Updated Contributing guidance (Velocidex#1266)

Consolidated all the information in one place so that we don't end up
with inconsistency.

Also added 0.77 release notes draft.

Author: predictiple

.wordlist.txt

@@ -2185,5 +2185,12 @@ lookaheads
 lookbehind
 storedQuery
 subexpression
-truthy
-zulp
+
+Dockerfile
+HMAC
+KQL
+integrations
+linter
+misconfigurations
+scrollable
+submodule

README.md

@@ -2,35 +2,15 @@
 
 This is the documentation site for Velociraptor - digging deeper!
 
-## Building this site
 
-The site uses the static website generator [Hugo](https://gohugo.io).
+## Contributing Content
 
-To develop on the site:
-1. clone this repository by running the following git clone command
-   ```
-   git clone https://github.com/Velocidex/velociraptor-docs.git
-   ```
+For guidance on developing and contributing content, including
+Velociraptor community artifacts, please see the
+[Documentation Development Guidelines](https://docs.velociraptor.app/dev/)
+section on our documentation site.
 
-2. Run Hugo:
-   1. Run Hugo with a natively installed version
-   ```
-   hugo serve
-   ```
-
-   2. Alternatively you can run hugo in docker as such:
-   ```
-   docker run --rm -it -v $(pwd):/src -p 1313:1313 hugomods/hugo server
-   ```
-
-3. Open your browser to http://localhost:1313.
-
-   This will bring up a local web server where you can see your changes.
-
-In future sessions, you might need to run one or more of the Python
- scripts listed in the [Makefile](Makefile).  Rebuilding the reference
- indices with these scripts should clear `REF_NOT_FOUND` errors during
- Hugo server startup.  Scripts require `pyyaml`.
+---
 
 Shield: [![CC BY-NC-SA 4.0][cc-by-nc-sa-shield]][cc-by-nc-sa]
 

config.yaml

@@ -6,9 +6,8 @@ theme: "hugo-theme-learn"
 disqusShortname: velocidex-velociraptor
 security:
   allowContent:
-    - text/html
-    - text/markdown
-#  enableInlineShortcodes: true
+    - "text/html"
+    - "text/markdown"
 
