Crowdsec Versions Save

What's Changed

• Revert "docker: pre-download all hub items and data, opt-in hub updat… by @blotus in https://github.com/crowdsecurity/crowdsec/pull/2947
• enhance: add refactoring to governance by @LaurenceJJones in https://github.com/crowdsecurity/crowdsec/pull/2955
• update linter list and descriptions by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2951
• tests: bump yq, cfssl by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2952
• cscli support: include stack traces by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2935
• pkg/database/decisiosn: remove filter parameter, which is always passed empty by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2954
• cscli config show: avoid globals, use yaml v3 by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2863
• CI: upload coverage with token by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2958
• cscli hub items: avoid global by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2960
• pkg/cwhub - rename methods for clarity by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2961
• db config: don't exit setup if can't detect fs, improve detection for freebsd by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2963
• Truncate meta data by @buixor in https://github.com/crowdsecurity/crowdsec/pull/2966
• cscli: use yaml.v3 by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2965
• add zfs magic for GetFSType by @blotus in https://github.com/crowdsecurity/crowdsec/pull/2950
• use go 1.22 by @mmetc in https://github.com/crowdsecurity/crowdsec/pull/2826

Full Changelog: https://github.com/crowdsecurity/crowdsec/compare/v1.6.1...v1.6.2-rc1

Changes

• rename bouncers to remediation component in openAPI (#2936) @AlteredCoder
• docker: distribute geoip db in slim image (#2920) @mmetc

New Features

• LAPI: local api unix socket support (#2770) @mmetc

Improvements

• docker: pre-download hub items (debian image) (#2934) @mmetc
• docker: pre-download all hub items and data, opt-in hub update/upgrade (#2933) @mmetc
• add patterns_dir configuration option (#2868) @kampka
• cscli: Add user-agent to all hub requests (#2915) @mmetc
• add libinjection expr helpers (#2914) @blotus
• improve a bit cscli examples when it comes to list mgmt (#2911) @buixor
• cscli metrics: sort table order (#2908) @mmetc
• update windows pipeline (#2909) @blotus
• crowdsec: remove warning if prometheus port is taken during cold logs processing (#2857) @mmetc
• bin/crowdsec: avoid writing errors twice when log_media=stdout (#2876) @mmetc
• cron: spread server load when upgrading hub and data files (#2873) @mmetc
• lp metrics: collect datasources and console options (#2870) @mmetc
• refact pkg/apiserver (auth helpers) (#2856) @mmetc
• refact cscli (globals) (#2854) @mmetc
• add unix socket option (#2764) @LaurenceJJones
• refact pkg/apiclient (#2846) @mmetc
• refact "cscli config" (#2832) @mmetc
• Appsec unix socket (#2737) @LaurenceJJones
• cscli metrics: rename buckets -> scenarios (#2848) @mmetc
• add SetMeta and SetParsed helpers (#2845) @buixor
• implement highAvailability feature (#2506) @he2ss
• pkg/hubtest: extract methods + consistent error handling (#2756) @mmetc
• log processor: share apiclient in output goroutines (#2836) @mmetc
• bats: color formatter in CI (#2838) @mmetc
• refact "cscli console" (#2834) @mmetc
• refact "cscli notifications" (#2833) @mmetc
• refact "cscli explain" (#2835) @mmetc
• refact "cscli alerts" (#2827) @mmetc
• refact "cscli lapi" (#2825) @mmetc
• update calls to deprecated x509 methods (#2824) @mmetc
• refact cscli metric processing (#2816) @mmetc
• Dedicated whitelist metrics (#2813) @buixor
• refact "cscli" root cmd (#2811) @mmetc
• refact "cscli metrics" part 3 (#2807) @mmetc
• refact "cscli metrics" part 2 (#2806) @mmetc
• refact "cscli metrics" part 1 (#2805) @mmetc
• refact "cscli decisions"; lint (#2804) @mmetc
• refact "cscli dashboard" (#2803) @mmetc
• refact "cscli papi" (#2802) @mmetc
• refact "cscli simulation" (#2801) @mmetc
• refact "cscli " (#2782) @mmetc
• refact "cscli hub" (#2800) @mmetc
• refact "cscli alerts" (#2778) @mmetc
• refact "cscli machines" (#2777) @mmetc
• refact "cscli bouncers" (#2776) @mmetc
• CI: rename workflows, update docker build (#2798) @mmetc
• cscli: don't print use_wal warning (#2794) @mmetc
• option to override hub url template. for testers only. (#2785) @mmetc
• lint: disallow naked returns (#2771) @mmetc
• lint: enable linter "wastedassign" (#2772) @mmetc

Bug Fixes

• windows: fix data file update (remove before rename) (#2930) @mmetc
• Fix REQUEST_URI behavior (#2891 #2917) @buixor
• hub update: reload crowdsec if only data files have changed (#2912) @mmetc
• fix locking logic for HA and add list unsubscribe for PAPI (#2904) @buixor
• warn if user is using inotify to tail a symlink (#2881) @blotus
• file acquisition: don't bubble error when tailed file disappears (#2903) @mmetc
• fix rpm build (#2894) @sabban
• fix unix socket error (#2897) @LaurenceJJones
• lapi: log error "can't sinchronize with console" only if papi is enabled (#2896) @mmetc
• add cron as a suggested package for debian package (#2799) @blotus
• appsec: delete api key header before processing the request (#2890) @blotus
• acquisition : take prometheus level into account (#2885) @buixor
• Fix armhf build (#2886) @sabban
• cscli tests + fix bouncer/machine prune (#2883) @mmetc
• support both scope and scopes parameter in decisions filter (#2882) @blotus
• appsec: get the original UA from headers (#2809) @blotus
• file acquis: add mutex to protect access to the internal tail map (#2878) @blotus
• pkg/cwhub: download data assets to temporary files to avoid partial fetch (#2879) @mmetc
• auto detect if reading logs or storing sqlite db on a network share (#2241) @blotus
• cscli: hide hashed api keys (#2874) @mmetc
• fix: log stack trace while computing metrics (#2865) @mmetc
• systemd: check configuration before attempting reload (#2861) @mmetc
• appsec: split return code for bouncer and user (#2821) @blotus
• loki acquisition: set headers/basic auth if set for queryRange (#2815) @LaurenceJJones
• decouple docker image from package release (#2791) @mmetc
• update docker_start.sh (#2780) @LaurenceJJones
• fix some tests (#2775) @sabban
• armhf fix for getfstype (#2884) @sabban

Chore / Deps

• use go 1.21.9; update dependencies (#2931) @mmetc
• split & reorganize appsec tests. Add tests on existing zones (#2925) @buixor
• CI: use golangci-lint 1.57 (#2916) @mmetc
• bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#2913) @dependabot
• bump github.com/jackc/pgx/v4 from 4.14.1 to 4.18.2 (#2887) @dependabot
• CI: bump lint version and update configuration (#2901) @mmetc
• CI: use go 1.21.8 (#2906) @mmetc
• CI: bump github actions (#2895) @mmetc
• bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2893) @dependabot
• bump dependencies for geoip db / lookup (#2880) @mmetc
• CI: "make generate" target; use ent 0.12.5 (#2871) @mmetc
• pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code (#2867) @mmetc
• remove dependencies on enescakir/emoji, gotest.tools (#2837) @mmetc
• re-generate ent code (#2844) @mmetc
• use go 1.21.7 (#2830) @mmetc
• update codeql action to v3 (#2822) @blotus
• CI: workflow improvements (#2792) @mmetc
• disable docker flavor test (#2783) @mmetc
• disable docker flavor test (#2781) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Changes

