crowdsecurity/crowdsec v1.6.6

on GitHub

Overview

This release introduces centralized allowlists: you can now manage allowlists directly from LAPI or from the console.
Those allowlists will applied by LAPI to local decisions, appsec rules and blocklists, no need to deploy specific allowlists to each machine.

You can learn more about them in our documentation.

This release also deprecates capi_whitelists_path, and we encourage users to migrate to centralized allowlists as they are more flexible.

This release also introduces various improvements:

• JA4H helper for the appsec to compute hashes for HTTP requests
• Custom CA support and mTLS authentication for PostgreSQL/MySQL
• Various fixes

New Features

• Parallel hubtest (#3509) @mmetc
• deprecate capi_whitelists_path (#3504) @blotus
• Add support for centralized allowlists (#3355) @blotus

Changes

• appsec: use CA from client credentials when connecting to LAPI (#3505) @mmetc
• lint: gocritic/httpNoBody (#3493) @mmetc
• tests: remove modeline (#3486) @mmetc
• pkg/cwhub: refact Item.State.(Downloaded | Installed) (#3476) @mmetc
• refact: context propagation (apiclient, cticlient...) (#3477) @mmetc
• CI: use go 1.24 for windows (#3479) @mmetc
• tests: switch context.Background() -> t.Context() from go 1.24 (#3473) @mmetc
• refact: avoid use of defer calls in loops (#3466) @mmetc
• CI: lint docker tests (#3443) @mmetc
• lint: gocritic/typeDefFirst (ensure type definitions come before methods) (#3404) @mmetc
• file acquisition: remove redundant logging info (#3468) @mmetc
• CI: skip unit tests with dynamic build (#3461) @mmetc

Improvements

• appsec: support custom CA for lapi (#3503) @mmetc
• enhancement: Add additional ssl options to db configuration (#3387) @LaurenceJJones
• move ParseQuery to expr helpers, add ExtractQueryParam (#3491) @buixor
• enable/disable options for console enroll - make alert context a default (#3487) @buixor
• enhance: add option to disable magic syslog RFC parsers (#3435) @LaurenceJJones
• add JA4H expr helper (#3401) @blotus
• leaky bucket: reduce log verbosity (#3472) @mmetc

Bug Fixes

• update appsec test runner (#3518) @mmetc
• close appsec transactions after processing request (#3515) @blotus
• opensuse sets OSTYPE to linux (#3514) @blotus
• do not attempt to set db log level if no db config (#3510) @blotus
• appsec: less verbose logging for allowlists and headers check (#3498) @blotus
• enhance: Flags now superceed all log levels (#3496) @LaurenceJJones
• appsec: handle SendAlert() properly for out of band matches (#3497) @blotus
• cscli: review/update argument number checking (#3490) @mmetc
• crowdsec: allow -t to work if using appsec and allowlists (#3484) @blotus
• cron: avoid spamming stdout when the hub index is updated (#3485) @mmetc
• cscli: allow non-local symlinks to have a different name than hub items (#3475) @mmetc
• cscli hub/items: always show action plan; fix --interactive in pipes (#3451) @mmetc
• silence "cscli hub update" if noop in cron jobs (#3460) @mmetc
• cscli: don't attempt to download data files when url="" (#3454) @mmetc

Chore / Deps

• use go 1.24.1 (#3501) @mmetc
• update dependencies: color, go-sqlite3, tail, slack, testify (#3474) @mmetc
• use go 1.24, enable unencrypted http2 (#3470) @mmetc
• deps: use ent 0.14.2 (#3259) @mmetc
• build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.4 (#3431) @dependabot[bot]
• deps: update gin-jwt (#3430) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.