Releases: crowdsecurity/crowdsec
v1.5.3-rc4
Changes
- scenario labels to map string interface (#2201) @AlteredCoder
- do not send more than group_threshold alerts at once to a notification plugin (#2264) @mmetc
- cscli: add G (1e9) suffix to metric units (#2254) @mmetc
New Features
- add sentinel notification plugin (#2268) @blotus
- Add bayesian bucket type (#2290) @seemanne
- allow running rootless docker tests (#2281) @mmetc
Improvements
- Add bouncers prune command (#2379) @LaurenceJJones
- update dependency on go-cs-lib; drop the pkg/ part (#2393) @mmetc
- Add machines prune command (#2011) @LaurenceJJones
- Add metabase version override and update (#2370) @LaurenceJJones
- change output of "cscli metrics -o [json|raw]" from plain list to map with table names (#2375) @mmetc
- Reduce log verbosity at startup (#2363) @mmetc
- Make: error if BUILD_VERSION does not start with "v" (#2355) @mmetc
- support for stdin with "cscli decision import" and raw values (#2291) @mmetc
- non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2309) @mmetc
- Build with libre2 by default, options for wasm and static; add mk/gmsl (#2295) @mmetc
- send metrics sooner if agents are added/removed (#2296) @mmetc
- append vendor.tgz to each release (#2288) @mmetc
- CI: vagrant configuration for debian 12 (#2285) @LaurenceJJones
- CI: Remove cache entries when closing a PR (#2289) @mmetc
- Update jsonextract.go (#2287) @LaurenceJJones
- Implement "crowdsec -fatal" flag; change help message (#2266) @mmetc
- don't log systemd notification error if not running under systemd (#2274) @mmetc
- build against libre2-dev if found (#2255) @mmetc
- log.Warning if a notification is configured twice (#2240) @mmetc
- CI: publish dev-debian docker image (amd64 only) (#2252) @mmetc
- CI: use hub cli to upload release tar (#2244) @mmetc
Bug Fixes
- fix the rpm build (#2396) @sabban
- Fix unit file after modification (#2395) @sabban
- docker: allow GID with no persistent sqlite db (#2381) @mmetc
- fix "crowdsec-cli/require" log verbosity (#2390) @mmetc
- fix a confusing debug message (#2386) @buixor
- Check cscli preconditions with crowdsec-cli/require package (#2388) @mmetc
- replace all imports of path with path/filepath (#2330) @mmetc
- go mod tidy for sentinel plugin (#2377) @blotus
- fix double push of metrics by properly handling tickers (#2374) @mmetc
- fix the ci by adding the ability to enforce event ordering (#2347) @sabban
- add object key in src for S3 acquis (#2342) @blotus
- Properly match new files on windows when doing file acquisition (#2329) @blotus
- rename status to state in fire response (#2313) @blotus
- raise error with invalid 'on_success', 'on_failure' in profile (#2303) @mmetc
- docker: always merge .yaml.local in conf_get() (#2272) @mmetc
- Change api_key encoding to base64 to comply with bcrypt max size (#2302) @mmetc
- fix error message when failing to parse ip address or range (#2292) @mmetc
Chore / Deps
- update pytest dependencies (#2389) @mmetc
- Build target for "make tidy" (#2378) @mmetc
- update google/winops dependency (#2366) @mmetc
- update gonic/gin to 1.9.1 (#2230) @mmetc
- expose the FormatAlert function to other packages (#2248) @blotus
- Update ansible requirements (#2364) @sabban
- CI: test with postgres 15 (#2149) @mmetc
- Update dependency: docker/docker (#2360) @mmetc
- typo fix, uppercase 'API', adjusted log level (#2361) @mmetc
- Use same levenshtein package for cscli, ent, hcl (#2359) @mmetc
- Use go 1.20.6 (#2358) @mmetc
- Update pytest dependencies (#2356) @mmetc
- Update dependencies: k8s, swag, jwt (#2357) @mmetc
- update dependency on goccy/go-yaml for arm32 fix (#2343) @mmetc
- CI: bump and lock pytest dependencies (#2340) @mmetc
- Update grpc dependency to latest stable version (#2339) @mmetc
- errors.Wrap -> fmt.Errorf (#2333) @mmetc
- CI: reduce test verbosity; set PKG_CONFIG_PATH for re2 in rpm distros (#2331) @mmetc
- Update go-re2 dep to fix arm32 build (#2332) @mmetc
- tests: vagrant refactoring (#2328) @mmetc
- CI: update ansible tests for re2 (#2318) @mmetc
- errors.Wrap -> fmt.Errorf (#2317) @mmetc
- func tests: install some dependencies from make, log test helpers (#2314) @mmetc
- rename metabase APIClient to avoid confusion (#2305) @mmetc
- CI: Update setup-go action to v4 (with automatic cache) (#2168) @mmetc
- docker: build same re2 version for alpine/debian; bump yq (#2311) @mmetc
- update debian version to have latest systemd (#2304) @he2ss
- CI: build docker version with c++ re2 (static) (#2307) @mmetc
- errors.Wrap -> fmt.Errorf; clean up imports (#2301) @mmetc
- CI: add fedora-37, -38 to vagrant tests (#2299) @mmetc
- update leakybucket readme (#2298) @mmetc
- errors.Wrap -> fmt.Errorf (#2297) @mmetc
- Update go dependencies (#2293) @mmetc
- spellcheck/style leakybucket readme (#2294) @mmetc
- Use go 1.20.5 (#2280) @mmetc
- light pkg/parser cleanup (#2279) @mmetc
- trim pkg/types: move DataSet/GetData to pkg/cwhub, removed unused Clone function (#2271) @mmetc
- add missing import (#2275) @mmetc
