diff --git a/docs/assets/opengraph/opengraph-node.json b/docs/assets/opengraph/opengraph-node.json
index 4dbcef0c..73b3f3f4 100644
--- a/docs/assets/opengraph/opengraph-node.json
+++ b/docs/assets/opengraph/opengraph-node.json
@@ -37,7 +37,7 @@
"kinds": {
"type": ["array"],
"items": { "type": "string" },
- "minItems": 1,
+ "minItems": 0,
"maxItems": 3,
"description": "An array of kind labels for the node. The first element is treated as the node's primary kind and is used to determine which icon to display in the graph UI. This primary kind is only used for visual representation and has no semantic significance for data processing."
}
diff --git a/docs/docs.json b/docs/docs.json
index 0e5442f2..fc307eb1 100644
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -880,14 +880,15 @@
"group": "Release Notes",
"pages": [
"resources/release-notes/summary",
+ "resources/release-notes/2026-06-16",
"resources/release-notes/2026-05-28",
- "resources/release-notes/2026-05-06",
{
"group": "Archive",
"pages": [
{
"group": "2026",
"pages": [
+ "resources/release-notes/2026-05-06",
"resources/release-notes/2026-04-13",
"resources/release-notes/2026-03-23",
"resources/release-notes/2026-03-04",
diff --git a/docs/opengraph/developer/nodes.mdx b/docs/opengraph/developer/nodes.mdx
index 7a63aa56..2d8864b7 100644
--- a/docs/opengraph/developer/nodes.mdx
+++ b/docs/opengraph/developer/nodes.mdx
@@ -189,7 +189,7 @@ Use the following JSON schema for validation requirements. You can also download
"kinds": {
"type": ["array"],
"items": { "type": "string" },
- "minItems": 1,
+ "minItems": 0,
"maxItems": 3,
"description": "An array of kind labels for the node. The first element is treated as the node's primary kind and is used to determine which icon to display in the graph UI. This primary kind is only used for visual representation and has no semantic significance for data processing."
}
diff --git a/docs/resources/release-notes/2026-05-28.mdx b/docs/resources/release-notes/2026-05-28.mdx
index d5ed6563..f0a9c296 100644
--- a/docs/resources/release-notes/2026-05-28.mdx
+++ b/docs/resources/release-notes/2026-05-28.mdx
@@ -179,11 +179,3 @@ sidebarTitle: "2026-05-28"
- {/*BED-6632*/} Resolved an issue where local principal kinds were labeled inconsistently, which could lead to incorrect handling of local group and local user objects.
- {/*BED-7625*/} Resolved an issue where [`AllowedToDelegate`](/resources/edges/allowed-to-delegate) edges were not created when `msDS-AllowedToDelegateTo` values existed but specific delegation flags were not set.
-
-
- ## Collection Compatibility
-
- 
-
- {/*BED-8176*/} Resolved an issue for hosted `edge-*` AzureHound container images where an invalid collector version string caused BloodHound to reject uploads from the collector as unsupported.
-
diff --git a/docs/resources/release-notes/2026-06-16.mdx b/docs/resources/release-notes/2026-06-16.mdx
new file mode 100644
index 00000000..979a98b3
--- /dev/null
+++ b/docs/resources/release-notes/2026-06-16.mdx
@@ -0,0 +1,176 @@
+---
+title: 2026-06-16 Release Notes
+description: Learn about new features, enhancements, and fixed issues in BloodHound.
+sidebarTitle: "2026-06-16"
+---
+
+| | | | | |
+| --- | --- | --- | --- | --- |
+| **Release** | **BloodHound** | **OpenHound** | **SharpHound** | **AzureHound** |
+| 2026-06-16 | v9.3.0 | v0.2.0 | No release | v2.12.2 |
+
+
+ Use the filters on the right side of this page to narrow down the updates by component. You can select multiple filters at the same time to refine your results.
