mayhem Web Console
Changed how test case numbers are passed from analysis nodes to Mayhem for triage. This resolves several issues where test case numbers or specific test cases showed up inconsistenly between the CLI and UI
Line coverage now properly respects the cwd setting for current working directories