- minor refactor to pkg/types, cscli machines (#2270) @mmetc
- Move grok_pattern.go away from pkg/types to reduce bouncer dependencies (#2269) @mmetc
- don't pre-create log files (not required anymore) (#2267) @mmetc
- CI: add tests for metrics configuration (#2251) @mmetc
- CI: refactor makefile for plugins and vendor target (#2256) @mmetc
- update notif threshold test on windows (#2265) @mmetc
- show option -winsvc only under windows (#2258) @mmetc
- CI: make clean -> remove coverage data (#2259) @mmetc
- make: allow using a development version of Go, with a warning (#2260) @mmetc
- gitignore: ignore .vagrant directories (#2262) @mmetc
- default config: simulation off -> false (yaml 1.2) (#2263) @mmetc
- dependencies: replaced function calls to pkg/types, errors.Wrap (#2235) @mmetc
- CI: refactoring pkg/csplugin (#2247) @mmetc
- CI: separate stderr in all func tests (#2250) @mmetc
- update libsystemd in debian docker image (#2245) @he2ss
- types.InSlice() -> slices.Contains() (#2246) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.3-rc3
Changes
- scenario labels to map string interface (#2201) @AlteredCoder
- do not send more than group_threshold alerts at once to a notification plugin (#2264) @mmetc
- cscli: add G (1e9) suffix to metric units (#2254) @mmetc
New Features
- add sentinel notification plugin (#2268) @blotus
- Add bayesian bucket type (#2290) @seemanne
- allow running rootless docker tests (#2281) @mmetc
Improvements
- Add bouncers prune command (#2379) @LaurenceJJones
- update dependency on go-cs-lib; drop the pkg/ part (#2393) @mmetc
- Add machines prune command (#2011) @LaurenceJJones
- Add metabase version override and update (#2370) @LaurenceJJones
- change output of "cscli metrics -o [json|raw]" from plain list to map with table names (#2375) @mmetc
- Reduce log verbosity at startup (#2363) @mmetc
- Make: error if BUILD_VERSION does not start with "v" (#2355) @mmetc
- support for stdin with "cscli decision import" and raw values (#2291) @mmetc
- non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2309) @mmetc
- Build with libre2 by default, options for wasm and static; add mk/gmsl (#2295) @mmetc
- send metrics sooner if agents are added/removed (#2296) @mmetc
- append vendor.tgz to each release (#2288) @mmetc
- CI: vagrant configuration for debian 12 (#2285) @LaurenceJJones
- CI: Remove cache entries when closing a PR (#2289) @mmetc
- Update jsonextract.go (#2287) @LaurenceJJones
- Implement "crowdsec -fatal" flag; change help message (#2266) @mmetc
- don't log systemd notification error if not running under systemd (#2274) @mmetc
- build against libre2-dev if found (#2255) @mmetc
- log.Warning if a notification is configured twice (#2240) @mmetc
- CI: publish dev-debian docker image (amd64 only) (#2252) @mmetc
- CI: use hub cli to upload release tar (#2244) @mmetc
Bug Fixes
- docker: allow GID with no persistent sqlite db (#2381) @mmetc
- fix "crowdsec-cli/require" log verbosity (#2390) @mmetc
- fix a confusing debug message (#2386) @buixor
- Check cscli preconditions with crowdsec-cli/require package (#2388) @mmetc
- replace all imports of path with path/filepath (#2330) @mmetc
- go mod tidy for sentinel plugin (#2377) @blotus
- fix double push of metrics by properly handling tickers (#2374) @mmetc
- fix the ci by adding the ability to enforce event ordering (#2347) @sabban
- add object key in src for S3 acquis (#2342) @blotus
- Properly match new files on windows when doing file acquisition (#2329) @blotus
- rename status to state in fire response (#2313) @blotus
- raise error with invalid 'on_success', 'on_failure' in profile (#2303) @mmetc
- docker: always merge .yaml.local in conf_get() (#2272) @mmetc
- Change api_key encoding to base64 to comply with bcrypt max size (#2302) @mmetc
- fix error message when failing to parse ip address or range (#2292) @mmetc
Chore / Deps
- update pytest dependencies (#2389) @mmetc
- Build target for "make tidy" (#2378) @mmetc
- update google/winops dependency (#2366) @mmetc
- update gonic/gin to 1.9.1 (#2230) @mmetc
- expose the FormatAlert function to other packages (#2248) @blotus
- Update ansible requirements (#2364) @sabban
- CI: test with postgres 15 (#2149) @mmetc
- Update dependency: docker/docker (#2360) @mmetc
- typo fix, uppercase 'API', adjusted log level (#2361) @mmetc
- Use same levenshtein package for cscli, ent, hcl (#2359) @mmetc
- Use go 1.20.6 (#2358) @mmetc
- Update pytest dependencies (#2356) @mmetc
- Update dependencies: k8s, swag, jwt (#2357) @mmetc
- update dependency on goccy/go-yaml for arm32 fix (#2343) @mmetc
- CI: bump and lock pytest dependencies (#2340) @mmetc
- Update grpc dependency to latest stable version (#2339) @mmetc
- errors.Wrap -> fmt.Errorf (#2333) @mmetc
- CI: reduce test verbosity; set PKG_CONFIG_PATH for re2 in rpm distros (#2331) @mmetc
- Update go-re2 dep to fix arm32 build (#2332) @mmetc
- tests: vagrant refactoring (#2328) @mmetc
- CI: update ansible tests for re2 (#2318) @mmetc
- errors.Wrap -> fmt.Errorf (#2317) @mmetc
