v1.4.3

Changes

• add USE_WAL to docker arguments (#1899) @mmetc
• silence harmless "machines delete" error in dockerfile (#1904) @mmetc
• use a copy of bucket processors in LeakRoutine (#1902) @blotus
• lint: error handling cleanup (#1877) @mmetc
• fix nil dereference: check that httpServer is set before shutting down (#1893) @mmetc
• enable CI workflow for stable branches (#1889) @mmetc
• Docker refactoring, tls setup (#1869) @mmetc
• Force agent reauth on 403 (#1888) @blotus
• ci: print stack traces (#1886) @mmetc
• require at least go 1.18 to build (#1884) @mmetc
• set BUILD_VERSION to the correct tag (#1885) @mmetc
• Fix static release upload (#1883) @mmetc
• Update perms for group read (#1876) @LaurenceJJones
• cscli config show: print host/port/user/dbname when driver=pgx (#1870) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.2

Main changes

• Kafka data source (#1698)
• Changes on the database front to speed up operations, especially when inserting or deleting big IPs list (#1752 #1835 #1782)
• Cscli got a visual revamp with better-looking tables and usage (#1763 #1801)
• CrowdSec now auto-updates parsers & scenarios on a daily basis to stay on top of upcoming threats (#1817)
• Added cscli support dump for more accessible support (#1634)
• Added cscli notifications reinject to make debugging and tweaking around notifications easier (#1638)

New features

• Implement reinject command to send notifications of alerts (#1638) @sabban
• Add LookupHost expr lib func (#1775) @ThinkChaos
• Acqusition : Add support for exclusion regexps (#1735) (fix #1733) @buixor
• Generic dateparse approach (#1669) @buixor
• Add helo config for mail plugin (#1765) @LaurenceJJones
• Docker build flavors: slim, with-plugins, with-geoip, full (#1862) @mmetc
• Add config option to enable or not local API and agent (#1730) @AlteredCoder
• Allow plugins to load environment variable (#1727) @AlteredCoder

Bug Fixes

• Fix #1746 (#1749) @sabban
• Restrict permissions for plugin configurations (#1745) @mmetc
• Fix expr scope #1737 (#1738) @sabban
• Acually postoverflow before reprocessing (#1739) @sabban
• Fix logging for email plugin (#1670) @sabban
• Fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus
• Fix the ssltls by actually doing ssltls in email notification plugin (#1672) @sabban
• Fix one shot acq race (#1783) @sbs2001
• Fix counter bucket (#1807) @sabban
• Fix crash when reading deleted files (#1840) @mmetc
• Fix for collections delete (#1824) @mmetc
• Blocklist: Do not duplicate decisions when pulling (#1796) @blotus
• Rpm spec fix cron removal (#1829) @LaurenceJJones
• Add check for .deb remove (#1827) @LaurenceJJones
• Tighten windows sqlite database permissions (#1769) @blotus

