Changes
- Appsec hooks fixes (#2769) @blotus
- Various appsec fixes (#2742) @blotus
- ignore native modsec rules that were either pass or allow (#2684) @blotus
- always set the transaction in the current request (#2682) @blotus
- always set inband transaction even if we have no rules (#2681) @blotus
- Used asterisk for Defender Firewall log name (#2671) @zbalkan
- Add env vars to install/remove appsec-{configs,rules} in docker image (#2664) @blotus
- Update scenarios and parsers constraints for appsec (#2663) @blotus
- Improvement to run hubtest for appsec in docker (#2660) @AlteredCoder
- Minor improvements to hubtest and appsec component (#2656) @buixor
New Features
- remove PAPI feature flag (#2601) @blotus
- Application Security Engine Support (#2273) @buixor
- Loki integration #2 (#2306) @lperdereau
Improvements
- log "loading papi client" only if papi is enabled (#2762) @mmetc
- Support
console options
inconsole enroll
(#2760) @buixor - func tests improvements (#2759) @mmetc
- pkg/hubtest: split hubtest_item.go (#2753) @mmetc
- post-install: reduce verbosity (#2751) @mmetc
- [parser/scenarios] defer yaml file closure (#2689) @LaurenceJJones
- add cpu-profile flag (#2723) @blotus
- [appsec] waf tester (#2746) @mmetc
- Add original http request to hooks (#2740) @AlteredCoder
- apiserver: remove cached field isEnrolled (#2744) @mmetc
- Docker: allow setting BUILD_VERSION as a build argument (#2736) @mmetc
- Ignore missing console/context.yaml if not explicitly required by config.yaml (#2726) @mmetc
- cscli capi status -> message for missing credentials (#2730) @mmetc
- [appsec] implement count transformation (#2698) @buixor
- Remove redundant file check for capi_whitelists_path (#2728) @mmetc
- wizard: while installing, don't hide hub download/timeout errors (#2710) @mmetc
- pkg/cwhub: improve error messages (#2712) @mmetc
- logging: full timestamp with timezone in crowdsec.log (#2707) @mmetc
- CI: enable testifylint (#2696) @mmetc
- apiserver/apiclient: compact tests (#2694) @mmetc
- minor waf fixes (#2693) @buixor
- test and log fixes (#2690) @mmetc
- CI: bump golangci-lint run to 1.55, update defaults (#2677) @mmetc
- [notifications] Fix bug, list show non active (#2678) @LaurenceJJones
- Appsec additional fixes (#2676) @blotus
- welcome message when installing packages (#2672) @sabban
- cscli: silence cwhub logger for non-hub related commands (#2675) @mmetc
- add "make help" target (#2282) @mmetc
- fflags: no deprecation warning if there is no message (papi) (#2666) @mmetc
- Parallel hubtests (#2667) @mmetc
- Add "taintedBy" and "--diff" flag to cscli... inspect (#2665) @mmetc
- improve deprecation message with file location (#2662) @mmetc
- light pkg/api{client,server} refact (#2659) @mmetc
- Short build tag in version number (#2658) @mmetc
- cscli machines: lint + write output to stdout instead of log (#2657) @mmetc
- [http plugin] Add capath, certpath, keypath to load custom certs (#2634) @LaurenceJJones
- add new env var to enable console_management (#2599) @he2ss
- docker: add -slim variant to ghcr.io (#2653) @mmetc
- cscli refact / encapsulation (#2650) @mmetc
- restrict file permission from "machines add" (#2648) @mmetc
- Appsec improvement and fixes after merge (#2645) @AlteredCoder
- cwhub: context type (#2631) @mmetc
- cscli refact - encapsulation with types (#2643) @mmetc
- Cwhub refact (#2637) @mmetc
- cscli config show: pretty print struct output (#2633) @mmetc
- Refact bouncer auth (#2456) @mmetc
- cscli machines add: don't overwrite existing credential file (#2625) @mmetc
- [Explain] Ignore blank lines as crowdsec will anyways (#2630) @LaurenceJJones
- command "cscli hub types" (#2632) @mmetc
- manage force_pull message for one blocklist (#2615) @nitescuc
- Refact pkg/cwhub: fix known issues and reorganize files (#2616) @mmetc
