Skip to content

Releases: crowdsecurity/crowdsec

v1.7.1-rc3

25 Sep 19:41
@github-actions github-actions
v1.7.1-rc3
93e0802
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.1-rc3 Pre-release
Pre-release

Changes

  • refact pkg/parser: ExtraField / Static (#3913) @mmetc
  • lint: fix nilaway warnings (part 11) (#3910) @mmetc
  • lint: errcheck (#3912) @mmetc
  • refact: net.Listen -> listenConfig.Listen(), remove context.TODO()/Background() (#3776) @mmetc
  • refact pkg/acquisition: split DataSource interface (#3900) @mmetc
  • refact: net.Dial() -> Dialer.DialContext() (#3670) @mmetc
  • lint: errcheck, nolintlint, intrange (#3904) @mmetc
  • lint: fix nilaway warnings (part 5) (#3863) @mmetc
  • lint: fix nilaway warnings (part 10) (#3875) @mmetc
  • lint: fix nilaway warnings (part 7) (#3865) @mmetc
  • lint: fix nilaway warnings (part 6) (#3864) @mmetc
  • refact cmd/crowdsec, pkg/apiserver: extract methods (#3743) @mmetc
  • lint: fix nilaway warnings (part 9) (#3868) @mmetc
  • refact pkg/parser: small optimizations (#3891) @mmetc
  • refact simulation: redundant use of pointers; log (stderr) -> print (stdout) (#3889) @mmetc
  • refact pkg/parser: extract method processLeaves (#3886) @mmetc
  • refact: exec.Command() -> exec.CommandContext() (#3826) @mmetc
  • lint: fix nilaway warnings (part 2) (#3854) @mmetc
  • refact pkg/parser: extract method (#3849) @mmetc
  • lint: fix nilaway warnings (part 8) (#3866) @mmetc
  • lint: nosprintfhostport, ifelsechain (#3838) @mmetc
  • lint: fix nilaway warnings (part 1) (#3853) @mmetc
  • packaging: clean up redundant debian/install, debian/rules (#3781) @mmetc
  • rpm: declare ghost file permissions (#3828) @mmetc

Improvements

Bug Fixes

  • fix: service name typo (#3920) @mmetc
  • apiserver: prevent long bouncer names when IP is changing (bouncer@ip1@ip2..) (#3911) @mmetc
  • pkg/database: enable upsert feature flag, use it for config items (#3895) @mmetc
  • lint: fix nilaway warnings (part 3), prevent data race (#3855) @mmetc
  • journalctl acquisition: fix #3890 (#3893) @mmetc
  • refact pkg/parser: review formatting verbs, logs (#3887) @mmetc
  • fix: set cache defaults for parser stash (#3883) @mmetc
  • [WAF] do not iterate over all transaction variables for nothing // swap alert generation + event send order (#3884) @blotus
  • waf: return if we cannot create the TCP listener (#3882) @blotus
  • lint: fix nilaway warnings (part 4), prevent data race (#3857) @mmetc

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, david-garcia-garcia, and mmetc
Loading

v1.7.1-rc2

25 Sep 14:34
@github-actions github-actions
v1.7.1-rc2
e1644a4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.1-rc2 Pre-release
Pre-release

