github wolffcatskyy/crowdsec-unifi-bouncer v2.3.0
v2.3.0 — Stream-Aware Decision Capping
on GitHub

9 hours ago

Features

Stream-Aware Decision Capping (#39)

Prevents ipset overflow on devices with limited maxelem capacity by tracking cumulative CAPI decisions between full syncs.

  • StreamTracker — Tracks cumulative CAPI stream decisions and enforces max_decisions limit
  • Local decision passthrough — Decisions with origin crowdsec or cscli always apply, never capped
  • Two enforcement modes via EVICTION_MODE env var:
    • cap (default): Stop adding new CAPI decisions once the limit is reached
    • evict: Replace the oldest CAPI decision with newer ones at the limit
  • 7 new Prometheus metrics for stream tracking (stream_decisions_total, stream_decisions_capped, stream_evictions_total, etc.)
  • 32 new tests covering all tracker scenarios

Improvements

  • Dockerfile healthcheck — Built-in container health monitoring
  • CI hardening — Added go vet and staticcheck to lint workflow
  • install.sh version auto-fetch — Fetches latest bouncer version from GitHub API instead of hardcoded version string
  • HTTP client connection reuse — Connection pooling in proxy passthrough for better performance

Documentation

  • Sidecar README updated with eviction mode documentation
Check out latest releases or
releases around wolffcatskyy/crowdsec-unifi-bouncer v2.3.0

Don't miss a new crowdsec-unifi-bouncer release

NewReleases is sending notifications on new releases.

Get notifications