v1.5.0-rc2

New Features

• Polling API Integration (behind feature flag) (#1715) @buixor
• Kubernetes audit acquisition (#1767) @blotus
• Crowdsec CTI API helpers (#1851) @buixor
• Alert context (#1895) @AlteredCoder
• cscli setup subcommand (behind feature flag) (#1923) @mmetc
• Feature flags support (#1933) @mmetc
• Conditional buckets (#1962) @blotus
• Allow parsers to capture data for future enrichment (#1969) @buixor

Improvements

• Stream decisions from db (behind feature flag) (#1927) @blotus
• CI: functional docker tests (#2056) @mmetc
• Show s00 stats instead of "first_parser" (#2055) @LaurenceJJones
• optimize blocklist fetch (#2039) @nitescuc
• optimization - remove useless login call (#2036) @nitescuc
• Add IsIPV4() and IsIP() helpers (#2050) @blotus
• Add more strings helpers (#2040) @buixor
• Improve warnings around lack of evt.StrTime field (#1954) @buixor
• Add unix expr helper (#1952) @LaurenceJJones
• acquisition: validate datasources before configuration (static checks) (#1841) @mmetc
• CAPI v3 and blocklists links support (#2019) @nitescuc
• Docker: add cri-logs collection by default to support CRI log format (#2005) @he2ss
• add -error flag to crowdsec binary (#1903) @mmetc
• Suggest bouncers and machines to delete (#1896) @sabban
• Add socket support to mysql or mariadb (#1911) @LaurenceJJones
• Add postgres socket support (#1926) @LaurenceJJones
• docker: separate CLIENT_* and LAPI_* variables for tls certificates (#1929) @mmetc
• systemd: same restart options across deb, rpm, wizard (#1948) @mmetc
• Add unix time support to dateparse enricher (#1958) @LaurenceJJones
• retry with backoff requests to CAPI (#1957) @nitescuc
• fix yq behavior with bind-mount config.yaml (#1968) @mmetc
• cscli explain: add crowdsec path option (#1983) @mmetc
• normalize scopes for alerts and decisions (#2001) @buixor
• cscli config feature-flags (#2006) @mmetc
• docker: skip temporary installation of disabled items (#2018) @mmetc
• add dev docker image (based on master) (#2024) @he2ss

Bug Fixes

• Do not try to refresh JWT token when doing a login request (#2059) @blotus
• Fix azure pipeline (#2041, #2044, #2046, #2048) @blotus
• clean up BUILD_GOVERSION which is set at runtime with runtime lib (#1901) @sabban
• remove pid_dir from config (#1906) @mmetc
• docker: correctly extract BOUNCER_KEY_* (#1913) @mmetc
• set cscli log timestamp to 24h (#1917) @mmetc
• docker: improve support for persistent configurations (#1915) @mmetc
• apiclient: fix http roundtrip (clone body also) (#1758) @he2ss
• ci: authenticate when looking up release information (#1936) @mmetc
• remove ignored flag "-m" in "cscli machines delete" (#1943) @mmetc
• fix tls communication with lapi and user/pw auth (#1956) @mmetc
• func tests: redirect stderr to filter extra logs (#1961) @mmetc
• fix parser test 2k23 (#1971) @mmetc
• Docker config/auth/TLS refactoring from v1.4.4 (#1967) @mmetc
• fix alert context CI when feature flags are enabled (#1979) @mmetc
• docker: add {VERSION}-slim tag to releases (#1977) @mmetc
• Change yaml patch from info to debug (#1980) @LaurenceJJones
• cscli: avoid initializing the db configuration twice (#1982) @mmetc
• silence yaml.local explicitly in cscli, keep in crowdsec/bouncer logs (#1981) @mmetc
• fix flaky parser unit test (#1985) @mmetc
• Fix docker_start.sh not properly handling env vars (#1993) @ruifung
• Fix reference to ghcr.io (#1999) @benscobie
• agent: fix message when -dsn is provided without -type (#2009) @mmetc
• allow use of literal $ in config.yaml (#2012) @mmetc
• allow literal $ in plugin configuration (#2015) @mmetc
• fix docker support for legacy vars (#2021) @mmetc
• error if tls.key_file or cert_file is missing (#2020)
• fix message "empty scenario" (#2065) @mmetc
• Propagate taints to top collections (fix #2064) (#2066) @mmetc

