What's New in v3.6.0
Added
- CONSOLIDATE_ALERTS option — New
CONSOLIDATE_ALERTS=trueenv var sends all IPs in a single CrowdSec alert per run instead of one per source batch. Helps free-tier users stay within the 500 alerts/month limit. (#57) - Sentinel Turris blocklist — Added
sentinel.turris.cz/greylist-dataas a new threat feed source. (#55 by @gaelj) ABUSEIPDB_API_KEY_FILEconfig — Load your AbuseIPDB API key from a file, compatible with Docker secrets. (#50 by @gaelj)- Grafana dashboard improvements — Enhanced visualizations for monitoring blocklist imports. (#54 by @gaelj)
- CI workflow — GitHub Actions CI with pytest, flake8, and syntax checks
- Test suite — Comprehensive pytest tests for
blocklist_import.py - pip-installable package —
pip install crowdsec-blocklist-importnow works viapyproject.toml - Documentation — CHANGELOG.md, migration guide, updated CONTRIBUTING.md
Fixed
- 429 rate-limit freeze — Fixed a freeze when blocklist sources returned HTTP 429 Too Many Requests. (#53 by @gaelj)
- FetchResult attribute errors — Fixed crashes from incorrect attribute names in error handling paths. (Fixes #52)
- Spamhaus EDROP regression — Removed deprecated EDROP source that returned empty results after Spamhaus merged it into DROP. (Fixes #56)
- AbuseIPDB test failures — Fixed error-path tests expecting pre-fix behavior
- Flake8 lint violations — Cleaned up unused imports, variable names, and formatting
Removed
- Spamhaus EDROP blocklist — Deprecated; Spamhaus merged EDROP into the main DROP list. The DROP source already includes all former EDROP entries.
Contributors: Thank you to @gaelj for four excellent PRs this release — Sentinel Turris blocklist, AbuseIPDB key file support, Grafana dashboard improvements, and the 429 rate-limit fix!
Full Changelog: v3.5.0...v3.6.0