- func tests: install some dependencies from make, log test helpers (#2314) @mmetc
- rename metabase APIClient to avoid confusion (#2305) @mmetc
- CI: Update setup-go action to v4 (with automatic cache) (#2168) @mmetc
- docker: build same re2 version for alpine/debian; bump yq (#2311) @mmetc
- update debian version to have latest systemd (#2304) @he2ss
- CI: build docker version with c++ re2 (static) (#2307) @mmetc
- errors.Wrap -> fmt.Errorf; clean up imports (#2301) @mmetc
- CI: add fedora-37, -38 to vagrant tests (#2299) @mmetc
- update leakybucket readme (#2298) @mmetc
- errors.Wrap -> fmt.Errorf (#2297) @mmetc
- Update go dependencies (#2293) @mmetc
- spellcheck/style leakybucket readme (#2294) @mmetc
- Use go 1.20.5 (#2280) @mmetc
- light pkg/parser cleanup (#2279) @mmetc
- trim pkg/types: move DataSet/GetData to pkg/cwhub, removed unused Clone function (#2271) @mmetc
- add missing import (#2275) @mmetc
- minor refactor to pkg/types, cscli machines (#2270) @mmetc
- Move grok_pattern.go away from pkg/types to reduce bouncer dependencies (#2269) @mmetc
- don't pre-create log files (not required anymore) (#2267) @mmetc
- CI: add tests for metrics configuration (#2251) @mmetc
- CI: refactor makefile for plugins and vendor target (#2256) @mmetc
- update notif threshold test on windows (#2265) @mmetc
- show option -winsvc only under windows (#2258) @mmetc
- CI: make clean -> remove coverage data (#2259) @mmetc
- make: allow using a development version of Go, with a warning (#2260) @mmetc
- gitignore: ignore .vagrant directories (#2262) @mmetc
- default config: simulation off -> false (yaml 1.2) (#2263) @mmetc
- dependencies: replaced function calls to pkg/types, errors.Wrap (#2235) @mmetc
- CI: refactoring pkg/csplugin (#2247) @mmetc
- CI: separate stderr in all func tests (#2250) @mmetc
- update libsystemd in debian docker image (#2245) @he2ss
- types.InSlice() -> slices.Contains() (#2246) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.3-rc2
Changes
- do not send more than group_threshold alerts at once to a notification plugin (#2264) @mmetc
- cscli: add G (1e9) suffix to metric units (#2254) @mmetc
New Features
Improvements
- support for stdin with "cscli decision import" and raw values (#2291) @mmetc
- non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2309) @mmetc
- Build with libre2 by default, options for wasm and static; add mk/gmsl (#2295) @mmetc
- send metrics sooner if agents are added/removed (#2296) @mmetc
- append vendor.tgz to each release (#2288) @mmetc
- CI: vagrant configuration for debian 12 (#2285) @LaurenceJJones
- CI: Remove cache entries when closing a PR (#2289) @mmetc
- Update jsonextract.go (#2287) @LaurenceJJones
- Implement "crowdsec -fatal" flag; change help message (#2266) @mmetc
- don't log systemd notification error if not running under systemd (#2274) @mmetc
- build against libre2-dev if found (#2255) @mmetc
- log.Warning if a notification is configured twice (#2240) @mmetc
- CI: publish dev-debian docker image (amd64 only) (#2252) @mmetc
- CI: use hub cli to upload release tar (#2244) @mmetc
Bug Fixes
- add object key in src for S3 acquis (#2342) @blotus
- Properly match new files on windows when doing file acquisition (#2329) @blotus
- rename status to state in fire response (#2313) @blotus
- raise error with invalid 'on_success', 'on_failure' in profile (#2303) @mmetc
- docker: always merge .yaml.local in conf_get() (#2272) @mmetc
- Change api_key encoding to base64 to comply with bcrypt max size (#2302) @mmetc
- fix error message when failing to parse ip address or range (#2292) @mmetc
Chore / Deps
- update dependency on goccy/go-yaml for arm32 fix (#2343) @mmetc
- CI: bump and lock pytest dependencies (#2340) @mmetc
- Update grpc dependency to latest stable version (#2339) @mmetc
- errors.Wrap -> fmt.Errorf (#2333) @mmetc
- CI: reduce test verbosity; set PKG_CONFIG_PATH for re2 in rpm distros (#2331) @mmetc
- Update go-re2 dep to fix arm32 build (#2332) @mmetc
- tests: vagrant refactoring (#2328) @mmetc
- CI: update ansible tests for re2 (#2318) @mmetc
- errors.Wrap -> fmt.Errorf (#2317) @mmetc
- func tests: install some dependencies from make, log test helpers (#2314) @mmetc
- rename metabase APIClient to avoid confusion (#2305) @mmetc
- CI: Update setup-go action to v4 (with automatic cache) (#2168) @mmetc
- docker: build same re2 version for alpine/debian; bump yq (#2311) @mmetc
- update debian version to have latest systemd (#2304) @he2ss
- CI: build docker version with c++ re2 (static) (#2307) @mmetc
- errors.Wrap -> fmt.Errorf; clean up imports (#2301) @mmetc
- CI: add fedora-37, -38 to vagrant tests (#2299) @mmetc
- update leakybucket readme (#2298) @mmetc
- errors.Wrap -> fmt.Errorf (#2297) @mmetc
- Update go dependencies (#2293) @mmetc
- spellcheck/style leakybucket readme (#2294) @mmetc
- Use go 1.20.5 (#2280) @mmetc
- light pkg/parser cleanup (#2279) @mmetc
- trim pkg/types: move DataSet/GetData to pkg/cwhub, removed unused Clone function (#2271) @mmetc
- add missing import (#2275) @mmetc