+
+
+
+ {/*BED-8516*/}
+ ## Jamf API Client Authentication
+
+ Authenticate the OpenHound Jamf collector with a Jamf Pro API client instead of relying on a Jamf user account and password.
+
+ This update adds support for Jamf [API clients](/openhound/collectors/jamf/collect-data) as the recommended authentication method. API clients are not tied to a user account, can be scoped to a dedicated API role, and can be rotated or revoked independently, making them a better fit for production environments and least-privilege access.
+
+
+
+ {/*BED-8357*/}
+ ## GitHub Enterprise SSO Support
+
+ Connect OpenHound to GitHub Enterprise environments that enforce single sign-on at the enterprise level.
+
+ This update addresses authentication failures in GitHub Enterprise environments where SSO blocked OpenHound from accessing repositories through the configured GitHub App.
+
+
+
+ {/*BED-8336*/}
+ ## Role-Based Access Hardening
+
+ Read access for the **User**, **Power User**, and **Read-only** roles has been reduced to limit exposure to sensitive user data and administrative API endpoints.
+
+ This update refines the permission model for administration-related APIs so these roles retain access only to the endpoints and data required for their supported workflows.
+
+ For example, these roles can use the [List Users Minimal](/reference/bloodhound-users/list-users-minimal) endpoint to read user data, but cannot access sensitive information through the broader [List Users](/reference/bloodhound-users/list-users) endpoint.
+
+
+
+ {/*BED-7765*/}
+ ## Auditor Access Improvements
+
+ Users with the **Auditor** role can now view the **Manage Users** and **Manage Clients** tables without requiring the permissions needed to create or modify those resources.
+
+ This update adds read-only access to those management views while keeping administrative actions such as **Create User**, **Create Client**, and other modification workflows restricted to the **Admin** role.
+
+
+
+ {/*BED-7263*/}
+ ## Expanded Audit Logging
+
+ [Audit logs](/reference/audit/list-audit-logs) now capture additional high-risk user actions, including running Cypher queries, editing collector clients or schedules, and running on-demand collections.
+
+ This change improves visibility into sensitive operator actions for security reviews and compliance workflows.
+
+
+
+ {/*BED-7226*/}
+ ## Accessibility Improvements
+
+ Data tables now provide more accessible headers, sorting behavior, keyboard navigation, and screen reader announcements.
+
+ This update improves table usability across supported browsers and helps align the experience with WCAG 2.1 accessibility requirements.
+
+
+
+ {/*BED-8233, BED-8234*/}
+ ## OpenGraph Extension Namespace Visibility
+
+ The [List OpenGraph Extensions Information](/reference/opengraph-experimental/list-opengraph-extensions-information) endpoint now includes each extension's [`namespace`](/opengraph/developer/graph-definition#param-namespace) key in its response body.
+
+ This change gives the API and the [OpenGraph Management](/opengraph/extensions/manage) page the information needed to expose the namespace prefix used for extension-defined node types.
+
+
+
+ {/*BED-8246*/}
+
+ ## Full-Path Highlighting
+
+ When you select a node in the graph, BloodHound now dims paths that do not traverse the selected node. This includes inbound and outbound object control, making it easier to isolate how a node participates in longer Attack Paths.
+
+ Full-path highlighting is enabled by default. See [Object interaction](/analyze-data/explore/search#object-interaction) for more information.