Changes

  • refact pkg/parser: ExtraField / Static (#3913) @mmetc
  • lint: fix nilaway warnings (part 11) (#3910) @mmetc
  • lint: errcheck (#3912) @mmetc
  • refact: net.Listen -> listenConfig.Listen(), remove context.TODO()/Background() (#3776) @mmetc
  • refact pkg/acquisition: split DataSource interface (#3900) @mmetc
  • refact: net.Dial() -> Dialer.DialContext() (#3670) @mmetc
  • lint: errcheck, nolintlint, intrange (#3904) @mmetc
  • lint: fix nilaway warnings (part 5) (#3863) @mmetc
  • lint: fix nilaway warnings (part 10) (#3875) @mmetc
  • lint: fix nilaway warnings (part 7) (#3865) @mmetc
  • lint: fix nilaway warnings (part 6) (#3864) @mmetc
  • refact cmd/crowdsec, pkg/apiserver: extract methods (#3743) @mmetc
  • lint: fix nilaway warnings (part 9) (#3868) @mmetc
  • refact pkg/parser: small optimizations (#3891) @mmetc
  • refact simulation: redundant use of pointers; log (stderr) -> print (stdout) (#3889) @mmetc
  • refact pkg/parser: extract method processLeaves (#3886) @mmetc
  • refact: exec.Command() -> exec.CommandContext() (#3826) @mmetc
  • lint: fix nilaway warnings (part 2) (#3854) @mmetc
  • refact pkg/parser: extract method (#3849) @mmetc
  • lint: fix nilaway warnings (part 8) (#3866) @mmetc
  • lint: nosprintfhostport, ifelsechain (#3838) @mmetc
  • lint: fix nilaway warnings (part 1) (#3853) @mmetc
  • packaging: clean up redundant debian/install, debian/rules (#3781) @mmetc
  • rpm: declare ghost file permissions (#3828) @mmetc

Improvements

Bug Fixes

  • apiserver: prevent long bouncer names when IP is changing (bouncer@ip1@ip2..) (#3911) @mmetc
  • pkg/database: enable upsert feature flag, use it for config items (#3895) @mmetc
  • lint: fix nilaway warnings (part 3), prevent data race (#3855) @mmetc
  • journalctl acquisition: fix #3890 (#3893) @mmetc
  • refact pkg/parser: review formatting verbs, logs (#3887) @mmetc
  • fix: set cache defaults for parser stash (#3883) @mmetc
  • [WAF] do not iterate over all transaction variables for nothing // swap alert generation + event send order (#3884) @blotus
  • waf: return if we cannot create the TCP listener (#3882) @blotus
  • lint: fix nilaway warnings (part 4), prevent data race (#3857) @mmetc

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, david-garcia-garcia, and mmetc
Loading

v1.7.1-rc1

25 Sep 13:51
@github-actions github-actions
v1.7.1-rc1
e65bb44
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.1-rc1 Pre-release
Pre-release

Changes

  • refact pkg/parser: ExtraField / Static (#3913) @mmetc
  • lint: fix nilaway warnings (part 11) (#3910) @mmetc
  • lint: errcheck (#3912) @mmetc
  • refact: net.Listen -> listenConfig.Listen(), remove context.TODO()/Background() (#3776) @mmetc
  • refact pkg/acquisition: split DataSource interface (#3900) @mmetc
  • refact: net.Dial() -> Dialer.DialContext() (#3670) @mmetc
  • lint: errcheck, nolintlint, intrange (#3904) @mmetc
  • lint: fix nilaway warnings (part 5) (#3863) @mmetc
  • lint: fix nilaway warnings (part 10) (#3875) @mmetc
  • lint: fix nilaway warnings (part 7) (#3865) @mmetc
  • lint: fix nilaway warnings (part 6) (#3864) @mmetc
  • refact cmd/crowdsec, pkg/apiserver: extract methods (#3743) @mmetc
  • lint: fix nilaway warnings (part 9) (#3868) @mmetc
  • refact pkg/parser: small optimizations (#3891) @mmetc
  • refact simulation: redundant use of pointers; log (stderr) -> print (stdout) (#3889) @mmetc
  • refact pkg/parser: extract method processLeaves (#3886) @mmetc
  • refact: exec.Command() -> exec.CommandContext() (#3826) @mmetc
  • lint: fix nilaway warnings (part 2) (#3854) @mmetc
  • refact pkg/parser: extract method (#3849) @mmetc
  • lint: fix nilaway warnings (part 8) (#3866) @mmetc
  • lint: nosprintfhostport, ifelsechain (#3838) @mmetc
  • lint: fix nilaway warnings (part 1) (#3853) @mmetc
  • packaging: clean up redundant debian/install, debian/rules (#3781) @mmetc
  • rpm: declare ghost file permissions (#3828) @mmetc

