New Features
- Polling API Integration (behind feature flag) (#1715) @buixor
- Kubernetes audit acquisition (#1767) @blotus
- Crowdsec CTI API helpers (#1851) @buixor
- Alert context (#1895) @AlteredCoder
- cscli setup subcommand (behind feature flag) (#1923) @mmetc
- Feature flags support (#1933) @mmetc
- Conditional buckets (#1962) @blotus
- Allow parsers to capture data for future enrichment (#1969) @buixor
- S3 acquisition datasource (#2130) @blotus
- support IP and CIDR based whitelists for CAPI and 3rd party blocklists (#2132) @buixor
- Add
transform
configuration option for acquisition (#2144) @blotus - Add experimental support for re2 (#2138) @blotus
Improvements
- Stream decisions from db (behind feature flag) (#1927) @blotus
- CI: functional docker tests (#2056) @mmetc
- Show s00 stats instead of "first_parser" (#2055) @LaurenceJJones
- optimize blocklist fetch (#2039) @nitescuc
- optimization - remove useless login call (#2036) @nitescuc
- Add
IsIPV4()
andIsIP()
helpers (#2050) @blotus - Add more strings helpers (#2040) @buixor
- Improve warnings around lack of
evt.StrTime
field (#1954) @buixor - Add unix expr helper (#1952) @LaurenceJJones
- acquisition: validate datasources before configuration (static checks) (#1841) @mmetc
- CAPI v3 and blocklists links support (#2019) @nitescuc
- Docker: add cri-logs collection by default to support CRI log format (#2005) @he2ss
- add -error flag to crowdsec binary (#1903) @mmetc
- Suggest bouncers and machines to delete (#1896) @sabban
- Add socket support to mysql or mariadb (#1911) @LaurenceJJones
- Add postgres socket support (#1926) @LaurenceJJones
- docker: separate CLIENT_* and LAPI_* variables for tls certificates (#1929) @mmetc
- systemd: same restart options across deb, rpm, wizard (#1948) @mmetc
- Add unix time support to dateparse enricher (#1958) @LaurenceJJones
- retry with backoff requests to CAPI (#1957) @nitescuc
- fix yq behavior with bind-mount config.yaml (#1968) @mmetc
- cscli explain: add crowdsec path option (#1983) @mmetc
- normalize scopes for alerts and decisions (#2001) @buixor
- cscli config feature-flags (#2006) @mmetc
- docker: skip temporary installation of disabled items (#2018) @mmetc
- add dev docker image (based on master) (#2024) @he2ss
- Distance expr helper : Impossible travel (#2108) @buixor
- match expr helper (#2126) @buixor
- add ToString() helper (#2100) @blotus
Bug Fixes
- Do not try to refresh JWT token when doing a login request (#2059) @blotus
- Fix azure pipeline (#2041, #2044, #2046, #2048) @blotus
- clean up BUILD_GOVERSION which is set at runtime with runtime lib (#1901) @sabban
- remove pid_dir from config (#1906) @mmetc
- docker: correctly extract BOUNCER_KEY_* (#1913) @mmetc
- set cscli log timestamp to 24h (#1917) @mmetc
- docker: improve support for persistent configurations (#1915) @mmetc
- apiclient: fix http roundtrip (clone body also) (#1758) @he2ss
- ci: authenticate when looking up release information (#1936) @mmetc
- remove ignored flag "-m" in "cscli machines delete" (#1943) @mmetc
- fix tls communication with lapi and user/pw auth (#1956) @mmetc
- func tests: redirect stderr to filter extra logs (#1961) @mmetc
- fix parser test 2k23 (#1971) @mmetc
- Docker config/auth/TLS refactoring from v1.4.4 (#1967) @mmetc
- fix alert context CI when feature flags are enabled (#1979) @mmetc
- docker: add {VERSION}-slim tag to releases (#1977) @mmetc
- Change yaml patch from info to debug (#1980) @LaurenceJJones
- cscli: avoid initializing the db configuration twice (#1982) @mmetc
- silence yaml.local explicitly in cscli, keep in crowdsec/bouncer logs (#1981) @mmetc
- fix flaky parser unit test (#1985) @mmetc
- Fix docker_start.sh not properly handling env vars (#1993) @ruifung
- Fix reference to ghcr.io (#1999) @benscobie
- agent: fix message when -dsn is provided without -type (#2009) @mmetc
- allow use of literal $ in config.yaml (#2012) @mmetc
- allow literal
$
in plugin configuration (#2015) @mmetc - fix docker support for legacy vars (#2021) @mmetc
- error if tls.key_file or cert_file is missing (#2020)
- fix message "empty scenario" (#2065) @mmetc
- Propagate taints to top collections (fix #2064) (#2066) @mmetc
Chore / Deps
- replace log.Fatal -> fmt.Errorf (#2058) @mmetc
- Bump github.com/containerd/containerd from 1.6.12 to 1.6.18 (#2060) @dependabot
- Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible (#1996) @dependabot
- CAPI error code handling tests (#2027) @rr404
- CI: set GOBIN instead of go install + cp (#2030) @mmetc
- CI: build with go 1.20 (#2031) @mmetc
- test: bats-detect tests for "cscli setup" (#2057) @mmetc
- Cscli config refactoring (#1934) @mmetc
- separate cobra constructors: lapi, machines, bouncers, postoverflows (#1945) @mmetc
- bump docker actions to avoid deprecation warnings (#1966) @mmetc
- ci: remove hub dispatch, (msi) take release version from git history (#1949) @mmetc
- cscli refact: extracted New.*Cmd from alerts, capi, dashboard; removed some globals (#1990) @mmetc
- refact cscli decisions (#2003) @mmetc
- docker: replace BUILD_ENV with --target (#1995) @mmetc
- break in smaller functions cscli hub, hubtest, notifications, parsers, scenarios, simulation (#2004) @mmetc
- Store go module name in var in Makefile (#1989) @junnhy5
- remove SYSTEM=docker during build, update dockerignore (#2017) @mmetc
- use helpers for shorter tests, add a couple of error cases (#2016) @mmetc
- CI: update github actions and deprecated commands (#2023) @mmetc
- CI: bump more actions (#2028) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.