Changes

• Update codecov action (node 12 is deprecated) (#1830) @mmetc
• Simpler makefiles for static targets (#1744) @mmetc
• Use explicit transaction when inserting community blocklist (#1835) @blotus
• Update chocolatey spec file and publish nupkg in github releases (#1826) @blotus
• Support decisions deletion via scenario + alerts delete via ID (#1798) @buixor
• Replace shodan with crowdsec cti in notification template (#1741) @sbs2001
• Use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• Ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• Hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Allow user to disable decision deduplication (#1687) @buixor
• Switch to go 1.19 (#1709) @blotus
• Fix typo in func tests (#1718) @sabban
• Replace wizard patch for debian package with an envvar check (#1630) @mmetc
• Func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• Functional tests: json, stderr helpers (#1704) @mmetc
• Ansible testing improvements (#1700) @mmetc
• Add suggestion on cscli install items (#1686) @AlteredCoder
• Ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• Add -a options in cscli alerts list (#1690) @AlteredCoder
• Don't run azure pipeline on freeBSD tags (#1684) @blotus
• Functional tests instrumented by ansible/vagrant (#1682) @mmetc
• Adjust test timing for slow boxes (#1681) @mmetc
• Fix --column-statistics handling in mysql tests (#1680) @mmetc
• Cronjob remove fails due to [[ (#1818) @LaurenceJJones
• Warn if no acquisition files are found, acquisition_test refactoring, func tests (#1816) @mmetc
• Refactor broker_test.go, extract cstest/filenotfound*.go (#1815) @mmetc
• Rename pkg/cstest -> pkg/hubtest (#1811) @mmetc
• Force postgres 14 for func tests (#1813) @mmetc
• Enable all static checks + minor fixes and typos (#1806) @mmetc
• Add test and fix for configuration reload (#1808) @mmetc
• Fix missing metrics cscli (#1809) @blotus
• Replace log.Fatal with t.Fatal (#1805) @mmetc
• Don't install jq to build windows, docker (not required anymore) (#1800) @mmetc
• Unit tests: always capture testcase variable -> allow parallel testing (#1797) @mmetc
• Check is TLS == "true" before to enable in LAPI (#1795) @stephdl
• Bats helper fixes (#1792) @mmetc
• Fast alert delete (#1791) @sbs2001
• Update ent and grokky package (#1772) @AlteredCoder
• Fork dlog to ease debian packaging on official repos (#1790) @sabban
• Simplify one shot tests (#1786) @sbs2001
• Remove a wrong warning when pulling list content from CAPI (#1789) @blotus
• tests/bin cleanup (#1760) @mmetc
• Make: accept BUILD_VENDOR_FLAGS variable (#1771) @mmetc
• Renamed security.MD -> SECURITY.md (#1774) @mmetc
• Fix & cleanup cloudwatch_test.go (#1780) @mmetc
• Cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) @mmetc
• "make localstack": added zookeper+kafka services (#1770) @mmetc
• Don't suggest an item which user already mentioned (#1702) @sbs2001
• Fix misspelling of instantiate participles (#1759) @xconverge
• spf13/cobra v1.5.0; antonmedv/expr v1.9.0 (#1756) @mmetc
• Improvement: Docker one shot error message (#1666) @LaurenceJJones
• Tighten permissions for creds and notification configuration files on windows (#1757) @blotus
• Rename ROOT var to CS_ROOT in Makefile (#1755) @blotus
• Cronjob via packages (#1820) @LaurenceJJones
• Ci: skip func tests with legacy postgres driver (keep pgx) (#1864) @mmetc
• Notify when community-blocklist starts pull (#1845) @buixor
• Fix #1860 : Only repeat the WAL warning once (#1863) @buixor
• Enabled linters: gocritic, nilerr (#1853) @mmetc
• Fix docker_start without using jq (#1855) @AlteredCoder
• Randomize metric push time (#1852) @mmetc
• Fix ticker in bucket (#1858) @sabban
• Add error checking to lookup host (#1847) @LaurenceJJones
• Fixed package tests w/wal, gitignore/typos (#1849) @mmetc
• Randomize pull, push and metric intervals; reload crowdsec only when hub changed (#1846) @mmetc
• Fix(ci): create hub badges, repository dispatch only on crowdsecurity/crowdsec (#1838) @mmetc
• Add cscli alerts delete --id (#1843) @buixor
• Update golangci-lint to 1.50 and fixes (#1828) @mmetc
• Print missing "AS" values as empty strings instead of "0 " (#1867) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.2-rc6

Main changes

• Kafka data source (#1698)
• Changes on the database front to speed up operations, especially when inserting or deleting big IPs list (#1752 #1835 #1782)
• Cscli got a visual revamp with better-looking tables and usage (#1763 #1801)
• CrowdSec now auto-updates parsers & scenarios on a daily basis to stay on top of upcoming threats (#1817)
• Added cscli support dump for more accessible support (#1634)
• Added cscli notifications reinject to make debugging and tweaking around notifications easier (#1638)

New features

• Implement reinject command to send notifications of alerts (#1638) @sabban
• Add LookupHost expr lib func (#1775) @ThinkChaos
• Acqusition : Add support for exclusion regexps (#1735) (fix #1733) @buixor
• Generic dateparse approach (#1669) @buixor
• Add helo config for mail plugin (#1765) @LaurenceJJones
• Docker build flavors: slim, with-plugins, with-geoip, full (#1862) @mmetc
• Add config option to enable or not local API and agent (#1730) @AlteredCoder
• Allow plugins to load environment variable (#1727) @AlteredCoder

Bug Fixes

• Fix #1746 (#1749) @sabban
• Restrict permissions for plugin configurations (#1745) @mmetc
• Fix expr scope #1737 (#1738) @sabban
• Acually postoverflow before reprocessing (#1739) @sabban
• Fix logging for email plugin (#1670) @sabban
• Fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus
• Fix the ssltls by actually doing ssltls in email notification plugin (#1672) @sabban
• Fix one shot acq race (#1783) @sbs2001
• Fix counter bucket (#1807) @sabban
• Fix crash when reading deleted files (#1840) @mmetc
• Fix for collections delete (#1824) @mmetc
• Blocklist: Do not duplicate decisions when pulling (#1796) @blotus
• Rpm spec fix cron removal (#1829) @LaurenceJJones
• Add check for .deb remove (#1827) @LaurenceJJones
• Tighten windows sqlite database permissions (#1769) @blotus