• rename bouncers to remediation component in openAPI (#2936) @AlteredCoder
• docker: distribute geoip db in slim image (#2920) @mmetc
• armhf fix for getfstype (#2884) @sabban

New Features

• LAPI: local api unix socket support (#2770) @mmetc

Improvements

• docker: pre-download hub items (debian image) (#2934) @mmetc
• docker: pre-download all hub items and data, opt-in hub update/upgrade (#2933) @mmetc
• Add patterns_dir configuration option (#2868) @kampka
• cscli: Add user-agent to all hub requests (#2915) @mmetc
• add libinjection expr helpers (#2914) @blotus
• improve a bit cscli examples when it comes to list mgmt (#2911) @buixor
• cscli metrics: sort table order (#2908) @mmetc
• Update windows pipeline (#2909) @blotus
• crowdsec: remove warning if prometheus port is taken during cold logs processing (#2857) @mmetc
• bin/crowdsec: avoid writing errors twice when log_media=stdout (#2876) @mmetc
• cron: spread server load when upgrading hub and data files (#2873) @mmetc
• lp metrics: collect datasources and console options (#2870) @mmetc
• refact pkg/apiserver (auth helpers) (#2856) @mmetc
• refact cscli (globals) (#2854) @mmetc
• [http] Add unix socket option (#2764) @LaurenceJJones
• refact pkg/apiclient (#2846) @mmetc
• refact "cscli config" (#2832) @mmetc
• Appsec unix socket (#2737) @LaurenceJJones
• cscli metrics: rename buckets -> scenarios (#2848) @mmetc
• add SetMeta and SetParsed helpers (#2845) @buixor
• implement highAvailability feature (#2506) @he2ss
• pkg/hubtest: extract methods + consistent error handling (#2756) @mmetc
• log processor: share apiclient in output goroutines (#2836) @mmetc
• bats: color formatter in CI (#2838) @mmetc
• refact "cscli console" (#2834) @mmetc
• refact "cscli notifications" (#2833) @mmetc
• refact "cscli explain" (#2835) @mmetc
• refact "cscli alerts" (#2827) @mmetc
• refact "cscli lapi" (#2825) @mmetc
• update calls to deprecated x509 methods (#2824) @mmetc
• refact cscli metric processing (#2816) @mmetc
• dedicated whitelist metrics (#2813) @buixor
• refact "cscli" root cmd (#2811) @mmetc
• refact "cscli metrics" part 3 (#2807) @mmetc
• refact "cscli metrics" part 2 (#2806) @mmetc
• refact "cscli metrics" part 1 (#2805) @mmetc
• refact "cscli decisions"; lint (#2804) @mmetc
• refact "cscli dashboard" (#2803) @mmetc
• refact "cscli papi" (#2802) @mmetc
• refact "cscli simulation" (#2801) @mmetc
• refact "cscli " (#2782) @mmetc
• refact "cscli hub" (#2800) @mmetc
• refact "cscli alerts" (#2778) @mmetc
• refact "cscli machines" (#2777) @mmetc
• refact "cscli bouncers" (#2776) @mmetc
• CI: rename workflows, update docker build (#2798) @mmetc
• cscli: don't print use_wal warning (#2794) @mmetc
• option to override hub url template. for testers only. (#2785) @mmetc
• lint: disallow naked returns (#2771) @mmetc
• lint: enable linter "wastedassign" (#2772) @mmetc

Bug Fixes

• windows: fix data file update (remove before rename) (#2930) @mmetc
• fix REQUEST_URI behavior + fix #2891 (#2917) @buixor
• hub update: reload crowdsec if only data files have changed (#2912) @mmetc
• Fix locking logic for HA + add list unsubscribe for PAPI (#2904) @buixor
• warn if user is using inotify to tail a symlink (#2881) @blotus
• file acquisition: don't bubble error when tailed file disappears (#2903) @mmetc
• Fix rpm build (#2894) @sabban
• fix unix socket error (#2897) @LaurenceJJones
• lapi: log error "can't sinchronize with console" only if papi is enabled (#2896) @mmetc
• add cron as a suggested package for debian package (#2799) @blotus
• [appsec] delete api key header before processing the request (#2890) @blotus
• fix #2889 (#2892) @buixor
• acquisition : take prometheus level into account (#2885) @buixor
• fix armhf (#2886) @sabban
• cscli tests + fix bouncer/machine prune (#2883) @mmetc
• support both scope and scopes parameter in decisions filter (#2882) @blotus
• appsec: get the original UA from headers (#2809) @blotus
• file acquis: add mutex to protect access to the internal tail map (#2878) @blotus
• pkg/cwhub: download data assets to temporary files to avoid partial fetch (#2879) @mmetc
• auto detect if reading logs or storing sqlite db on a network share (#2241) @blotus
• cscli: hide hashed api keys (#2874) @mmetc
• fix: log stack trace while computing metrics (#2865) @mmetc
• systemd: check configuration before attempting reload (#2861) @mmetc
• appsec: split return code for bouncer and user (#2821) @blotus
• Set headers/basic auth if set for queryRange in Loki acquisition (#2815) @LaurenceJJones
• Decouple docker image from package release (#2791) @mmetc
• Update docker_start.sh (#2780) @LaurenceJJones
• fix some tests (#2775) @sabban

Chore / Deps

• use go 1.21.9; update dependencies (#2931) @mmetc
• [appsec] split & reorganize tests a bit. Add tests on existing zones (#2925) @buixor
• CI: use golangci-lint 1.57 (#2916) @mmetc
• Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#2913) @dependabot
• Bump github.com/jackc/pgx/v4 from 4.14.1 to 4.18.2 (#2887) @dependabot
• CI: bump lint version and update configuration (#2901) @mmetc
• CI: use go 1.21.8 (#2906) @mmetc
• CI: bump github actions (#2895) @mmetc
• bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2893) @dependabot
• bump dependencies for geoip db / lookup (#2880) @mmetc
• CI: "make generate" target; use ent 0.12.5 (#2871) @mmetc
• pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code (#2867) @mmetc
• remove dependencies on enescakir/emoji, gotest.tools (#2837) @mmetc
• re-generate ent code (#2844) @mmetc
• use go 1.21.7 (#2830) @mmetc
• update codeql action to v3 (#2822) @blotus
• CI: workflow improvements (#2792) @mmetc
• disable docker flavor test (#2783) @mmetc
• disable docker flavor test (#2781) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Changes

• docker: distribute geoip db in slim image (#2920) @mmetc
• armhf fix for getfstype (#2884) @sabban