Chore / Deps

• replace log.Fatal -> fmt.Errorf (#2058) @mmetc
• Bump github.com/containerd/containerd from 1.6.12 to 1.6.18 (#2060) @dependabot
• Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible (#1996) @dependabot
• CAPI error code handling tests (#2027) @rr404
• CI: set GOBIN instead of go install + cp (#2030) @mmetc
• CI: build with go 1.20 (#2031) @mmetc
• test: bats-detect tests for "cscli setup" (#2057) @mmetc
• Cscli config refactoring (#1934) @mmetc
• separate cobra constructors: lapi, machines, bouncers, postoverflows (#1945) @mmetc
• bump docker actions to avoid deprecation warnings (#1966) @mmetc
• ci: remove hub dispatch, (msi) take release version from git history (#1949) @mmetc
• cscli refact: extracted New.*Cmd from alerts, capi, dashboard; removed some globals (#1990) @mmetc
• refact cscli decisions (#2003) @mmetc
• docker: replace BUILD_ENV with --target (#1995) @mmetc
• break in smaller functions cscli hub, hubtest, notifications, parsers, scenarios, simulation (#2004) @mmetc
• Store go module name in var in Makefile (#1989) @junnhy5
• remove SYSTEM=docker during build, update dockerignore (#2017) @mmetc
• use helpers for shorter tests, add a couple of error cases (#2016) @mmetc
• CI: update github actions and deprecated commands (#2023) @mmetc
• CI: bump more actions (#2028) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.5.0-rc1

New Features

• Polling API Integration (behind feature flag) (#1715) @buixor
• Kubernetes audit acquisition (#1767) @blotus
• Crowdsec CTI API helpers (#1851) @buixor
• Alert context (#1895) @AlteredCoder
• cscli setup subcommand (behind feature flag) (#1923) @mmetc
• Feature flags support (#1933) @mmetc
• Conditional buckets (#1962) @blotus
• Allow parsers to capture data for future enrichment (#1969) @buixor

Improvements

• Stream decisions from db (behind feature flag) (#1927) @blotus
• CI: functional docker tests (#2056) @mmetc
• Show s00 stats instead of "first_parser" (#2055) @LaurenceJJones
• optimize blocklist fetch (#2039) @nitescuc
• optimization - remove useless login call (#2036) @nitescuc
• Add IsIPV4() and IsIP() helpers (#2050) @blotus
• Add more strings helpers (#2040) @buixor
• Improve warnings around lack of evt.StrTime field (#1954) @buixor
• Add unix expr helper (#1952) @LaurenceJJones
• acquisition: validate datasources before configuration (static checks) (#1841) @mmetc
• CAPI v3 and blocklists links support (#2019) @nitescuc
• Docker: add cri-logs collection by default to support CRI log format (#2005) @he2ss
• add -error flag to crowdsec binary (#1903) @mmetc
• Suggest bouncers and machines to delete (#1896) @sabban
• Add socket support to mysql or mariadb (#1911) @LaurenceJJones
• Add postgres socket support (#1926) @LaurenceJJones
• docker: separate CLIENT_* and LAPI_* variables for tls certificates (#1929) @mmetc
• systemd: same restart options across deb, rpm, wizard (#1948) @mmetc
• Add unix time support to dateparse enricher (#1958) @LaurenceJJones
• retry with backoff requests to CAPI (#1957) @nitescuc
• fix yq behavior with bind-mount config.yaml (#1968) @mmetc
• cscli explain: add crowdsec path option (#1983) @mmetc
• normalize scopes for alerts and decisions (#2001) @buixor
• cscli config feature-flags (#2006) @mmetc
• docker: skip temporary installation of disabled items (#2018) @mmetc
• add dev docker image (based on master) (#2024) @he2ss

