windows: add file notification plugin in MSI package#4367
Merged
Conversation
|
@blotus: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
|
@blotus: There are no area labels on this PR. You can add as many areas as you see fit.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #4367 +/- ##
==========================================
+ Coverage 62.96% 62.99% +0.02%
==========================================
Files 473 473
Lines 33497 33497
==========================================
+ Hits 21093 21102 +9
+ Misses 10282 10278 -4
+ Partials 2122 2117 -5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Member
Author
|
/kind fix |
buixor
approved these changes
Mar 19, 2026
bjw-s
added a commit
to bjw-s-labs/home-ops
that referenced
this pull request
Apr 2, 2026
….7.7 ) (#26) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/crowdsecurity/crowdsec](https://github.com/crowdsecurity/crowdsec) | patch | `v1.7.6` → `v1.7.7` | --- ### Release Notes <details> <summary>crowdsecurity/crowdsec (docker.io/crowdsecurity/crowdsec)</summary> ### [`v1.7.7`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.7) [Compare Source](crowdsecurity/crowdsec@v1.7.6...v1.7.7) CrowdSec 1.7.7 brings 2 major changes: - On linux, [RE2](https://github.com/google/re2) is now used by default for evaluating regexp in parsers - WAF rules can now contain a mix of AND/OR conditions without any limits, giving much greater flexibility when writing new rules ##### RE2 by default on linux CrowdsSec has supported for a long time using RE2 as the regexp engine, and with this release we make it the default. CrowdSec has always used the builtin Go regexp package, which is a Go reimplementation of the RE2 library, but with known performance limitations. The switch to RE2 will bring significantly increased regexp performance (one of the most critical part of CrowdSec) at the cost of slightly longer regexp compilation and higher baseline memory usage. > \[!IMPORTANT] > If you encounter any issues with the new regexp engine, you can fallback to the previous Go implementation by setting the feature flag `re2_disable_grok_support` (see [the documentation](https://docs.crowdsec.net/docs/next/configuration/feature_flags/#enabling-a-feature-flag)). ##### Other changes Other notable changes include: - a new `kind` attribute for alerts used to identify its source (a scenario, a WAF rule, a manual decision creation, ...) - a new `cscli allowlist import` command - support for the `HTTP_PROXY` environment variable in the `notification-http` plugin - A resource leak under high load was fixed ### Full changelog #### New Features - add LookupFile and FileMap expr helpers ([#​4372](crowdsecurity/crowdsec#4372)) [@​buixor](https://github.com/buixor) - waf rules: allow arbitrary mix of AND and OR conditions ([#​4358](crowdsecurity/crowdsec#4358)) [@​blotus](https://github.com/blotus) #### Improvements - enable RE2 support by default on linux ([#​4386](crowdsecurity/crowdsec#4386)) [@​blotus](https://github.com/blotus) - cscli allowlists: add import command ([#​4378](crowdsecurity/crowdsec#4378)) [@​blotus](https://github.com/blotus) - WAF: expose more transformations from coraza ([#​4140](crowdsecurity/crowdsec#4140)) [@​blotus](https://github.com/blotus) - Add new `kind` alert attribute ([#​4351](crowdsecurity/crowdsec#4351)) [@​blotus](https://github.com/blotus) - Use environment proxy settings for notification-http ([#​4364](crowdsecurity/crowdsec#4364)) [@​op3](https://github.com/op3) #### Bug Fixes - allowlists: apply items to existing decisions in batch ([#​4095](crowdsecurity/crowdsec#4095)) [@​blotus](https://github.com/blotus) - waf: fix tests for modsec rules generation ([#​4385](crowdsecurity/crowdsec#4385)) [@​blotus](https://github.com/blotus) - windows: add file notification plugin in MSI package ([#​4367](crowdsecurity/crowdsec#4367)) [@​blotus](https://github.com/blotus) - leakroutine: call cancel after leakroutine returns ([#​4369](crowdsecurity/crowdsec#4369)) [@​blotus](https://github.com/blotus) - notification-sentinel: lower-case x-ms-date header for correct HMAC ([#​4288](crowdsecurity/crowdsec#4288)) [@​ebirn](https://github.com/ebirn) - tests: remove temporary sqlite/plugin files from /tmp/ ([#​4332](crowdsecurity/crowdsec#4332)) [@​mmetc](https://github.com/mmetc) - pkg/apiserver: fix scenario count in debug log ([#​4333](crowdsecurity/crowdsec#4333)) [@​mmetc](https://github.com/mmetc) - pkg/csplugin: prevent race condition, deadlock ([#​4294](crowdsecurity/crowdsec#4294)) [@​mmetc](https://github.com/mmetc) - pkg/acquisitioncontext: minimal fix for data race in tests ([#​4327](crowdsecurity/crowdsec#4327)) [@​mmetc](https://github.com/mmetc) - acquisition/file: minimal fix for data race in tests ([#​4326](crowdsecurity/crowdsec#4326)) [@​mmetc](https://github.com/mmetc) - fix lint fsutil/freebsd: unnecessary conversion ([#​4324](crowdsecurity/crowdsec#4324)) [@​mmetc](https://github.com/mmetc) - cscli: consistent status and usage message for unknown subcommands ([#​4320](crowdsecurity/crowdsec#4320)) [@​mmetc](https://github.com/mmetc) - cscli detect: set log type for caddy unit to "syslog" ([#​4321](crowdsecurity/crowdsec#4321)) [@​mmetc](https://github.com/mmetc) - CI: add published\_at to version.crowdsec.net/latest ([#​4291](crowdsecurity/crowdsec#4291)) [@​blotus](https://github.com/blotus) - cmd/crowdsec: assign overflow after parsing ([#​4226](crowdsecurity/crowdsec#4226)) [@​mmetc](https://github.com/mmetc) - waf: format as CRS match only if anomaly score is not 0 ([#​4230](crowdsecurity/crowdsec#4230)) [@​blotus](https://github.com/blotus) #### Changes - build(deps): bump cryptography from 46.0.3 to 46.0.5 in /build/docker/test ([#​4298](crowdsecurity/crowdsec#4298)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - support for waf- alias in cscli ([#​4347](crowdsecurity/crowdsec#4347)) [@​buixor](https://github.com/buixor) - refact pkg/dumps: reduce complexity ([#​4209](crowdsecurity/crowdsec#4209)) [@​mmetc](https://github.com/mmetc) - lint: refact pkg/dumps for nilaway ([#​4208](crowdsecurity/crowdsec#4208)) [@​mmetc](https://github.com/mmetc) - refact pkg/parser: redundant indirection ([#​4344](crowdsecurity/crowdsec#4344)) [@​mmetc](https://github.com/mmetc) - refact pkg/parser: extract+embed NodeConfig in Node struct ([#​4343](crowdsecurity/crowdsec#4343)) [@​mmetc](https://github.com/mmetc) - move calls to trace.ReportPanic() on top of goroutines ([#​4338](crowdsecurity/crowdsec#4338)) [@​mmetc](https://github.com/mmetc) - pkg/csplugin: simplify notification loop; noop with empty queue ([#​4328](crowdsecurity/crowdsec#4328)) [@​mmetc](https://github.com/mmetc) - pkg/parsers: light refact, remove redundant code ([#​4213](crowdsecurity/crowdsec#4213)) [@​mmetc](https://github.com/mmetc) - refact cmd/crowdsec: encapsulate cache into alertBuffer ([#​4300](crowdsecurity/crowdsec#4300)) [@​mmetc](https://github.com/mmetc) - cmd/notification-\*: don't provide the same context twice for request ([#​4316](crowdsecurity/crowdsec#4316)) [@​mmetc](https://github.com/mmetc) - don't flush 127.0.0.1 ([#​4315](crowdsecurity/crowdsec#4315)) [@​sabban](https://github.com/sabban) - clipapi: replace tomb with errgroup ([#​4207](crowdsecurity/crowdsec#4207)) [@​mmetc](https://github.com/mmetc) - refact cmd/crowdsec: remove redundant global variable ([#​4299](crowdsecurity/crowdsec#4299)) [@​mmetc](https://github.com/mmetc) - refact: remove unused code in crowdsec-cli, apiserver, acquisition, database ([#​4304](crowdsecurity/crowdsec#4304)) [@​mmetc](https://github.com/mmetc) - refact pkg/leakybucket: trim down redundant Leaky struct fields ([#​4290](crowdsecurity/crowdsec#4290)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: remove global bucketStore, unused parameters + tags ([#​4286](crowdsecurity/crowdsec#4286)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: remove Simulated field from Leaky, keep it in config ([#​4285](crowdsecurity/crowdsec#4285)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: extract BucketSpec from BucketFactory ([#​4284](crowdsecurity/crowdsec#4284)) [@​mmetc](https://github.com/mmetc) - refact pkg/leakybucket: extract methods from LoadBucket() part 2 ([#​4282](crowdsecurity/crowdsec#4282)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: refact test loop, more explicit failures in testFile() ([#​4281](crowdsecurity/crowdsec#4281)) [@​mmetc](https://github.com/mmetc) - refact pkg/leakybucket: extract methods from LoadBucket() ([#​4279](crowdsecurity/crowdsec#4279)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: replace Signal chan with explicit read/done chans ([#​4277](crowdsecurity/crowdsec#4277)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: replace waitgroups with single rwlock ([#​4276](crowdsecurity/crowdsec#4276)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: garbage collect: compare float with epsilon ([#​4275](crowdsecurity/crowdsec#4275)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: refactor tests ([#​4272](crowdsecurity/crowdsec#4272)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: replace sycn.Map with map + mutex ([#​4271](crowdsecurity/crowdsec#4271)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: replace global counter with call to bucket store ([#​4273](crowdsecurity/crowdsec#4273)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: review README.md ([#​4274](crowdsecurity/crowdsec#4274)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: encapsulate store map + add methods ([#​4253](crowdsecurity/crowdsec#4253)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: remove redundant bool var ([#​4252](crowdsecurity/crowdsec#4252)) [@​mmetc](https://github.com/mmetc) - fix hub console side ([#​4266](crowdsecurity/crowdsec#4266)) [@​sabban](https://github.com/sabban) - version workflow fix ([#​4262](crowdsecurity/crowdsec#4262)) [@​sabban](https://github.com/sabban) - rename the prod branch to main ([#​4261](crowdsecurity/crowdsec#4261)) [@​sabban](https://github.com/sabban) - add version workflow ([#​4210](crowdsecurity/crowdsec#4210)) [@​sabban](https://github.com/sabban) - pkg/leakybucket: remove unused global ([#​4251](crowdsecurity/crowdsec#4251)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: pass bucket factories by pointer ([#​4250](crowdsecurity/crowdsec#4250)) [@​mmetc](https://github.com/mmetc) - pkt/leakybucket: compileScopeFilter() -> ScopeType.CompileFilter() ([#​4247](crowdsecurity/crowdsec#4247)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: rename OverflowFilter -> OverflowProcessor ([#​4248](crowdsecurity/crowdsec#4248)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: rename Buckets -> BucketStore ([#​4246](crowdsecurity/crowdsec#4246)) [@​mmetc](https://github.com/mmetc) - refact leaky bayesian: method to function, unlock w/defer ([#​4242](crowdsecurity/crowdsec#4242)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: early return ([#​4244](crowdsecurity/crowdsec#4244)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: variable shorthand ([#​4245](crowdsecurity/crowdsec#4245)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: move LeakRoutine to method, rename parameters ([#​4243](crowdsecurity/crowdsec#4243)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: review bucket validation and tests ([#​4241](crowdsecurity/crowdsec#4241)) [@​mmetc](https://github.com/mmetc) - refact: remove unnecessary pointers to map, string, mutex ([#​4212](crowdsecurity/crowdsec#4212)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: function to method BucketFactory.LoadBucket() ([#​4229](crowdsecurity/crowdsec#4229)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: BucketType interface, method BucketFactory.Validate() ([#​4228](crowdsecurity/crowdsec#4228)) [@​mmetc](https://github.com/mmetc) #### Chore / Deps - build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 ([#​4382](crowdsecurity/crowdsec#4382)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: use windows-2025 image ([#​4379](crowdsecurity/crowdsec#4379)) [@​blotus](https://github.com/blotus) - build(deps): bump github/codeql-action from 4.32.6 to 4.33.0 ([#​4371](crowdsecurity/crowdsec#4371)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.5.0 to 7.6.0 ([#​4373](crowdsecurity/crowdsec#4373)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump google.golang.org/grpc from 1.74.2 to 1.79.3 ([#​4376](crowdsecurity/crowdsec#4376)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.3.1 to 7.5.0 ([#​4366](crowdsecurity/crowdsec#4366)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 ([#​4319](crowdsecurity/crowdsec#4319)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 ([#​4360](crowdsecurity/crowdsec#4360)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 ([#​4361](crowdsecurity/crowdsec#4361)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump release-drafter/release-drafter