 enableGitInfo: true
 

content/blog/2026/2026-05-31-release-notes-0.77/_index.md

@@ -0,0 +1,220 @@
+---
+title: "Velociraptor 0.77 Release"
+description: Velociraptor Release 0.77 is now available
+author: "Mike Cohen"
+date: 2026-05-31
+draft: true
+tags:
+  - Release
+---
+
+I am very excited to announce that the latest Velociraptor release
+0.77 is now available.
+
+In this post I will discuss some of the new features introduced by
+this release.
+
+## New Features
+
+- **Interactive shell sessions.** The shell is no longer a one-shot
+  affair. Commands now run inside persistent sessions where each
+  command builds on the last, with all output visible in a single
+  scrollable view. Each command appends to the same flow, replacing
+  the previous approach where each interaction ran as a separate flow.
+  Graceful timeouts, CSS improvements, and proper stdin lifecycle
+  management have also been added. Flow requests are now stored in a
+  separate data store file.
+
+- **User messaging.** Messages can now be sent to GUI users via the
+  `user_message()` VQL function, which means they can be packaged into
+  server artifacts and set up by server operators. A new
+  `Server.Monitoring.RSSFeeds` artifact is provided as an example: it
+  polls RSS feeds (such as Velociraptor's own CVE and blog feeds) and
+  automatically emits user notifications when new items appear.
+
+- **Azure Data Explorer (ADX) upload.** A new `adx_upload()` VQL plugin
+  uploads rows to Azure Data Explorer for KQL-based analysis, along
+  with a `ADX Creds` secret type for securely managing credentials. A
+  corresponding server event artifact (`ADX.Flows.Upload`) is provided
+  that uses this plugin to forward flow results to ADX. This mirrors
+  the existing Splunk and Elastic upload integrations, and has been
+  tested in production engagements.
+
+- **Artifact verifier overrides.** The artifact verifier now emits
+  structured errors and warnings that can be selectively disabled on a
+  per- artifact basis. To suppress a specific linter error, add a `//
+linter:` comment to the VQL snippet with the error name and an
+  optional subject regex.
+
+- **Loading artifact packs from zips.** Zip files can now be imported
+  directly with the `--definitions` flag, avoiding the need to
+  manually unzip them first. This is especially useful when
+  distributing collections of artifacts as a single archive file.
+
+- **OIDC role assignment rework.** Automated OIDC role assignment now
+  supports removing access from users (roles are no longer treated as
+  a minimum floor). Custom claims from Azure ID tokens can also be
+  used for more granular role mapping.
+
+- **Velociraptor Docker container.** An officially supported
+  Docker-based container is now available, and a Dockerfile,
+  compose.yaml, and supporting configuration files. This makes it
+  easier to deploy Velociraptor in containerized environments.
+
+## GUI Improvements
+
+This release improves a number of GUI features.
+
+- **Redesigned Shell interface** now uses sessions where each
+  command builds on the previous one.
+
+- **User messaging system** for sending notifications directly in the
+  GUI.
+
+  ![](notification.png)
+
+  The new `Server.Monitoring.RSSFeeds` artifact polls RSS feeds
+  and alerts users about new items, such as critical CVEs or blog
+  posts.
+
+- **GUI state stored in sessionStorage**, preserving state when
+  switching between screens.
+
+- **Filters added to the user management screen** for easier user
+  lookup.
+
+## CLI Improvements
+
+- **New CLI run syntax** with reworked command line parser.
+
+  The CLI has a new syntax for running artifacts from the command line.
+  The new `--api_config` flag supports collecting artifacts remotely and
+  fetching results via the API.
+
+- **API support for the `artifacts collect` command**, allowing remote
+  collection and result fetching over the API. Also added the
+  `artifacts fetch` command for fetching remote artifact results.
+
+- **Zip file import with the `--definitions` flag** for loading artifact
+  packs.
+
+### Performance and operational improvements
+
+- **Memory allocation limits.** Velociraptor now places limits on memory
+  allocations to prevent out of memory errors during large collections
+  or data processing tasks.
+
+- **EVTX preferred message language.** The EVTX parser has been updated to
+  support a preferred message language, allowing Windows event log
+  messages to be rendered in the specified language when available.
+
+- **Refactored hunt dispatcher.** The hunt dispatcher internals have
+  been reworked for improved tracking and reliability of hunt state
+  management.
+
+- **Refactored journal service.** The journal service has been updated
+  with more efficient artifact type discovery and stricter validation
+  of forwarded messages, ensuring messages reach only the artifact
+  types they are authorized for.
+
+- **Removed hunt dispatcher housekeeping thread.** The periodic
+  housekeeping thread that tallied hunt stats has been removed,
+  reducing IO overhead. The same functionality can now be triggered on
+  demand via a VQL query when needed.
+
+- **Removed old client API support.** Support for legacy client API
+  versions has been removed, simplifying the server codebase. The
+  server now falls back to `Frontend.Hostname` when `API.Hostname` is
+  not specified.
+
+- **Email client compatibility.** The `SendEmail` artifact now supports an
+  alphanumeric-only MIME boundary mode. Some email clients (such as
+  Evolution) struggle with the standard boundary characters prescribed
+  by RFC 2045, so this option improves compatibility when sending
+  multipart emails from Velociraptor.
+
+- **Background dispatcher startup.** The dispatcher now starts in the
+  background, avoiding pauses at server startup and making the
+  initialization sequence faster and more responsive.
+
+## Security improvements
+
+- **Refactored event queues with caller tagging.** Each event is now
+  tagged with the caller's ID, enabling listeners to verify the sender
+  and reject messages from untrusted sources. This prevents users from
+  sending events to privileged queues intended only for server-
+  originated messages.
+
+- **Zip directory traversal prevention.** The `unzip()` plugin has
+  been hardened against directory traversal attacks, preventing
+  malicious zip files from writing files outside the intended
+  extraction directory.
+
+- **YAML field validation for Secrets.** The secrets service now
+  validates YAML fields more rigorously when creating or updating
+  secrets, catching misconfigurations earlier.
+
+## Artifact changes
+
+### New Artifacts
+
+- **`Server.Monitoring.RSSFeeds`.** Polls RSS feeds at a configurable
+  interval and alerts users about new items via GUI messages.
+
+- **`ADX.Flows.Upload`.** Forwards flow results to Azure Data Explorer
+  (ADX) for analysis using KQL queries.
+
+- **`Generic.Utils.Crypto`.** Utility artifact providing HMAC-SHA256 and
+  other custom hash functions.
+
+### Improved Artifacts
+
+Aside from the new artifacts, which others has significant
+improvements? TO be checked.
+
+### Removed Artifacts
+
+- **`Server.Internal.Enrollment`, `Server.Internal.FrontendMetrics`,
+  `Server.Internal.Label`, `Server.Internal.Notifications`,
+  `Server.Internal.Ping`, `Server.Internal.Pong`,
+  `Server.Internal.TimelineAdd`, and `System.Hunt.Participation`**
+  were removed as part of event queue refactoring where each event is
+  now tagged with the caller's ID for security.
+- **`Server.Import.ArtifactExchange`.** Renamed to
+  `Server.Import.ArtifactBundle` (old name aliased for backward
+  compatibility).
+
+## Changes to VQL Plugins, Functions, and Accessors
+
+### New
+
+- **`user_message()`.** Sends messages to GUI users from VQL queries.
+
+- **`user_messages()`.** Emits user console messages as a plugin.
+
+- **`adx_upload()`.** Uploads rows to Azure Data Explorer (ADX).
+
+### Improved
+
+- **`cache()`.** Updated to use disk-based LRU, allowing persistent caches
+  across different queries. API updated to use VQL lambda for more
+  intuitive usage.
+
+- **`memoize()`.** Updated to use disk-based LRU for persistence. Added
+  `period` parameter for stale data refresh and `filename` parameter
+  for file-backed storage.
+
+- **`index()`.** Changed to batch mode, providing much faster indexing
+  performance.
+
+## Conclusions
+
+There are many more new features and bug fixes in the latest release.
+
+If you like the new features, take [Velociraptor for a
+spin](https://github.com/Velocidex/velociraptor)!
+
+It is available on GitHub under an open source license. As always
+please file issues on the bug tracker or ask questions on our mailing
+list [velociraptor-discuss@googlegroups.com](mailto:velociraptor-discuss@googlegroups.com).
+You can also chat with us directly on [Discord](/discord/).