Improvements

Bug Fixes

  • pkg/database: enable upsert feature flag, use it for config items (#3895) @mmetc
  • lint: fix nilaway warnings (part 3), prevent data race (#3855) @mmetc
  • journalctl acquisition: fix #3890 (#3893) @mmetc
  • refact pkg/parser: review formatting verbs, logs (#3887) @mmetc
  • fix: set cache defaults for parser stash (#3883) @mmetc
  • [WAF] do not iterate over all transaction variables for nothing // swap alert generation + event send order (#3884) @blotus
  • waf: return if we cannot create the TCP listener (#3882) @blotus
  • lint: fix nilaway warnings (part 4), prevent data race (#3857) @mmetc

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, david-garcia-garcia, and mmetc
Loading

v1.7.0

01 Sep 10:10
@github-actions github-actions
v1.7.0
c3036e2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0 Latest
Latest

The 1.7.0 release of crowdsec brings some major changes to how services are auto-detected during installation, and to the metrics shared by the log processors to LAPI.

The new detection system, cscli setup, is much more flexible and powerful:

  • Supports Linux, BSD and Windows (at the time, auto-detection is only performed at install time for deb and RPM packages)
  • More services are detected out of the box
  • A custom detection configuration can be provided during installation to detect custom services and generate custom acquisition configs (eg, when not using default log paths)
  • The auto-detection can be skipped if the configuration is managed with tools like Ansible

Learn more about it in our documentation.

The Log Processors now send metrics about the acquisition (number of lines read and parsed per datasource) and the parsers (number of events parsed, unparsed, or whitelisted) to LAPI.
Those metrics are shown when running cscli machines inspect XXX.
In the future, they will also be displayed in the console and used to detect potentially misconfigured or misbehaving installations.

Other notable changes include:

  • Support for swarm in the docker datasource
  • Better CRS integration in the WAF (this will continue to be improved over time)
  • New expr helpers to compute the average and median time between events

Warning

Starting with this release, when crowdsec is run in a docker (or podman) container, a volume must be provided /var/lib/crowdsec/data/, otherwise the container will refuse to start.
This requirement does not apply to Kubernetes.

Note

As previously documented here, the cscli dashboard command has been removed.
If you are still using the metabase dashboard, we recommend you migrate to https://app.crowdsec.net

Changes

New Features

Improvements

  • WAF: Improve user-experience with CRS and modsecurity rules (#3827) @blotus
  • cscli setup: allow skipping service detection with $CROWDSEC_SETUP_UN… (#3822) @mmetc
  • cscli setup: improve service detection and datasource validation (#3812) @mmetc
  • cscli setup: skip missing items, fix collection name (#3794) @mmetc
  • Improve the output of appsec cscli hubtest (#3791) @buixor
  • cscli setup improvements (#3789) @mmetc
  • cscli: print command name along with errors (#3768) @mmetc
  • enhance: Add 2 time helpers for average and median (#3748) @LaurenceJJones
  • usage metrics: report acquisition + parsers metrics to LAPI (#3709) @blotus
  • improve datasource validation (goccy/go-yaml) (#3646) @mmetc

Bug Fixes

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, buixor, and 3 other contributors
Assets 7
Loading

v1.7.0-rc9

25 Aug 14:23
@github-actions github-actions
v1.7.0-rc9
191f653
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc9 Pre-release
Pre-release

Changes

  • CI: update actions; drop version comments (#3823) @mmetc
  • install scripts: echo -e -> echo (we're not requiring bash anymore) (#3799) @mmetc
  • move detect.yaml to /var/lib/crowdsec/data (#3797) @mmetc
  • restore wizard.sh --unattended (#3790) @mmetc
  • cleanup wizard.sh (#3786) @mmetc
  • remove the cscli_setup feature flag (#3784) @mmetc
  • add detect.yaml in rpm files section (#3773) @sabban
  • refact whitelist/allowlist: net.IP to net/netip (#3683) @mmetc
  • refact: pkg/database decisions filter, queries (#3635) @mmetc