Changes

• Update codecov action (node 12 is deprecated) (#1830) @mmetc
• Simpler makefiles for static targets (#1744) @mmetc
• Use explicit transaction when inserting community blocklist (#1835) @blotus
• Update chocolatey spec file and publish nupkg in github releases (#1826) @blotus
• Support decisions deletion via scenario + alerts delete via ID (#1798) @buixor
• Replace shodan with crowdsec cti in notification template (#1741) @sbs2001
• Use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• Ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• Hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Allow user to disable decision deduplication (#1687) @buixor
• Switch to go 1.19 (#1709) @blotus
• Fix typo in func tests (#1718) @sabban
• Replace wizard patch for debian package with an envvar check (#1630) @mmetc
• Func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• Functional tests: json, stderr helpers (#1704) @mmetc
• Ansible testing improvements (#1700) @mmetc
• Add suggestion on cscli install items (#1686) @AlteredCoder
• Ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• Add -a options in cscli alerts list (#1690) @AlteredCoder
• Don't run azure pipeline on freeBSD tags (#1684) @blotus
• Functional tests instrumented by ansible/vagrant (#1682) @mmetc
• Adjust test timing for slow boxes (#1681) @mmetc
• Fix --column-statistics handling in mysql tests (#1680) @mmetc
• Cronjob remove fails due to [[ (#1818) @LaurenceJJones
• Warn if no acquisition files are found, acquisition_test refactoring, func tests (#1816) @mmetc
• Refactor broker_test.go, extract cstest/filenotfound*.go (#1815) @mmetc
• Rename pkg/cstest -> pkg/hubtest (#1811) @mmetc
• Force postgres 14 for func tests (#1813) @mmetc
• Enable all static checks + minor fixes and typos (#1806) @mmetc
• Add test and fix for configuration reload (#1808) @mmetc
• Fix missing metrics cscli (#1809) @blotus
• Replace log.Fatal with t.Fatal (#1805) @mmetc
• Don't install jq to build windows, docker (not required anymore) (#1800) @mmetc
• Unit tests: always capture testcase variable -> allow parallel testing (#1797) @mmetc
• Check is TLS == "true" before to enable in LAPI (#1795) @stephdl
• Bats helper fixes (#1792) @mmetc
• Fast alert delete (#1791) @sbs2001
• Update ent and grokky package (#1772) @AlteredCoder
• Fork dlog to ease debian packaging on official repos (#1790) @sabban
• Simplify one shot tests (#1786) @sbs2001
• Remove a wrong warning when pulling list content from CAPI (#1789) @blotus
• tests/bin cleanup (#1760) @mmetc
• Make: accept BUILD_VENDOR_FLAGS variable (#1771) @mmetc
• Renamed security.MD -> SECURITY.md (#1774) @mmetc
• Fix & cleanup cloudwatch_test.go (#1780) @mmetc
• Cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) @mmetc
• "make localstack": added zookeper+kafka services (#1770) @mmetc
• Don't suggest an item which user already mentioned (#1702) @sbs2001
• Fix misspelling of instantiate participles (#1759) @xconverge
• spf13/cobra v1.5.0; antonmedv/expr v1.9.0 (#1756) @mmetc
• Improvement: Docker one shot error message (#1666) @LaurenceJJones
• Tighten permissions for creds and notification configuration files on windows (#1757) @blotus
• Rename ROOT var to CS_ROOT in Makefile (#1755) @blotus
• Cronjob via packages (#1820) @LaurenceJJones
• Ci: skip func tests with legacy postgres driver (keep pgx) (#1864) @mmetc
• Notify when community-blocklist starts pull (#1845) @buixor
• Fix #1860 : Only repeat the WAL warning once (#1863) @buixor
• Enabled linters: gocritic, nilerr (#1853) @mmetc
• Fix docker_start without using jq (#1855) @AlteredCoder
• Randomize metric push time (#1852) @mmetc
• Fix ticker in bucket (#1858) @sabban
• Add error checking to lookup host (#1847) @LaurenceJJones
• Fixed package tests w/wal, gitignore/typos (#1849) @mmetc
• Randomize pull, push and metric intervals; reload crowdsec only when hub changed (#1846) @mmetc
• Fix(ci): create hub badges, repository dispatch only on crowdsecurity/crowdsec (#1838) @mmetc
• Add cscli alerts delete --id (#1843) @buixor
• Update golangci-lint to 1.50 and fixes (#1828) @mmetc
• Print missing "AS" values as empty strings instead of "0 " (#1867) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.2-rc5

New features

• Implement reinject command to send notifications of alerts (#1638) @sabban
• Print cscli usage in color, fix windows terminal detection (#1801) @mmetc
• Add LookupHost expr lib func (#1775) @ThinkChaos
• Acqusition : Add support for exclusion regexps (#1735) (fix #1733) @buixor
• Datasource/kafka (#1698) @he2ss
• Add cscli support dump (#1634) @blotus
• Generic dateparse approach (#1669) @buixor
• Hub auto update cronjob (#1817) @LaurenceJJones
• New tables for cscli commands (#1763) @mmetc
• Add helo config for mail plugin (#1765) @LaurenceJJones
• Docker build flavors: slim, with-plugins, with-geoip, full (#1862) @mmetc

Bug Fixes

• Fix #1746 (#1749) @sabban
• Restrict permissions for plugin configurations (#1745) @mmetc
• Simpler makefiles for static targets (#1744) @mmetc
• Fix expr scope #1737 (#1738) @sabban
• Acually postoverflow before reprocessing (#1739) @sabban
• Fix logging for email plugin (#1670) @sabban
• Fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus
• Fix the ssltls by actually doing ssltls in email notification plugin (#1672) @sabban
• Fix one shot acq race (#1783) @sbs2001
• Bulk delete alert optimization (#1782) @mmetc
• Fix counter bucket (#1807) @sabban
• Fix for #1839 (#1840) @mmetc
• Fix for collections delete (#1824) @mmetc
• Blocklist: Do not duplicate decisions when pulling (#1796) @blotus
• Update codecov action (node 12 is deprecated) (#1830) @mmetc
• Rpm spec fix cron removal (#1829) @LaurenceJJones
• Add check for .deb remove (#1827) @LaurenceJJones