New Features

• LAPI: local api unix socket support (#2770) @mmetc

Improvements

• docker: pre-download hub items (debian image) (#2934) @mmetc
• docker: pre-download all hub items and data, opt-in hub update/upgrade (#2933) @mmetc
• Add patterns_dir configuration option (#2868) @kampka
• cscli: Add user-agent to all hub requests (#2915) @mmetc
• add libinjection expr helpers (#2914) @blotus
• improve a bit cscli examples when it comes to list mgmt (#2911) @buixor
• cscli metrics: sort table order (#2908) @mmetc
• Update windows pipeline (#2909) @blotus
• crowdsec: remove warning if prometheus port is taken during cold logs processing (#2857) @mmetc
• bin/crowdsec: avoid writing errors twice when log_media=stdout (#2876) @mmetc
• cron: spread server load when upgrading hub and data files (#2873) @mmetc
• lp metrics: collect datasources and console options (#2870) @mmetc
• refact pkg/apiserver (auth helpers) (#2856) @mmetc
• refact cscli (globals) (#2854) @mmetc
• [http] Add unix socket option (#2764) @LaurenceJJones
• refact pkg/apiclient (#2846) @mmetc
• refact "cscli config" (#2832) @mmetc
• Appsec unix socket (#2737) @LaurenceJJones
• cscli metrics: rename buckets -> scenarios (#2848) @mmetc
• add SetMeta and SetParsed helpers (#2845) @buixor
• implement highAvailability feature (#2506) @he2ss
• pkg/hubtest: extract methods + consistent error handling (#2756) @mmetc
• log processor: share apiclient in output goroutines (#2836) @mmetc
• bats: color formatter in CI (#2838) @mmetc
• refact "cscli console" (#2834) @mmetc
• refact "cscli notifications" (#2833) @mmetc
• refact "cscli explain" (#2835) @mmetc
• refact "cscli alerts" (#2827) @mmetc
• refact "cscli lapi" (#2825) @mmetc
• update calls to deprecated x509 methods (#2824) @mmetc
• refact cscli metric processing (#2816) @mmetc
• Dedicated whitelist metrics (#2813) @buixor
• refact "cscli" root cmd (#2811) @mmetc
• refact "cscli metrics" part 3 (#2807) @mmetc
• refact "cscli metrics" part 2 (#2806) @mmetc
• refact "cscli metrics" part 1 (#2805) @mmetc
• refact "cscli decisions"; lint (#2804) @mmetc
• refact "cscli dashboard" (#2803) @mmetc
• refact "cscli papi" (#2802) @mmetc
• refact "cscli simulation" (#2801) @mmetc
• refact "cscli " (#2782) @mmetc
• refact "cscli hub" (#2800) @mmetc
• refact "cscli alerts" (#2778) @mmetc
• refact "cscli machines" (#2777) @mmetc
• refact "cscli bouncers" (#2776) @mmetc
• CI: rename workflows, update docker build (#2798) @mmetc
• cscli: don't print use_wal warning (#2794) @mmetc
• option to override hub url template. for testers only. (#2785) @mmetc
• lint: disallow naked returns (#2771) @mmetc
• lint: enable linter "wastedassign" (#2772) @mmetc

Bug Fixes

• windows: fix data file update (remove before rename) (#2930) @mmetc
• Fix REQUEST_URI behavior + fix #2891 (#2917) @buixor
• hub update: reload crowdsec if only data files have changed (#2912) @mmetc
• Fix locking logic for HA + add list unsubscribe for PAPI (#2904) @buixor
• warn if user is using inotify to tail a symlink (#2881) @blotus
• file acquisition: don't bubble error when tailed file disappears (#2903) @mmetc
• Fix rpm build (#2894) @sabban
• fix unix socket error (#2897) @LaurenceJJones
• lapi: log error "can't sinchronize with console" only if papi is enabled (#2896) @mmetc
• add cron as a suggested package for debian package (#2799) @blotus
• [appsec] delete api key header before processing the request (#2890) @blotus
• fix #2889 (#2892) @buixor
• acquisition : take prometheus level into account (#2885) @buixor
• Fix armhf (#2886) @sabban
• cscli tests + fix bouncer/machine prune (#2883) @mmetc
• support both scope and scopes parameter in decisions filter (#2882) @blotus
• appsec: get the original UA from headers (#2809) @blotus
• file acquis: add mutex to protect access to the internal tail map (#2878) @blotus
• pkg/cwhub: download data assets to temporary files to avoid partial fetch (#2879) @mmetc
• Auto detect if reading logs or storing sqlite db on a network share (#2241) @blotus
• cscli: hide hashed api keys (#2874) @mmetc
• fix: log stack trace while computing metrics (#2865) @mmetc
• systemd: check configuration before attempting reload (#2861) @mmetc
• appsec: split return code for bouncer and user (#2821) @blotus
• [Loki] Set headers/basic auth if set for queryRange (#2815) @LaurenceJJones
• Decouple docker image from package release (#2791) @mmetc
• Update docker_start.sh (#2780) @LaurenceJJones
• fix some tests (#2775) @sabban

Chore / Deps

• use go 1.21.9; update dependencies (#2931) @mmetc
• [appsec] split & reorganize tests a bit. Add tests on existing zones (#2925) @buixor
• CI: use golangci-lint 1.57 (#2916) @mmetc
• Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#2913) @dependabot
• Bump github.com/jackc/pgx/v4 from 4.14.1 to 4.18.2 (#2887) @dependabot
• CI: bump lint version and update configuration (#2901) @mmetc
• CI: use go 1.21.8 (#2906) @mmetc
• CI: bump github actions (#2895) @mmetc
• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2893) @dependabot
• bump dependencies for geoip db / lookup (#2880) @mmetc
• CI: "make generate" target; use ent 0.12.5 (#2871) @mmetc
• pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code (#2867) @mmetc
• remove dependencies on enescakir/emoji, gotest.tools (#2837) @mmetc
• re-generate ent code (#2844) @mmetc
• use go 1.21.7 (#2830) @mmetc
• update codeql action to v3 (#2822) @blotus
• CI: workflow improvements (#2792) @mmetc
• disable docker flavor test (#2783) @mmetc
• disable docker flavor test (#2781) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Changes

• armhf fix for getfstype (#2884) @sabban

New Features

• LAPI: local api unix socket support (#2770) @mmetc

Improvements

• Add patterns_dir configuration option (#2868) @kampka
• cscli: Add user-agent to all hub requests (#2915) @mmetc
• add libinjection expr helpers (#2914) @blotus
• improve a bit cscli examples when it comes to list mgmt (#2911) @buixor
• cscli metrics: sort table order (#2908) @mmetc
• Update windows pipeline (#2909) @blotus
• crowdsec: remove warning if prometheus port is taken during cold logs processing (#2857) @mmetc
• bin/crowdsec: avoid writing errors twice when log_media=stdout (#2876) @mmetc
• cron: spread server load when upgrading hub and data files (#2873) @mmetc
• lp metrics: collect datasources and console options (#2870) @mmetc
• refact pkg/apiserver (auth helpers) (#2856) @mmetc
• refact cscli (globals) (#2854) @mmetc
• [http] Add unix socket option (#2764) @LaurenceJJones
• refact pkg/apiclient (#2846) @mmetc
• refact "cscli config" (#2832) @mmetc
• Appsec unix socket (#2737) @LaurenceJJones
• cscli metrics: rename buckets -> scenarios (#2848) @mmetc
• add SetMeta and SetParsed helpers (#2845) @buixor
• implement highAvailability feature (#2506) @he2ss
• pkg/hubtest: extract methods + consistent error handling (#2756) @mmetc
• log processor: share apiclient in output goroutines (#2836) @mmetc
• bats: color formatter in CI (#2838) @mmetc
• refact "cscli console" (#2834) @mmetc
• refact "cscli notifications" (#2833) @mmetc
• refact "cscli explain" (#2835) @mmetc
• refact "cscli alerts" (#2827) @mmetc
• refact "cscli lapi" (#2825) @mmetc
• update calls to deprecated x509 methods (#2824) @mmetc
• refact cscli metric processing (#2816) @mmetc
• Dedicated whitelist metrics (#2813) @buixor
• refact "cscli" root cmd (#2811) @mmetc
• refact "cscli metrics" part 3 (#2807) @mmetc
• refact "cscli metrics" part 2 (#2806) @mmetc
• refact "cscli metrics" part 1 (#2805) @mmetc
• refact "cscli decisions"; lint (#2804) @mmetc
• refact "cscli dashboard" (#2803) @mmetc
• refact "cscli papi" (#2802) @mmetc
• refact "cscli simulation" (#2801) @mmetc
• refact "cscli " (#2782) @mmetc
• refact "cscli hub" (#2800) @mmetc
• refact "cscli alerts" (#2778) @mmetc
• refact "cscli machines" (#2777) @mmetc
• refact "cscli bouncers" (#2776) @mmetc
• CI: rename workflows, update docker build (#2798) @mmetc
• cscli: don't print use_wal warning (#2794) @mmetc
• option to override hub url template. for testers only. (#2785) @mmetc
• lint: disallow naked returns (#2771) @mmetc
• lint: enable linter "wastedassign" (#2772) @mmetc