- minor refactor to pkg/types, cscli machines (#2270) @mmetc
- Move grok_pattern.go away from pkg/types to reduce bouncer dependencies (#2269) @mmetc
- don't pre-create log files (not required anymore) (#2267) @mmetc
- CI: add tests for metrics configuration (#2251) @mmetc
- CI: refactor makefile for plugins and vendor target (#2256) @mmetc
- update notif threshold test on windows (#2265) @mmetc
- show option -winsvc only under windows (#2258) @mmetc
- CI: make clean -> remove coverage data (#2259) @mmetc
- make: allow using a development version of Go, with a warning (#2260) @mmetc
- gitignore: ignore .vagrant directories (#2262) @mmetc
- default config: simulation off -> false (yaml 1.2) (#2263) @mmetc
- dependencies: replaced function calls to pkg/types, errors.Wrap (#2235) @mmetc
- CI: refactoring pkg/csplugin (#2247) @mmetc
- CI: separate stderr in all func tests (#2250) @mmetc
- update libsystemd in debian docker image (#2245) @he2ss
- types.InSlice() -> slices.Contains() (#2246) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.3-rc1
New Features
Improvements
- support for stdin with "cscli decision import" and raw values (#2291) @mmetc
- non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2309) @mmetc
- Build with libre2 by default, options for wasm and static; add mk/gmsl (#2295) @mmetc
- send metrics sooner if agents are added/removed (#2296) @mmetc
- append vendor.tgz to each release (#2288) @mmetc
- CI: vagrant configuration for debian 12 (#2285) @LaurenceJJones
- CI: Remove cache entries when closing a PR (#2289) @mmetc
- Update jsonextract.go (#2287) @LaurenceJJones
- Implement "crowdsec -fatal" flag; change help message (#2266) @mmetc
- don't log systemd notification error if not running under systemd (#2274) @mmetc
- build against libre2-dev if found (#2255) @mmetc
- log.Warning if a notification is configured twice (#2240) @mmetc
- CI: publish dev-debian docker image (amd64 only) (#2252) @mmetc
- CI: use hub cli to upload release tar (#2244) @mmetc
Bug Fixes
- rename status to state in fire response (#2313) @blotus
- raise error with invalid 'on_success', 'on_failure' in profile (#2303) @mmetc
- docker: always merge .yaml.local in conf_get() (#2272) @mmetc
- Change api_key encoding to base64 to comply with bcrypt max size (#2302) @mmetc
- fix error message when failing to parse ip address or range (#2292) @mmetc
Chore / Deps
- CI: update ansible tests for re2 (#2318) @mmetc
- errors.Wrap -> fmt.Errorf (#2317) @mmetc
- func tests: install some dependencies from make, log test helpers (#2314) @mmetc
- rename metabase APIClient to avoid confusion (#2305) @mmetc
- CI: Update setup-go action to v4 (with automatic cache) (#2168) @mmetc
- docker: build same re2 version for alpine/debian; bump yq (#2311) @mmetc
- update debian version to have latest systemd (#2304) @he2ss
- CI: build docker version with c++ re2 (static) (#2307) @mmetc
- errors.Wrap -> fmt.Errorf; clean up imports (#2301) @mmetc
- CI: add fedora-37, -38 to vagrant tests (#2299) @mmetc
- update leakybucket readme (#2298) @mmetc
- errors.Wrap -> fmt.Errorf (#2297) @mmetc
- Update go dependencies (#2293) @mmetc
- spellcheck/style leakybucket readme (#2294) @mmetc
- Use go 1.20.5 (#2280) @mmetc
- light pkg/parser cleanup (#2279) @mmetc
- trim pkg/types: move DataSet/GetData to pkg/cwhub, removed unused Clone function (#2271) @mmetc
- add missing import (#2275) @mmetc
- minor refactor to pkg/types, cscli machines (#2270) @mmetc
- Move grok_pattern.go away from pkg/types to reduce bouncer dependencies (#2269) @mmetc
- don't pre-create log files (not required anymore) (#2267) @mmetc
- CI: add tests for metrics configuration (#2251) @mmetc
- CI: refactor makefile for plugins and vendor target (#2256) @mmetc
- update notif threshold test on windows (#2265) @mmetc
- show option -winsvc only under windows (#2258) @mmetc
- CI: make clean -> remove coverage data (#2259) @mmetc
- make: allow using a development version of Go, with a warning (#2260) @mmetc
- gitignore: ignore .vagrant directories (#2262) @mmetc
- default config: simulation off -> false (yaml 1.2) (#2263) @mmetc
- dependencies: replaced function calls to pkg/types, errors.Wrap (#2235) @mmetc
- CI: refactoring pkg/csplugin (#2247) @mmetc
- CI: separate stderr in all func tests (#2250) @mmetc
- update libsystemd in debian docker image (#2245) @he2ss
- types.InSlice() -> slices.Contains() (#2246) @mmetc
Changes
- do not send more than group_threshold alerts at once to a notification plugin (#2264) @mmetc
- cscli: add G (1e9) suffix to metric units (#2254) @mmetc
- allow running rootless docker tests (#2281) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.2
Changes
Improvements
- generate asserts for evt.Unmarshaled in hubtest (#2214) @blotus
- Log info capi whitelists (#2220) @LaurenceJJones
- support capi_whitelists.yaml (#2224) @mmetc
Bug Fixes
- Update KV ignore whitespace before and after
=
(#2236) @LaurenceJJones - fix lock when dumping the parsing state in explain mode (#2234) @blotus