Changes

• Use explicit transaction when inserting community blocklist (#1835) @blotus
• Update chocolatey spec file and publish nupkg in github releases (#1826) @blotus
• Support decisions deletion via scenario + alerts delete via ID (#1798) @buixor
• Add WAL support for sqlite (#1752) @blotus
• Replace shodan with crowdsec cti in notification template (#1741) @sbs2001
• Use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• Add config option to enable or not local API and agent (#1730) @AlteredCoder
• Allow plugins to load environment variable (#1727) @AlteredCoder
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• Ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• Hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Allow user to disable decision deduplication (#1687) @buixor
• Switch to go 1.19 (#1709) @blotus
• Fix typo in func tests (#1718) @sabban
• Replace wizard patch for debian package with an envvar check (#1630) @mmetc
• Func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• Functional tests: json, stderr helpers (#1704) @mmetc
• Ansible testing improvements (#1700) @mmetc
• Add suggestion on cscli install items (#1686) @AlteredCoder
• Ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• Add -a options in cscli alerts list (#1690) @AlteredCoder
• Don't run azure pipeline on freeBSD tags (#1684) @blotus
• Functional tests instrumented by ansible/vagrant (#1682) @mmetc
• Adjust test timing for slow boxes (#1681) @mmetc
• Fix --column-statistics handling in mysql tests (#1680) @mmetc
• Cronjob remove fails due to [[ (#1818) @LaurenceJJones
• Warn if no acquisition files are found, acquisition_test refactoring, func tests (#1816) @mmetc
• Refactor broker_test.go, extract cstest/filenotfound*.go (#1815) @mmetc
• Rename pkg/cstest -> pkg/hubtest (#1811) @mmetc
• Force postgres 14 for func tests (#1813) @mmetc
• Enable all static checks + minor fixes and typos (#1806) @mmetc
• Add test and fix for configuration reload (#1808) @mmetc
• Fix missing metrics cscli (#1809) @blotus
• Replace log.Fatal with t.Fatal (#1805) @mmetc
• Don't install jq to build windows, docker (not required anymore) (#1800) @mmetc
• Unit tests: always capture testcase variable -> allow parallel testing (#1797) @mmetc
• Check is TLS == "true" before to enable in LAPI (#1795) @stephdl
• Bats helper fixes (#1792) @mmetc
• Fast alert delete (#1791) @sbs2001
• Update ent and grokky package (#1772) @AlteredCoder
• Fork dlog to ease debian packaging on official repos (#1790) @sabban
• Simplify one shot tests (#1786) @sbs2001
• Remove a wrong warning when pulling list content from CAPI (#1789) @blotus
• tests/bin cleanup (#1760) @mmetc
• Make: accept BUILD_VENDOR_FLAGS variable (#1771) @mmetc
• Renamed security.MD -> SECURITY.md (#1774) @mmetc
• Fix & cleanup cloudwatch_test.go (#1780) @mmetc
• Cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) @mmetc
• "make localstack": added zookeper+kafka services (#1770) @mmetc
• Tighten windows sqlite database permissions (#1769) @blotus
• Don't suggest an item which user already mentioned (#1702) @sbs2001
• Fix misspelling of instantiate participles (#1759) @xconverge
• spf13/cobra v1.5.0; antonmedv/expr v1.9.0 (#1756) @mmetc
• Improvement: Docker one shot error message (#1666) @LaurenceJJones
• Tighten permissions for creds and notification configuration files on windows (#1757) @blotus
• Rename ROOT var to CS_ROOT in Makefile (#1755) @blotus
• Cronjob via packages (#1820) @LaurenceJJones
• Ci: skip func tests with legacy postgres driver (keep pgx) (#1864) @mmetc
• Notify when community-blocklist starts pull (#1845) @buixor
• Fix #1860 : Only repeat the WAL warning once (#1863) @buixor
• Enabled linters: gocritic, nilerr (#1853) @mmetc
• Fix docker_start without using jq (#1855) @AlteredCoder
• Randomize metric push time (#1852) @mmetc
• Fix ticker in bucket (#1858) @sabban
• Add error checking to lookup host (#1847) @LaurenceJJones
• Fixed package tests w/wal, gitignore/typos (#1849) @mmetc
• Randomize pull, push and metric intervals; reload crowdsec only when hub changed (#1846) @mmetc
• Fix(ci): create hub badges, repository dispatch only on crowdsecurity/crowdsec (#1838) @mmetc
• Add cscli alerts delete --id (#1843) @buixor
• Update golangci-lint to 1.50 and fixes (#1828) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.2-rc4