Bug Fixes

• hub update: reload crowdsec if only data files have changed (#2912) @mmetc
• Fix locking logic for HA + add list unsubscribe for PAPI (#2904) @buixor
• warn if user is using inotify to tail a symlink (#2881) @blotus
• file acquisition: don't bubble error when tailed file disappears (#2903) @mmetc
• Fix rpm build (#2894) @sabban
• fix unix socket error (#2897) @LaurenceJJones
• lapi: log error "can't sinchronize with console" only if papi is enabled (#2896) @mmetc
• add cron as a suggested package for debian package (#2799) @blotus
• [appsec] delete api key header before processing the request (#2890) @blotus
• fix #2889 (#2892) @buixor
• acquisition : take prometheus level into account (#2885) @buixor
• Fix armhf (#2886) @sabban
• cscli tests + fix bouncer/machine prune (#2883) @mmetc
• support both scope and scopes parameter in decisions filter (#2882) @blotus
• appsec: get the original UA from headers (#2809) @blotus
• file acquis: add mutex to protect access to the internal tail map (#2878) @blotus
• pkg/cwhub: download data assets to temporary files to avoid partial fetch (#2879) @mmetc
• Auto detect if reading logs or storing sqlite db on a network share (#2241) @blotus
• cscli: hide hashed api keys (#2874) @mmetc
• fix: log stack trace while computing metrics (#2865) @mmetc
• systemd: check configuration before attempting reload (#2861) @mmetc
• appsec: split return code for bouncer and user (#2821) @blotus
• [Loki] Set headers/basic auth if set for queryRange (#2815) @LaurenceJJones
• Decouple docker image from package release (#2791) @mmetc
• Update docker_start.sh (#2780) @LaurenceJJones
• fix some tests (#2775) @sabban

Chore / Deps

• CI: use golangci-lint 1.57 (#2916) @mmetc
• Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#2913) @dependabot
• Bump github.com/jackc/pgx/v4 from 4.14.1 to 4.18.2 (#2887) @dependabot
• CI: bump lint version and update configuration (#2901) @mmetc
• CI: use go 1.21.8 (#2906) @mmetc
• CI: bump github actions (#2895) @mmetc
• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2893) @dependabot
• bump dependencies for geoip db / lookup (#2880) @mmetc
• CI: "make generate" target; use ent 0.12.5 (#2871) @mmetc
• pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code (#2867) @mmetc
• remove dependencies on enescakir/emoji, gotest.tools (#2837) @mmetc
• re-generate ent code (#2844) @mmetc
• use go 1.21.7 (#2830) @mmetc
• update codeql action to v3 (#2822) @blotus
• CI: workflow improvements (#2792) @mmetc
• disable docker flavor test (#2783) @mmetc
• disable docker flavor test (#2781) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

New Features

• LAPI: local api unix socket support (#2770) @mmetc

Improvements

• crowdsec: remove warning if prometheus port is taken during cold logs processing (#2857) @mmetc
• bin/crowdsec: avoid writing errors twice when log_media=stdout (#2876) @mmetc
• cron: spread server load when upgrading hub and data files (#2873) @mmetc
• lp metrics: collect datasources and console options (#2870) @mmetc
• refact pkg/apiserver (auth helpers) (#2856) @mmetc
• refact cscli (globals) (#2854) @mmetc
• [http] Add unix socket option (#2764) @LaurenceJJones
• refact pkg/apiclient (#2846) @mmetc
• refact "cscli config" (#2832) @mmetc
• Appsec unix socket (#2737) @LaurenceJJones
• cscli metrics: rename buckets -> scenarios (#2848) @mmetc
• add SetMeta and SetParsed helpers (#2845) @buixor
• implement highAvailability feature (#2506) @he2ss
• pkg/hubtest: extract methods + consistent error handling (#2756) @mmetc
• log processor: share apiclient in output goroutines (#2836) @mmetc
• bats: color formatter in CI (#2838) @mmetc
• refact "cscli console" (#2834) @mmetc
• refact "cscli notifications" (#2833) @mmetc
• refact "cscli explain" (#2835) @mmetc
• refact "cscli alerts" (#2827) @mmetc
• refact "cscli lapi" (#2825) @mmetc
• update calls to deprecated x509 methods (#2824) @mmetc
• refact cscli metric processing (#2816) @mmetc
• Dedicated whitelist metrics (#2813) @buixor
• refact "cscli" root cmd (#2811) @mmetc
• refact "cscli metrics" part 3 (#2807) @mmetc
• refact "cscli metrics" part 2 (#2806) @mmetc
• refact "cscli metrics" part 1 (#2805) @mmetc
• refact "cscli decisions"; lint (#2804) @mmetc
• refact "cscli dashboard" (#2803) @mmetc
• refact "cscli papi" (#2802) @mmetc
• refact "cscli simulation" (#2801) @mmetc
• refact "cscli " (#2782) @mmetc
• refact "cscli hub" (#2800) @mmetc
• refact "cscli alerts" (#2778) @mmetc
• refact "cscli machines" (#2777) @mmetc
• refact "cscli bouncers" (#2776) @mmetc
• CI: rename workflows, update docker build (#2798) @mmetc
• cscli: don't print use_wal warning (#2794) @mmetc
• option to override hub url template. for testers only. (#2785) @mmetc
• lint: disallow naked returns (#2771) @mmetc
• lint: enable linter "wastedassign" (#2772) @mmetc

Bug Fixes

• armhf fix for getfstype (#2884) @sabban
• Fix locking logic for HA + add list unsubscribe for PAPI (#2904) @buixor
• warn if user is using inotify to tail a symlink (#2881) @blotus
• file acquisition: don't bubble error when tailed file disappears (#2903) @mmetc
• Fix rpm build (#2894) @sabban
• fix unix socket error (#2897) @LaurenceJJones
• lapi: log error "can't sinchronize with console" only if papi is enabled (#2896) @mmetc
• add cron as a suggested package for debian package (#2799) @blotus
• [appsec] delete api key header before processing the request (#2890) @blotus
• fix #2889 (#2892) @buixor
• acquisition : take prometheus level into account (#2885) @buixor
• Fix armhf (#2886) @sabban
• cscli tests + fix bouncer/machine prune (#2883) @mmetc
• support both scope and scopes parameter in decisions filter (#2882) @blotus
• appsec: get the original UA from headers (#2809) @blotus
• file acquis: add mutex to protect access to the internal tail map (#2878) @blotus
• pkg/cwhub: download data assets to temporary files to avoid partial fetch (#2879) @mmetc
• Auto detect if reading logs or storing sqlite db on a network share (#2241) @blotus
• cscli: hide hashed api keys (#2874) @mmetc
• fix: log stack trace while computing metrics (#2865) @mmetc
• systemd: check configuration before attempting reload (#2861) @mmetc
• appsec: split return code for bouncer and user (#2821) @blotus
• [Loki] Set headers/basic auth if set for queryRange (#2815) @LaurenceJJones
• Decouple docker image from package release (#2791) @mmetc
• Update docker_start.sh (#2780) @LaurenceJJones
• fix some tests (#2775) @sabban