content/blog/2026/2026-05-31-release-notes-0.77/notification.png

@@ -204,13 +204,26 @@ be devised that can assure their ongoing reliability.
 Exchange artifacts are currently stored in our
 [documentation repo](https://github.com/Velocidex/velociraptor-docs).
 
-To submit your artifact for consideration, you follow basically the
+GitHub allows you to create a fork, add a single file, and then make a
+Pull Request without leaving their website. This is the most common
+workflow for contributing a single artifact and doesn't require much
+knowledge of git or version control.
+
+For more advanced submissions, you should follow basically the
 same process as for a documentation contribution, as described
 [here](/dev/dev-server/#2-create-a-fork-of-the-velociraptor-docs-repo-and-clone-it-locally)
-except that you're just adding your YAML file into
+except that for artifacts you're just adding your YAML file into
 `velociraptor-docs/content/exchange/artifacts`
 so you don't need Hugo or any of the steps related to that.
 
+We'll review your contribution and give you feedback in the Pull
+Request if anything needs changing.
+
+_Note that we don't guarantee that all artifact submissions will be
+accepted_. So if you're considering making a contribution and you're
+not sure about it, then please chat to us on [Discord](/discord/)
+first, and we'll do our best to advise you and avoid wasting your
+efforts.
 
 ## Tips for writing better artifacts