New Features

Improvements

  • cscli setup: allow skipping service detection with $CROWDSEC_SETUP_UN… (#3822) @mmetc
  • cscli setup: improve service detection and datasource validation (#3812) @mmetc
  • cscli setup: skip missing items, fix collection name (#3794) @mmetc
  • Improve the output of appsec cscli hubtest (#3791) @buixor
  • cscli setup improvements (#3789) @mmetc
  • cscli: print command name along with errors (#3768) @mmetc
  • enhance: Add 2 time helpers for average and median (#3748) @LaurenceJJones
  • usage metrics: report acquisition + parsers metrics to LAPI (#3709) @blotus
  • improve datasource validation (goccy/go-yaml) (#3646) @mmetc

Bug Fixes

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, buixor, and 3 other contributors
Loading

v1.7.0-rc8

22 Aug 13:08
@github-actions github-actions
v1.7.0-rc8
fce4091
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc8 Pre-release
Pre-release

Changes

  • install scripts: echo -e -> echo (we're not requiring bash anymore) (#3799) @mmetc
  • move detect.yaml to /var/lib/crowdsec/data (#3797) @mmetc
  • restore wizard.sh --unattended (#3790) @mmetc
  • cleanup wizard.sh (#3786) @mmetc
  • remove the cscli_setup feature flag (#3784) @mmetc
  • add detect.yaml in rpm files section (#3773) @sabban
  • refact whitelist/allowlist: net.IP to net/netip (#3683) @mmetc
  • refact: pkg/database decisions filter, queries (#3635) @mmetc

New Features

Improvements

  • cscli setup: improve service detection and datasource validation (#3812) @mmetc
  • cscli setup: skip missing items, fix collection name (#3794) @mmetc
  • Improve the output of appsec cscli hubtest (#3791) @buixor
  • cscli setup improvements (#3789) @mmetc
  • cscli: print command name along with errors (#3768) @mmetc
  • enhance: Add 2 time helpers for average and median (#3748) @LaurenceJJones
  • usage metrics: report acquisition + parsers metrics to LAPI (#3709) @blotus
  • improve datasource validation (goccy/go-yaml) (#3646) @mmetc

Bug Fixes

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, buixor, and 3 other contributors
Loading

v1.7.0-rc7

19 Aug 10:21
@github-actions github-actions
v1.7.0-rc7
4c3a613
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc7 Pre-release
Pre-release

Changes

  • install scripts: echo -e -> echo (we're not requiring bash anymore) (#3799) @mmetc
  • move detect.yaml to /var/lib/crowdsec/data (#3797) @mmetc
  • restore wizard.sh --unattended (#3790) @mmetc
  • cleanup wizard.sh (#3786) @mmetc
  • remove the cscli_setup feature flag (#3784) @mmetc
  • add detect.yaml in rpm files section (#3773) @sabban
  • refact whitelist/allowlist: net.IP to net/netip (#3683) @mmetc
  • refact: pkg/database decisions filter, queries (#3635) @mmetc

New Features

Improvements

  • cscli setup: improve service detection and datasource validation (#3812) @mmetc
  • cscli setup: skip missing items, fix collection name (#3794) @mmetc
  • Improve the output of appsec cscli hubtest (#3791) @buixor
  • cscli setup improvements (#3789) @mmetc
  • cscli: print command name along with errors (#3768) @mmetc
  • enhance: Add 2 time helpers for average and median (#3748) @LaurenceJJones
  • usage metrics: report acquisition + parsers metrics to LAPI (#3709) @blotus
  • improve datasource validation (goccy/go-yaml) (#3646) @mmetc

Bug Fixes

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, buixor, and 3 other contributors
Loading

v1.7.0-rc6

19 Aug 07:54
@github-actions github-actions
v1.7.0-rc6
27cebed
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc6 Pre-release
Pre-release