Chore / Deps

• CI: bump lint version and update configuration (#2901) @mmetc
• CI: use go 1.21.8 (#2906) @mmetc
• CI: bump github actions (#2895) @mmetc
• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2893) @dependabot
• bump dependencies for geoip db / lookup (#2880) @mmetc
• CI: "make generate" target; use ent 0.12.5 (#2871) @mmetc
• pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code (#2867) @mmetc
• remove dependencies on enescakir/emoji, gotest.tools (#2837) @mmetc
• re-generate ent code (#2844) @mmetc
• use go 1.21.7 (#2830) @mmetc
• update codeql action to v3 (#2822) @blotus
• CI: workflow improvements (#2792) @mmetc
• disable docker flavor test (#2783) @mmetc
• disable docker flavor test (#2781) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Changes

• Used asterisk for Defender Firewall log name (#2671) @zbalkan

New Features

• remove PAPI feature flag (#2601) @blotus
• Application Security Engine Support (#2273) (#2769) (#2742) (#2684) (#2681) (#2682) (#2664) (#2663) (#2656) (#2681) (#2660) (#2746) (#2698) (#2676) (#2773) (#2749) (#2750) (#2747) (#2727) @buixor @AlteredCoder @blotus @mmetc
• Loki integration #2 (#2306) @lperdereau

Improvements

• log "loading papi client" only if papi is enabled (#2762) @mmetc
• Support console options in console enroll (#2760) @buixor
• func tests improvements (#2759) @mmetc
• pkg/hubtest: split hubtest_item.go (#2753) @mmetc
• post-install: reduce verbosity (#2751) @mmetc
• [parser/scenarios] defer yaml file closure (#2689) @LaurenceJJones
• add cpu-profile flag (#2723) @blotus
• Add original http request to hooks (#2740) @AlteredCoder
• apiserver: remove cached field isEnrolled (#2744) @mmetc
• Docker: allow setting BUILD_VERSION as a build argument (#2736) @mmetc
• Ignore missing console/context.yaml if not explicitly required by config.yaml (#2726) @mmetc
• cscli capi status -> message for missing credentials (#2730) @mmetc
• Remove redundant file check for capi_whitelists_path (#2728) @mmetc
• wizard: while installing, don't hide hub download/timeout errors (#2710) @mmetc
• pkg/cwhub: improve error messages (#2712) @mmetc
• logging: full timestamp with timezone in crowdsec.log (#2707) @mmetc
• CI: enable testifylint (#2696) @mmetc
• apiserver/apiclient: compact tests (#2694) @mmetc
• minor waf fixes (#2693) @buixor
• test and log fixes (#2690) @mmetc
• CI: bump golangci-lint run to 1.55, update defaults (#2677) @mmetc
• notifications: Fix bug, list show non active (#2678) @LaurenceJJones
• welcome message when installing packages (#2672) @sabban
• cscli: silence cwhub logger for non-hub related commands (#2675) @mmetc
• add "make help" target (#2282) @mmetc
• fflags: no deprecation warning if there is no message (papi) (#2666) @mmetc
• Parallel hubtests (#2667) @mmetc
• Add "taintedBy" and "--diff" flag to cscli... inspect (#2665) @mmetc
• improve deprecation message with file location (#2662) @mmetc
• light pkg/api{client,server} refact (#2659) @mmetc
• Short build tag in version number (#2658) @mmetc
• cscli machines: lint + write output to stdout instead of log (#2657) @mmetc
• [http plugin] Add capath, certpath, keypath to load custom certs (#2634) @LaurenceJJones
• add new env var to enable console_management (#2599) @he2ss
• docker: add -slim variant to ghcr.io (#2653) @mmetc
• cscli refact / encapsulation (#2650) @mmetc
• restrict file permission from "machines add" (#2648) @mmetc
• Appsec improvement and fixes after merge (#2645) @AlteredCoder
• cwhub: context type (#2631) @mmetc
• cscli refact - encapsulation with types (#2643) @mmetc
• Cwhub refact (#2637) @mmetc
• cscli config show: pretty print struct output (#2633) @mmetc
• Refact bouncer auth (#2456) @mmetc
• cscli machines add: don't overwrite existing credential file (#2625) @mmetc
• explain: Ignore blank lines as crowdsec will anyways (#2630) @LaurenceJJones
• command "cscli hub types" (#2632) @mmetc
• manage force_pull message for one blocklist (#2615) @nitescuc
• Refact pkg/cwhub: fix known issues and reorganize files (#2616) @mmetc
• [postoverflow] dump after postoverflow so we can test within hubtest (#2511) @LaurenceJJones
• cscli notifications test command and slight re write (#2391) @LaurenceJJones
• Refactor hub management and cscli commands (#2545) @mmetc
• "cscli bouncers add": increase key size, deprecate and ignore --length option (#2531) @mmetc
• *.log: use yyyy-mm-dd (iso8601) in timestamps (#2564) @mmetc
• Improved expr debugger (#2495) @buixor
• Kafka acquisition: warn if no consumer group id and allow to read from a specific partition (#2612) @blotus
• kafkaAcquisition: add more debug (#2609) @he2ss
• Use go 1.21.4 (#2595) @mmetc

Bug Fixes

• lapi/papi: when receiving alerts, log and discard invalid addr/range (#2708) @mmetc
• Fix #2733 "cscli hang forever when i try to delete a decision" (#2745) @mmetc
• log death reason of file reader if available (#2721) @blotus
• csprofiles: fix default decision duration, lint (#2703) @mmetc
• bin/crowdsec: avoid writing errors twice when log_media=stdout (#2729) @mmetc
• apiclient: handle 0-byte error response (#2716) @mmetc
• Send installed appsec rules as part of the scenarios on login (#2704) @blotus
• cwhub: install --force repairs tainted, non-installed items (#2686) @mmetc
• [notifications] fix segfault because url is not loaded (#2679) @LaurenceJJones
• postinst: update check for enabled lapi (#2674) @mmetc
• lint error handling (#2644) @mmetc
• copy debian behavior for now for local and online api credentials creation (#2655) @sabban
• fix package tests for 1.5.6-rc2 (#2652) @mmetc
• fix lapi credentials creation for debian package (#2646) @sabban
• cscli context detect: fix nil dereference (#2635) @mmetc
• docker tests: force local machine creation (#2636) @mmetc
• cscli ecision import fix format for documentation (#2577) @LaurenceJJones
• notification plugin: Pass down ctx and use it (#2626) @LaurenceJJones
• metabase: QOL Changes and chown wal files (#2627) @LaurenceJJones
• CI: avoid pipe in makefile, correctly report error in CI when tests fail (#2621) @mmetc
• force rfc 3339 date format in metrics push (#2402) @blotus
• docker: replace cp -an with rsync to allow bind-mount of files in /etc/crowdsec (#2611) @mmetc
• properly update the cs_syslogsource_parsed_total metric (#2608) @blotus
• fix: typo (#2582) @testwill
• update gantsign.golang name (#2558) @sabban
• Release action: fix asset upload (#2565) @mmetc