from 6.2.0 to 6.4.0 ([#​4362](crowdsecurity/crowdsec#4362)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 ([#​4356](crowdsecurity/crowdsec#4356)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 ([#​4353](crowdsecurity/crowdsec#4353)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 ([#​4352](crowdsecurity/crowdsec#4352)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.7.0 to 4.0.0 ([#​4354](crowdsecurity/crowdsec#4354)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - deps: update actions and golangci-lint ([#​4348](crowdsecurity/crowdsec#4348)) [@​mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 ([#​4345](crowdsecurity/crowdsec#4345)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.3.0 to 7.3.1 ([#​4346](crowdsecurity/crowdsec#4346)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 ([#​4339](crowdsecurity/crowdsec#4339)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 ([#​4342](crowdsecurity/crowdsec#4342)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - replace trace.CatchPanic(...) with trace.ReportPanic() ([#​4336](crowdsecurity/crowdsec#4336)) [@​mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 ([#​4322](crowdsecurity/crowdsec#4322)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - deps: update gocron v1 -> v2 ([#​4317](crowdsecurity/crowdsec#4317)) [@​mmetc](https://github.com/mmetc) - build(deps): bump docker/build-push-action from 6.19.0 to 6.19.2 ([#​4306](crowdsecurity/crowdsec#4306)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 ([#​4312](crowdsecurity/crowdsec#4312)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 ([#​4292](crowdsecurity/crowdsec#4292)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - update golangci-lint 2.9 ([#​4302](crowdsecurity/crowdsec#4302)) [@​mmetc](https://github.com/mmetc) - build(deps): bump astral-sh/setup-uv from 7.2.1 to 7.3.0 ([#​4296](crowdsecurity/crowdsec#4296)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/build-push-action from 6.18.0 to 6.19.0 ([#​4303](crowdsecurity/crowdsec#4303)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 ([#​4278](crowdsecurity/crowdsec#4278)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-node from 4.4.0 to 6.2.0 ([#​4264](crowdsecurity/crowdsec#4264)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: update python and dependencies ([#​4249](crowdsecurity/crowdsec#4249)) [@​mmetc](https://github.com/mmetc) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([#​4263](crowdsecurity/crowdsec#4263)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.2.0 to 7.2.1 ([#​4265](crowdsecurity/crowdsec#4265)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.6.0 to 3.7.0 ([#​4257](crowdsecurity/crowdsec#4257)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 ([#​4254](crowdsecurity/crowdsec#4254)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 ([#​4233](crowdsecurity/crowdsec#4233)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([#​4234](crowdsecurity/crowdsec#4234)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump release-drafter/release-drafter from 6.1.0 to 6.2.0 ([#​4222](crowdsecurity/crowdsec#4222)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-python from 6.1.0 to 6.2.0 ([#​4223](crowdsecurity/crowdsec#4223)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuODYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==--> Co-authored-by: Bernd Schorgers <me@bjw-s.dev> Reviewed-on: https://git.bjw-s.dev/bjw-s/home-ops/pulls/26 Co-authored-by: renovate[bot] <renovate-bot@noreply.git.bjw-s.dev> Co-committed-by: renovate[bot] <renovate-bot@noreply.git.bjw-s.dev>
renovate Bot
added a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Apr 8, 2026
##### [\`v1.7.7\`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.7) CrowdSec 1.7.7 brings 2 major changes: - On linux, [RE2](https://github.com/google/re2) is now used by default for evaluating regexp in parsers - WAF rules can now contain a mix of AND/OR conditions without any limits, giving much greater flexibility when writing new rules ##### RE2 by default on linux CrowdsSec has supported for a long time using RE2 as the regexp engine, and with this release we make it the default. CrowdSec has always used the builtin Go regexp package, which is a Go reimplementation of the RE2 library, but with known performance limitations. The switch to RE2 will bring significantly increased regexp performance (one of the most critical part of CrowdSec) at the cost of slightly longer regexp compilation and higher baseline memory usage. > \[!IMPORTANT] > If you encounter any issues with the new regexp engine, you can fallback to the previous Go implementation by setting the feature flag `re2_disable_grok_support` (see [the documentation](https://docs.crowdsec.net/docs/next/configuration/feature_flags/#enabling-a-feature-flag)). ##### Other changes Other notable changes include: - a new `kind` attribute for alerts used to identify its source (a scenario, a WAF rule, a manual decision creation, ...) - a new `cscli allowlist import` command - support for the `HTTP_PROXY` environment variable in the `notification-http` plugin - A resource leak under high load was fixed ##### Full changelog ##### New Features - add LookupFile and FileMap expr helpers ([#4372](crowdsecurity/crowdsec#4372)) [@buixor](https://github.com/buixor) - waf rules: allow arbitrary mix of AND and OR conditions ([#4358](crowdsecurity/crowdsec#4358)) [@blotus](https://github.com/blotus) ##### Improvements - enable RE2 support by default on linux ([#4386](crowdsecurity/crowdsec#4386)) [@blotus](https://github.com/blotus) - cscli allowlists: add import command ([#4378](crowdsecurity/crowdsec#4378)) [@blotus](https://github.com/blotus) - WAF: expose more transformations from coraza ([#4140](crowdsecurity/crowdsec#4140)) [@blotus](https://github.com/blotus) - Add new `kind` alert attribute ([#4351](crowdsecurity/crowdsec#4351)) [@blotus](https://github.com/blotus) - Use environment proxy settings for notification-http ([#4364](crowdsecurity/crowdsec#4364)) [@op3](https://github.com/op3) ##### Bug Fixes - allowlists: apply items to existing decisions in batch ([#4095](crowdsecurity/crowdsec#4095)) [@blotus](https://github.com/blotus) - waf: fix tests for modsec rules generation ([#4385](crowdsecurity/crowdsec#4385)) [@blotus](https://github.com/blotus) - windows: add file notification plugin in MSI package ([#4367](crowdsecurity/crowdsec#4367)) [@blotus](https://github.com/blotus) - leakroutine: call cancel after leakroutine returns ([#4369](crowdsecurity/crowdsec#4369)) [@blotus](https://github.com/blotus) - notification-sentinel: lower-case x-ms-date header for correct HMAC ([#4288](crowdsecurity/crowdsec#4288)) [@ebirn](https://github.com/ebirn) - tests: remove temporary sqlite/plugin files from /tmp/ ([#4332](crowdsecurity/crowdsec#4332)) [@mmetc](https://github.com/mmetc) - pkg/apiserver: fix scenario count in debug log ([#4333](crowdsecurity/crowdsec#4333)) [@mmetc](https://github.com/mmetc) - pkg/csplugin: prevent race condition, deadlock ([#4294](crowdsecurity/crowdsec#4294)) [@mmetc](https://github.com/mmetc) - pkg/acquisitioncontext: minimal fix for data race in tests ([#4327](crowdsecurity/crowdsec#4327)) [@mmetc](https://github.com/mmetc) - acquisition/file: minimal fix for data race in tests ([#4326](crowdsecurity/crowdsec#4326)) [@mmetc](https://github.com/mmetc) - fix lint fsutil/freebsd: unnecessary conversion ([#4324](crowdsecurity/crowdsec#4324)) [@mmetc](https://github.com/mmetc) - cscli: consistent status and usage message for unknown subcommands ([#4320](crowdsecurity/crowdsec#4320)) [@mmetc](https://github.com/mmetc) - cscli detect: set log type for caddy unit to "syslog" ([#4321](crowdsecurity/crowdsec#4321)) [@mmetc](https://github.com/mmetc) - CI: add published\_at to version.crowdsec.net/latest ([#4291](crowdsecurity/crowdsec#4291)) [@blotus](https://github.com/blotus) - cmd/crowdsec: assign overflow after parsing ([#4226](crowdsecurity/crowdsec#4226)) [@mmetc](https://github.com/mmetc) - waf: format as CRS match only if anomaly score is not 0 ([#4230](crowdsecurity/crowdsec#4230)) [@blotus](https://github.com/blotus) ##### Changes - build(deps): bump cryptography from 46.0.3 to 46.0.5 in /build/docker/test ([#4298](crowdsecurity/crowdsec#4298)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - support for waf- alias in cscli ([#4347](crowdsecurity/crowdsec#4347)) [@buixor](https://github.com/buixor) - refact pkg/dumps: reduce complexity ([#4209](crowdsecurity/crowdsec#4209)) [@mmetc](https://github.com/mmetc) - lint: refact pkg/dumps for nilaway ([#4208](crowdsecurity/crowdsec#4208)) [@mmetc](https://github.com/mmetc) - refact pkg/parser: redundant indirection ([#4344](crowdsecurity/crowdsec#4344)) [@mmetc](https://github.com/mmetc) - refact pkg/parser: extract+embed NodeConfig in Node struct ([#4343](crowdsecurity/crowdsec#4343)) [@mmetc](https://github.com/mmetc) - move calls to trace.ReportPanic() on top of goroutines ([#4338](crowdsecurity/crowdsec#4338)) [@mmetc](https://github.com/mmetc) - pkg/csplugin: simplify notification loop; noop with empty queue ([#4328](crowdsecurity/crowdsec#4328)) [@mmetc](https://github.com/mmetc) - pkg/parsers: light refact, remove redundant code ([#4213](crowdsecurity/crowdsec#4213)) [@mmetc](https://github.com/mmetc) - refact cmd/crowdsec: encapsulate cache into alertBuffer ([#4300](crowdsecurity/crowdsec#4300)) [@mmetc](https://github.com/mmetc) - cmd/notification-\*: don't provide the same context twice for request ([#4316](crowdsecurity/crowdsec#4316)) [@mmetc](https://github.com/mmetc) - don't flush 127.0.0.1 ([#4315](crowdsecurity/crowdsec#4315)) [@sabban](https://github.com/sabban) - clipapi: replace tomb with errgroup ([#4207](crowdsecurity/crowdsec#4207)) [@mmetc](https://github.com/mmetc) - refact cmd/crowdsec: remove redundant global variable ([#4299](crowdsecurity/crowdsec#4299)) [@mmetc](https://github.com/mmetc) - refact: remove unused code in crowdsec-cli, apiserver, acquisition, database ([#4304](crowdsecurity/crowdsec#4304)) [@mmetc](https://github.com/mmetc) - refact pkg/leakybucket: trim down redundant Leaky struct fields ([#4290](crowdsecurity/crowdsec#4290)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: remove global bucketStore, unused parameters + tags ([#4286](crowdsecurity/crowdsec#4286)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: remove Simulated field from Leaky, keep it in config ([#4285](crowdsecurity/crowdsec#4285)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: extract BucketSpec from BucketFactory ([#4284](crowdsecurity/crowdsec#4284)) [@mmetc](https://github.com/mmetc) - refact pkg/leakybucket: extract methods from LoadBucket() part 2 ([#4282](crowdsecurity/crowdsec#4282)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: refact test loop, more explicit failures in testFile() ([#4281](crowdsecurity/crowdsec#4281)) [@mmetc](https://github.com/mmetc) - refact pkg/leakybucket: extract methods from LoadBucket() ([#4279](crowdsecurity/crowdsec#4279)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: replace Signal chan with explicit read/done chans ([#4277](crowdsecurity/crowdsec#4277)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: replace waitgroups with single rwlock ([#4276](crowdsecurity/crowdsec#4276)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: garbage collect: compare float with epsilon ([#4275](crowdsecurity/crowdsec#4275)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: refactor tests ([#4272](crowdsecurity/crowdsec#4272)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: replace sycn.Map with map + mutex ([#4271](crowdsecurity/crowdsec#4271)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: replace global counter with call to bucket store ([#4273](crowdsecurity/crowdsec#4273)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: review README.md ([#4274](crowdsecurity/crowdsec#4274)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: encapsulate store map + add methods ([#4253](crowdsecurity/crowdsec#4253)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: remove redundant bool var ([#4252](crowdsecurity/crowdsec#4252)) [@mmetc](https://github.com/mmetc) - fix hub console side ([#4266](crowdsecurity/crowdsec#4266)) [@sabban](https://github.com/sabban) - version workflow fix ([#4262](crowdsecurity/crowdsec#4262)) [@sabban](https://github.com/sabban) - rename the prod branch to main ([#4261](crowdsecurity/crowdsec#4261)) [@sabban](https://github.com/sabban) - add version workflow ([#4210](crowdsecurity/crowdsec#4210)) [@sabban](https://github.com/sabban) - pkg/leakybucket: remove unused global ([#4251](crowdsecurity/crowdsec#4251)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: pass bucket factories by pointer ([#4250](crowdsecurity/crowdsec#4250)) [@mmetc](https://github.com/mmetc) - pkt/leakybucket: compileScopeFilter() -> ScopeType.CompileFilter() ([#4247](crowdsecurity/crowdsec#4247)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: rename OverflowFilter -> OverflowProcessor ([#4248](crowdsecurity/crowdsec#4248)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: rename Buckets -> BucketStore ([#4246](crowdsecurity/crowdsec#4246)) [@mmetc](https://github.com/mmetc) - refact leaky bayesian: method to function, unlock w/defer ([#4242](crowdsecurity/crowdsec#4242)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: early return ([#4244](crowdsecurity/crowdsec#4244)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: variable shorthand ([#4245](crowdsecurity/crowdsec#4245)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: move LeakRoutine to method, rename parameters ([#4243](crowdsecurity/crowdsec#4243)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: review bucket validation and tests ([#4241](crowdsecurity/crowdsec#4241)) [@mmetc](https://github.com/mmetc) - refact: remove unnecessary pointers to map, string, mutex ([#4212](crowdsecurity/crowdsec#4212)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: function to method BucketFactory.LoadBucket() ([#4229](crowdsecurity/crowdsec#4229)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: BucketType interface, method BucketFactory.Validate() ([#4228](crowdsecurity/crowdsec#4228)) [@mmetc](https://github.com/mmetc) ##### Chore / Deps - build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 ([#4382](crowdsecurity/crowdsec#4382)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: use windows-2025 image ([#4379](crowdsecurity/crowdsec#4379)) [@blotus](https://github.com/blotus) - build(deps): bump github/codeql-action from 4.32.6 to 4.33.0 ([#4371](crowdsecurity/crowdsec#4371)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.5.0 to 7.6.0 ([#4373](crowdsecurity/crowdsec#4373)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump google.golang.org/grpc from 1.74.2 to 1.79.3 ([#4376](crowdsecurity/crowdsec#4376)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.3.1 to 7.5.0 ([#4366](crowdsecurity/crowdsec#4366)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 ([#4319](crowdsecurity/crowdsec#4319)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 ([#4360](crowdsecurity/crowdsec#4360)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 ([#4361](crowdsecurity/crowdsec#4361)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump release-drafter/release-drafter from 6.2.0 to 6.4.0 ([#4362](crowdsecurity/crowdsec#4362)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 ([#4356](crowdsecurity/crowdsec#4356)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 ([#4353](crowdsecurity/crowdsec#4353)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 ([#4352](crowdsecurity/crowdsec#4352)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.7.0 to 4.0.0 ([#4354](crowdsecurity/crowdsec#4354)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - deps: update actions and golangci-lint ([#4348](crowdsecurity/crowdsec#4348)) [@mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 ([#4345](crowdsecurity/crowdsec#4345)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.3.0 to 7.3.1 ([#4346](crowdsecurity/crowdsec#4346)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 ([#4339](crowdsecurity/crowdsec#4339)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 ([#4342](crowdsecurity/crowdsec#4342)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - replace trace.CatchPanic(...) with trace.ReportPanic() ([#4336](crowdsecurity/crowdsec#4336)) [@mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 ([#4322](crowdsecurity/crowdsec#4322)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - deps: update gocron v1 -> v2 ([#4317](crowdsecurity/crowdsec#4317)) [@mmetc](https://github.com/mmetc) - build(deps): bump docker/build-push-action from 6.19.0 to 6.19.2 ([#4306](crowdsecurity/crowdsec#4306)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 ([#4312](crowdsecurity/crowdsec#4312)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 ([#4292](crowdsecurity/crowdsec#4292)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - update golangci-lint 2.9 ([#4302](crowdsecurity/crowdsec#4302)) [@mmetc](https://github.com/mmetc) - build(deps): bump astral-sh/setup-uv from 7.2.1 to 7.3.0 ([#4296](crowdsecurity/crowdsec#4296)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/build-push-action from 6.18.0 to 6.19.0 ([#4303](crowdsecurity/crowdsec#4303)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 ([#4278](crowdsecurity/crowdsec#4278)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-node from 4.4.0 to 6.2.0 ([#4264](crowdsecurity/crowdsec#4264)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: update python and dependencies ([#4249](crowdsecurity/crowdsec#4249)) [@mmetc](https://github.com/mmetc) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([#4263](crowdsecurity/crowdsec#4263)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.2.0 to 7.2.1 ([#4265](crowdsecurity/crowdsec#4265)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.6.0 to 3.7.0 ([#4257](crowdsecurity/crowdsec#4257)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 ([#4254](crowdsecurity/crowdsec#4254)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 ([#4233](crowdsecurity/crowdsec#4233)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([#4234](crowdsecurity/crowdsec#4234)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump release-drafter/release-drafter from 6.1.0 to 6.2.0 ([#4222](crowdsecurity/crowdsec#4222)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-python from 6.1.0 to 6.2.0 ([#4223](crowdsecurity/crowdsec#4223)) @[dependabot\[bot\]](https://github.com/apps/dependabot) ##### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. ##### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec).
sdwilsh
pushed a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Apr 11, 2026
##### [\`v1.7.7\`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.7) CrowdSec 1.7.7 brings 2 major changes: - On linux, [RE2](https://github.com/google/re2) is now used by default for evaluating regexp in parsers - WAF rules can now contain a mix of AND/OR conditions without any limits, giving much greater flexibility when writing new rules ##### RE2 by default on linux CrowdsSec has supported for a long time using RE2 as the regexp engine, and with this release we make it the default. CrowdSec has always used the builtin Go regexp package, which is a Go reimplementation of the RE2 library, but with known performance limitations. The switch to RE2 will bring significantly increased regexp performance (one of the most critical part of CrowdSec) at the cost of slightly longer regexp compilation and higher baseline memory usage. > \[!IMPORTANT] > If you encounter any issues with the new regexp engine, you can fallback to the previous Go implementation by setting the feature flag `re2_disable_grok_support` (see [the documentation](https://docs.crowdsec.net/docs/next/configuration/feature_flags/#enabling-a-feature-flag)). ##### Other changes Other notable changes include: - a new `kind` attribute for alerts used to identify its source (a scenario, a WAF rule, a manual decision creation, ...) - a new `cscli allowlist import` command - support for the `HTTP_PROXY` environment variable in the `notification-http` plugin - A resource leak under high load was fixed ##### Full changelog ##### New Features - add LookupFile and FileMap expr helpers ([#4372](crowdsecurity/crowdsec#4372)) [@buixor](https://github.com/buixor) - waf rules: allow arbitrary mix of AND and OR conditions ([#4358](crowdsecurity/crowdsec#4358)) [@blotus](https://github.com/blotus) ##### Improvements - enable RE2 support by default on linux ([#4386](crowdsecurity/crowdsec#4386)) [@blotus](https://github.com/blotus) - cscli allowlists: add import command ([#4378](crowdsecurity/crowdsec#4378)) [@blotus](https://github.com/blotus) - WAF: expose more transformations from coraza ([#4140](crowdsecurity/crowdsec#4140)) [@blotus](https://github.com/blotus) - Add new `kind` alert attribute ([#4351](crowdsecurity/crowdsec#4351)) [@blotus](https://github.com/blotus) - Use environment proxy settings for notification-http ([#4364](crowdsecurity/crowdsec#4364)) [@op3](https://github.com/op3) ##### Bug Fixes - allowlists: apply items to existing decisions in batch ([#4095](crowdsecurity/crowdsec#4095)) [@blotus](https://github.com/blotus) - waf: fix tests for modsec rules generation ([#4385](crowdsecurity/crowdsec#4385)) [@blotus](https://github.com/blotus) - windows: add file notification plugin in MSI package ([#4367](crowdsecurity/crowdsec#4367)) [@blotus](https://github.com/blotus) - leakroutine: call cancel after leakroutine returns ([#4369](crowdsecurity/crowdsec#4369)) [@blotus](https://github.com/blotus) - notification-sentinel: lower-case x-ms-date header for correct HMAC ([#4288](crowdsecurity/crowdsec#4288)) [@ebirn](https://github.com/ebirn) - tests: remove temporary sqlite/plugin files from /tmp/ ([#4332](crowdsecurity/crowdsec#4332)) [@mmetc](https://github.com/mmetc) - pkg/apiserver: fix scenario count in debug log ([#4333](crowdsecurity/crowdsec#4333)) [@mmetc](https://github.com/mmetc) - pkg/csplugin: prevent race condition, deadlock ([#4294](crowdsecurity/crowdsec#4294)) [@mmetc](https://github.com/mmetc) - pkg/acquisitioncontext: minimal fix for data race in tests ([#4327](crowdsecurity/crowdsec#4327)) [@mmetc](https://github.com/mmetc) - acquisition/file: minimal fix for data race in tests ([#4326](crowdsecurity/crowdsec#4326)) [@mmetc](https://github.com/mmetc) - fix lint fsutil/freebsd: unnecessary conversion ([#4324](crowdsecurity/crowdsec#4324)) [@mmetc](https://github.com/mmetc) - cscli: consistent status and usage message for unknown subcommands ([#4320](crowdsecurity/crowdsec#4320)) [@mmetc](https://github.com/mmetc) - cscli detect: set log type for caddy unit to "syslog" ([#4321](crowdsecurity/crowdsec#4321)) [@mmetc](https://github.com/mmetc) - CI: add published\_at to version.crowdsec.net/latest ([#4291](crowdsecurity/crowdsec#4291)) [@blotus](https://github.com/blotus) - cmd/crowdsec: assign overflow after parsing ([#4226](crowdsecurity/crowdsec#4226)) [@mmetc](https://github.com/mmetc) - waf: format as CRS match only if anomaly score is not 0 ([#4230](crowdsecurity/crowdsec#4230)) [@blotus](https://github.com/blotus) ##### Changes - build(deps): bump cryptography from 46.0.3 to 46.0.5 in /build/docker/test ([#4298](crowdsecurity/crowdsec#4298)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - support for waf- alias in cscli ([#4347](crowdsecurity/crowdsec#4347)) [@buixor](https://github.com/buixor) - refact pkg/dumps: reduce complexity ([#4209](crowdsecurity/crowdsec#4209)) [@mmetc](https://github.com/mmetc) - lint: refact pkg/dumps for nilaway ([#4208](crowdsecurity/crowdsec#4208)) [@mmetc](https://github.com/mmetc) - refact pkg/parser: redundant indirection ([#4344](crowdsecurity/crowdsec#4344)) [@mmetc](https://github.com/mmetc) - refact pkg/parser: extract+embed NodeConfig in Node struct ([#4343](crowdsecurity/crowdsec#4343)) [@mmetc](https://github.com/mmetc) - move calls to trace.ReportPanic() on top of goroutines ([#4338](crowdsecurity/crowdsec#4338)) [@mmetc](https://github.com/mmetc) - pkg/csplugin: simplify notification loop; noop with empty queue ([#4328](crowdsecurity/crowdsec#4328)) [@mmetc](https://github.com/mmetc) - pkg/parsers: light refact, remove redundant code ([#4213](crowdsecurity/crowdsec#4213)) [@mmetc](https://github.com/mmetc) - refact cmd/crowdsec: encapsulate cache into alertBuffer ([#4300](crowdsecurity/crowdsec#4300)) [@mmetc](https://github.com/mmetc) - cmd/notification-\*: don't provide the same context twice for request ([#4316](crowdsecurity/crowdsec#4316)) [@mmetc](https://github.com/mmetc) - don't flush 127.0.0.1 ([#4315](crowdsecurity/crowdsec#4315)) [@sabban](https://github.com/sabban) - clipapi: replace tomb with errgroup ([#4207](crowdsecurity/crowdsec#4207)) [@mmetc](https://github.com/mmetc) - refact cmd/crowdsec: remove redundant global variable ([#4299](crowdsecurity/crowdsec#4299)) [@mmetc](https://github.com/mmetc) - refact: remove unused code in crowdsec-cli, apiserver, acquisition, database ([#4304](crowdsecurity/crowdsec#4304)) [@mmetc](https://github.com/mmetc) - refact pkg/leakybucket: trim down redundant Leaky struct fields ([#4290](crowdsecurity/crowdsec#4290)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: remove global bucketStore, unused parameters + tags ([#4286](crowdsecurity/crowdsec#4286)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: remove Simulated field from Leaky, keep it in config ([#4285](crowdsecurity/crowdsec#4285)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: extract BucketSpec from BucketFactory ([#4284](crowdsecurity/crowdsec#4284)) [@mmetc](https://github.com/mmetc) - refact