- test cleanup: remove /tmp/crowdsec_tests* directories (#2232) @mmetc
- merge system cert pool with own certs (#2226) @mmetc
Chore / Deps
- decouple bouncer dependencies: use go-cs-lib/pkg/ptr (#2228) @mmetc
- decouple bouncer dependencies: use go-cs-lib in test code (#2229) @mmetc
- makefiles: de-duplicate, simplify and remove unused code (#2222) @mmetc
- decouple bouncer dependencies: use go-cs-lib/pkg/ptr in apiclient (#2227) @mmetc
- decouple bouncer dependencies: use go-cs-lib/pkg/* (#2216) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.2-rc1
Changes
Improvements
- Log info capi whitelists (#2220) @LaurenceJJones
- support capi_whitelists.yaml (#2224) @mmetc
Bug Fixes
- test cleanup: remove /tmp/crowdsec_tests* directories (#2232) @mmetc
- merge system cert pool with own certs (#2226) @mmetc
Chore / Deps
- decouple bouncer dependencies: use go-cs-lib/pkg/ptr (#2228) @mmetc
- decouple bouncer dependencies: use go-cs-lib in test code (#2229) @mmetc
- makefiles: de-duplicate, simplify and remove unused code (#2222) @mmetc
- decouple bouncer dependencies: use go-cs-lib/pkg/ptr in apiclient (#2227) @mmetc
- decouple bouncer dependencies: use go-cs-lib/pkg/* (#2216) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.1
Security Notice
This release includes a security fix for the Windows version of crowdsec regarding a potential privesc when installing crowdsec in a non-default path (different than C:\Program Files\CrowdSec
).
This release removes the ability to choose a custom installation path. If you have installed crowdsec in a non-default path, we strongly encourage you to reinstall crowdsec at the default location.
Changes
Bug Fixes
- fallback to master for hub index download if it does not exist (#2210) @blotus
- Don't allow to customize the installation directory on windows (#2208) @blotus
- fix incorrect version strip (#2206) @blotus
Chore / Deps
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.0
New Features
- Add
transform
configuration option for acquisition (#2144) @blotus - Add experimental support for re2 (#2138) @blotus
- S3 acquisition datasource (#2130) @blotus
- support ip and cidr based whitelists for capi and 3rd party blocklists (#2132) @buixor
- try to make reproducible build work (#2119) @sabban
- Distance support : Impossible travel (#2108) @buixor
- Implement "cscli config show-yaml" (#2191) @mmetc
- Add ParseKV and UnmarshalJSON helper (#2184) @LaurenceJJones
- add Hostname helper in expr and templating (#2193) @blotus
- Add B64decode expr helper (#2183) @blotus
- add a LogInfo expr helper (#2179) @buixor
Improvements
- Add
cscli papi status
andcscli papi sync
(#2091) @blotus - add papi_url in credentials file when enabling console_management, and remove it when disabling console_management (#2095) @blotus
- display source in alerts list when an alert has multiple decisions (#2098) @blotus
- New PAPI commands: reauth + force_pull (#2129) @blotus
- do not try to load PAPI is url is not set (#2099) @blotus
- CI: Static builds by default; replace bincover with go -cover from 1.20 (#2150) @mmetc
- File acquisition: log "file reopen" events instead of writing to stderr (#2139) @mmetc
- Allow running func tests while running containers with crowdsec (#2137) @mmetc
- match expr helper (#2126) @buixor
- properly update the time structure within event (#2122) @buixor
- add ToString() helper (#2100) @blotus
- Docker readme: update build instructions, recommend acquis.d and config.yaml.local (#2115) @mmetc
- add --origin to cscli decisions delete (#2109) @buixor
- support for regexps result cache (#2104) @buixor
- CI: Cache all built go modules (#2081) @mmetc
- Explain successful parsers only (#2063) @LaurenceJJones
- Option to disable remote lapi registration (#2010) @LaurenceJJones
- Stream decisions from db (#1927) @blotus
- CI: functional docker tests (#2056) @mmetc
- Show s00 stats instead of "first_parser" (#2055) @LaurenceJJones
- optimize blocklist fetch (#2039) @nitescuc
- optimization - remove useless login call (#2036) @nitescuc
- Add
IsIPV4()
andIsIP()
helpers (#2050) @blotus - more strings helpers (#2040) @buixor
- update default windows acquisition configuration (#2195) @blotus
- allow batching when importing decisions (#2192) @buixor
Bug Fixes
- Wait for both api and agent chans if necessary when daemonize is false or running on windows (#2155) @blotus
- check if the acquis tomb is dying while processing logs in replay mode for file/s3/docker (#2152) @blotus
- Properly load k8s audit configuration (#2158) @mmetc
- Allow subcommands to be activated by feature.yaml (#2156) @mmetc
- fix awkward stacktrace in conditional filter (#2145) @buixor
- Docker: don't re-register local agent if not needed (#2141) @mmetc
- Docker: correct behavior of AGENTS_ALLOWED_OU, BOUNCERS_ALLOWED_OU (#2140) @mmetc
- Unit tests: remove leftover files (#2134) @mmetc
- Report docker systems in version and user agents (#2136) @mmetc
- fix dateparse (#2135) @buixor
- CI: avoid conflict with pkg/build cache in golangci-lint action (#2123) @mmetc