Chore / Deps

• CI: enable code complexity linters (#2752) @mmetc
• apiclient: split auth_key, auth_retry, auth_jwt (#2743) @mmetc
• Add AppSec governance (#2748) @LaurenceJJones
• apiclient/apiserver: lint/2 (#2741) @mmetc
• apiclient/apiserver: lint (#2739) @mmetc
• use go 1.21.6 (#2714) @mmetc
• Makefile: use GO macro if set, to check for version (#2706) @mmetc
• update coraza (#2705) @blotus
• lint (wsl) (#2692) @mmetc
• CI: update test dependencies (#2668) @mmetc
• Update localstack services + loki (dev and CI) (#2649) @mmetc
• Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#2670) @dependabot
• update dependency on aws sdk (#2647) @mmetc
• CI: use go 1.21.5 (#2640) @mmetc
• Test for acquisition format errors in crowdsec -t (#2629) @mmetc
• refact BulkDeleteDecisions (#2308) @mmetc
• update dependency: k8s apiserver (including crypto, jwt, prometheus client) (#2476) @mmetc
• Minor dependency updates (#2505) @mmetc
• Bump google.golang.org/grpc from 1.56.1 to 1.56.3 (#2566) @dependabot
• typos/grammar (#2561) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Changes

• Various appsec fixes (#2742) @blotus
• ignore native modsec rules that were either pass or allow (#2684) @blotus
• always set the transaction in the current request (#2682) @blotus
• always set inband transaction even if we have no rules (#2681) @blotus
• Used asterisk for Defender Firewall log name (#2671) @zbalkan
• Add env vars to install/remove appsec-{configs,rules} in docker image (#2664) @blotus
• Update scenarios and parsers constraints for appsec (#2663) @blotus
• Improvement to run hubtest for appsec in docker (#2660) @AlteredCoder
• Minor improvements to hubtest and appsec component (#2656) @buixor

New Features

• remove PAPI feature flag (#2601) @blotus
• Application Security Engine Support (#2273) @buixor
• Loki integration #2 (#2306) @lperdereau

Improvements

• [parser/scenarios] defer yaml file closure (#2689) @LaurenceJJones
• add cpu-profile flag (#2723) @blotus
• [appsec] waf tester (#2746) @mmetc
• Add original http request to hooks (#2740) @AlteredCoder
• apiserver: remove cached field isEnrolled (#2744) @mmetc
• Docker: allow setting BUILD_VERSION as a build argument (#2736) @mmetc
• Ignore missing console/context.yaml if not explicitly required by config.yaml (#2726) @mmetc
• cscli capi status -> message for missing credentials (#2730) @mmetc
• [appsec] implement count transformation (#2698) @buixor
• Remove redundant file check for capi_whitelists_path (#2728) @mmetc
• wizard: while installing, don't hide hub download/timeout errors (#2710) @mmetc
• pkg/cwhub: improve error messages (#2712) @mmetc
• logging: full timestamp with timezone in crowdsec.log (#2707) @mmetc
• CI: enable testifylint (#2696) @mmetc
• apiserver/apiclient: compact tests (#2694) @mmetc
• minor waf fixes (#2693) @buixor
• test and log fixes (#2690) @mmetc
• CI: bump golangci-lint run to 1.55, update defaults (#2677) @mmetc
• [notifications] Fix bug, list show non active (#2678) @LaurenceJJones
• Appsec additional fixes (#2676) @blotus
• welcome message when installing packages (#2672) @sabban
• cscli: silence cwhub logger for non-hub related commands (#2675) @mmetc
• add "make help" target (#2282) @mmetc
• fflags: no deprecation warning if there is no message (papi) (#2666) @mmetc
• Parallel hubtests (#2667) @mmetc
• Add "taintedBy" and "--diff" flag to cscli... inspect (#2665) @mmetc
• improve deprecation message with file location (#2662) @mmetc
• light pkg/api{client,server} refact (#2659) @mmetc
• Short build tag in version number (#2658) @mmetc
• cscli machines: lint + write output to stdout instead of log (#2657) @mmetc
• [http plugin] Add capath, certpath, keypath to load custom certs (#2634) @LaurenceJJones
• add new env var to enable console_management (#2599) @he2ss
• docker: add -slim variant to ghcr.io (#2653) @mmetc
• cscli refact / encapsulation (#2650) @mmetc
• restrict file permission from "machines add" (#2648) @mmetc
• Appsec improvement and fixes after merge (#2645) @AlteredCoder
• cwhub: context type (#2631) @mmetc
• cscli refact - encapsulation with types (#2643) @mmetc
• Cwhub refact (#2637) @mmetc
• cscli config show: pretty print struct output (#2633) @mmetc
• Refact bouncer auth (#2456) @mmetc
• cscli machines add: don't overwrite existing credential file (#2625) @mmetc
• [Explain] Ignore blank lines as crowdsec will anyways (#2630) @LaurenceJJones
• command "cscli hub types" (#2632) @mmetc
• manage force_pull message for one blocklist (#2615) @nitescuc
• Refact pkg/cwhub: fix known issues and reorganize files (#2616) @mmetc
• [postoverflow] dump after postoverflow so we can test within hubtest (#2511) @LaurenceJJones
• [cscli] notifications test command and slight re write (#2391) @LaurenceJJones
• Refactor hub management and cscli commands (#2545) @mmetc
• "cscli bouncers add": increase key size, deprecate and ignore --length option (#2531) @mmetc
• *.log: use yyyy-mm-dd (iso8601) in timestamps (#2564) @mmetc
• Improved expr debugger (#2495) @buixor
• Kafka acquisition: warn if no consumer group id and allow to read from a specific partition (#2612) @blotus
• kafkaAcquisition: add more debug (#2609) @he2ss
• Use go 1.21.4 (#2595) @mmetc

Bug Fixes

• Appsec fixing session (#2749) @AlteredCoder
• fix the reload process for appsec (#2750) @buixor
• Appsec: Don't close the body of the request we read (#2747) @AlteredCoder
• Fix #2733 "cscli hang forever when i try to delete a decision" (#2745) @mmetc
• log death reason of file reader if available (#2721) @blotus
• fix #2720 #2719 (#2724) @buixor
• csprofiles: fix default decision duration, lint (#2703) @mmetc
• bin/crowdsec: avoid writing errors twice when log_media=stdout (#2729) @mmetc
• [appsec] fix multizone multivar (#2727) @buixor
• apiclient: handle 0-byte error response (#2716) @mmetc
• Fix #2697 (#2702) @AlteredCoder
• Send installed appsec rules as part of the scenarios on login (#2704) @blotus
• cwhub: install --force repairs tainted, non-installed items (#2686) @mmetc
• [notifications] fix segfault because url is not loaded (#2679) @LaurenceJJones
• postinst: update check for enabled lapi (#2674) @mmetc
• lint error handling (#2644) @mmetc
• copy debian behavior for now for local and online api credentials creation (#2655) @sabban
• fix package tests for 1.5.6-rc2 (#2652) @mmetc
• fix lapi credentials creation for debian package (#2646) @sabban
• cscli context detect: fix nil dereference (#2635) @mmetc
• docker tests: force local machine creation (#2636) @mmetc
• [cscli] Decision import fix format for documentation (#2577) @LaurenceJJones
• [Plugin] Pass down ctx and use it (#2626) @LaurenceJJones
• [Metabase] QOL Changes and chown wal files (#2627) @LaurenceJJones
• CI: avoid pipe in makefile, correctly report error in CI when tests fail (#2621) @mmetc
• force rfc 3339 date format in metrics push (#2402) @blotus
• docker: replace cp -an with rsync to allow bind-mount of files in /etc/crowdsec (#2611) @mmetc
• properly update the cs_syslogsource_parsed_total metric (#2608) @blotus
• fix: typo (#2582) @testwill
• update gantsign.golang name (#2558) @sabban
• Release action: fix asset upload (#2565) @mmetc