New features

• Implement reinject command to send notifications of alerts (#1638) @sabban
• Print cscli usage in color, fix windows terminal detection (#1801) @mmetc
• Add LookupHost expr lib func (#1775) @ThinkChaos
• Acqusition : Add support for exclusion regexps (#1735) (fix #1733) @buixor
• Datasource/kafka (#1698) @he2ss
• Add cscli support dump (#1634) @blotus
• Generic dateparse approach (#1669) @buixor
• Hub auto update cronjob (#1817) @LaurenceJJones
• New tables for cscli commands (#1763) @mmetc
• Add helo config for mail plugin (#1765) @LaurenceJJones

Bug Fixes

• Fix #1746 (#1749) @sabban
• Restrict permissions for plugin configurations (#1745) @mmetc
• Simpler makefiles for static targets (#1744) @mmetc
• Fix expr scope #1737 (#1738) @sabban
• Acually postoverflow before reprocessing (#1739) @sabban
• Fix logging for email plugin (#1670) @sabban
• Fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus
• Fix the ssltls by actually doing ssltls in email notification plugin (#1672) @sabban
• Fix one shot acq race (#1783) @sbs2001
• Bulk delete alert optimization (#1782) @mmetc
• Fix counter bucket (#1807) @sabban
• Fix for #1839 (#1840) @mmetc
• Fix for collections delete (#1824) @mmetc
• Blocklist: Do not duplicate decisions when pulling (#1796) @blotus
• Update codecov action (node 12 is deprecated) (#1830) @mmetc
• Rpm spec fix cron removal (#1829) @LaurenceJJones
• Add check for .deb remove (#1827) @LaurenceJJones

Changes

• Use explicit transaction when inserting community blocklist (#1835) @blotus
• Update chocolatey spec file and publish nupkg in github releases (#1826) @blotus
• Support decisions deletion via scenario + alerts delete via ID (#1798) @buixor
• Add WAL support for sqlite (#1752) @blotus
• Replace shodan with crowdsec cti in notification template (#1741) @sbs2001
• Use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• Add config option to enable or not local API and agent (#1730) @AlteredCoder
• Allow plugins to load environment variable (#1727) @AlteredCoder
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• Ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• Hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Allow user to disable decision deduplication (#1687) @buixor
• Switch to go 1.19 (#1709) @blotus
• Fix typo in func tests (#1718) @sabban
• Replace wizard patch for debian package with an envvar check (#1630) @mmetc
• Func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• Functional tests: json, stderr helpers (#1704) @mmetc
• Ansible testing improvements (#1700) @mmetc
• Add suggestion on cscli install items (#1686) @AlteredCoder
• Ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• Add -a options in cscli alerts list (#1690) @AlteredCoder
• Don't run azure pipeline on freeBSD tags (#1684) @blotus
• Functional tests instrumented by ansible/vagrant (#1682) @mmetc
• Adjust test timing for slow boxes (#1681) @mmetc
• Fix --column-statistics handling in mysql tests (#1680) @mmetc
• Cronjob remove fails due to [[ (#1818) @LaurenceJJones
• Warn if no acquisition files are found, acquisition_test refactoring, func tests (#1816) @mmetc
• Refactor broker_test.go, extract cstest/filenotfound*.go (#1815) @mmetc
• Rename pkg/cstest -> pkg/hubtest (#1811) @mmetc
• Force postgres 14 for func tests (#1813) @mmetc
• Enable all static checks + minor fixes and typos (#1806) @mmetc
• Add test and fix for configuration reload (#1808) @mmetc
• Fix missing metrics cscli (#1809) @blotus
• Replace log.Fatal with t.Fatal (#1805) @mmetc
• Don't install jq to build windows, docker (not required anymore) (#1800) @mmetc
• Unit tests: always capture testcase variable -> allow parallel testing (#1797) @mmetc
• Check is TLS == "true" before to enable in LAPI (#1795) @stephdl
• Bats helper fixes (#1792) @mmetc
• Fast alert delete (#1791) @sbs2001
• Update ent and grokky package (#1772) @AlteredCoder
• Fork dlog to ease debian packaging on official repos (#1790) @sabban
• Simplify one shot tests (#1786) @sbs2001
• Remove a wrong warning when pulling list content from CAPI (#1789) @blotus
• tests/bin cleanup (#1760) @mmetc
• Make: accept BUILD_VENDOR_FLAGS variable (#1771) @mmetc
• Renamed security.MD -> SECURITY.md (#1774) @mmetc
• Fix & cleanup cloudwatch_test.go (#1780) @mmetc
• Cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) @mmetc
• "make localstack": added zookeper+kafka services (#1770) @mmetc
• Tighten windows sqlite database permissions (#1769) @blotus
• Don't suggest an item which user already mentioned (#1702) @sbs2001
• Fix misspelling of instantiate participles (#1759) @xconverge
• spf13/cobra v1.5.0; antonmedv/expr v1.9.0 (#1756) @mmetc
• Improvement: Docker one shot error message (#1666) @LaurenceJJones
• Tighten permissions for creds and notification configuration files on windows (#1757) @blotus
• Rename ROOT var to CS_ROOT in Makefile (#1755) @blotus
• Cronjob via packages (#1820) @LaurenceJJones

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.2-rc3

New features

• Implement reinject command to send notifications of alerts (#1638) @sabban
• Print cscli usage in color, fix windows terminal detection (#1801) @mmetc

