Prepare release v9.4.0 (#2981)

* Prepare release v9.4.0

.bumpversion.toml

@@ -1,5 +1,5 @@
 [tool.bumpversion]
-current_version = "9.3.1"
+current_version = "9.4.0"
 
 [[tool.bumpversion.files]]
 filename = "capa/version.py"

CHANGELOG.md

@@ -4,6 +4,30 @@
 
 ### New Features
 
+### Breaking Changes
+
+### New Rules (0)
+
+-
+
+### Bug Fixes
+
+### capa Explorer Web
+
+### capa Explorer IDA Pro plugin
+
+### Development
+
+### Raw diffs
+- [capa v9.4.0...master](https://github.com/mandiant/capa/compare/v9.4.0...master)
+- [capa-rules v9.4.0...master](https://github.com/mandiant/capa-rules/compare/v9.4.0...master)
+
+## v9.4.0
+
+This release includes Ghidra PyGhidra support, performance improvements, dependency updates, and 26 new rules. We'd like to thank the following contributors: @0x1622, Daniel Adeboye (@adeboyedn), Aditya Pandey (@EclipseAditya), aryanyk, Ben Knutson (@blenbot), @cosmoworker, @devs6186, @doomedraven, kamran ul haq (@kami922), @Maijin, @res2500, and others!
+
+### New Features
+
 - ghidra: support PyGhidra @mike-hunhoff #2788
 - vmray: extract number features from whitelisted void_ptr parameters (hKey, hKeyRoot) @adeboyedn #2835
 
@@ -37,7 +61,6 @@
 - nursery/escalate-privileges-via-commit_creds-on-linux aryanyk
 - nursery/register-netfilter-hook-on-linux aryanyk
 - nursery/get-custom-http-header @msanchit-dev
--
 
 ### Bug Fixes
 - main: suggest --os flag in unsupported OS error message to help users override ELF OS detection @devs6186 #2577
@@ -78,8 +101,8 @@
 - ci: pin pip-audit action SHAs and update to v1.1.0 @kami922 #1131
 
 ### Raw diffs
-- [capa v9.3.1...master](https://github.com/mandiant/capa/compare/v9.3.1...master)
-- [capa-rules v9.3.1...master](https://github.com/mandiant/capa-rules/compare/v9.3.1...master)
+- [capa v9.3.1...v9.4.0](https://github.com/mandiant/capa/compare/v9.3.1...v9.4.0)
+- [capa-rules v9.3.1...v9.4.0](https://github.com/mandiant/capa-rules/compare/v9.3.1...v9.4.0)
 
 ## v9.3.1
 
@@ -94,8 +117,8 @@ This patch release fixes a missing import for the capa explorer plugin for IDA P
 - ci: bump binja min version @mike-hunhoff #2763
 
 ### Raw diffs
-- [capa v9.3.0...master](https://github.com/mandiant/capa/compare/v9.3.0...master)
-- [capa-rules v9.3.0...master](https://github.com/mandiant/capa-rules/compare/v9.3.0...master)
+- [capa v9.3.0...v9.3.1](https://github.com/mandiant/capa/compare/v9.3.0...v9.3.1)
+- [capa-rules v9.3.0...v9.3.1](https://github.com/mandiant/capa-rules/compare/v9.3.0...v9.3.1)
 
 ## v9.3.0
 

capa/ida/plugin/ida-plugin.json

@@ -3,7 +3,7 @@
   "plugin": {
     "name": "capa",
     "entryPoint": "capa_explorer.py",
-    "version": "9.3.1",
+    "version": "9.4.0",
     "idaVersions": ">=7.4",
     "description": "Identify capabilities in executable files using FLARE's capa framework",
     "license": "Apache-2.0",
@@ -12,7 +12,7 @@
       "api-scripting-and-automation",
       "ui-ux-and-visualization"
     ],
-    "pythonDependencies": ["flare-capa==9.3.1"],
+    "pythonDependencies": ["flare-capa==9.4.0"],
     "urls": {
       "repository": "https://github.com/mandiant/capa"
     },

capa/version.py

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-__version__ = "9.3.1"
+__version__ = "9.4.0"
 
 
 def get_major_version():

web/public/index.html

@@ -212,6 +212,12 @@
 
       <h2 class="mt-3">Tool Updates</h2>
 
+      <h3 class="mt-2">v9.4.0 (<em>2026-04-01</em>)</h3>
+      <p class="mt-0">
+        This release introduces support for Ghidra via PyGhidra, updates dependencies, and significantly improves rule matching performance by pre-filtering extracted bytes.
+        It also includes 26 new rules covering .NET, cloud credentials, and anti-analysis techniques.
+      </p>
+
       <h3 class="mt-2">v9.3.1 (<em>2025-11-19</em>)</h3>
       <p class="mt-0">
         This patch release fixes a missing import for the capa explorer plugin for IDA Pro.