sabban
released this
20 Nov 11:19
·
96 commits
to fb733ee43a4f0210dd65d32618dec00e5904ab6f
since this release
Overview
HTTP datasource
This release introduce http data source that enable crowdsec to ingest logs from an http endpoint such as Datadog or Vector.
Alert context appsec
This release also introduces the alert context ability when using appsec.
Replay evtx file support
This release allows Windows CrowdSec users to replay Winevent evtx files.
Bouncers API Key sharing
Bouncers running on different machines can now share the same API key without interfering with each other. Each bouncer will appear as bouncer_name@IP
in the bouncer list. (#3323)
New Features
- add HTTP datasource (#3294) @he2ss
- Alert context appsec (#3288) @buixor
- wineventlog: add support for replaying evtx files (#3278) @blotus
Improvements
- Allow bouncers to share API keys (#3323) @blotus
- Support multiple appsec configs (#3314) @buixor
- context propagation: papi, loki (#3308) @mmetc
- Add explicit configuration for signals sharing and blocklists pull (#3277) @blotus
- loki: add no_ready_check option (#3317) @blotus
- logs and user messages: use "serialize" and "parse" instead of marshal/unmarshal (#3240) @mmetc
- context propagation: cscli {capi,lapi,papi} (#3228) @mmetc
- refact pkg/database: context propagation (start) (#3226) @mmetc
Changes
- make: improve re2/wasm check (#3335) @mmetc
- fix go version for azure pipeline (#3324) @blotus
- add go minor in go.mod (#3318) @sabban
- update checks for wrapped errors (#3117) @mmetc
- refact cscli: decisions, lapi, bouncers, machines (#3306) @mmetc
- make: remove obsolete/redundant parameters (#3304) @mmetc
- remove unused code: HandleDeletedDecisions() (#3301) @mmetc
- CI: update coverage ignore list for generated code (#3262) @mmetc
- lint/revive: check tags on non-exported struct fields (#3257) @mmetc
- context propagation: don't store ctx in api controller (#3268) @mmetc
- CI: check generated code in test workflow (#3261) @mmetc
- remove dependency from pkg/cwversion to pkg/acquisition (#3242) @mmetc
- lint/nestif: reduce hubtest complexity (#3244) @mmetc
- refact: alerts query (#3216) @mmetc
- lint: enable (some) gocritic checks (#3238) @mmetc
- enable linters: copyloopvar, intrange (#3184) @mmetc
- refact acquisition: build profiles (optionally exclude datasources from final binary) (#3217) @mmetc
- refact / split APIServer.Run() method (#3215) @mmetc
- refact cscli - don't export functions if not required (#3224) @mmetc
- refact: cscli papi (#3222) @mmetc
- refact: pkg/apiclient set and use default user agent (#3219) @mmetc
Bug Fixes
- better handle error when sending usage metrics (#3333) @blotus
- fix: Use clientIP when passing coraza (#3322) @LaurenceJJones
- cron dependency for packaging (#3331) @sabban
- fix: Add a check to prevent attempting to load a directory within patterns (#3326) @LaurenceJJones
- fix: Ansible fedora 40 to use 40 (#3327) @LaurenceJJones
- make: allow build on ubuntu 24.10 (#3311) @mmetc
- enhance: Remove if log check in one instance (#3300) @LaurenceJJones
- fix: Check if resp is nil in capi metrics and continue (#3299) @LaurenceJJones
- avoid deadlock when deleting decisions if PAPI is half configured (#3283) @blotus
- CI: delegate pipenv cache management to the setup-python action (#3243) @mmetc
- Update go-re2 (#3230) @blotus
- fix #3225: info->debug for trigger bucket overflow (#3227) @mmetc
- fix appsec/tls issues by cloning http transport (#3213) @mmetc
Chore / Deps
- enhance: add fedora 41 vagrant (#3328) @LaurenceJJones
- enhance: add opensuse leap 15 vagrant (#3329) @LaurenceJJones
- readme: update bouncers link (#3297) @laur89
- require go 1.23 (#3298) @mmetc
- Update protobufs (#3276) @mmetc
- CI: generate codecov.yml before tests (#3280) @mmetc
- update test dependencies (#3267) @mmetc
- Re-generate capi models (#3260) @mmetc
- CI: update golangci-lint to v1.61, yq to 4.44.3 (#3241) @mmetc
- context propagation: OneShotAcquisition(); enable contextcheck linter (#3285) @mmetc
- context propagation: appsec, docker, kafka, k8s datasources (#3284) @mmetc
- context propagation: StreamingAcquisition() (#3274) @mmetc
- context propagation: pkg/csplugin (#3273) @mmetc
- context propagation: pkg/apiserver (#3272) @mmetc
- context propagation: apic, unit tests (#3271) @mmetc
- context propagation: pass ctx to UpdateScenario() (#3258) @mmetc
- context propagation: pkg/database/alerts (#3252) @mmetc
- context propagation: pkg/database/{lock,decision} (#3251) @mmetc
- context propagation: pkg/database/bouncers (#3249) @mmetc
- context propagation: pkg/database/machines (#3248) @mmetc
- context propagation: pkg/database/metrics (#3247) @mmetc
- context propagation: pkg/database/config (#3246) @mmetc
- context propagation: bouncer list (#3236) @mmetc
- context propagation: pkg/database/flush (#3235) @mmetc
- context propagation: pass context to NewAPIC() (#3231) @mmetc
- context propagation: explicit ctx parameter in unit tests (#3229) @mmetc
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Installation
Take a look at the installation instructions.