Bug Fixes

• fix #1746 (#1749) @sabban
• restrict permissions for plugin configurations (#1745) @mmetc
• simpler makefiles for static targets (#1744) @mmetc
• fix expr scope #1737 (#1738) @sabban
• acually postoverflow before reprocessing (#1739) @sabban
• fix logging for email plugin (#1670) @sabban
• fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus
• fix the ssltls by actually doing ssltls in email notification plugin (#1672) @sabban
• Fix one shot acq race (#1783) @sbs2001
• Bulk delete alert optimization (#1782) @mmetc
• Fix counter bucket (#1807) @sabban

Changes

• add WAL support for sqlite (#1752) @blotus
• Replace shodan with crowdsec cti in notification template (#1741) @sbs2001
• use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• add config option to enable or not local API and agent (#1730) @AlteredCoder
• allow plugins to load environment variable (#1727) @AlteredCoder
• fix #1733 : add support for exclusion regexps (#1735) @buixor
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Datasource/kafka (#1698) @he2ss
• allow user to disable decision deduplication (#1687) @buixor
• switch to go 1.19 (#1709) @blotus
• fix typo in func tests (#1718) @sabban
• add cscli support dump (#1634) @blotus
• replace wizard patch for debian package with an envvar check (#1630) @mmetc
• func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• functional tests: json, stderr helpers (#1704) @mmetc
• ansible testing improvements (#1700) @mmetc
• add suggestion on cscli install items (#1686) @AlteredCoder
• ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• add -a options in cscli alerts list (#1690) @AlteredCoder
• generic dateparse approach (#1669) @buixor
• don't run azure pipeline on freeBSD tags (#1684) @blotus
• functional tests instrumented by ansible/vagrant (#1682) @mmetc
• adjust test timing for slow boxes (#1681) @mmetc
• fix --column-statistics handling in mysql tests (#1680) @mmetc
• cronjob remove fails due to [[ (#1818) @LaurenceJJones
• warn if no acquisition files are found, acquisition_test refactoring, func tests (#1816) @mmetc
• hub auto update cronjob (#1817) @LaurenceJJones
• refactor broker_test.go, extract cstest/filenotfound*.go (#1815) @mmetc
• rename pkg/cstest -> pkg/hubtest (#1811) @mmetc
• force postgres 14 for func tests (#1813) @mmetc
• enable all static checks + minor fixes and typos (#1806) @mmetc
• add test and fix for configuration reload (#1808) @mmetc
• fix missing metrics cscli (#1809) @blotus
• replace log.Fatal with t.Fatal (#1805) @mmetc
• don't install jq to build windows, docker (not required anymore) (#1800) @mmetc
• unit tests: always capture testcase variable -> allow parallel testing (#1797) @mmetc
• check is TLS == "true" before to enable in LAPI (#1795) @stephdl
• bats helper fixes (#1792) @mmetc
• Fast alert delete (#1791) @sbs2001
• new tables (#1763) @mmetc
• Update ent and grokky package (#1772) @AlteredCoder
• fork dlog to ease debian packaging on official repos (#1790) @sabban
• simplify one shot tests (#1786) @sbs2001
• remove a wrong warning when pulling list content from CAPI (#1789) @blotus
• tests/bin cleanup (#1760) @mmetc
• make: accept BUILD_VENDOR_FLAGS variable (#1771) @mmetc
• renamed security.MD -> SECURITY.md (#1774) @mmetc
• fix & cleanup cloudwatch_test.go (#1780) @mmetc
• cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) @mmetc
• "make localstack": added zookeper+kafka services (#1770) @mmetc
• tighten windows sqlite database permissions (#1769) @blotus
• don't suggest an item which user already mentioned (#1702) @sbs2001
• fix misspelling of instantiate participles (#1759) @xconverge
• spf13/cobra v1.5.0; antonmedv/expr v1.9.0 (#1756) @mmetc
• improvement: Docker one shot error message (#1666) @LaurenceJJones
• tighten permissions for creds and notification configuration files on windows (#1757) @blotus
• rename ROOT var to CS_ROOT in Makefile (#1755) @blotus
• Cronjob via packages (#1820) @LaurenceJJones
• Add helo config (#1765) @LaurenceJJones

Documentation

• updated windows/README.md (#1785) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.2-rc2

New features

• Implement reinject command to send notifications of alerts (#1638) @sabban
• Print cscli usage in color, fix windows terminal detection (#1801) @mmetc

Bug Fixes

• fix #1746 (#1749) @sabban
• restrict permissions for plugin configurations (#1745) @mmetc
• simpler makefiles for static targets (#1744) @mmetc
• fix expr scope #1737 (#1738) @sabban
• acually postoverflow before reprocessing (#1739) @sabban
• fix logging for email plugin (#1670) @sabban
• fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus
• fix the ssltls by actually doing ssltls in email notification plugin (#1672) @sabban
• Fix one shot acq race (#1783) @sbs2001
• Bulk delete alert optimization (#1782) @mmetc
• Fix counter bucket (#1807) @sabban