Bug Fixes

• Do not try to refresh JWT token when doing a login request (#2059) @blotus
• Fix azure pipeline (#2041, #2044, #2046, #2048) @blotus
• clean up BUILD_GOVERSION which is set at runtime with runtime lib (#1901) @sabban
• remove pid_dir from config (#1906) @mmetc
• docker: correctly extract BOUNCER_KEY_* (#1913) @mmetc
• set cscli log timestamp to 24h (#1917) @mmetc
• docker: improve support for persistent configurations (#1915) @mmetc
• apiclient: fix http roundtrip (clone body also) (#1758) @he2ss
• ci: authenticate when looking up release information (#1936) @mmetc
• remove ignored flag "-m" in "cscli machines delete" (#1943) @mmetc
• fix tls communication with lapi and user/pw auth (#1956) @mmetc
• func tests: redirect stderr to filter extra logs (#1961) @mmetc
• fix parser test 2k23 (#1971) @mmetc
• Docker config/auth/TLS refactoring from v1.4.4 (#1967) @mmetc
• fix alert context CI when feature flags are enabled (#1979) @mmetc
• docker: add {VERSION}-slim tag to releases (#1977) @mmetc
• Change yaml patch from info to debug (#1980) @LaurenceJJones
• cscli: avoid initializing the db configuration twice (#1982) @mmetc
• silence yaml.local explicitly in cscli, keep in crowdsec/bouncer logs (#1981) @mmetc
• fix flaky parser unit test (#1985) @mmetc
• Fix docker_start.sh not properly handling env vars (#1993) @ruifung
• Fix reference to ghcr.io (#1999) @benscobie
• agent: fix message when -dsn is provided without -type (#2009) @mmetc
• allow use of literal $ in config.yaml (#2012) @mmetc
• allow literal $ in plugin configuration (#2015) @mmetc
• fix docker support for legacy vars (#2021) @mmetc
• error if tls.key_file or cert_file is missing (#2020)
• fix message "empty scenario" (#2065) @mmetc
• Propagate taints to top collections (fix #2064) (#2066) @mmetc

Chore / Deps

• replace log.Fatal -> fmt.Errorf (#2058) @mmetc
• Bump github.com/containerd/containerd from 1.6.12 to 1.6.18 (#2060) @dependabot
• Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible (#1996) @dependabot
• CAPI error code handling tests (#2027) @rr404
• CI: set GOBIN instead of go install + cp (#2030) @mmetc
• CI: build with go 1.20 (#2031) @mmetc
• test: bats-detect tests for "cscli setup" (#2057) @mmetc
• Cscli config refactoring (#1934) @mmetc
• separate cobra constructors: lapi, machines, bouncers, postoverflows (#1945) @mmetc
• bump docker actions to avoid deprecation warnings (#1966) @mmetc
• ci: remove hub dispatch, (msi) take release version from git history (#1949) @mmetc
• cscli refact: extracted New.*Cmd from alerts, capi, dashboard; removed some globals (#1990) @mmetc
• refact cscli decisions (#2003) @mmetc
• docker: replace BUILD_ENV with --target (#1995) @mmetc
• break in smaller functions cscli hub, hubtest, notifications, parsers, scenarios, simulation (#2004) @mmetc
• Store go module name in var in Makefile (#1989) @junnhy5
• remove SYSTEM=docker during build, update dockerignore (#2017) @mmetc
• use helpers for shorter tests, add a couple of error cases (#2016) @mmetc
• CI: update github actions and deprecated commands (#2023) @mmetc
• CI: bump more actions (#2028) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.6

Changes

• strip v prefix in tag name in azure-pipeline (#2048) (#2049) @blotus
• Fix azure pipeline (#2046) (#2047) @blotus
• use the tag name from the predefined variable for azure pipeline (#2041) (#2043) @blotus

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.5

Changes

Bug Fixes

• docker: add {VERSION}-slim tag to releases (#1977)
• Fix docker_start.sh not properly handling env vars (#1993)

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.4

Changes

Bug Fixes

• docker entrypoint/configuration fixes + refactoring (#1959) @mmetc
• fix tls communication with lapi and user/pw auth (backport) (#1955) @mmetc
• docker: fix/improve support for persistent configurations (#1915) (#1922) @mmetc
• docker/README: automatic registration with tls (#1909) (#1919) @mmetc
• docker: correctly extract BOUNCER_KEY_* (fix #1912) (#1913) (#1920) @mmetc
• set cscli log timestamp to 24h (#1917) (#1921) @mmetc
• docker: separate CLIENT_* and LAPI_* variables for tls certificates (backport) (#1931) @mmetc

CI

• simplified release workflow, removed hub dispatch @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.4-rc3

Bug fixes

• fix tls communication with lapi and user/pw auth @mmetc
• docker: fix/improve support for persistent configurations (#1922) @mmetc
• docker/README: automatic registration with tls (#1919) @mmetc
• docker: correctly extract BOUNCER_KEY_* (#1920) @mmetc
• set cscli log timestamp to 24h (#1921) @mmetc
• docker: separate CLIENT_* and LAPI_* variables for tls certificates (backport) (#1931) @mmetc

CI

• simplified release workflow, removed hub dispatch @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.4-rc2

Changes

This -rc2 contains only backported fixes for the Docker images.