- actually fix expr-debugger to work with the new version (#2124) @blotus
- cscli explain : avoid concurrent map writes (#2113) @buixor
- Fix cscli explain when running from testenv (#2114) @AlteredCoder
- Load lapi config for
config show output
(#2097) @mmetc - Fix docker tests by increasing timeout (#2107) @mmetc
- Unit tests: fix authentication to localstack (#2106) @mmetc
- Fix log destination in one-shot mode (#2084) @mmetc
- CI: Limit parallel docker builds for performance on small machines (#2082) @mmetc
- ugly workaround to fix the tests (#2080) @sabban
- fix the way acquisition is stopped (#2069) @sabban
- Strip version with ~ instead of - (#2076) @AlteredCoder
- Fix docker tests (network creation) (#2077) @mmetc
- email plugin: add "starttls" as accepted encryption_type in the comment (#2068) @mmetc
- Propagate taints to top collections (fix #2064) (#2066) @mmetc
- fix message "empty scenario" (#2065) @mmetc
- Do not try to refresh JWT token when doing a login request (#2059) @blotus
- add indexes on the FK between alerts and {decisions,metas,events} (#2188) @blotus
- defaults to inotify to detect changes in file datasource to avoid too many call to stat() (#2181) @blotus
Chore / Deps
- timeout of ci jobs (20 -> 30) (#2160) @buixor
- Rename k8s_audit to k8s-audit (easier to type, consistent with labels) (#2153) @mmetc
- use expr.Function for custom functions instead of passing them in the env (#2133) @blotus
- Only use pgx for postgresql database (#2118) @blotus
- Update expr (#2110) @blotus
- Fix docker tests by increasing timeout (again) and move compose test to plugin (#2112) @mmetc
- Lint (type inference): remove redundant type declarations (#2111) @mmetc
- Run lint after tests instead of separate workflow (#2103) @mmetc
- Build notification plugins with current crowdsec; mod tidy (#2102) @mmetc
- Make: extract "goversion.mk" to reuse it in bouncers (#2101) @mmetc
- Rename directory "tests" to "test" (#2094) @mmetc
- Add tests and typo fixes (#2092) @mmetc
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/slack (#2088) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/splunk (#2086) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/http (#2087) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/email (#2085) @dependabot
- Bump golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 (#2089) @dependabot
- CI: limit -dev docker image to amd64 to speed up the pipeline (#2090) @mmetc
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/http (#2074) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/email (#2073) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/splunk (#2071) @dependabot
- Bump bats-core to 1.9 (#2083) @mmetc
- Bump golang.org/x/text from 0.3.7 to 0.3.8 (#2072) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/slack (#2070) @dependabot
- Docker tests: use pytest-cs 0.2 (#2079) @mmetc
- Pin pytest-cs to a stable tag, cache virtualenvs, don't install ipython in CI (#2075) @mmetc
- chore: simplify pkg/database/alerts (#2062) @mmetc
- replace log.Fatal -> fmt.Errorf (#2058) @mmetc
- Bump github.com/containerd/containerd from 1.6.12 to 1.6.18 (#2060) @dependabot
- Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible (#1996) @dependabot
- CAPI error code handling tests (#2027) @rr404
- CI: set GOBIN instead of go install + cp (#2030) @mmetc
- CI: build with go 1.20 (#2031) @mmetc
- test: bats-detect tests for "cscli setup" (#2057) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.0-rc6
New Features
- Add
transform
configuration option for acquisition (#2144) @blotus - Add experimental support for re2 (#2138) @blotus
- S3 acquisition datasource (#2130) @blotus
- support ip and cidr based whitelists for capi and 3rd party blocklists (#2132) @buixor
- try to make reproducible build work (#2119) @sabban
- Distance support : Impossible travel (#2108) @buixor
- Implement "cscli config show-yaml" (#2191) @mmetc
- Add ParseKV and UnmarshalJSON helper (#2184) @LaurenceJJones
- add Hostname helper in expr and templating (#2193) @blotus
- Add B64decode expr helper (#2183) @blotus
- add a LogInfo expr helper (#2179) @buixor
Improvements
- Add
cscli papi status
andcscli papi sync
(#2091) @blotus - add papi_url in credentials file when enabling console_management, and remove it when disabling console_management (#2095) @blotus
- display source in alerts list when an alert has multiple decisions (#2098) @blotus
- New PAPI commands: reauth + force_pull (#2129) @blotus
- do not try to load PAPI is url is not set (#2099) @blotus
- CI: Static builds by default; replace bincover with go -cover from 1.20 (#2150) @mmetc
- File acquisition: log "file reopen" events instead of writing to stderr (#2139) @mmetc
- Allow running func tests while running containers with crowdsec (#2137) @mmetc
- match expr helper (#2126) @buixor
- properly update the time structure within event (#2122) @buixor
- add ToString() helper (#2100) @blotus
- Docker readme: update build instructions, recommend acquis.d and config.yaml.local (#2115) @mmetc