Changes

• add WAL support for sqlite (#1752) @blotus
• Replace shodan with crowdsec cti in notification template (#1741) @sbs2001
• use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• add config option to enable or not local API and agent (#1730) @AlteredCoder
• allow plugins to load environment variable (#1727) @AlteredCoder
• fix #1733 : add support for exclusion regexps (#1735) @buixor
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Datasource/kafka (#1698) @he2ss
• allow user to disable decision deduplication (#1687) @buixor
• switch to go 1.19 (#1709) @blotus
• fix typo in func tests (#1718) @sabban
• add cscli support dump (#1634) @blotus
• replace wizard patch for debian package with an envvar check (#1630) @mmetc
• func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• functional tests: json, stderr helpers (#1704) @mmetc
• ansible testing improvements (#1700) @mmetc
• add suggestion on cscli install items (#1686) @AlteredCoder
• ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• add -a options in cscli alerts list (#1690) @AlteredCoder
• generic dateparse approach (#1669) @buixor
• don't run azure pipeline on freeBSD tags (#1684) @blotus
• functional tests instrumented by ansible/vagrant (#1682) @mmetc
• adjust test timing for slow boxes (#1681) @mmetc
• fix --column-statistics handling in mysql tests (#1680) @mmetc
• cronjob remove fails due to [[ (#1818) @LaurenceJJones
• warn if no acquisition files are found, acquisition_test refactoring, func tests (#1816) @mmetc
• hub auto update cronjob (#1817) @LaurenceJJones
• refactor broker_test.go, extract cstest/filenotfound*.go (#1815) @mmetc
• rename pkg/cstest -> pkg/hubtest (#1811) @mmetc
• force postgres 14 for func tests (#1813) @mmetc
• enable all static checks + minor fixes and typos (#1806) @mmetc
• add test and fix for configuration reload (#1808) @mmetc
• fix missing metrics cscli (#1809) @blotus
• replace log.Fatal with t.Fatal (#1805) @mmetc
• don't install jq to build windows, docker (not required anymore) (#1800) @mmetc
• unit tests: always capture testcase variable -> allow parallel testing (#1797) @mmetc
• check is TLS == "true" before to enable in LAPI (#1795) @stephdl
• bats helper fixes (#1792) @mmetc
• Fast alert delete (#1791) @sbs2001
• new tables (#1763) @mmetc
• Update ent and grokky package (#1772) @AlteredCoder
• fork dlog to ease debian packaging on official repos (#1790) @sabban
• simplify one shot tests (#1786) @sbs2001
• remove a wrong warning when pulling list content from CAPI (#1789) @blotus
• tests/bin cleanup (#1760) @mmetc
• make: accept BUILD_VENDOR_FLAGS variable (#1771) @mmetc
• renamed security.MD -> SECURITY.md (#1774) @mmetc
• fix & cleanup cloudwatch_test.go (#1780) @mmetc
• cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) @mmetc
• "make localstack": added zookeper+kafka services (#1770) @mmetc
• tighten windows sqlite database permissions (#1769) @blotus
• don't suggest an item which user already mentioned (#1702) @sbs2001
• fix misspelling of instantiate participles (#1759) @xconverge
• spf13/cobra v1.5.0; antonmedv/expr v1.9.0 (#1756) @mmetc
• improvement: Docker one shot error message (#1666) @LaurenceJJones
• tighten permissions for creds and notification configuration files on windows (#1757) @blotus
• rename ROOT var to CS_ROOT in Makefile (#1755) @blotus

Documentation

• updated windows/README.md (#1785) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.2-rc1

Changes

• add WAL support for sqlite (#1752) @blotus
• Replace shodan with crowdsec cti (#1741) @sbs2001
• use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• Add config option to enable or not local API and agent (#1730) @AlteredCoder
• Allow plugins to load environment variable (#1727) @AlteredCoder
• fix #1733 : add support for exclusion regexps (#1735) @buixor
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• Ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Datasource/kafka (#1698) @he2ss
• Implement reinject command to send notifications of alerts (#1638) @sabban
• fix the ssltls by actually doing ssltls. (#1672) @sabban
• allow user to disable decision deduplication (#1687) @buixor
• switch to go 1.19 (#1709) @blotus
• fix typo in func tests (#1718) @sabban
• add cscli support dump (#1634) @blotus
• replace wizard patch for debian package with an envvar check (#1630) @mmetc
• func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• functional tests: json, stderr helpers (#1704) @mmetc
• Ansible testing improvements (#1700) @mmetc
• add suggestion on cscli install items (#1686) @AlteredCoder
• Ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• Add -a options in cscli alerts list (#1690) @AlteredCoder
• Generic dateparse approach (#1669) @buixor
• Don't run azure pipeline on freeBSD tags (#1684) @blotus
• functional tests instrumented by ansible/vagrant (#1682) @mmetc
• adjust test timing for slow boxes (#1681) @mmetc
• fix --column-statistics handling in mysql tests (#1680) @mmetc

Bug Fixes

• fix #1746 (#1749) @sabban
• restrict permissions for plugin configurations (#1745) @mmetc
• simpler makefiles for static targets (#1744) @mmetc
• fix expr scope #1737 (#1738) @sabban
• acually postoverflow before reprocessing (#1739) @sabban
• fix logging for email plugin (#1670) @sabban
• fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.1