Bug fixes

• docker: fix/improve support for persistent configurations (#1922) @mmetc
• docker/README: automatic registration with tls (#1919) @mmetc
• docker: correctly extract BOUNCER_KEY_* (#1920) @mmetc
• set cscli log timestamp to 24h (#1921) @mmetc
• docker: separate CLIENT_* and LAPI_* variables for tls certificates (backport) (#1931) @mmetc

CI

• ci: define job output (#1940) @mmetc
• ci: authenticate when looking up release information (#1936) (backport) (#1939) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.4-rc1

This -rc1 contains only backported fixes for the Docker images.

Changes

Bug Fixes

• docker: fix/improve support for persistent configurations (#1922) @mmetc
• docker/README: automatic registration with tls (#1919) @mmetc
• docker: correctly extract BOUNCER_KEY_* (#1920) @mmetc
• set cscli log timestamp to 24h (#1921) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.3

Changes

• add USE_WAL to docker arguments (#1899) @mmetc
• silence harmless "machines delete" error in dockerfile (#1904) @mmetc
• use a copy of bucket processors in LeakRoutine (#1902) @blotus
• lint: error handling cleanup (#1877) @mmetc
• fix nil dereference: check that httpServer is set before shutting down (#1893) @mmetc
• enable CI workflow for stable branches (#1889) @mmetc
• Docker refactoring, tls setup (#1869) @mmetc
• Force agent reauth on 403 (#1888) @blotus
• ci: print stack traces (#1886) @mmetc
• require at least go 1.18 to build (#1884) @mmetc
• set BUILD_VERSION to the correct tag (#1885) @mmetc
• Fix static release upload (#1883) @mmetc
• Update perms for group read (#1876) @LaurenceJJones
• cscli config show: print host/port/user/dbname when driver=pgx (#1870) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.2

Main changes

• Kafka data source (#1698)
• Changes on the database front to speed up operations, especially when inserting or deleting big IPs list (#1752 #1835 #1782)
• Cscli got a visual revamp with better-looking tables and usage (#1763 #1801)
• CrowdSec now auto-updates parsers & scenarios on a daily basis to stay on top of upcoming threats (#1817)
• Added cscli support dump for more accessible support (#1634)
• Added cscli notifications reinject to make debugging and tweaking around notifications easier (#1638)

New features

• Implement reinject command to send notifications of alerts (#1638) @sabban
• Add LookupHost expr lib func (#1775) @ThinkChaos
• Acqusition : Add support for exclusion regexps (#1735) (fix #1733) @buixor
• Generic dateparse approach (#1669) @buixor
• Add helo config for mail plugin (#1765) @LaurenceJJones
• Docker build flavors: slim, with-plugins, with-geoip, full (#1862) @mmetc
• Add config option to enable or not local API and agent (#1730) @AlteredCoder
• Allow plugins to load environment variable (#1727) @AlteredCoder

Bug Fixes

• Fix #1746 (#1749) @sabban
• Restrict permissions for plugin configurations (#1745) @mmetc
• Fix expr scope #1737 (#1738) @sabban
• Acually postoverflow before reprocessing (#1739) @sabban
• Fix logging for email plugin (#1670) @sabban
• Fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus
• Fix the ssltls by actually doing ssltls in email notification plugin (#1672) @sabban
• Fix one shot acq race (#1783) @sbs2001
• Fix counter bucket (#1807) @sabban
• Fix crash when reading deleted files (#1840) @mmetc
• Fix for collections delete (#1824) @mmetc
• Blocklist: Do not duplicate decisions when pulling (#1796) @blotus
• Rpm spec fix cron removal (#1829) @LaurenceJJones
• Add check for .deb remove (#1827) @LaurenceJJones
• Tighten windows sqlite database permissions (#1769) @blotus