+
+
+
+ ## Analysis Performance Improvements
+ {/*BED-8361, BED-8362, BED-8363, BED-8364, BED-8365*/}
+ Optimized processing logic for the following edge types, significantly reducing time in analysis:
+
+ - [Owns](/resources/edges/owns)
+ - [WriteOwner](/resources/edges/write-owner)
+ - [EnrollOnBehalfOf](/resources/edges/enroll-on-behalf-of)
+ - [ADCSESC1](/resources/edges/adcs-esc1)
+ - [ADCSESC3](/resources/edges/adcs-esc3)
+ - [ADCSESC4](/resources/edges/adcs-esc4)
+ - [ADCSESC6a](/resources/edges/adcs-esc6a)
+ - [ADCSESC6b](/resources/edges/adcs-esc6b)
+ - [ADCSESC13](/resources/edges/adcs-esc13)
+ - [SyncLAPSPassword](/resources/edges/sync-laps-password)
+ - [ReadLAPSPassword](/resources/edges/read-laps-password)
+ - [DCSync](/resources/edges/dc-sync)
+ - [CanRDP](/resources/edges/can-rdp)
+ - [AdminTo](/resources/edges/admin-to)
+ - [ExecuteDcom](/resources/edges/execute-dcom)
+ - [CanPSRemote](/resources/edges/can-ps-remote)
+
+
+
+ {/*BED-8277*/}
+ ## Pre-Installed SpecterOps Extensions
+
+
+
+ BloodHound Enterprise now includes pre-installed OpenGraph extensions for GitHub, Jamf, and Okta. This streamlines extension management by making these supported extensions available without a separate installation step.
+
+ See [OpenGraph Extensions](/opengraph/extensions/manage) to learn more.
+
+
+
+ {/*BED-8207*/}
+ ## Updated Attack Path Type Names
+
+
+
+ The **Attack Paths** table on the **Posture** page now uses Privilege Zones terminology (where appropriate) instead of older **Tier Zero** naming.
+
+ This update keeps Attack Path type names aligned with the latest findings documentation in BloodHound Enterprise.
+
+
+
+ {/*BED-8186*/}
+ ## Search Across Certification Statuses
+
+
+
+ Search for objects across all [certification statuses](/analyze-data/privilege-zones/certification#by-status) in Zone Builder.
+
+ This improvement helps you confirm whether a specific object is already present in a zone without selecting each certification status separately and running multiple searches.
+
+
+
+ ## API
+
+ {/*BED-6775*/} Resolved an issue where the **Composition** and **Relay Target** accordions in the Entity panel did not populate in the following ADCS edges, causing the related node and edge data to appear empty:
+ - [CoerceAndRelayNTLMToADCS](/resources/edges/coerce-and-relay-ntlm-to-adcs)
+ - [CoerceAndRelayNTLMToSMB](/resources/edges/coerce-and-relay-ntlm-to-smb)
+ - [ADCSESC1](/resources/edges/adcs-esc1)
+ - [ADCSESC3](/resources/edges/adcs-esc3)
+
+ ## Cypher
+
+ - {/*BED-7759*/} Fixed an issue where editing a saved query while another query was selected displayed the wrong query in the edit box, potentially causing you to overwrite the wrong saved query.
+ - {/*BED-8360*/} Fixed a performance issue where reusing Cypher query variables caused queries to run significantly slower instead of making them more restrictive as intended.
+
+ ## Posture
+
+
+
+ {/*BED-8392*/} Resolved an issue where enabling **Logarithmic Chart Scale** caused the **Historical Findings** and **Total Attack Paths** charts to go blank.
+
+
+
+ {/*BED-8389*/} Resolved an issue where the the OpenHound Okta collector appeared to connect successfully but returned incomplete data, with relevant Okta-based saved queries returning no results.
+
+
+
+
+
+ {/*BED-8176*/} Resolved an issue for hosted `edge-*` AzureHound container images where an invalid collector version string caused BloodHound to reject uploads from the collector as unsupported.
+
diff --git a/docs/resources/release-notes/summary.mdx b/docs/resources/release-notes/summary.mdx
index a8faea26..e079c64f 100644
--- a/docs/resources/release-notes/summary.mdx
+++ b/docs/resources/release-notes/summary.mdx
@@ -6,7 +6,49 @@ sidebarTitle: Summary
This page provides a summary of recent BloodHound product releases, including release dates, version numbers, and links to detailed release notes.