Chore / Deps

• Add AppSec governance (#2748) @LaurenceJJones
• apiclient/apiserver: lint/2 (#2741) @mmetc
• apiclient/apiserver: lint (#2739) @mmetc
• use go 1.21.6 (#2714) @mmetc
• Makefile: use GO macro if set, to check for version (#2706) @mmetc
• update coraza (#2705) @blotus
• lint (wsl) (#2692) @mmetc
• CI: update test dependencies (#2668) @mmetc
• Update localstack services + loki (dev and CI) (#2649) @mmetc
• Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#2670) @dependabot
• update dependency on aws sdk (#2647) @mmetc
• CI: use go 1.21.5 (#2640) @mmetc
• Test for acquisition format errors in crowdsec -t (#2629) @mmetc
• refact BulkDeleteDecisions (#2308) @mmetc
• update dependency: k8s apiserver (including crypto, jwt, prometheus client) (#2476) @mmetc
• Minor dependency updates (#2505) @mmetc
• Bump google.golang.org/grpc from 1.56.1 to 1.56.3 (#2566) @dependabot
• typos/grammar (#2561) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Changes

• Various appsec fixes (#2742) @blotus
• ignore native modsec rules that were either pass or allow (#2684) @blotus
• always set the transaction in the current request (#2682) @blotus
• always set inband transaction even if we have no rules (#2681) @blotus
• Used asterisk for Defender Firewall log name (#2671) @zbalkan
• Add env vars to install/remove appsec-{configs,rules} in docker image (#2664) @blotus
• Update scenarios and parsers constraints for appsec (#2663) @blotus
• Improvement to run hubtest for appsec in docker (#2660) @AlteredCoder
• Minor improvements to hubtest and appsec component (#2656) @buixor

New Features

• remove PAPI feature flag (#2601) @blotus
• Application Security Engine Support (#2273) @buixor
• Loki integration #2 (#2306) @lperdereau

Improvements

• add cpu-profile flag (#2723) @blotus
• [appsec] waf tester (#2746) @mmetc
• Add original http request to hooks (#2740) @AlteredCoder
• apiserver: remove cached field isEnrolled (#2744) @mmetc
• Docker: allow setting BUILD_VERSION as a build argument (#2736) @mmetc
• Ignore missing console/context.yaml if not explicitly required by config.yaml (#2726) @mmetc
• cscli capi status -> message for missing credentials (#2730) @mmetc
• [appsec] implement count transformation (#2698) @buixor
• Remove redundant file check for capi_whitelists_path (#2728) @mmetc
• wizard: while installing, don't hide hub download/timeout errors (#2710) @mmetc
• pkg/cwhub: improve error messages (#2712) @mmetc
• logging: full timestamp with timezone in crowdsec.log (#2707) @mmetc
• CI: enable testifylint (#2696) @mmetc
• apiserver/apiclient: compact tests (#2694) @mmetc
• minor waf fixes (#2693) @buixor
• test and log fixes (#2690) @mmetc
• CI: bump golangci-lint run to 1.55, update defaults (#2677) @mmetc
• [notifications] Fix bug, list show non active (#2678) @LaurenceJJones
• Appsec additional fixes (#2676) @blotus
• welcome message when installing packages (#2672) @sabban
• cscli: silence cwhub logger for non-hub related commands (#2675) @mmetc
• add "make help" target (#2282) @mmetc
• fflags: no deprecation warning if there is no message (papi) (#2666) @mmetc
• Parallel hubtests (#2667) @mmetc
• Add "taintedBy" and "--diff" flag to cscli... inspect (#2665) @mmetc
• improve deprecation message with file location (#2662) @mmetc
• light pkg/api{client,server} refact (#2659) @mmetc
• Short build tag in version number (#2658) @mmetc
• cscli machines: lint + write output to stdout instead of log (#2657) @mmetc
• [http plugin] Add capath, certpath, keypath to load custom certs (#2634) @LaurenceJJones
• add new env var to enable console_management (#2599) @he2ss
• docker: add -slim variant to ghcr.io (#2653) @mmetc
• cscli refact / encapsulation (#2650) @mmetc
• restrict file permission from "machines add" (#2648) @mmetc
• Appsec improvement and fixes after merge (#2645) @AlteredCoder
• cwhub: context type (#2631) @mmetc
• cscli refact - encapsulation with types (#2643) @mmetc
• Cwhub refact (#2637) @mmetc
• cscli config show: pretty print struct output (#2633) @mmetc
• Refact bouncer auth (#2456) @mmetc
• cscli machines add: don't overwrite existing credential file (#2625) @mmetc
• [Explain] Ignore blank lines as crowdsec will anyways (#2630) @LaurenceJJones
• command "cscli hub types" (#2632) @mmetc
• manage force_pull message for one blocklist (#2615) @nitescuc
• Refact pkg/cwhub: fix known issues and reorganize files (#2616) @mmetc
• [postoverflow] dump after postoverflow so we can test within hubtest (#2511) @LaurenceJJones
• [cscli] notifications test command and slight re write (#2391) @LaurenceJJones
• Refactor hub management and cscli commands (#2545) @mmetc
• "cscli bouncers add": increase key size, deprecate and ignore --length option (#2531) @mmetc
• *.log: use yyyy-mm-dd (iso8601) in timestamps (#2564) @mmetc
• Improved expr debugger (#2495) @buixor
• Kafka acquisition: warn if no consumer group id and allow to read from a specific partition (#2612) @blotus
• kafkaAcquisition: add more debug (#2609) @he2ss
• Use go 1.21.4 (#2595) @mmetc

Bug Fixes

• Fix #2733 "cscli hang forever when i try to delete a decision" (#2745) @mmetc
• log death reason of file reader if available (#2721) @blotus
• fix #2720 #2719 (#2724) @buixor
• csprofiles: fix default decision duration, lint (#2703) @mmetc
• bin/crowdsec: avoid writing errors twice when log_media=stdout (#2729) @mmetc
• [appsec] fix multizone multivar (#2727) @buixor
• apiclient: handle 0-byte error response (#2716) @mmetc
• Fix #2697 (#2702) @AlteredCoder
• Send installed appsec rules as part of the scenarios on login (#2704) @blotus
• cwhub: install --force repairs tainted, non-installed items (#2686) @mmetc
• [notifications] fix segfault because url is not loaded (#2679) @LaurenceJJones
• postinst: update check for enabled lapi (#2674) @mmetc
• lint error handling (#2644) @mmetc
• copy debian behavior for now for local and online api credentials creation (#2655) @sabban
• fix package tests for 1.5.6-rc2 (#2652) @mmetc
• fix lapi credentials creation for debian package (#2646) @sabban
• cscli context detect: fix nil dereference (#2635) @mmetc
• docker tests: force local machine creation (#2636) @mmetc
• [cscli] Decision import fix format for documentation (#2577) @LaurenceJJones
• [Plugin] Pass down ctx and use it (#2626) @LaurenceJJones
• [Metabase] QOL Changes and chown wal files (#2627) @LaurenceJJones
• CI: avoid pipe in makefile, correctly report error in CI when tests fail (#2621) @mmetc
• force rfc 3339 date format in metrics push (#2402) @blotus
• docker: replace cp -an with rsync to allow bind-mount of files in /etc/crowdsec (#2611) @mmetc
• properly update the cs_syslogsource_parsed_total metric (#2608) @blotus
• fix: typo (#2582) @testwill
• update gantsign.golang name (#2558) @sabban
• Release action: fix asset upload (#2565) @mmetc