New Features

• Windows is now officially supported (#1159, #1493)
• Easier upgrade-resilient configuration customization via .local configuration files (#1497, fix #1385)
• Support for client authentication via certificates (for agents and bouncers) (#1428)
• Allow dynamic (ie. incremental) decisions duration in profiles.yaml (#1556)

Improvements

• cscli explain supports stdin input (#1597) @LaurenceJJones
• add new performance related prometheus metrics in LAPI and agent (#1546) @buixor
• new syslog parser for syslog datasource (#1554) @blotus
• add more JSON expr helpers (#1576) @blotus
• allow to set static to a pointer and add IsIPV6 helper (#1540) @AlteredCoder
• add support for machine heartbeat (#1541) @buixor
• add notifications command (#1537) @sabban
• memory check for cscli dashboard setup (#1513) @LaurenceJJones
• significant performance improvements (#1583) @buixor

Bug Fixes

• revert decision dedup behavior to 1.3.4 (#1675) @buixor
• tls tests with bundle.pem (#1671) @mmetc
• pkg/database fix count decisions since by value (#1606) @he2ss
• support yml file (#1605) @AlteredCoder
• docker_start: improve bash compat (#1599) @he2ss
• fix decisions deduplication logic #1552 (#1569) @AlteredCoder
• fix freebsd tests (#1600) @mmetc
• fix concurrent map write on distinct cache (#1582) @buixor
• do not rely on /proc/sys/kernel/random/uuid for portability (#1575) @blotus
• fixed uid/gid bound check regression (#1555) @mmetc
• do not spew.Sdump() the invalid node on error (#1550) @buixor
• fix windows installer removing patterns folder on upgrade (#1548) @blotus
• changed option 'alerts-tainted' (which does not exist) to 'tainted' (#1538) @mmetc
• improved distinct/uniq behaviour & performances (#1478) @buixor
• retry to send alert to plugin channel if it fails (#1530) @blotus
• install config.yaml with chmod 600 (#1518) @mmetc
• loglevel warning (#1461) @mmetc
• fix /decisions/stream behaviour when refresh happened less often than 60s (#1517) @he2ss
• close response body in heartbeat (#1637) @blotus
• fix ticker leak (#1620) @buixor
• Fix event.timestamp pointer usage (#1621) @AlteredCoder
• Syslog datasource: do not set UDP read buffer size (#1657) @blotus
• Get geoip Country from other objects if not present (#1659) @AlteredCoder

Other changes

• simplify err.Error() to err when used in printf context (#1603) @mmetc
• cscli explain use temp dir (#1598) @LaurenceJJones
• CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) @mmetc
• make localstack-stop target (#1593) @mmetc
• enabled linters and fixes for: misspell, predeclared, unconvert, ineffassign, gosimple, govet (#1595) @mmetc
• removed bats warnings (#1592) @mmetc
• use only one name generator (#1591) @buixor
• shellcheck (#1584) @mmetc
• reduce verbosity of TLS auth and FlushAgentsAndBouncers (#1588) @blotus
• functional tests, minor refactoring and lint/cleanup (#1570) @mmetc
• fixed coverage reporting for functional tests; added cscli (#1568) @mmetc
• allow run-tests with -f "" (#1564) @mmetc
• codecov badge (#1562) @mmetc
• update codeql actions (v1 is going to be deprecated) (#1563) @mmetc
• codecov (#1561) @mmetc
• minor cleanup; export SetHubBranch (#1559) @mmetc
• fix coverage report (#1553) @mmetc
• increase lint timeout for windows (#1543) @mmetc
• some tests for misconfigured plugins (#1534) @mmetc
• func test: replaced one-shot bin/nc with a loop (#1542) @mmetc
• error reporting (#1501) @mmetc
• add bats-mock to mock external commands in functional tests (#1529) @mmetc
• test multiple notification events with the same plugin (#1539) @mmetc
• allow to override statics in hubtest. (#1495) @blotus
• fix docker flaky test (#1494) @blotus
• fix #1283: update and enable error reports from golangci (#1523) @mmetc
• avoid double output (error + log fatal) and automatic --help after each error (#1536) @mmetc
• add single quotes to log output (#1527) @LaurenceJJones
• optimize GetExprEnv usage (#1515) @nitescuc
• update machineid to 1.0.2 (#1533) @blotus
• add the ability to build on fc36 (#1524) @sabban
• test machines_tls: remove all existing machines in setup (#1678) @mmetc
• do not hide unit test failure (#1677) @blotus

Documentation related topics

• update docker docs: filter on github.repository_owner == 'crowdsecurity' (#1511) @mmetc
• add link to Console in README.md (#1509) @mazzma12
• document LAPI filters (#1535) @sbs2001
• "make localstack" target, link to docs/contributing (#1522) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

v1.4.1-rc1

Changes

• revert decision dedup behavior to 1.3.4 (#1675) @buixor
• do not hide unit test failure (#1677) @blotus
• tls tests with bundle.pem (#1671) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.