pkg/leakybucket: extract methods from LoadBucket() part 2 ([#4282](crowdsecurity/crowdsec#4282)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: refact test loop, more explicit failures in testFile() ([#4281](crowdsecurity/crowdsec#4281)) [@mmetc](https://github.com/mmetc) - refact pkg/leakybucket: extract methods from LoadBucket() ([#4279](crowdsecurity/crowdsec#4279)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: replace Signal chan with explicit read/done chans ([#4277](crowdsecurity/crowdsec#4277)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: replace waitgroups with single rwlock ([#4276](crowdsecurity/crowdsec#4276)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: garbage collect: compare float with epsilon ([#4275](crowdsecurity/crowdsec#4275)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: refactor tests ([#4272](crowdsecurity/crowdsec#4272)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: replace sycn.Map with map + mutex ([#4271](crowdsecurity/crowdsec#4271)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: replace global counter with call to bucket store ([#4273](crowdsecurity/crowdsec#4273)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: review README.md ([#4274](crowdsecurity/crowdsec#4274)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: encapsulate store map + add methods ([#4253](crowdsecurity/crowdsec#4253)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: remove redundant bool var ([#4252](crowdsecurity/crowdsec#4252)) [@mmetc](https://github.com/mmetc) - fix hub console side ([#4266](crowdsecurity/crowdsec#4266)) [@sabban](https://github.com/sabban) - version workflow fix ([#4262](crowdsecurity/crowdsec#4262)) [@sabban](https://github.com/sabban) - rename the prod branch to main ([#4261](crowdsecurity/crowdsec#4261)) [@sabban](https://github.com/sabban) - add version workflow ([#4210](crowdsecurity/crowdsec#4210)) [@sabban](https://github.com/sabban) - pkg/leakybucket: remove unused global ([#4251](crowdsecurity/crowdsec#4251)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: pass bucket factories by pointer ([#4250](crowdsecurity/crowdsec#4250)) [@mmetc](https://github.com/mmetc) - pkt/leakybucket: compileScopeFilter() -> ScopeType.CompileFilter() ([#4247](crowdsecurity/crowdsec#4247)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: rename OverflowFilter -> OverflowProcessor ([#4248](crowdsecurity/crowdsec#4248)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: rename Buckets -> BucketStore ([#4246](crowdsecurity/crowdsec#4246)) [@mmetc](https://github.com/mmetc) - refact leaky bayesian: method to function, unlock w/defer ([#4242](crowdsecurity/crowdsec#4242)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: early return ([#4244](crowdsecurity/crowdsec#4244)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: variable shorthand ([#4245](crowdsecurity/crowdsec#4245)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: move LeakRoutine to method, rename parameters ([#4243](crowdsecurity/crowdsec#4243)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: review bucket validation and tests ([#4241](crowdsecurity/crowdsec#4241)) [@mmetc](https://github.com/mmetc) - refact: remove unnecessary pointers to map, string, mutex ([#4212](crowdsecurity/crowdsec#4212)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: function to method BucketFactory.LoadBucket() ([#4229](crowdsecurity/crowdsec#4229)) [@mmetc](https://github.com/mmetc) - pkg/leakybucket: BucketType interface, method BucketFactory.Validate() ([#4228](crowdsecurity/crowdsec#4228)) [@mmetc](https://github.com/mmetc) ##### Chore / Deps - build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 ([#4382](crowdsecurity/crowdsec#4382)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: use windows-2025 image ([#4379](crowdsecurity/crowdsec#4379)) [@blotus](https://github.com/blotus) - build(deps): bump github/codeql-action from 4.32.6 to 4.33.0 ([#4371](crowdsecurity/crowdsec#4371)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.5.0 to 7.6.0 ([#4373](crowdsecurity/crowdsec#4373)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump google.golang.org/grpc from 1.74.2 to 1.79.3 ([#4376](crowdsecurity/crowdsec#4376)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.3.1 to 7.5.0 ([#4366](crowdsecurity/crowdsec#4366)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 ([#4319](crowdsecurity/crowdsec#4319)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 ([#4360](crowdsecurity/crowdsec#4360)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 ([#4361](crowdsecurity/crowdsec#4361)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump release-drafter/release-drafter from 6.2.0 to 6.4.0 ([#4362](crowdsecurity/crowdsec#4362)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 ([#4356](crowdsecurity/crowdsec#4356)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 ([#4353](crowdsecurity/crowdsec#4353)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 ([#4352](crowdsecurity/crowdsec#4352)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.7.0 to 4.0.0 ([#4354](crowdsecurity/crowdsec#4354)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - deps: update actions and golangci-lint ([#4348](crowdsecurity/crowdsec#4348)) [@mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 ([#4345](crowdsecurity/crowdsec#4345)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.3.0 to 7.3.1 ([#4346](crowdsecurity/crowdsec#4346)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 ([#4339](crowdsecurity/crowdsec#4339)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 ([#4342](crowdsecurity/crowdsec#4342)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - replace trace.CatchPanic(...) with trace.ReportPanic() ([#4336](crowdsecurity/crowdsec#4336)) [@mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 ([#4322](crowdsecurity/crowdsec#4322)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - deps: update gocron v1 -> v2 ([#4317](crowdsecurity/crowdsec#4317)) [@mmetc](https://github.com/mmetc) - build(deps): bump docker/build-push-action from 6.19.0 to 6.19.2 ([#4306](crowdsecurity/crowdsec#4306)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 ([#4312](crowdsecurity/crowdsec#4312)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 ([#4292](crowdsecurity/crowdsec#4292)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - update golangci-lint 2.9 ([#4302](crowdsecurity/crowdsec#4302)) [@mmetc](https://github.com/mmetc) - build(deps): bump astral-sh/setup-uv from 7.2.1 to 7.3.0 ([#4296](crowdsecurity/crowdsec#4296)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/build-push-action from 6.18.0 to 6.19.0 ([#4303](crowdsecurity/crowdsec#4303)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 ([#4278](crowdsecurity/crowdsec#4278)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-node from 4.4.0 to 6.2.0 ([#4264](crowdsecurity/crowdsec#4264)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: update python and dependencies ([#4249](crowdsecurity/crowdsec#4249)) [@mmetc](https://github.com/mmetc) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([#4263](crowdsecurity/crowdsec#4263)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.2.0 to 7.2.1 ([#4265](crowdsecurity/crowdsec#4265)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.6.0 to 3.7.0 ([#4257](crowdsecurity/crowdsec#4257)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 ([#4254](crowdsecurity/crowdsec#4254)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 ([#4233](crowdsecurity/crowdsec#4233)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([#4234](crowdsecurity/crowdsec#4234)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump release-drafter/release-drafter from 6.1.0 to 6.2.0 ([#4222](crowdsecurity/crowdsec#4222)) @[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-python from 6.1.0 to 6.2.0 ([#4223](crowdsecurity/crowdsec#4223)) @[dependabot\[bot\]](https://github.com/apps/dependabot) ##### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. ##### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec).
eleboucher
pushed a commit
to eleboucher/homelab
that referenced
this pull request
Apr 25, 2026
…4 → v1.7.7) (#282) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/crowdsecurity/crowdsec](https://github.com/crowdsecurity/crowdsec) | minor | `v1.6.4` → `v1.7.7` | --- ### Release Notes <details> <summary>crowdsecurity/crowdsec (docker.io/crowdsecurity/crowdsec)</summary> ### [`v1.7.7`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.7) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.7.6...v1.7.7) CrowdSec 1.7.7 brings 2 major changes: - On linux, [RE2](https://github.com/google/re2) is now used by default for evaluating regexp in parsers - WAF rules can now contain a mix of AND/OR conditions without any limits, giving much greater flexibility when writing new rules ##### RE2 by default on linux CrowdsSec has supported for a long time using RE2 as the regexp engine, and with this release we make it the default. CrowdSec has always used the builtin Go regexp package, which is a Go reimplementation of the RE2 library, but with known performance limitations. The switch to RE2 will bring significantly increased regexp performance (one of the most critical part of CrowdSec) at the cost of slightly longer regexp compilation and higher baseline memory usage. > \[!IMPORTANT] > If you encounter any issues with the new regexp engine, you can fallback to the previous Go implementation by setting the feature flag `re2_disable_grok_support` (see [the documentation](https://docs.crowdsec.net/docs/next/configuration/feature_flags/#enabling-a-feature-flag)). ##### Other changes Other notable changes include: - a new `kind` attribute for alerts used to identify its source (a scenario, a WAF rule, a manual decision creation, ...) - a new `cscli allowlist import` command - support for the `HTTP_PROXY` environment variable in the `notification-http` plugin - A resource leak under high load was fixed ### Full changelog #### New Features - add LookupFile and FileMap expr helpers ([#​4372](https://github.com/crowdsecurity/crowdsec/issues/4372)) [@​buixor](https://github.com/buixor) - waf rules: allow arbitrary mix of AND and OR conditions ([#​4358](https://github.com/crowdsecurity/crowdsec/issues/4358)) [@​blotus](https://github.com/blotus) #### Improvements - enable RE2 support by default on linux ([#​4386](https://github.com/crowdsecurity/crowdsec/issues/4386)) [@​blotus](https://github.com/blotus) - cscli allowlists: add import command ([#​4378](https://github.com/crowdsecurity/crowdsec/issues/4378)) [@​blotus](https://github.com/blotus) - WAF: expose more transformations from coraza ([#​4140](https://github.com/crowdsecurity/crowdsec/issues/4140)) [@​blotus](https://github.com/blotus) - Add new `kind` alert attribute ([#​4351](https://github.com/crowdsecurity/crowdsec/issues/4351)) [@​blotus](https://github.com/blotus) - Use environment proxy settings for notification-http ([#​4364](https://github.com/crowdsecurity/crowdsec/issues/4364)) [@​op3](https://github.com/op3) #### Bug Fixes - allowlists: apply items to existing decisions in batch ([#​4095](https://github.com/crowdsecurity/crowdsec/issues/4095)) [@​blotus](https://github.com/blotus) - waf: fix tests for modsec rules generation ([#​4385](https://github.com/crowdsecurity/crowdsec/issues/4385)) [@​blotus](https://github.com/blotus) - windows: add file notification plugin in MSI package ([#​4367](https://github.com/crowdsecurity/crowdsec/issues/4367)) [@​blotus](https://github.com/blotus) - leakroutine: call cancel after leakroutine returns ([#​4369](https://github.com/crowdsecurity/crowdsec/issues/4369)) [@​blotus](https://github.com/blotus) - notification-sentinel: lower-case x-ms-date header for correct HMAC ([#​4288](https://github.com/crowdsecurity/crowdsec/issues/4288)) [@​ebirn](https://github.com/ebirn) - tests: remove temporary sqlite/plugin files from /tmp/ ([#​4332](https://github.com/crowdsecurity/crowdsec/issues/4332)) [@​mmetc](https://github.com/mmetc) - pkg/apiserver: fix scenario count in debug log ([#​4333](https://github.com/crowdsecurity/crowdsec/issues/4333)) [@​mmetc](https://github.com/mmetc) - pkg/csplugin: prevent race condition, deadlock ([#​4294](https://github.com/crowdsecurity/crowdsec/issues/4294)) [@​mmetc](https://github.com/mmetc) - pkg/acquisitioncontext: minimal fix for data race in tests ([#​4327](https://github.com/crowdsecurity/crowdsec/issues/4327)) [@​mmetc](https://github.com/mmetc) - acquisition/file: minimal fix for data race in tests ([#​4326](https://github.com/crowdsecurity/crowdsec/issues/4326)) [@​mmetc](https://github.com/mmetc) - fix lint fsutil/freebsd: unnecessary conversion ([#​4324](https://github.com/crowdsecurity/crowdsec/issues/4324)) [@​mmetc](https://github.com/mmetc) - cscli: consistent status and