crowdsecurity/crowdsec v1.4.2-rc6

on GitHub

Main changes

• Kafka data source (#1698)
• Changes on the database front to speed up operations, especially when inserting or deleting big IPs list (#1752 #1835 #1782)
• Cscli got a visual revamp with better-looking tables and usage (#1763 #1801)
• CrowdSec now auto-updates parsers & scenarios on a daily basis to stay on top of upcoming threats (#1817)
• Added cscli support dump for more accessible support (#1634)
• Added cscli notifications reinject to make debugging and tweaking around notifications easier (#1638)

New features

• Implement reinject command to send notifications of alerts (#1638) @sabban
• Add LookupHost expr lib func (#1775) @ThinkChaos
• Acqusition : Add support for exclusion regexps (#1735) (fix #1733) @buixor
• Generic dateparse approach (#1669) @buixor
• Add helo config for mail plugin (#1765) @LaurenceJJones
• Docker build flavors: slim, with-plugins, with-geoip, full (#1862) @mmetc
• Add config option to enable or not local API and agent (#1730) @AlteredCoder
• Allow plugins to load environment variable (#1727) @AlteredCoder

Bug Fixes

• Fix #1746 (#1749) @sabban
• Restrict permissions for plugin configurations (#1745) @mmetc
• Fix expr scope #1737 (#1738) @sabban
• Acually postoverflow before reprocessing (#1739) @sabban
• Fix logging for email plugin (#1670) @sabban
• Fix decision delete #1724 (#1725) @sabban
• Fix cscli notifications list crash (#1697) @blotus
• Fix the ssltls by actually doing ssltls in email notification plugin (#1672) @sabban
• Fix one shot acq race (#1783) @sbs2001
• Fix counter bucket (#1807) @sabban
• Fix crash when reading deleted files (#1840) @mmetc
• Fix for collections delete (#1824) @mmetc
• Blocklist: Do not duplicate decisions when pulling (#1796) @blotus
• Rpm spec fix cron removal (#1829) @LaurenceJJones
• Add check for .deb remove (#1827) @LaurenceJJones
• Tighten windows sqlite database permissions (#1769) @blotus

Changes

• Update codecov action (node 12 is deprecated) (#1830) @mmetc
• Simpler makefiles for static targets (#1744) @mmetc
• Use explicit transaction when inserting community blocklist (#1835) @blotus
• Update chocolatey spec file and publish nupkg in github releases (#1826) @blotus
• Support decisions deletion via scenario + alerts delete via ID (#1798) @buixor
• Replace shodan with crowdsec cti in notification template (#1741) @sbs2001
• Use ansible roles from crowdsecurity.testing collection (#1743) @mmetc
• golangci-lint 1.49 and related fixes (#1736) @mmetc
• Ansible changed_when fix; ansible/vagrant lint (#1734) @mmetc
• Update sprig to v3 (#1722) @LaurenceJJones
• Hardcode db password in CI to allow tests from third parties (#1729) @mmetc
• Allow user to disable decision deduplication (#1687) @buixor
• Switch to go 1.19 (#1709) @blotus
• Fix typo in func tests (#1718) @sabban
• Replace wizard patch for debian package with an envvar check (#1630) @mmetc
• Func tests: enable capi only when needed (#1710) @mmetc
• golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) @mmetc
• Functional tests: json, stderr helpers (#1704) @mmetc
• Ansible testing improvements (#1700) @mmetc
• Add suggestion on cscli install items (#1686) @AlteredCoder
• Ansible testing (#1691) @mmetc
• cscli machines delete: return an error if machines doesn't exist (#1689) @AlteredCoder
• Add -a options in cscli alerts list (#1690) @AlteredCoder
• Don't run azure pipeline on freeBSD tags (#1684) @blotus
• Functional tests instrumented by ansible/vagrant (#1682) @mmetc
• Adjust test timing for slow boxes (#1681) @mmetc
• Fix --column-statistics handling in mysql tests (#1680) @mmetc
• Cronjob remove fails due to [[ (#1818) @LaurenceJJones
• Warn if no acquisition files are found, acquisition_test refactoring, func tests (#1816) @mmetc
• Refactor broker_test.go, extract cstest/filenotfound*.go (#1815) @mmetc
• Rename pkg/cstest -> pkg/hubtest (#1811) @mmetc
• Force postgres 14 for func tests (#1813) @mmetc
• Enable all static checks + minor fixes and typos (#1806) @mmetc
• Add test and fix for configuration reload (#1808) @mmetc
• Fix missing metrics cscli (#1809) @blotus
• Replace log.Fatal with t.Fatal (#1805) @mmetc
• Don't install jq to build windows, docker (not required anymore) (#1800) @mmetc
• Unit tests: always capture testcase variable -> allow parallel testing (#1797) @mmetc
• Check is TLS == "true" before to enable in LAPI (#1795) @stephdl
• Bats helper fixes (#1792) @mmetc
• Fast alert delete (#1791) @sbs2001
• Update ent and grokky package (#1772) @AlteredCoder
• Fork dlog to ease debian packaging on official repos (#1790) @sabban
• Simplify one shot tests (#1786) @sbs2001
• Remove a wrong warning when pulling list content from CAPI (#1789) @blotus
• tests/bin cleanup (#1760) @mmetc
• Make: accept BUILD_VENDOR_FLAGS variable (#1771) @mmetc
• Renamed security.MD -> SECURITY.md (#1774) @mmetc
• Fix & cleanup cloudwatch_test.go (#1780) @mmetc
• Cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) @mmetc
• "make localstack": added zookeper+kafka services (#1770) @mmetc
• Don't suggest an item which user already mentioned (#1702) @sbs2001
• Fix misspelling of instantiate participles (#1759) @xconverge
• spf13/cobra v1.5.0; antonmedv/expr v1.9.0 (#1756) @mmetc
• Improvement: Docker one shot error message (#1666) @LaurenceJJones
• Tighten permissions for creds and notification configuration files on windows (#1757) @blotus
• Rename ROOT var to CS_ROOT in Makefile (#1755) @blotus
• Cronjob via packages (#1820) @LaurenceJJones
• Ci: skip func tests with legacy postgres driver (keep pgx) (#1864) @mmetc
• Notify when community-blocklist starts pull (#1845) @buixor
• Fix #1860 : Only repeat the WAL warning once (#1863) @buixor
• Enabled linters: gocritic, nilerr (#1853) @mmetc
• Fix docker_start without using jq (#1855) @AlteredCoder
• Randomize metric push time (#1852) @mmetc
• Fix ticker in bucket (#1858) @sabban
• Add error checking to lookup host (#1847) @LaurenceJJones
• Fixed package tests w/wal, gitignore/typos (#1849) @mmetc
• Randomize pull, push and metric intervals; reload crowdsec only when hub changed (#1846) @mmetc
• Fix(ci): create hub badges, repository dispatch only on crowdsecurity/crowdsec (#1838) @mmetc
• Add cscli alerts delete --id (#1843) @buixor
• Update golangci-lint to 1.50 and fixes (#1828) @mmetc
• Print missing "AS" values as empty strings instead of "0 " (#1867) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.