Changes

• Update codecov action (node 12 is deprecated) (#1830) @mmetc
• Simpler makefiles for static targets (#1744) @mmetc
• Use explicit transaction when inserting community blocklist (#1835) @blotus
• Update chocolatey spec file and publish nupkg in github releases (#1826) @blotus
• Support decisions deletion via scenario + alerts delete via ID (#1798) @buixor
• Replace shodan with crowdsec cti in notification template (#1741) @sbs2001
• Use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• Ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• Hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Allow user to disable decision deduplication (#1687) @buixor
• Switch to go 1.19 (#1709) @blotus
• Fix typo in func tests (#1718) @sabban
• Replace wizard patch for debian package with an envvar check (#1630) @mmetc
• Func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• Functional tests: json, stderr helpers (#1704) @mmetc
• Ansible testing improvements (#1700) @mmetc
• Add suggestion on cscli install items (#1686) @AlteredCoder
• Ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• Add -a options in cscli alerts list (#1690) @AlteredCoder
• Don't run azure pipeline on freeBSD tags (#1684) @blotus
• Functional tests instrumented by ansible/vagrant (#1682) @mmetc
• Adjust test timing for slow boxes (#1681) @mmetc
• Fix --column-statistics handling in mysql tests (#1680) @mmetc
• Cronjob remove fails due to [[ (#1818) @LaurenceJJones
• Warn if no acquisition files are found, acquisition_test refactoring, func tests (#1816) @mmetc
• Refactor broker_test.go, extract cstest/filenotfound*.go (#1815) @mmetc
• Rename pkg/cstest -> pkg/hubtest (#1811) @mmetc
• Force postgres 14 for func tests (#1813) @mmetc
• Enable all static checks + minor fixes and typos (#1806) @mmetc
• Add test and fix for configuration reload (#1808) @mmetc
• Fix missing metrics cscli (#1809) @blotus
• Replace log.Fatal with t.Fatal (#1805) @mmetc
• Don't install jq to build windows, docker (not required anymore) (#1800) @mmetc
• Unit tests: always capture testcase variable -> allow parallel testing (#1797) @mmetc
• Check is TLS == "true" before to enable in LAPI (#1795) @stephdl
• Bats helper fixes (#1792) @mmetc
• Fast alert delete (#1791) @sbs2001
• Update ent and grokky package (#1772) @AlteredCoder
• Fork dlog to ease debian packaging on official repos (#1790) @sabban
• Simplify one shot tests (#1786) @sbs2001
• Remove a wrong warning when pulling list content from CAPI (#1789) @blotus
• tests/bin cleanup (#1760) @mmetc
• Make: accept BUILD_VENDOR_FLAGS variable (#1771) @mmetc
• Renamed security.MD -> SECURITY.md (#1774) @mmetc
• Fix & cleanup cloudwatch_test.go (#1780) @mmetc
• Cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) @mmetc
• "make localstack": added zookeper+kafka services (#1770) @mmetc
• Don't suggest an item which user already mentioned (#1702) @sbs2001
• Fix misspelling of instantiate participles (#1759) @xconverge
• spf13/cobra v1.5.0; antonmedv/expr v1.9.0 (#1756) @mmetc
• Improvement: Docker one shot error message (#1666) @LaurenceJJones
• Tighten permissions for creds and notification configuration files on windows (#1757) @blotus
• Rename ROOT var to CS_ROOT in Makefile (#1755) @blotus
• Cronjob via packages (#1820) @LaurenceJJones
• Ci: skip func tests with legacy postgres driver (keep pgx) (#1864) @mmetc
• Notify when community-blocklist starts pull (#1845) @buixor
• Fix #1860 : Only repeat the WAL warning once (#1863) @buixor
• Enabled linters: gocritic, nilerr (#1853) @mmetc
• Fix docker_start without using jq (#1855) @AlteredCoder
• Randomize metric push time (#1852) @mmetc
• Fix ticker in bucket (#1858) @sabban
• Add error checking to lookup host (#1847) @LaurenceJJones
• Fixed package tests w/wal, gitignore/typos (#1849) @mmetc
• Randomize pull, push and metric intervals; reload crowdsec only when hub changed (#1846) @mmetc
• Fix(ci): create hub badges, repository dispatch only on crowdsecurity/crowdsec (#1838) @mmetc
• Add cscli alerts delete --id (#1843) @buixor
• Update golangci-lint to 1.50 and fixes (#1828) @mmetc
• Print missing "AS" values as empty strings instead of "0 " (#1867) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.