Changes

  • install scripts: echo -e -> echo (we're not requiring bash anymore) (#3799) @mmetc
  • move detect.yaml to /var/lib/crowdsec/data (#3797) @mmetc
  • restore wizard.sh --unattended (#3790) @mmetc
  • cleanup wizard.sh (#3786) @mmetc
  • remove the cscli_setup feature flag (#3784) @mmetc
  • add detect.yaml in rpm files section (#3773) @sabban
  • refact whitelist/allowlist: net.IP to net/netip (#3683) @mmetc
  • refact: pkg/database decisions filter, queries (#3635) @mmetc

New Features

Improvements

  • cscli setup: improve service detection and datasource validation (#3812) @mmetc
  • cscli setup: skip missing items, fix collection name (#3794) @mmetc
  • Improve the output of appsec cscli hubtest (#3791) @buixor
  • cscli setup improvements (#3789) @mmetc
  • cscli: print command name along with errors (#3768) @mmetc
  • enhance: Add 2 time helpers for average and median (#3748) @LaurenceJJones
  • usage metrics: report acquisition + parsers metrics to LAPI (#3709) @blotus
  • improve datasource validation (goccy/go-yaml) (#3646) @mmetc

Bug Fixes

  • CI: remove config/detect.yaml reference from rpm (#3813) @mmetc
  • fix rpm dovecot detection (#3796) @sabban
  • Increase hub download timeout to 10 minutes (#3785) @mmetc
  • docker: enforce volume use for /var/lib/crowdsec/data/ (#3757) @blotus
  • setup: add detect.yaml to windows install (#3775) @blotus
  • fix timemachine lock (#3767) @sabban
  • appsec: properly set URI in the original request object for use in hooks (#3755) @blotus

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, buixor, and 3 other contributors
Loading

v1.7.0-rc5

18 Aug 21:44
@github-actions github-actions
v1.7.0-rc5
9671da6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc5 Pre-release
Pre-release

Changes

  • install scripts: echo -e -> echo (we're not requiring bash anymore) (#3799) @mmetc
  • move detect.yaml to /var/lib/crowdsec/data (#3797) @mmetc
  • restore wizard.sh --unattended (#3790) @mmetc
  • cleanup wizard.sh (#3786) @mmetc
  • remove the cscli_setup feature flag (#3784) @mmetc
  • add detect.yaml in rpm files section (#3773) @sabban
  • refact whitelist/allowlist: net.IP to net/netip (#3683) @mmetc
  • refact: pkg/database decisions filter, queries (#3635) @mmetc

New Features

Improvements

  • cscli setup: improve service detection and datasource validation (#3812) @mmetc
  • cscli setup: skip missing items, fix collection name (#3794) @mmetc
  • Improve the output of appsec cscli hubtest (#3791) @buixor
  • cscli setup improvements (#3789) @mmetc
  • cscli: print command name along with errors (#3768) @mmetc
  • enhance: Add 2 time helpers for average and median (#3748) @LaurenceJJones
  • usage metrics: report acquisition + parsers metrics to LAPI (#3709) @blotus
  • improve datasource validation (goccy/go-yaml) (#3646) @mmetc

Bug Fixes

  • fix rpm dovecot detection (#3796) @sabban
  • Increase hub download timeout to 10 minutes (#3785) @mmetc
  • docker: enforce volume use for /var/lib/crowdsec/data/ (#3757) @blotus
  • setup: add detect.yaml to windows install (#3775) @blotus
  • fix timemachine lock (#3767) @sabban
  • appsec: properly set URI in the original request object for use in hooks (#3755) @blotus

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, buixor, and 3 other contributors
Loading

v1.7.0-rc4

07 Aug 07:57
@github-actions github-actions
v1.7.0-rc4
8c57045
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc4 Pre-release
Pre-release

Changes

New Features

Improvements

Bug Fixes

  • Increase hub download timeout to 10 minutes (#3785) @mmetc
  • docker: enforce volume use for /var/lib/crowdsec/data/ (#3757) @blotus
  • setup: add detect.yaml to windows install (#3775) @blotus
  • fix timemachine lock (#3767) @sabban
  • appsec: properly set URI in the original request object for use in hooks (#3755) @blotus

Chore / Deps

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

Contributors

blotus, buixor, and 3 other contributors
Loading