- add --origin to cscli decisions delete (#2109) @buixor
- support for regexps result cache (#2104) @buixor
- CI: Cache all built go modules (#2081) @mmetc
- Explain successful parsers only (#2063) @LaurenceJJones
- Option to disable remote lapi registration (#2010) @LaurenceJJones
- Stream decisions from db (#1927) @blotus
- CI: functional docker tests (#2056) @mmetc
- Show s00 stats instead of "first_parser" (#2055) @LaurenceJJones
- optimize blocklist fetch (#2039) @nitescuc
- optimization - remove useless login call (#2036) @nitescuc
- Add
IsIPV4()
andIsIP()
helpers (#2050) @blotus - more strings helpers (#2040) @buixor
- update default windows acquisition configuration (#2195) @blotus
- allow batching when importing decisions (#2192) @buixor
Bug Fixes
- Wait for both api and agent chans if necessary when daemonize is false or running on windows (#2155) @blotus
- check if the acquis tomb is dying while processing logs in replay mode for file/s3/docker (#2152) @blotus
- Properly load k8s audit configuration (#2158) @mmetc
- Allow subcommands to be activated by feature.yaml (#2156) @mmetc
- fix awkward stacktrace in conditional filter (#2145) @buixor
- Docker: don't re-register local agent if not needed (#2141) @mmetc
- Docker: correct behavior of AGENTS_ALLOWED_OU, BOUNCERS_ALLOWED_OU (#2140) @mmetc
- Unit tests: remove leftover files (#2134) @mmetc
- Report docker systems in version and user agents (#2136) @mmetc
- fix dateparse (#2135) @buixor
- CI: avoid conflict with pkg/build cache in golangci-lint action (#2123) @mmetc
- actually fix expr-debugger to work with the new version (#2124) @blotus
- cscli explain : avoid concurrent map writes (#2113) @buixor
- Fix cscli explain when running from testenv (#2114) @AlteredCoder
- Load lapi config for
config show output
(#2097) @mmetc - Fix docker tests by increasing timeout (#2107) @mmetc
- Unit tests: fix authentication to localstack (#2106) @mmetc
- Fix log destination in one-shot mode (#2084) @mmetc
- CI: Limit parallel docker builds for performance on small machines (#2082) @mmetc
- ugly workaround to fix the tests (#2080) @sabban
- fix the way acquisition is stopped (#2069) @sabban
- Strip version with ~ instead of - (#2076) @AlteredCoder
- Fix docker tests (network creation) (#2077) @mmetc
- email plugin: add "starttls" as accepted encryption_type in the comment (#2068) @mmetc
- Propagate taints to top collections (fix #2064) (#2066) @mmetc
- fix message "empty scenario" (#2065) @mmetc
- Do not try to refresh JWT token when doing a login request (#2059) @blotus
- add indexes on the FK between alerts and {decisions,metas,events} (#2188) @blotus
- defaults to inotify to detect changes in file datasource to avoid too many call to stat() (#2181) @blotus
Chore / Deps
- timeout of ci jobs (20 -> 30) (#2160) @buixor
- Rename k8s_audit to k8s-audit (easier to type, consistent with labels) (#2153) @mmetc
- use expr.Function for custom functions instead of passing them in the env (#2133) @blotus
- Only use pgx for postgresql database (#2118) @blotus
- Update expr (#2110) @blotus
- Fix docker tests by increasing timeout (again) and move compose test to plugin (#2112) @mmetc
- Lint (type inference): remove redundant type declarations (#2111) @mmetc
- Run lint after tests instead of separate workflow (#2103) @mmetc
- Build notification plugins with current crowdsec; mod tidy (#2102) @mmetc
- Make: extract "goversion.mk" to reuse it in bouncers (#2101) @mmetc
- Rename directory "tests" to "test" (#2094) @mmetc
- Add tests and typo fixes (#2092) @mmetc
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/slack (#2088) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/splunk (#2086) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/http (#2087) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/email (#2085) @dependabot
- Bump golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 (#2089) @dependabot
- CI: limit -dev docker image to amd64 to speed up the pipeline (#2090) @mmetc
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/http (#2074) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/email (#2073) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/splunk (#2071) @dependabot
- Bump bats-core to 1.9 (#2083) @mmetc
- Bump golang.org/x/text from 0.3.7 to 0.3.8 (#2072) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/slack (#2070) @dependabot
- Docker tests: use pytest-cs 0.2 (#2079) @mmetc
- Pin pytest-cs to a stable tag, cache virtualenvs, don't install ipython in CI (#2075) @mmetc
- chore: simplify pkg/database/alerts (#2062) @mmetc
- replace log.Fatal -> fmt.Errorf (#2058) @mmetc
- Bump github.com/containerd/containerd from 1.6.12 to 1.6.18 (#2060) @dependabot
- Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible (#1996) @dependabot
- CAPI error code handling tests (#2027) @rr404
- CI: set GOBIN instead of go install + cp (#2030) @mmetc
- CI: build with go 1.20 (#2031) @mmetc
- test: bats-detect tests for "cscli setup" (#2057) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.