usage message for unknown subcommands ([#​4320](https://github.com/crowdsecurity/crowdsec/issues/4320)) [@​mmetc](https://github.com/mmetc) - cscli detect: set log type for caddy unit to "syslog" ([#​4321](https://github.com/crowdsecurity/crowdsec/issues/4321)) [@​mmetc](https://github.com/mmetc) - CI: add published\_at to version.crowdsec.net/latest ([#​4291](https://github.com/crowdsecurity/crowdsec/issues/4291)) [@​blotus](https://github.com/blotus) - cmd/crowdsec: assign overflow after parsing ([#​4226](https://github.com/crowdsecurity/crowdsec/issues/4226)) [@​mmetc](https://github.com/mmetc) - waf: format as CRS match only if anomaly score is not 0 ([#​4230](https://github.com/crowdsecurity/crowdsec/issues/4230)) [@​blotus](https://github.com/blotus) #### Changes - build(deps): bump cryptography from 46.0.3 to 46.0.5 in /build/docker/test ([#​4298](https://github.com/crowdsecurity/crowdsec/issues/4298)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - support for waf- alias in cscli ([#​4347](https://github.com/crowdsecurity/crowdsec/issues/4347)) [@​buixor](https://github.com/buixor) - refact pkg/dumps: reduce complexity ([#​4209](https://github.com/crowdsecurity/crowdsec/issues/4209)) [@​mmetc](https://github.com/mmetc) - lint: refact pkg/dumps for nilaway ([#​4208](https://github.com/crowdsecurity/crowdsec/issues/4208)) [@​mmetc](https://github.com/mmetc) - refact pkg/parser: redundant indirection ([#​4344](https://github.com/crowdsecurity/crowdsec/issues/4344)) [@​mmetc](https://github.com/mmetc) - refact pkg/parser: extract+embed NodeConfig in Node struct ([#​4343](https://github.com/crowdsecurity/crowdsec/issues/4343)) [@​mmetc](https://github.com/mmetc) - move calls to trace.ReportPanic() on top of goroutines ([#​4338](https://github.com/crowdsecurity/crowdsec/issues/4338)) [@​mmetc](https://github.com/mmetc) - pkg/csplugin: simplify notification loop; noop with empty queue ([#​4328](https://github.com/crowdsecurity/crowdsec/issues/4328)) [@​mmetc](https://github.com/mmetc) - pkg/parsers: light refact, remove redundant code ([#​4213](https://github.com/crowdsecurity/crowdsec/issues/4213)) [@​mmetc](https://github.com/mmetc) - refact cmd/crowdsec: encapsulate cache into alertBuffer ([#​4300](https://github.com/crowdsecurity/crowdsec/issues/4300)) [@​mmetc](https://github.com/mmetc) - cmd/notification-\*: don't provide the same context twice for request ([#​4316](https://github.com/crowdsecurity/crowdsec/issues/4316)) [@​mmetc](https://github.com/mmetc) - don't flush 127.0.0.1 ([#​4315](https://github.com/crowdsecurity/crowdsec/issues/4315)) [@​sabban](https://github.com/sabban) - clipapi: replace tomb with errgroup ([#​4207](https://github.com/crowdsecurity/crowdsec/issues/4207)) [@​mmetc](https://github.com/mmetc) - refact cmd/crowdsec: remove redundant global variable ([#​4299](https://github.com/crowdsecurity/crowdsec/issues/4299)) [@​mmetc](https://github.com/mmetc) - refact: remove unused code in crowdsec-cli, apiserver, acquisition, database ([#​4304](https://github.com/crowdsecurity/crowdsec/issues/4304)) [@​mmetc](https://github.com/mmetc) - refact pkg/leakybucket: trim down redundant Leaky struct fields ([#​4290](https://github.com/crowdsecurity/crowdsec/issues/4290)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: remove global bucketStore, unused parameters + tags ([#​4286](https://github.com/crowdsecurity/crowdsec/issues/4286)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: remove Simulated field from Leaky, keep it in config ([#​4285](https://github.com/crowdsecurity/crowdsec/issues/4285)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: extract BucketSpec from BucketFactory ([#​4284](https://github.com/crowdsecurity/crowdsec/issues/4284)) [@​mmetc](https://github.com/mmetc) - refact pkg/leakybucket: extract methods from LoadBucket() part 2 ([#​4282](https://github.com/crowdsecurity/crowdsec/issues/4282)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: refact test loop, more explicit failures in testFile() ([#​4281](https://github.com/crowdsecurity/crowdsec/issues/4281)) [@​mmetc](https://github.com/mmetc) - refact pkg/leakybucket: extract methods from LoadBucket() ([#​4279](https://github.com/crowdsecurity/crowdsec/issues/4279)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: replace Signal chan with explicit read/done chans ([#​4277](https://github.com/crowdsecurity/crowdsec/issues/4277)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: replace waitgroups with single rwlock ([#​4276](https://github.com/crowdsecurity/crowdsec/issues/4276)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: garbage collect: compare float with epsilon ([#​4275](https://github.com/crowdsecurity/crowdsec/issues/4275)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: refactor tests ([#​4272](https://github.com/crowdsecurity/crowdsec/issues/4272)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: replace sycn.Map with map + mutex ([#​4271](https://github.com/crowdsecurity/crowdsec/issues/4271)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: replace global counter with call to bucket store ([#​4273](https://github.com/crowdsecurity/crowdsec/issues/4273)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: review README.md ([#​4274](https://github.com/crowdsecurity/crowdsec/issues/4274)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: encapsulate store map + add methods ([#​4253](https://github.com/crowdsecurity/crowdsec/issues/4253)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: remove redundant bool var ([#​4252](https://github.com/crowdsecurity/crowdsec/issues/4252)) [@​mmetc](https://github.com/mmetc) - fix hub console side ([#​4266](https://github.com/crowdsecurity/crowdsec/issues/4266)) [@​sabban](https://github.com/sabban) - version workflow fix ([#​4262](https://github.com/crowdsecurity/crowdsec/issues/4262)) [@​sabban](https://github.com/sabban) - rename the prod branch to main ([#​4261](https://github.com/crowdsecurity/crowdsec/issues/4261)) [@​sabban](https://github.com/sabban) - add version workflow ([#​4210](https://github.com/crowdsecurity/crowdsec/issues/4210)) [@​sabban](https://github.com/sabban) - pkg/leakybucket: remove unused global ([#​4251](https://github.com/crowdsecurity/crowdsec/issues/4251)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: pass bucket factories by pointer ([#​4250](https://github.com/crowdsecurity/crowdsec/issues/4250)) [@​mmetc](https://github.com/mmetc) - pkt/leakybucket: compileScopeFilter() -> ScopeType.CompileFilter() ([#​4247](https://github.com/crowdsecurity/crowdsec/issues/4247)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: rename OverflowFilter -> OverflowProcessor ([#​4248](https://github.com/crowdsecurity/crowdsec/issues/4248)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: rename Buckets -> BucketStore ([#​4246](https://github.com/crowdsecurity/crowdsec/issues/4246)) [@​mmetc](https://github.com/mmetc) - refact leaky bayesian: method to function, unlock w/defer ([#​4242](https://github.com/crowdsecurity/crowdsec/issues/4242)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: early return ([#​4244](https://github.com/crowdsecurity/crowdsec/issues/4244)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: variable shorthand ([#​4245](https://github.com/crowdsecurity/crowdsec/issues/4245)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: move LeakRoutine to method, rename parameters ([#​4243](https://github.com/crowdsecurity/crowdsec/issues/4243)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: review bucket validation and tests ([#​4241](https://github.com/crowdsecurity/crowdsec/issues/4241)) [@​mmetc](https://github.com/mmetc) - refact: remove unnecessary pointers to map, string, mutex ([#​4212](https://github.com/crowdsecurity/crowdsec/issues/4212)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: function to method BucketFactory.LoadBucket() ([#​4229](https://github.com/crowdsecurity/crowdsec/issues/4229)) [@​mmetc](https://github.com/mmetc) - pkg/leakybucket: BucketType interface, method BucketFactory.Validate() ([#​4228](https://github.com/crowdsecurity/crowdsec/issues/4228)) [@​mmetc](https://github.com/mmetc) #### Chore / Deps - build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 ([#​4382](https://github.com/crowdsecurity/crowdsec/issues/4382)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: use windows-2025 image ([#​4379](https://github.com/crowdsecurity/crowdsec/issues/4379)) [@​blotus](https://github.com/blotus) - build(deps): bump github/codeql-action from 4.32.6 to 4.33.0 ([#​4371](https://github.com/crowdsecurity/crowdsec/issues/4371)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.5.0 to 7.6.0 ([#​4373](https://github.com/crowdsecurity/crowdsec/issues/4373)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump google.golang.org/grpc from 1.74.2 to 1.79.3 ([#​4376](https://github.com/crowdsecurity/crowdsec/issues/4376)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.3.1 to 7.5.0 ([#​4366](https://github.com/crowdsecurity/crowdsec/issues/4366)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 ([#​4319](https://github.com/crowdsecurity/crowdsec/issues/4319)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 ([#​4360](https://github.com/crowdsecurity/crowdsec/issues/4360)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 ([#​4361](https://github.com/crowdsecurity/crowdsec/issues/4361)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump release-drafter/release-drafter from 6.2.0 to 6.4.0 ([#​4362](https://github.com/crowdsecurity/crowdsec/issues/4362)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 ([#​4356](https://github.com/crowdsecurity/crowdsec/issues/4356)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 ([#​4353](https://github.com/crowdsecurity/crowdsec/issues/4353)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 ([#​4352](https://github.com/crowdsecurity/crowdsec/issues/4352)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.7.0 to 4.0.0 ([#​4354](https://github.com/crowdsecurity/crowdsec/issues/4354)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - deps: update actions and golangci-lint ([#​4348](https://github.com/crowdsecurity/crowdsec/issues/4348)) [@​mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 ([#​4345](https://github.com/crowdsecurity/crowdsec/issues/4345)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.3.0 to 7.3.1 ([#​4346](https://github.com/crowdsecurity/crowdsec/issues/4346)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 ([#​4339](https://github.com/crowdsecurity/crowdsec/issues/4339)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 ([#​4342](https://github.com/crowdsecurity/crowdsec/issues/4342)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - replace trace.CatchPanic(...) with trace.ReportPanic() ([#​4336](https://github.com/crowdsecurity/crowdsec/issues/4336)) [@​mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 ([#​4322](https://github.com/crowdsecurity/crowdsec/issues/4322)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - deps: update gocron v1 -> v2 ([#​4317](https://github.com/crowdsecurity/crowdsec/issues/4317)) [@​mmetc](https://github.com/mmetc) - build(deps): bump docker/build-push-action from 6.19.0 to 6.19.2 ([#​4306](https://github.com/crowdsecurity/crowdsec/issues/4306)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 ([#​4312](https://github.com/crowdsecurity/crowdsec/issues/4312)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 ([#​4292](https://github.com/crowdsecurity/crowdsec/issues/4292)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - update golangci-lint 2.9 ([#​4302](https://github.com/crowdsecurity/crowdsec/issues/4302)) [@​mmetc](https://github.com/mmetc) - build(deps): bump astral-sh/setup-uv from 7.2.1 to 7.3.0 ([#​4296](https://github.com/crowdsecurity/crowdsec/issues/4296)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/build-push-action from 6.18.0 to 6.19.0 ([#​4303](https://github.com/crowdsecurity/crowdsec/issues/4303)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 ([#​4278](https://github.com/crowdsecurity/crowdsec/issues/4278)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-node from 4.4.0 to 6.2.0 ([#​4264](https://github.com/crowdsecurity/crowdsec/issues/4264)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: update python and dependencies ([#​4249](https://github.com/crowdsecurity/crowdsec/issues/4249)) [@​mmetc](https://github.com/mmetc) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([#​4263](https://github.com/crowdsecurity/crowdsec/issues/4263)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.2.0 to 7.2.1 ([#​4265](https://github.com/crowdsecurity/crowdsec/issues/4265)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.6.0 to 3.7.0 ([#​4257](https://github.com/crowdsecurity/crowdsec/issues/4257)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 ([#​4254](https://github.com/crowdsecurity/crowdsec/issues/4254)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 ([#​4233](https://github.com/crowdsecurity/crowdsec/issues/4233)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([#​4234](https://github.com/crowdsecurity/crowdsec/issues/4234)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump release-drafter/release-drafter from 6.1.0 to 6.2.0 ([#​4222](https://github.com/crowdsecurity/crowdsec/issues/4222)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/setup-python from 6.1.0 to 6.2.0 ([#​4223](https://github.com/crowdsecurity/crowdsec/issues/4223)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). ### [`v1.7.6`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.6) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.7.4...v1.7.6) #### Changes #### Bug Fixes - cmd/crowdsec: assign overflow after parsing ([#​4225](https://github.com/crowdsecurity/crowdsec/issues/4225)) [@​mmetc](https://github.com/mmetc) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). ### [`v1.7.4`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.4) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.7.3...v1.7.4) #### Changes - docker: remove CROWDSEC\_CONTAINER\_ENV ([#​4085](https://github.com/crowdsecurity/crowdsec/issues/4085)) [@​mmetc](https://github.com/mmetc) - refact cscli: define csconfig.Getter once ([#​4091](https://github.com/crowdsecurity/crowdsec/issues/4091)) [@​mmetc](https://github.com/mmetc) - refact load/save apic token: dependencies and sentinel errors ([#​4081](https://github.com/crowdsecurity/crowdsec/issues/4081)) [@​mmetc](https://github.com/mmetc) - pkg/csplugin: use backoff package to retry notifications ([#​3944](https://github.com/crowdsecurity/crowdsec/issues/3944)) [@​mmetc](https://github.com/mmetc) - refact pkg/database batching ([#​3906](https://github.com/crowdsecurity/crowdsec/issues/3906)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split appsec.go ([#​4043](https://github.com/crowdsecurity/crowdsec/issues/4043)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: journalctl configuration ([#​4057](https://github.com/crowdsecurity/crowdsec/issues/4057)) [@​mmetc](https://github.com/mmetc) - lint revive: lower complexity threshold ([#​4056](https://github.com/crowdsecurity/crowdsec/issues/4056)) [@​mmetc](https://github.com/mmetc) - lint: unused parameters / 2 ([#​4055](https://github.com/crowdsecurity/crowdsec/issues/4055)) [@​mmetc](https://github.com/mmetc) - lint: unused parameters ([#​4049](https://github.com/crowdsecurity/crowdsec/issues/4049)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split loki.go ([#​4034](https://github.com/crowdsecurity/crowdsec/issues/4034)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split victorialogs.go ([#​4037](https://github.com/crowdsecurity/crowdsec/issues/4037)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split wineventlog.go ([#​4036](https://github.com/crowdsecurity/crowdsec/issues/4036)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split s3.go ([#​4035](https://github.com/crowdsecurity/crowdsec/issues/4035)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split k8s\_audit.go ([#​4033](https://github.com/crowdsecurity/crowdsec/issues/4033)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split kinesis.go ([#​4032](https://github.com/crowdsecurity/crowdsec/issues/4032)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split kafka.go ([#​4031](https://github.com/crowdsecurity/crowdsec/issues/4031)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split cloudwatch.go ([#​4029](https://github.com/crowdsecurity/crowdsec/issues/4029)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split http.go ([#​4030](https://github.com/crowdsecurity/crowdsec/issues/4030)) [@​mmetc](https://github.com/mmetc) - refactg pkg/acquisition: split file.go ([#​4038](https://github.com/crowdsecurity/crowdsec/issues/4038)) [@​mmetc](https://github.com/mmetc) - refact pkg/acquisition: split syslog.go ([#​4028](https://github.com/crowdsecurity/crowdsec/issues/4028)) [@​mmetc](https://github.com/mmetc) - papi: explicit context ([#​3973](https://github.com/crowdsecurity/crowdsec/issues/3973)) [@​mmetc](https://github.com/mmetc) - pkg/csplugin: remove unused function ([#​4019](https://github.com/crowdsecurity/crowdsec/issues/4019)) [@​mmetc](https://github.com/mmetc) - pkg/types -> new imports pt 4 ([#​4012](https://github.com/crowdsecurity/crowdsec/issues/4012)) [@​mmetc](https://github.com/mmetc) - pkg/types -> new imports pt 3 ([#​4014](https://github.com/crowdsecurity/crowdsec/issues/4014)) [@​mmetc](https://github.com/mmetc) - pkg/types -> new imports pt 2 ([#​4013](https://github.com/crowdsecurity/crowdsec/issues/4013)) [@​mmetc](https://github.com/mmetc) - pkg/types -> new imports pt 1 ([#​4011](https://github.com/crowdsecurity/crowdsec/issues/4011)) [@​mmetc](https://github.com/mmetc) - pkg/types -> pkg/{pipeline,fsutil,enrichment,logging...} ([#​4006](https://github.com/crowdsecurity/crowdsec/issues/4006)) [@​mmetc](https://github.com/mmetc) - CI: enable linter "protogetter" ([#​3995](https://github.com/crowdsecurity/crowdsec/issues/3995)) [@​mmetc](https://github.com/mmetc) - enable linters: unnecessary-format, unused-receiver ([#​4001](https://github.com/crowdsecurity/crowdsec/issues/4001)) [@​mmetc](https://github.com/mmetc) - refact: remove unused struct fields and params / 3; enable linter "unused" ([#​3334](https://github.com/crowdsecurity/crowdsec/issues/3334)) [@​mmetc](https://github.com/mmetc) #### New Features - WAF: Add `DropRequest` helper to block request in hooks ([#​4016](https://github.com/crowdsecurity/crowdsec/issues/4016)) [@​blotus](https://github.com/blotus) #### Improvements - pkg/acquisition: update syslog to RestartableStreamer ([#​4040](https://github.com/crowdsecurity/crowdsec/issues/4040)) [@​mmetc](https://github.com/mmetc) - refact logging configuration; add log\_media="syslog" ([#​4045](https://github.com/crowdsecurity/crowdsec/issues/4045)) [@​mmetc](https://github.com/mmetc) - cscli hubtest: better report docker/nuclei errors ([#​4052](https://github.com/crowdsecurity/crowdsec/issues/4052)) [@​mmetc](https://github.com/mmetc) - build: check make version before running Makefile ([#​4054](https://github.com/crowdsecurity/crowdsec/issues/4054)) [@​mmetc](https://github.com/mmetc) - pkg/acquisition: refact journalctl datasource and unified retry loop ([#​4023](https://github.com/crowdsecurity/crowdsec/issues/4023)) [@​mmetc](https://github.com/mmetc) - option api.server.disable\_usage\_metrics\_export ([#​4021](https://github.com/crowdsecurity/crowdsec/issues/4021)) [@​mmetc](https://github.com/mmetc) - build: optional pure-go sqlite driver ([#​3908](https://github.com/crowdsecurity/crowdsec/issues/3908)) [@​mmetc](https://github.com/mmetc) #### Bug Fixes - LAPI metrics: don't use empty path as label for LAPI hits metrics ([#​4106](https://github.com/crowdsecurity/crowdsec/issues/4106)) [@​blotus](https://github.com/blotus) - fix accessLogger setup to separate file ([#​4103](https://github.com/crowdsecurity/crowdsec/issues/4103)) [@​mmetc](https://github.com/mmetc) - docker acquisition: prevent data races ([#​3956](https://github.com/crowdsecurity/crowdsec/issues/3956)) [@​mmetc](https://github.com/mmetc) - Fix avoidable prometheus metrics cardinality ([#​4080](https://github.com/crowdsecurity/crowdsec/issues/4080)) [@​g00g1](https://github.com/g00g1) - loki acquisition: remove forgotten debug print ([#​4062](https://github.com/crowdsecurity/crowdsec/issues/4062)) [@​mmetc](https://github.com/mmetc) - fix 2808: show certificate path in "lapi status" ([#​4053](https://github.com/crowdsecurity/crowdsec/issues/4053)) [@​mmetc](https://github.com/mmetc) - decisionStream: only select required fields from the DB ([#​4024](https://github.com/crowdsecurity/crowdsec/issues/4024)) [@​blotus](https://github.com/blotus) #### Documentation - docs: add public roadmap section to README.md ([#​4039](https://github.com/crowdsecurity/crowdsec/issues/4039)) [@​mazzma12](https://github.com/mazzma12) #### Chore / Deps - build(deps): bump github/codeql-action from 4.31.4 to 4.31.6 ([#​4101](https://github.com/crowdsecurity/crowdsec/issues/4101)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 ([#​4083](https://github.com/crowdsecurity/crowdsec/issues/4083)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - Update go-re2 to 1.10.0 ([#​4020](https://github.com/crowdsecurity/crowdsec/issues/4020)) [@​blotus](https://github.com/blotus) - waf: remove custom raw body processor and use the upstream one ([#​4092](https://github.com/crowdsecurity/crowdsec/issues/4092)) [@​blotus](https://github.com/blotus) - build(deps): bump actions/setup-python from 6.0.0 to 6.1.0 ([#​4089](https://github.com/crowdsecurity/crowdsec/issues/4089)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - update go-cs-lib ([#​4084](https://github.com/crowdsecurity/crowdsec/issues/4084)) [@​mmetc](https://github.com/mmetc) - update coraza ([#​4047](https://github.com/crowdsecurity/crowdsec/issues/4047)) [@​blotus](https://github.com/blotus) - build(deps): bump actions/checkout from 5.0.1 to 6.0.0 ([#​4077](https://github.com/crowdsecurity/crowdsec/issues/4077)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 ([#​4078](https://github.com/crowdsecurity/crowdsec/issues/4078)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - replace prom2json with native Prometheus parser and context-aware scraping in CLI metrics ([#​3932](https://github.com/crowdsecurity/crowdsec/issues/3932)) [@​mmetc](https://github.com/mmetc) - build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 ([#​4073](https://github.com/crowdsecurity/crowdsec/issues/4073)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 ([#​4069](https://github.com/crowdsecurity/crowdsec/issues/4069)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/checkout from 5.0.0 to 5.0.1 ([#​4064](https://github.com/crowdsecurity/crowdsec/issues/4064)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - update docker/docker to moby/moby (version docker-v29.0.0) ([#​4048](https://github.com/crowdsecurity/crowdsec/issues/4048)) [@​mmetc](https://github.com/mmetc) - build(deps): bump github/codeql-action from 4.31.0 to 4.31.3 ([#​4051](https://github.com/crowdsecurity/crowdsec/issues/4051)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 ([#​4042](https://github.com/crowdsecurity/crowdsec/issues/4042)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 ([#​4041](https://github.com/crowdsecurity/crowdsec/issues/4041)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 ([#​4025](https://github.com/crowdsecurity/crowdsec/issues/4025)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - CI: update golangci-lint to 2.6.1 ([#​4026](https://github.com/crowdsecurity/crowdsec/issues/4026)) [@​mmetc](https://github.com/mmetc) - waf: extract temp state from AppsecRuntimeConfig ([#​3952](https://github.com/crowdsecurity/crowdsec/issues/3952)) [@​blotus](https://github.com/blotus) - build(deps): bump astral-sh/setup-uv from 7.1.1 to 7.1.2 ([#​4009](https://github.com/crowdsecurity/crowdsec/issues/4009)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 ([#​4008](https://github.com/crowdsecurity/crowdsec/issues/4008)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 ([#​4010](https://github.com/crowdsecurity/crowdsec/issues/4010)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). ### [`v1.7.3`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.3) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.7.2...v1.7.3) #### Changes - move hubupdate.sh to libexec ([#​4000](https://github.com/crowdsecurity/crowdsec/issues/4000)) [@​mmetc](https://github.com/mmetc) - rpm: install hubupdate with full path ([#​4002](https://github.com/crowdsecurity/crowdsec/issues/4002)) [@​mmetc](https://github.com/mmetc) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). ### [`v1.7.2`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.2) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.7.0...v1.7.2) #### Changes - hub update: add systemd timer and service ([#​3977](https://github.com/crowdsecurity/crowdsec/issues/3977)) - rpm: package hubupdate.sh ([#​3979](https://github.com/crowdsecurity/crowdsec/issues/3979)) - rpm: immediately activate systemd timer ([#​3985](https://github.com/crowdsecurity/crowdsec/issues/3985)) - Windows: Revert to windows 2022 to fix build ([#​3986](https://github.com/crowdsecurity/crowdsec/issues/3986)) - deb: remove cron file ([#​3987](https://github.com/crowdsecurity/crowdsec/issues/3987)) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). ### [`v1.7.0`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.0) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.6.11...v1.7.0) The 1.7.0 release of crowdsec brings some major changes