- [postoverflow] dump after postoverflow so we can test within hubtest (#2511) @LaurenceJJones
- [cscli] notifications test command and slight re write (#2391) @LaurenceJJones
- Refactor hub management and cscli commands (#2545) @mmetc
- "cscli bouncers add": increase key size, deprecate and ignore --length option (#2531) @mmetc
- *.log: use yyyy-mm-dd (iso8601) in timestamps (#2564) @mmetc
- Improved expr debugger (#2495) @buixor
- Kafka acquisition: warn if no consumer group id and allow to read from a specific partition (#2612) @blotus
- kafkaAcquisition: add more debug (#2609) @he2ss
- Use go 1.21.4 (#2595) @mmetc
Bug Fixes
- appsec: avoid nil dereference (#2773) @mmetc
- lapi/papi: when receiving alerts, log and discard invalid addr/range (#2708) @mmetc
- Appsec fixing session (#2749) @AlteredCoder
- fix the reload process for appsec (#2750) @buixor
- Appsec: Don't close the body of the request we read (#2747) @AlteredCoder
- Fix #2733 "cscli hang forever when i try to delete a decision" (#2745) @mmetc
- log death reason of file reader if available (#2721) @blotus
- fix #2720 #2719 (#2724) @buixor
- csprofiles: fix default decision duration, lint (#2703) @mmetc
- bin/crowdsec: avoid writing errors twice when log_media=stdout (#2729) @mmetc
- [appsec] fix multizone multivar (#2727) @buixor
- apiclient: handle 0-byte error response (#2716) @mmetc
- Fix #2697 (#2702) @AlteredCoder
- Send installed appsec rules as part of the scenarios on login (#2704) @blotus
- cwhub: install --force repairs tainted, non-installed items (#2686) @mmetc
- [notifications] fix segfault because url is not loaded (#2679) @LaurenceJJones
- postinst: update check for enabled lapi (#2674) @mmetc
- lint error handling (#2644) @mmetc
- copy debian behavior for now for local and online api credentials creation (#2655) @sabban
- fix package tests for 1.5.6-rc2 (#2652) @mmetc
- fix lapi credentials creation for debian package (#2646) @sabban
- cscli context detect: fix nil dereference (#2635) @mmetc
- docker tests: force local machine creation (#2636) @mmetc
- [cscli] Decision import fix format for documentation (#2577) @LaurenceJJones
- [Plugin] Pass down ctx and use it (#2626) @LaurenceJJones
- [Metabase] QOL Changes and chown wal files (#2627) @LaurenceJJones
- CI: avoid pipe in makefile, correctly report error in CI when tests fail (#2621) @mmetc
- force rfc 3339 date format in metrics push (#2402) @blotus
- docker: replace cp -an with rsync to allow bind-mount of files in /etc/crowdsec (#2611) @mmetc
- properly update the cs_syslogsource_parsed_total metric (#2608) @blotus
- fix: typo (#2582) @testwill
- update gantsign.golang name (#2558) @sabban
- Release action: fix asset upload (#2565) @mmetc
Chore / Deps
- CI: enable code complexity linters (#2752) @mmetc
- apiclient: split auth_key, auth_retry, auth_jwt (#2743) @mmetc
- Add AppSec governance (#2748) @LaurenceJJones
- apiclient/apiserver: lint/2 (#2741) @mmetc
- apiclient/apiserver: lint (#2739) @mmetc
- use go 1.21.6 (#2714) @mmetc
- Makefile: use GO macro if set, to check for version (#2706) @mmetc
- update coraza (#2705) @blotus
- lint (wsl) (#2692) @mmetc
- CI: update test dependencies (#2668) @mmetc
- Update localstack services + loki (dev and CI) (#2649) @mmetc
- Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#2670) @dependabot
- update dependency on aws sdk (#2647) @mmetc
- CI: use go 1.21.5 (#2640) @mmetc
- Test for acquisition format errors in crowdsec -t (#2629) @mmetc
- refact BulkDeleteDecisions (#2308) @mmetc
- update dependency: k8s apiserver (including crypto, jwt, prometheus client) (#2476) @mmetc
- Minor dependency updates (#2505) @mmetc
- Bump google.golang.org/grpc from 1.56.1 to 1.56.3 (#2566) @dependabot
- typos/grammar (#2561) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.