v1.5.0-rc5
New Features
- Add
transform
configuration option for acquisition (#2144) @blotus - Add experimental support for re2 (#2138) @blotus
- S3 acquisition datasource (#2130) @blotus
- support ip and cidr based whitelists for capi and 3rd party blocklists (#2132) @buixor
- try to make reproducible build work (#2119) @sabban
- Distance support : Impossible travel (#2108) @buixor
Improvements
- Add
cscli papi status
andcscli papi sync
(#2091) @blotus - add papi_url in credentials file when enabling console_management, and remove it when disabling console_management (#2095) @blotus
- display source in alerts list when an alert has multiple decisions (#2098) @blotus
- New PAPI commands: reauth + force_pull (#2129) @blotus
- do not try to load PAPI is url is not set (#2099) @blotus
- CI: Static builds by default; replace bincover with go -cover from 1.20 (#2150) @mmetc
- File acquisition: log "file reopen" events instead of writing to stderr (#2139) @mmetc
- Allow running func tests while running containers with crowdsec (#2137) @mmetc
- match expr helper (#2126) @buixor
- properly update the time structure within event (#2122) @buixor
- add ToString() helper (#2100) @blotus
- Docker readme: update build instructions, recommend acquis.d and config.yaml.local (#2115) @mmetc
- add --origin to cscli decisions delete (#2109) @buixor
- support for regexps result cache (#2104) @buixor
- CI: Cache all built go modules (#2081) @mmetc
- Explain successful parsers only (#2063) @LaurenceJJones
- Option to disable remote lapi registration (#2010) @LaurenceJJones
- Stream decisions from db (#1927) @blotus
- CI: functional docker tests (#2056) @mmetc
- Show s00 stats instead of "first_parser" (#2055) @LaurenceJJones
- optimize blocklist fetch (#2039) @nitescuc
- optimization - remove useless login call (#2036) @nitescuc
- Add
IsIPV4()
andIsIP()
helpers (#2050) @blotus - more strings helpers (#2040) @buixor
Bug Fixes
- Wait for both api and agent chans if necessary when daemonize is false or running on windows (#2155) @blotus
- check if the acquis tomb is dying while processing logs in replay mode for file/s3/docker (#2152) @blotus
- Properly load k8s audit configuration (#2158) @mmetc
- Allow subcommands to be activated by feature.yaml (#2156) @mmetc
- fix awkward stacktrace in conditional filter (#2145) @buixor
- Docker: don't re-register local agent if not needed (#2141) @mmetc
- Docker: correct behavior of AGENTS_ALLOWED_OU, BOUNCERS_ALLOWED_OU (#2140) @mmetc
- Unit tests: remove leftover files (#2134) @mmetc
- Report docker systems in version and user agents (#2136) @mmetc
- fix dateparse (#2135) @buixor
- CI: avoid conflict with pkg/build cache in golangci-lint action (#2123) @mmetc
- actually fix expr-debugger to work with the new version (#2124) @blotus
- cscli explain : avoid concurrent map writes (#2113) @buixor
- Fix cscli explain when running from testenv (#2114) @AlteredCoder
- Load lapi config for
config show output
(#2097) @mmetc - Fix docker tests by increasing timeout (#2107) @mmetc
- Unit tests: fix authentication to localstack (#2106) @mmetc
- Fix log destination in one-shot mode (#2084) @mmetc
- CI: Limit parallel docker builds for performance on small machines (#2082) @mmetc
- ugly workaround to fix the tests (#2080) @sabban
- fix the way acquisition is stopped (#2069) @sabban
- Strip version with ~ instead of - (#2076) @AlteredCoder
- Fix docker tests (network creation) (#2077) @mmetc
- email plugin: add "starttls" as accepted encryption_type in the comment (#2068) @mmetc
- Propagate taints to top collections (fix #2064) (#2066) @mmetc
- fix message "empty scenario" (#2065) @mmetc
- Do not try to refresh JWT token when doing a login request (#2059) @blotus
Chore / Deps
- timeout of ci jobs (20 -> 30) (#2160) @buixor
- Rename k8s_audit to k8s-audit (easier to type, consistent with labels) (#2153) @mmetc
- use expr.Function for custom functions instead of passing them in the env (#2133) @blotus
- Only use pgx for postgresql database (#2118) @blotus
- Update expr (#2110) @blotus
- Fix docker tests by increasing timeout (again) and move compose test to plugin (#2112) @mmetc
- Lint (type inference): remove redundant type declarations (#2111) @mmetc
- Run lint after tests instead of separate workflow (#2103) @mmetc
- Build notification plugins with current crowdsec; mod tidy (#2102) @mmetc
- Make: extract "goversion.mk" to reuse it in bouncers (#2101) @mmetc
- Rename directory "tests" to "test" (#2094) @mmetc
- Add tests and typo fixes (#2092) @mmetc
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/slack (#2088) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/splunk (#2086) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/http (#2087) @dependabot
- Bump golang.org/x/net from 0.0.0-20220418201149-a630d4f3e7a2 to 0.7.0 in /plugins/notifications/email (#2085) @dependabot
- Bump golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 (#2089) @dependabot
- CI: limit -dev docker image to amd64 to speed up the pipeline (#2090) @mmetc
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/http (#2074) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/email (#2073) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/splunk (#2071) @dependabot
- Bump bats-core to 1.9 (#2083) @mmetc
- Bump golang.org/x/text from 0.3.7 to 0.3.8 (#2072) @dependabot
- Bump golang.org/x/text from 0.3.7 to 0.3.8 in /plugins/notifications/slack (#2070) @dependabot
- Docker tests: use pytest-cs 0.2 (#2079) @mmetc
- Pin pytest-cs to a stable tag, cache virtualenvs, don't install ipython in CI (#2075) @mmetc
- chore: simplify pkg/database/alerts (#2062) @mmetc
- replace log.Fatal -> fmt.Errorf (#2058) @mmetc
- Bump github.com/containerd/containerd from 1.6.12 to 1.6.18 (#2060) @dependabot
- Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible (#1996) @dependabot
- CAPI error code handling tests (#2027) @rr404
- CI: set GOBIN instead of go install + cp (#2030) @mmetc
- CI: build with go 1.20 (#2031) @mmetc
- test: bats-detect tests for "cscli setup" (#2057) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.