to how services are auto-detected during installation, and to the metrics shared by the log processors to LAPI. The new detection system, `cscli setup`, is much more flexible and powerful: - Supports Linux, BSD and Windows (at the time, auto-detection is only performed at install time for deb and RPM packages) - More services are detected out of the box - A custom detection configuration can be provided during installation to detect custom services and generate custom acquisition configs (eg, when not using default log paths) - The auto-detection can be skipped if the configuration is managed with tools like Ansible Learn more about it in [our documentation](https://docs.crowdsec.net/docs/log_processor/service-discovery-setup/intro). The Log Processors now send metrics about the acquisition (number of lines read and parsed per datasource) and the parsers (number of events parsed, unparsed, or whitelisted) to LAPI. Those metrics are shown when running `cscli machines inspect XXX`. In the future, they will also be displayed in the console and used to detect potentially misconfigured or misbehaving installations. Other notable changes include: - Support for swarm in the docker datasource - Better CRS integration in the WAF (this will continue to be improved over time) - New expr helpers to compute the average and median time between events > \[!WARNING] > Starting with this release, when crowdsec is run in a docker (or podman) container, a volume *must* be provided `/var/lib/crowdsec/data/`, otherwise the container will refuse to start. > This requirement does not apply to Kubernetes. > \[!NOTE] > As previously documented [here](https://docs.crowdsec.net/blog/cscli_dashboard_deprecation/), the `cscli dashboard` command has been removed. > If you are still using the metabase dashboard, we recommend you migrate to <https://app.crowdsec.net> #### Changes - use go 1.24.6 ([#​3835](https://github.com/crowdsecurity/crowdsec/issues/3835)) [@​mmetc](https://github.com/mmetc) - CI: update actions; drop version comments ([#​3823](https://github.com/crowdsecurity/crowdsec/issues/3823)) [@​mmetc](https://github.com/mmetc) - install scripts: echo -e -> echo (we're not requiring bash anymore) ([#​3799](https://github.com/crowdsecurity/crowdsec/issues/3799)) [@​mmetc](https://github.com/mmetc) - move detect.yaml to /var/lib/crowdsec/data ([#​3797](https://github.com/crowdsecurity/crowdsec/issues/3797)) [@​mmetc](https://github.com/mmetc) - restore wizard.sh --unattended ([#​3790](https://github.com/crowdsecurity/crowdsec/issues/3790)) [@​mmetc](https://github.com/mmetc) - cleanup wizard.sh ([#​3786](https://github.com/crowdsecurity/crowdsec/issues/3786)) [@​mmetc](https://github.com/mmetc) - remove the cscli\_setup feature flag ([#​3784](https://github.com/crowdsecurity/crowdsec/issues/3784)) [@​mmetc](https://github.com/mmetc) - add detect.yaml in rpm files section ([#​3773](https://github.com/crowdsecurity/crowdsec/issues/3773)) [@​sabban](https://github.com/sabban) - refact whitelist/allowlist: net.IP to net/netip ([#​3683](https://github.com/crowdsecurity/crowdsec/issues/3683)) [@​mmetc](https://github.com/mmetc) - refact: pkg/database decisions filter, queries ([#​3635](https://github.com/crowdsecurity/crowdsec/issues/3635)) [@​mmetc](https://github.com/mmetc) #### New Features - cscli: remove "dashboard" command ([#​3004](https://github.com/crowdsecurity/crowdsec/issues/3004)) [@​mmetc](https://github.com/mmetc) - clean up buckets serialization code ([#​3777](https://github.com/crowdsecurity/crowdsec/issues/3777)) [@​sabban](https://github.com/sabban) - cscli setup: new service detection and configuration ([#​3730](https://github.com/crowdsecurity/crowdsec/issues/3730)) [@​mmetc](https://github.com/mmetc) - feat: add swarm support to docker acquistion ([#​3744](https://github.com/crowdsecurity/crowdsec/issues/3744)) [@​LaurenceJJones](https://github.com/LaurenceJJones) #### Improvements - WAF: Improve user-experience with CRS and modsecurity rules ([#​3827](https://github.com/crowdsecurity/crowdsec/issues/3827)) [@​blotus](https://github.com/blotus) - cscli setup: allow skipping service detection with $CROWDSEC\_SETUP\_UN… ([#​3822](https://github.com/crowdsecurity/crowdsec/issues/3822)) [@​mmetc](https://github.com/mmetc) - cscli setup: improve service detection and datasource validation ([#​3812](https://github.com/crowdsecurity/crowdsec/issues/3812)) [@​mmetc](https://github.com/mmetc) - cscli setup: skip missing items, fix collection name ([#​3794](https://github.com/crowdsecurity/crowdsec/issues/3794)) [@​mmetc](https://github.com/mmetc) - Improve the output of appsec `cscli hubtest` ([#​3791](https://github.com/crowdsecurity/crowdsec/issues/3791)) [@​buixor](https://github.com/buixor) - cscli setup improvements ([#​3789](https://github.com/crowdsecurity/crowdsec/issues/3789)) [@​mmetc](https://github.com/mmetc) - cscli: print command name along with errors ([#​3768](https://github.com/crowdsecurity/crowdsec/issues/3768)) [@​mmetc](https://github.com/mmetc) - enhance: Add 2 time helpers for average and median ([#​3748](https://github.com/crowdsecurity/crowdsec/issues/3748)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - usage metrics: report acquisition + parsers metrics to LAPI ([#​3709](https://github.com/crowdsecurity/crowdsec/issues/3709)) [@​blotus](https://github.com/blotus) - improve datasource validation (goccy/go-yaml) ([#​3646](https://github.com/crowdsecurity/crowdsec/issues/3646)) [@​mmetc](https://github.com/mmetc) #### Bug Fixes - fix "cscli alerts list -s <scenario>" for alerts with no decisions ([#​3830](https://github.com/crowdsecurity/crowdsec/issues/3830)) [@​mmetc](https://github.com/mmetc) - unify the output format of start\_at and stop\_at ([#​3819](https://github.com/crowdsecurity/crowdsec/issues/3819)) [@​buixor](https://github.com/buixor) - pkg/cwhub: fix relative symlink resolution ([#​3824](https://github.com/crowdsecurity/crowdsec/issues/3824)) [@​mmetc](https://github.com/mmetc) - fix: Postint check also if api.server.enable is false ([#​3802](https://github.com/crowdsecurity/crowdsec/issues/3802)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - detect.yaml: always acquire ssh logs from file if present ([#​3825](https://github.com/crowdsecurity/crowdsec/issues/3825)) [@​mmetc](https://github.com/mmetc) - detect.yaml: avoid double acquisition on deb ([#​3821](https://github.com/crowdsecurity/crowdsec/issues/3821)) [@​mmetc](https://github.com/mmetc) - review config/detect.yaml ([#​3820](https://github.com/crowdsecurity/crowdsec/issues/3820)) [@​mmetc](https://github.com/mmetc) - fix rpm detect.yaml ([#​3814](https://github.com/crowdsecurity/crowdsec/issues/3814)) [@​sabban](https://github.com/sabban) - CI: remove config/detect.yaml reference from rpm ([#​3813](https://github.com/crowdsecurity/crowdsec/issues/3813)) [@​mmetc](https://github.com/mmetc) - fix rpm dovecot detection ([#​3796](https://github.com/crowdsecurity/crowdsec/issues/3796)) [@​sabban](https://github.com/sabban) - Increase hub download timeout to 10 minutes ([#​3785](https://github.com/crowdsecurity/crowdsec/issues/3785)) [@​mmetc](https://github.com/mmetc) - docker: enforce volume use for /var/lib/crowdsec/data/ ([#​3757](https://github.com/crowdsecurity/crowdsec/issues/3757)) [@​blotus](https://github.com/blotus) - setup: add detect.yaml to windows install ([#​3775](https://github.com/crowdsecurity/crowdsec/issues/3775)) [@​blotus](https://github.com/blotus) - fix timemachine lock ([#​3767](https://github.com/crowdsecurity/crowdsec/issues/3767)) [@​sabban](https://github.com/sabban) - appsec: properly set URI in the original request object for use in hooks ([#​3755](https://github.com/crowdsecurity/crowdsec/issues/3755)) [@​blotus](https://github.com/blotus) #### Chore / Deps - build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 ([#​3816](https://github.com/crowdsecurity/crowdsec/issues/3816)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 ([#​3818](https://github.com/crowdsecurity/crowdsec/issues/3818)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/crowdsecurity/machineid from 1.0.2 to 1.0.3 ([#​3769](https://github.com/crowdsecurity/crowdsec/issues/3769)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump docker/login-action from 3.4.0 to 3.5.0 ([#​3783](https://github.com/crowdsecurity/crowdsec/issues/3783)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - update dependencies, use go 1.24.5 ([#​3774](https://github.com/crowdsecurity/crowdsec/issues/3774)) [@​mmetc](https://github.com/mmetc) - build(deps): bump github.com/go-sql-driver/mysql from 1.6.0 to 1.9.3 ([#​3761](https://github.com/crowdsecurity/crowdsec/issues/3761)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/go-openapi/swag from 0.23.0 to 0.23.1 ([#​3763](https://github.com/crowdsecurity/crowdsec/issues/3763)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/hashicorp/go-version from 1.2.1 to 1.7.0 ([#​3764](https://github.com/crowdsecurity/crowdsec/issues/3764)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 3.29.4 to 3.29.5 ([#​3765](https://github.com/crowdsecurity/crowdsec/issues/3765)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/alexliesenfeld/health from 0.8.0 to 0.8.1 ([#​3760](https://github.com/crowdsecurity/crowdsec/issues/3760)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/r3labs/diff/v2 from 2.14.1 to 2.15.1 ([#​3721](https://github.com/crowdsecurity/crowdsec/issues/3721)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump google.golang.org/grpc from 1.67.1 to 1.74.2 ([#​3750](https://github.com/crowdsecurity/crowdsec/issues/3750)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/go-openapi/validate from 0.20.0 to 0.24.0 ([#​3719](https://github.com/crowdsecurity/crowdsec/issues/3719)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/sanity-io/litter from 1.5.5 to 1.5.8 ([#​3720](https://github.com/crowdsecurity/crowdsec/issues/3720)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 ([#​3749](https://github.com/crowdsecurity/crowdsec/issues/3749)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 6.4.1 to 6.4.3 ([#​3753](https://github.com/crowdsecurity/crowdsec/issues/3753)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github/codeql-action from 3.29.2 to 3.29.4 ([#​3751](https://github.com/crowdsecurity/crowdsec/issues/3751)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump golang.org/x/mod from 0.25.0 to 0.26.0 ([#​3746](https://github.com/crowdsecurity/crowdsec/issues/3746)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). ### [`v1.6.11`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.6.11) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.6.10...v1.6.11) > \[!WARNING] > This release fixes an issue with the Windows version of CrowdSec that prevented it from shutting down properly. > Due to this issue, the service will not stop automatically when updating to this version. > You will need to manually kill the CrowdSec process in Task Manager before running the installer. This release mainly contains small fixes: - Fixed an issue preventing proper shutdown on Windows - Fixed an issue when importing decisions where allowlists were not always checked #### Changes - update lint configuration ([#​3667](https://github.com/crowdsecurity/crowdsec/issues/3667)) [@​mmetc](https://github.com/mmetc) - context.Background() -> t.Context() ([#​3739](https://github.com/crowdsecurity/crowdsec/issues/3739)) [@​mmetc](https://github.com/mmetc) #### Bug Fixes - fix: normalize scope within range to ensure allowlist check ([#​3735](https://github.com/crowdsecurity/crowdsec/issues/3735)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - cscli: don't assume master hub branch if version check fails (after retrying) ([#​3732](https://github.com/crowdsecurity/crowdsec/issues/3732)) [@​mmetc](https://github.com/mmetc) - windows: fix service getting stuck on shutdown ([#​3733](https://github.com/crowdsecurity/crowdsec/issues/3733)) [@​blotus](https://github.com/blotus) #### Chore / Deps - build(deps): bump golang.org/x/text from 0.26.0 to 0.27.0 ([#​3741](https://github.com/crowdsecurity/crowdsec/issues/3741)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump astral-sh/setup-uv from 6.3.1 to 6.4.1 ([#​3737](https://github.com/crowdsecurity/crowdsec/issues/3737)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/blackfireio/osinfo from 1.0.5 to 1.1.0 ([#​3718](https://github.com/crowdsecurity/crowdsec/issues/3718)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - build(deps): bump github.com/crowdsecurity/dlog from 0.0.0-20170105205344-4fb5f8204f26 to 0.0.2 ([#​3717](https://github.com/crowdsecurity/crowdsec/issues/3717)) @​[dependabot\[bot\]](https://github.com/apps/dependabot) - docker: document console options ([#​3724](https://github.com/crowdsecurity/crowdsec/issues/3724)) [@​blotus](https://github.com/blotus) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). ### [`v1.6.10`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.6.10) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.6.9...v1.6.10) #### Overview This release mostly focuses on small bug fixes and improvements: - WAF: fixed a resource leak in the appsec datasource when checking bouncer authentication - Allowlists: added `cscli allowlists check` to check if an IP/range belongs to an allowlist - S3 datasource: added support for `SNS` notifications - HTTP datasource: added support for `GET` and `HEAD` requests to allow the log provider to confirm the datasource is working. Full changelog is below. #### Improvements - enhance: Add allowlist check ([#​3684](https://github.com/crowdsecurity/crowdsec/issues/3684)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - Flags for console features ([#​3457](https://github.com/crowdsecurity/crowdsec/issues/3457)) [@​Simbiat](https://github.com/Simbiat) - HTTP datasource: allow GET/HEAD request for checking if the datasource is working ([#​3710](https://github.com/crowdsecurity/crowdsec/issues/3710)) [@​blotus](https://github.com/blotus) - enhance: appsec reuse httpc optimization ([#​3693](https://github.com/crowdsecurity/crowdsec/issues/3693)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - hubtest: resolve relative path for 'cscli', 'crowdsec' ([#​3651](https://github.com/crowdsecurity/crowdsec/issues/3651)) [@​mmetc](https://github.com/mmetc) - refact pkg/cwhub ([#​3666](https://github.com/crowdsecurity/crowdsec/issues/3666)) [@​mmetc](https://github.com/mmetc) - S3 datasource: add support for SNS format ([#​3716](https://github.com/crowdsecurity/crowdsec/issues/3716)) [@​blotus](https://github.com/blotus) #### Changes - refact pkg/acquisition: extract loop method ([#​3615](https://github.com/crowdsecurity/crowdsec/issues/3615)) [@​mmetc](https://github.com/mmetc) - refact: plugin config parsing ([#​3640](https://github.com/crowdsecurity/crowdsec/issues/3640)) [@​mmetc](https://github.com/mmetc) - refact: migrate net.IP -> net/netip: part 1 ([#​3680](https://github.com/crowdsecurity/crowdsec/issues/3680)) [@​mmetc](https://github.com/mmetc) - use github.com/cenkalti/backoff/v5 for apiclient backoff ([#​3662](https://github.com/crowdsecurity/crowdsec/issues/3662)) [@​mmetc](https://github.com/mmetc) - use go 1.24.4 ([#​3674](https://github.com/crowdsecurity/crowdsec/issues/3674)) [@​mmetc](https://github.com/mmetc) - cscli help typos ([#​3707](https://github.com/crowdsecurity/crowdsec/issues/3707)) [@​mmetc](https://github.com/mmetc) - move cti expr helper to pkg/cticlient ([#​3696](https://github.com/crowdsecurity/crowdsec/issues/3696)) [@​mmetc](https://github.com/mmetc) - refact csplugin: move ProfileAlert to models ([#​3671](https://github.com/crowdsecurity/crowdsec/issues/3671)) [@​mmetc](https://github.com/mmetc) - refact cmd/crowdsec: extract functions from runCrowdsec() ([#​3669](https://github.com/crowdsecurity/crowdsec/issues/3669)) [@​mmetc](https://github.com/mmetc) - cscli capi register: no error if online\_api\_credentials.yaml does not exist ([#​3645](https://github.com/crowdsecurity/crowdsec/issues/3645)) [@​mmetc](https://github.com/mmetc) - refact cmd/crowdsec: move plugin initialization to apiserver ([#​3668](https://github.com/crowdsecurity/crowdsec/issues/3668)) [@​mmetc](https://github.com/mmetc) - lint: require name on interface parameters ([#​3614](https://github.com/crowdsecurity/crowdsec/issues/3614)) [@​mmetc](https://github.com/mmetc) - unit tests: rename ./tests, ./test\_data -> ./testdata ([#​3673](https://github.com/crowdsecurity/crowdsec/issues/3673)) [@​mmetc](https://github.com/mmetc) #### Bug Fixes - Fix infinite loop in decisions list for some values of limit ([#​3695](https://github.com/crowdsecurity/crowdsec/issues/3695)) [@​blotus](https://github.com/blotus) - fix: Reset datafiles before loading the hub on HUP ([#​3712](https://github.com/crowdsecurity/crowdsec/issues/3712)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - fix: allowlist use content created at instead of list itself ([#​3703](https://github.com/crowdsecurity/crowdsec/issues/3703)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - pkg/apiserver: remove incorrect log.Error ([#​3672](https://github.com/crowdsecurity/crowdsec/issues/3672)) [@​mmetc](https://github.com/mmetc) #### Chore / Deps - dependabot: set kind/dependencies label ([#​3722](https://github.com/crowdsecurity/crowdsec/issues/3722)) [@​blotus](https://github.com/blotus) - CI: update action deps ([#​3692](https://github.com/crowdsecurity/crowdsec/issues/3692)) [@​mmetc](https://github.com/mmetc) - update golangci-lint v2.2 and config ([#​3713](https://github.com/crowdsecurity/crowdsec/issues/3713)) [@​mmetc](https://github.com/mmetc) - refact: replace iplib with net/netip ([#​3642](https://github.com/crowdsecurity/crowdsec/issues/3642)) [@​mmetc](https://github.com/mmetc) - update hashicorp/go-plugin ([#​3694](https://github.com/crowdsecurity/crowdsec/issues/3694)) [@​mmetc](https://github.com/mmetc) - update github.com/jedib0t/go-pretty/ ([#​3705](https://github.com/crowdsecurity/crowdsec/issues/3705)) [@​mmetc](https://github.com/mmetc) #### Geolite2 notice This product includes GeoLite2 data created by MaxMind, available from <a href="https://www.maxmind.com"><https://www.maxmind.com></a>. #### Installation Take a look at the [installation instructions](https://doc.crowdsec.net/docs/getting_started/install_crowdsec). ### [`v1.6.9`](https://github.com/crowdsecurity/crowdsec/releases/tag/v1.6.9) [Compare Source](https://github.com/crowdsecurity/crowdsec/compare/v1.6.8...v1.6.9) #### Overview > \[!WARNING] > Docker acquisition now requires access to the events API endpoint. If you are using a socket proxy, make sure to update its configuration. - Improved performance for the docker datasource by using docker events instead of polling the docker API to detect new containers - Added a new option to allow a log processor to unregister itself from LAPI on shutdown. This is especially useful in a dynamic environment (eg, kubernetes) where nodes come and go to keep a clean list of active log processors. - When an allowlist is created (or updated), matching active decisions will be deleted automatically. - Polling API (PAPI) will be automatically enabled or disabled when crowdsec detects the user's console plan has changed, making the initial setup easier. #### Changes - fix PAPI failure to stop on reload ([#​3679](https://github.com/crowdsecurity/crowdsec/issues/3679)) [@​blotus](https://github.com/blotus) - update coraza ([#​3675](https://github.com/crowdsecurity/crowdsec/issues/3675)) [@​blotus](https://github.com/blotus) - modernize: replace legacy slice/map/range idioms with stdlib ([#​3658](https://github.com/crowdsecurity/crowdsec/issues/3658)) [@​mmetc](https://github.com/mmetc) - CI: ensure tests don't alter the repository ([#​3616](https://github.com/crowdsecurity/crowdsec/issues/3616)) [@​mmetc](https://github.com/mmetc) - refact apiclient.Config: remove field Scenarios ([#​3622](https://github.com/crowdsecurity/crowdsec/issues/3622)) [@​mmetc](https://github.com/mmetc) - CI: release-drafter configuration: permissions, skip-changelog label ([#​3631](https://github.com/crowdsecurity/crowdsec/issues/3631)) [@​mmetc](https://github.com/mmetc) - refact: cleanup bats helper ([#​3636](https://github.com/crowdsecurity/crowdsec/issues/3636)) [@​mmetc](https://github.com/mmetc) - refact cmd/crowdsec: remove login code obsoleted by [`16d0677`](https://github.com/crowdsecurity/crowdsec/commit/16d06779) ([#​3620](https://github.com/crowdsecurity/crowdsec/issues/3620)) [@​mmetc](https://github.com/mmetc) - CI: update codecov list and fix workflow ([#​3617](https://github.com/crowdsecurity/crowdsec/issues/3617)) [@​mmetc](https://github.com/mmetc) - refact pkg/database: unnecessary pointers ([#​3611](https://github.com/crowdsecurity/crowdsec/issues/3611)) [@​mmetc](https://github.com/mmetc) - CI: update action for generating docker description ([#​3559](https://github.com/crowdsecurity/crowdsec/issues/3559)) [@​mmetc](https://github.com/mmetc) - refact pkg/parser: extract method, avoid calling defer in loop ([#​3564](https://github.com/crowdsecurity/crowdsec/issues/3564)) [@​mmetc](https://github.com/mmetc) - refact: remove unused metod DeleteDecisionsWithFilter() ([#​3605](https://github.com/crowdsecurity/crowdsec/issues/3605)) [@​mmetc](https://github.com/mmetc) - refact alert, decision filters: remove unnecessary pointers ([#​3607](https://github.com/crowdsecurity/crowdsec/issues/3607)) [@​mmetc](https://github.com/mmetc) - CI: update lint complexity thresholds ([#​3608](https://github.com/crowdsecurity/crowdsec/issues/3608)) [@​mmetc](https://github.com/mmetc) - refactor pkg/database/Client.createAlertChunk() ([#​3585](https://github.com/crowdsecurity/crowdsec/issues/3585)) [@​mmetc](https://github.com/mmetc) - refact cscli: hub item - pointer receiver for consistency ([#​3595](https://github.com/crowdsecurity/crowdsec/issues/3595)) [@​mmetc](https://github.com/mmetc) - CI: remove obsolete reference to directory dyn-bats ([#​3600](https://github.com/crowdsecurity/crowdsec/issues/3600)) [@​mmetc](https://github.com/mmetc) - refact: pkg/exprhelpers/debugger, convert switch to function dispatch ([#​3587](https://github.com/crowdsecurity/crowdsec/issues/3587)) [@​mmetc](https://github.com/mmetc) - lint/gocritic: enable importShadow, typeUnparen, unnecessaryDefer ([#​3583](https://github.com/crowdsecurity/crowdsec/issues/3583)) [@​mmetc](https://github.com/mmetc) - refact pkg/database: dry decision count ([#​3586](https://github.com/crowdsecurity/crowdsec/issues/3586)) [@​mmetc](https://github.com/mmetc) - refact parser Init: argument types ([#​3578](https://github.com/crowdsecurity/crowdsec/issues/3578)) [@​mmetc](https://github.com/mmetc) - tests: refact localtest helper, use testify.suite ([#​3574](https://github.com/crowdsecurity/crowdsec/issues/3574)) [@​mmetc](https://github.com/mmetc) - refact: logrus.GetLevel() -> logrus.IsLevelEnabled() ([#​3579](https://github.com/crowdsecurity/crowdsec/issues/3579)) [@​mmetc](https://github.com/mmetc) - test: add cold log event assert ([#​3577](https://github.com/crowdsecurity/crowdsec/issues/3577)) [@​mmetc](https://github.com/mmetc) - Refact pkg/database/decisions.go ([#​3541](https://github.com/crowdsecurity/crowdsec/issues/3541)) [@​mmetc](https://github.com/mmetc) - replace go-acc, richgo with gotestsum ([#​3567](https://github.com/crowdsecurity/crowdsec/issues/3567)) [@​mmetc](https://github.com/mmetc) - refact pkg/hubtest: use os.CopyFS() ([#​3539](https://github.com/crowdsecurity/crowdsec/issues/3539)) [@​mmetc](https://github.com/mmetc) - lint/refactor: defer, reflectvaluecompare, stylecheck ([#​3544](https://github.com/crowdsecurity/crowdsec/issues/3544)) [@​mmetc](https://github.com/mmetc) - CI: golangci-lint v2 ([#​3558](https://github.com/crowdsecurity/crowdsec/issues/3558)) [@​mmetc](https://github.com/mmetc) #### New Features - allow watcher to self-delete on shutdown ([#​3565](https://github.com/crowdsecurity/crowdsec/issues/3565)) [@​blotus](https://github.com/blotus) - allowlists: check during bulk decision import ([#​3588](https://github.com/crowdsecurity/crowdsec/issues/3588)) [@​mmetc](https://github.com/mmetc) #### Improvements - PAPI: auto enable on upgrade ([#​3659](https://github.com/crowdsecurity/crowdsec/issues/3659)) [@​blotus](https://github.com/blotus) - enhance: Remove docker acquis internal timer use docker events ([#​3598](https://github.com/crowdsecurity/crowdsec/issues/3598)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - kafka: expose batching configuration ([#​3621](https://github.com/crowdsecurity/crowdsec/issues/3621)) [@​blotus](https://github.com/blotus) - feat(apiclient): add token save functionality ([#​3639](https://github.com/crowdsecurity/crowdsec/issues/3639)) [@​sabban](https://github.com/sabban) - enhance: return err if notification has no plugin type ([#​3638](https://github.com/crowdsecurity/crowdsec/issues/3638)) [@​LaurenceJJones](https://github.com/LaurenceJJones) - cscli capi status: save auth token, add tests ([#​3623](https://github.com/crowdsecurity/crowdsec/issues/3623)) [@​mmetc](https://github.com/mmetc) - config.yaml: make config\_dir and notification\_dir optional ([#​3606](https://github.com/crowdsecurity/crowdsec/issues/3606)) [@​mmetc](https://github.com/mmetc) - feat(apic): add ApicAuth client and token re-authentication logic ([#​3522](https://github.com/crowdsecurity/crowdsec/issues/3522)) [@​sabban](https://github.com/sabban) - allowlists: automatically expire current matching decisions on update ([#​3601](https://github.com/crowdsecurity/crowdsec/issues/3601)) [@​blotus](https://github.com/blotus) - improve support for pa…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.