-See the release notes [archive](/resources/release-notes/v8-4-0) for previous releases.
+
+ See the release notes [archive](/resources/release-notes/v8-4-0) for previous releases.
+
+
+## 2026-06-16
+
+| | | | | |
+| --- | --- | --- | --- | --- |
+| **Release** | **BloodHound** | **OpenHound** | **SharpHound** | **AzureHound** |
+| 2026-06-16 | v9.3.0 | v0.2.0 | No release | v2.12.2 |
+
+This release expands OpenHound authentication support, improves visibility and access control across BloodHound administration workflows, and speeds up analysis. Key highlights include:
+
+- **Access control**: Limit sensitive user data and administration API access for non-administrator roles.
+- **Audit logging**: Capture and review more operator actions in audit logs.
+- **Explore**: Highlight only the paths that traverse a selected node in the graph.
+- **OpenHound**: Use an API client to authenticate the Jamf collector.
+
+### New Features
+
+| Component | Update | Summary |
+| --- | --- | --- |
+| Data Collection | [Jamf API Client Authentication](/resources/release-notes/2026-06-16#jamf-api-client-authentication) | Authenticate the OpenHound Jamf collector with a Jamf Pro API client. |
+| Data Collection | [GitHub Enterprise SSO Support](/resources/release-notes/2026-06-16#github-enterprise-sso-support) | Connect OpenHound to GitHub Enterprise environments that enforce enterprise-level single sign-on. |
+
+### Enhancements
+
+| Component | Update | Summary |
+| --- | --- | --- |
+| Administration | [Role-Based Access Hardening](/resources/release-notes/2026-06-16#role-based-access-hardening) | Limit sensitive user data and administration API access for the **User**, **Power User**, and **Read-only** roles. |
+| Administration | [Auditor Access Improvements](/resources/release-notes/2026-06-16#auditor-access-improvements) | Let users with the **Auditor** role review **Manage Users** and **Manage Clients** tables without gaining modification permissions. |
+| Administration | [Expanded Audit Logging](/resources/release-notes/2026-06-16#expanded-audit-logging) | Capture more high-risk user actions in audit logs, including Cypher execution and collector operations. |
+| Accessibility | [Accessibility Improvements](/resources/release-notes/2026-06-16#accessibility-improvements) | Navigate data tables more effectively with improved headers, sorting behavior, keyboard support, and screen reader announcements. |
+| API | [OpenGraph Extension Namespace Visibility](/resources/release-notes/2026-06-16#opengraph-extension-namespace-visibility) | View each extension's namespace in the OpenGraph extension information API response. |
+| Explore | [Full-Path Highlighting](/resources/release-notes/2026-06-16#full-path-highlighting) | Highlight the full path through a selected node so you can better isolate how it participates in longer Attack Paths. |
+| BloodHound Enterprise OpenGraph | [Pre-Installed SpecterOps Extensions](/resources/release-notes/2026-06-16#pre-installed-specterops-extensions) | Use supported GitHub, Jamf, and Okta OpenGraph extensions in BloodHound Enterprise without a separate installation step. |
+| Post-Processing | [Analysis Performance Improvements](/resources/release-notes/2026-06-16#analysis-performance-improvements) | See results faster with significantly reduced time in analysis. |
+| Posture (Enterprise) | [Updated Attack Path Type Names](/resources/release-notes/2026-06-16#updated-attack-path-type-names) | Review **Attack Paths** with terminology that matches the latest findings documentation. |
+| Zone Builder (Enterprise) | [Search Across Certification Statuses](/resources/release-notes/2026-06-16#search-across-certification-statuses) | Search across all certification statuses to confirm whether an object is already present in a zone. |
+
+### Fixed Issues
+
+See the [release notes](/resources/release-notes/2026-06-16#bloodhound-11) for a full list of fixed issues in this release.
## 2026-06-01