v1.6.9

Overview

Warning

Docker acquisition now requires access to the events API endpoint. If you are using a socket proxy, make sure to update its configuration.

• Improved performance for the docker datasource by using docker events instead of polling the docker API to detect new containers
• Added a new option to allow a log processor to unregister itself from LAPI on shutdown. This is especially useful in a dynamic environment (eg, kubernetes) where nodes come and go to keep a clean list of active log processors.
• When an allowlist is created (or updated), matching active decisions will be deleted automatically.
• Polling API (PAPI) will be automatically enabled or disabled when crowdsec detects the user's console plan has changed, making the initial setup easier.

Changes

• fix PAPI failure to stop on reload (#3679) @blotus
• update coraza (#3675) @blotus
• modernize: replace legacy slice/map/range idioms with stdlib (#3658) @mmetc
• CI: ensure tests don't alter the repository (#3616) @mmetc
• refact apiclient.Config: remove field Scenarios (#3622) @mmetc
• CI: release-drafter configuration: permissions, skip-changelog label (#3631) @mmetc
• refact: cleanup bats helper (#3636) @mmetc
• refact cmd/crowdsec: remove login code obsoleted by 16d0677 (#3620) @mmetc
• CI: update codecov list and fix workflow (#3617) @mmetc
• refact pkg/database: unnecessary pointers (#3611) @mmetc
• CI: update action for generating docker description (#3559) @mmetc
• refact pkg/parser: extract method, avoid calling defer in loop (#3564) @mmetc
• refact: remove unused metod DeleteDecisionsWithFilter() (#3605) @mmetc
• refact alert, decision filters: remove unnecessary pointers (#3607) @mmetc
• CI: update lint complexity thresholds (#3608) @mmetc
• refactor pkg/database/Client.createAlertChunk() (#3585) @mmetc
• refact cscli: hub item - pointer receiver for consistency (#3595) @mmetc
• CI: remove obsolete reference to directory dyn-bats (#3600) @mmetc
• refact: pkg/exprhelpers/debugger, convert switch to function dispatch (#3587) @mmetc
• lint/gocritic: enable importShadow, typeUnparen, unnecessaryDefer (#3583) @mmetc
• refact pkg/database: dry decision count (#3586) @mmetc
• refact parser Init: argument types (#3578) @mmetc
• tests: refact localtest helper, use testify.suite (#3574) @mmetc
• refact: logrus.GetLevel() -> logrus.IsLevelEnabled() (#3579) @mmetc
• test: add cold log event assert (#3577) @mmetc
• Refact pkg/database/decisions.go (#3541) @mmetc
• replace go-acc, richgo with gotestsum (#3567) @mmetc
• refact pkg/hubtest: use os.CopyFS() (#3539) @mmetc
• lint/refactor: defer, reflectvaluecompare, stylecheck (#3544) @mmetc
• CI: golangci-lint v2 (#3558) @mmetc

New Features

• allow watcher to self-delete on shutdown (#3565) @blotus
• allowlists: check during bulk decision import (#3588) @mmetc

Improvements

• PAPI: auto enable on upgrade (#3659) @blotus
• enhance: Remove docker acquis internal timer use docker events (#3598) @LaurenceJJones
• kafka: expose batching configuration (#3621) @blotus
• feat(apiclient): add token save functionality (#3639) @sabban
• enhance: return err if notification has no plugin type (#3638) @LaurenceJJones
• cscli capi status: save auth token, add tests (#3623) @mmetc
• config.yaml: make config_dir and notification_dir optional (#3606) @mmetc
• feat(apic): add ApicAuth client and token re-authentication logic (#3522) @sabban
• allowlists: automatically expire current matching decisions on update (#3601) @blotus
• improve support for parsing time durations with 'day' units (#3599) @mmetc
• cscli inspect: don't show metrics or converted rules if an item is not installed (#3602) @mmetc
• Fix monitorNewFiles for NFS + Remove dead tails from tail map (#3508) @david-garcia-garcia
• enhance: add listen_socket to http acquisition (#3499) @LaurenceJJones
• enhance: Allow the use of 'd' suffix in profiles (#3594) @LaurenceJJones
• lapi: return specific error if a unix socket path is too long for the OS (#3593) @mmetc
• do not return an error if we cannot fetch allowlists when starting the appsec (#3550) @blotus
• Support WithUserAgent in cti client (#3542) @AlteredCoder

Bug Fixes

• appsec: do not query LAPI multiple times when checking auth (#3678) @blotus
• kakfa: properly start at last offset when using a consumer group (#3629) @blotus
• cscli: handle sigint/sigterm, cancel context of ongoing http req (#3660) @mmetc
• Makefile: typo (#3628) @mmetc
• Fix spelling mistake in metrics.go (#3618) @robigan
• fix(apiserver): ensure nil is returned after setting token and expiration and before we reauthenticate (#3613) @sabban
• Fix cp -n (#3483) @michacassola
• CI: correct uv.lock path (#3596) @mmetc
• make CTI client available in cscli notifications (#3591) @blotus
• fix: avoid possible race condition while compiling expressions (#3582) @mmetc
• fix mysql client certificate support (#3575) @blotus
• fix: error check on postoverflow config (#3576) @mmetc
• hubtests: correct basename check in parser tests (#3557) @mmetc

Chore / Deps

• update test/README.md (#3652) @mmetc
• go.mod/sum cleanup (#3661) @mmetc
• update coraza (#3657) @blotus
• deprecate option 'daemonize' (#3648) @mmetc
• update expr to 1.17.2 (#3519) @mmetc
• CI: use go 1.24.3 (#3612) @mmetc
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 (#3581) @dependabot[bot]
• enable codeql for python (#3545) @mmetc
• update golangci-lint (#3590) @mmetc

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.