Chore / Deps

• apiclient/apiserver: lint/2 (#2741) @mmetc
• apiclient/apiserver: lint (#2739) @mmetc
• use go 1.21.6 (#2714) @mmetc
• Makefile: use GO macro if set, to check for version (#2706) @mmetc
• update coraza (#2705) @blotus
• lint (wsl) (#2692) @mmetc
• CI: update test dependencies (#2668) @mmetc
• Update localstack services + loki (dev and CI) (#2649) @mmetc
• Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#2670) @dependabot
• update dependency on aws sdk (#2647) @mmetc
• CI: use go 1.21.5 (#2640) @mmetc
• Test for acquisition format errors in crowdsec -t (#2629) @mmetc
• refact BulkDeleteDecisions (#2308) @mmetc
• update dependency: k8s apiserver (including crypto, jwt, prometheus client) (#2476) @mmetc
• Minor dependency updates (#2505) @mmetc
• Bump google.golang.org/grpc from 1.56.1 to 1.56.3 (#2566) @dependabot
• typos/grammar (#2561) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Changes

• always set the transaction in the current request (#2682) @blotus
• always set inband transaction even if we have no rules (#2681) @blotus
• Used asterisk for Defender Firewall log name (#2671) @zbalkan
• Add env vars to install/remove appsec-{configs,rules} in docker image (#2664) @blotus
• Update scenarios and parsers constraints for appsec (#2663) @blotus
• Improvement to run hubtest for appsec in docker (#2660) @AlteredCoder
• Minor improvements to hubtest and appsec component (#2656) @buixor

New Features

• remove PAPI feature flag (#2601) @blotus
• Application Security Engine Support (#2273) @buixor
• Loki integration #2 (#2306) @lperdereau

Improvements

• minor waf fixes (#2693) @buixor
• test and log fixes (#2690) @mmetc
• CI: bump golangci-lint run to 1.55, update defaults (#2677) @mmetc
• [notifications] Fix bug, list show non active (#2678) @LaurenceJJones
• Appsec additional fixes (#2676) @blotus
• welcome message when installing packages (#2672) @sabban
• cscli: silence cwhub logger for non-hub related commands (#2675) @mmetc
• add "make help" target (#2282) @mmetc
• fflags: no deprecation warning if there is no message (papi) (#2666) @mmetc
• Parallel hubtests (#2667) @mmetc
• Add "taintedBy" and "--diff" flag to cscli... inspect (#2665) @mmetc
• improve deprecation message with file location (#2662) @mmetc
• light pkg/api{client,server} refact (#2659) @mmetc
• Short build tag in version number (#2658) @mmetc
• cscli machines: lint + write output to stdout instead of log (#2657) @mmetc
• [http plugin] Add capath, certpath, keypath to load custom certs (#2634) @LaurenceJJones
• add new env var to enable console_management (#2599) @he2ss
• docker: add -slim variant to ghcr.io (#2653) @mmetc
• cscli refact / encapsulation (#2650) @mmetc
• restrict file permission from "machines add" (#2648) @mmetc
• Appsec improvement and fixes after merge (#2645) @AlteredCoder
• cwhub: context type (#2631) @mmetc
• cscli refact - encapsulation with types (#2643) @mmetc
• Cwhub refact (#2637) @mmetc
• cscli config show: pretty print struct output (#2633) @mmetc
• Refact bouncer auth (#2456) @mmetc
• cscli machines add: don't overwrite existing credential file (#2625) @mmetc
• [Explain] Ignore blank lines as crowdsec will anyways (#2630) @LaurenceJJones
• command "cscli hub types" (#2632) @mmetc
• manage force_pull message for one blocklist (#2615) @nitescuc
• Refact pkg/cwhub: fix known issues and reorganize files (#2616) @mmetc
• [postoverflow] dump after postoverflow so we can test within hubtest (#2511) @LaurenceJJones
• [cscli] notifications test command and slight re write (#2391) @LaurenceJJones
• Refactor hub management and cscli commands (#2545) @mmetc
• "cscli bouncers add": increase key size, deprecate and ignore --length option (#2531) @mmetc
• *.log: use yyyy-mm-dd (iso8601) in timestamps (#2564) @mmetc
• Improved expr debugger (#2495) @buixor
• Kafka acquisition: warn if no consumer group id and allow to read from a specific partition (#2612) @blotus
• kafkaAcquisition: add more debug (#2609) @he2ss
• Use go 1.21.4 (#2595) @mmetc

Bug Fixes

• cwhub: install --force repairs tainted, non-installed items (#2686) @mmetc
• [notifications] fix segfault because url is not loaded (#2679) @LaurenceJJones
• postinst: update check for enabled lapi (#2674) @mmetc
• lint error handling (#2644) @mmetc
• copy debian behavior for now for local and online api credentials creation (#2655) @sabban
• fix package tests for 1.5.6-rc2 (#2652) @mmetc
• fix lapi credentials creation for debian package (#2646) @sabban
• cscli context detect: fix nil dereference (#2635) @mmetc
• docker tests: force local machine creation (#2636) @mmetc
• [cscli] Decision import fix format for documentation (#2577) @LaurenceJJones
• [Plugin] Pass down ctx and use it (#2626) @LaurenceJJones
• [Metabase] QOL Changes and chown wal files (#2627) @LaurenceJJones
• CI: avoid pipe in makefile, correctly report error in CI when tests fail (#2621) @mmetc
• force rfc 3339 date format in metrics push (#2402) @blotus
• docker: replace cp -an with rsync to allow bind-mount of files in /etc/crowdsec (#2611) @mmetc
• properly update the cs_syslogsource_parsed_total metric (#2608) @blotus
• fix: typo (#2582) @testwill
• update gantsign.golang name (#2558) @sabban
• Release action: fix asset upload (#2565) @mmetc

Chore / Deps

• lint (wsl) (#2692) @mmetc
• CI: update test dependencies (#2668) @mmetc
• Update localstack services + loki (dev and CI) (#2649) @mmetc
• Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#2670) @dependabot
• update dependency on aws sdk (#2647) @mmetc
• CI: use go 1.21.5 (#2640) @mmetc
• Test for acquisition format errors in crowdsec -t (#2629) @mmetc
• refact BulkDeleteDecisions (#2308) @mmetc
• update dependency: k8s apiserver (including crypto, jwt, prometheus client) (#2476) @mmetc
• Minor dependency updates (#2505) @mmetc
• Bump google.golang.org/grpc from 1.56.1 to 1.56.3 (#2566) @dependabot
• typos/grammar (#2561) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.