File crowdsec.changes of Package crowdsec
-------------------------------------------------------------------
Wed Jul 23 13:39:56 UTC 2025 - rrahl0@opensuse.org
- Update to version 1.6.11:
* context.Background() -> t.Context()
* fix: normalize scope within range to ensure allowlist check
* cscli: don't assume master hub branch if version check fails (after retrying)
-------------------------------------------------------------------
Thu Jul 10 18:15:51 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- Update to version 1.6.10:
* cscli: Add allowlist check
* refact pkg/acquisition: extract loop method
* pkg/csplugin: constructors for PluginConfig, PluginConfigList
* S3 datasource: add support for SNS format
* refact: migrate net.IP -> net/netip: part 1
* use github.com/cenkalti/backoff/v5 for apiclient backoff
* Fix infinite loop in decisions list for some values of limit
* fix: Reset datafiles before loading the hub on HUP
* refact: replace iplib with net/netip
* HTTP datasource: allow GET/HEAD request for checking if the datasource is working
* cscli help typos
* fix: allowlist use content created at instead of list itself
* move cti expr helper to pkg/cticlient
* enhance: appsec reuse httpc optimization
* hubtest: resolve relative path for 'cscli', 'crowdsec'
* refact csplugin: move ProfileAlert to models
* refact cmd/crowdsec: extract functions from runCrowdsec()
* cscli capi register: no error if online_api_credentials.yaml does not exist
* refact cmd/crowdsec: move plugin initialization to apiserver
* lint: require name on interface parameters
* refact pkg/cwhub
* unit tests: rename ./tests, ./test_data -> ./testdata
* pkg/apiserver: remove incorrect log.Error
-------------------------------------------------------------------
Fri Jun 20 12:47:35 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- Update to version 1.6.9:
* fix PAPI failure to stop on reload
* appsec: do not query LAPI multiple times when checking auth
* update coraza
* PAPI: auto enable on upgrade
* kakfa: properly start at last offset when using a consumer group
* cscli: handle sigint/sigterm, cancel context of ongoing http req
* modernize: replace legacy slice/map/range idioms with stdlib
* update test/README.md
* go.mod/sum cleanup
* update coraza
* CI: ensure tests don't alter the repository
* allow watcher to self-delete on shutdown
* deprecate option 'daemonize'
* enhance: Remove docker acquis internal timer use docker events
* kafka: expose batching configuration
* feat(apiclient): add token save functionality
* refact apiclient.Config: remove field Scenarios
* CI: release-drafter configuration: permissions, skip-changelog label
* refact: cleanup bats helper
* enhance: return err if notification has no plugin type
* Makefile: typo
* cscli capi status: save auth token, add tests
* refact cmd/crowdsec: remove login code obsoleted by 16d06779
* Fix spelling mistake in metrics.go
* CI: update codecov list and fix workflow
* update expr to 1.17.2
* config.yaml: make config_dir and notification_dir optional
* use go 1.24.3
* fix(apiserver): ensure nil is returned after setting token and expiration and before we reauthenticate
* Fix cp -n
* refact pkg/database: unnecessary pointers
* CI: update action for generating docker description
* feat(apic): add ApicAuth client and token re-authentication logic
* refact pkg/parser: extract method, avoid calling defer in loop
* refact: remove unused metod DeleteDecisionsWithFilter()
* refact alert, decision filters: remove unnecessary pointers
* CI: update lint complexity thresholds
* allowlists: automatically expire current matching decisions on update
* improve support for parsing time durations with 'day' units
* refactor pkg/database/Client.createAlertChunk()
* cscli inspect: don't show metrics or converted rules if an item is not installed
* refact cscli: hub item - pointer receiver for consistency
* CI: correct uv.lock path
* CI: remove obsolete reference to directory dyn-bats
* Fix monitorNewFiles for NFS + Remove dead tails from tail map
* build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
* enhance: add listen_socket to http acquisition
* enhance: Allow the use of 'd' suffix in profiles
* lapi: return specific error if a unix socket path is too long for the OS
* enable codeql for python
* update golangci-lint
* make CTI client available in cscli notifications
* allowlists: check during bulk decision import
* refact: pkg/exprhelpers/debugger, convert switch to function dispatch
* lint/gocritic: enable importShadow, typeUnparen, unnecessaryDefer
* refact pkg/database: dry decision count
* refact parser Init: argument types
* tests: refact localtest helper, use testify.suite
* refact: logrus.GetLevel() -> logrus.IsLevelEnabled()
* fix: avoid possible race condition while compiling expressions
* fix mysql client certificate support
* fix: error check on postoverflow config
* test: add cold log event assert
* Refact pkg/database/decisions.go
* replace go-acc, richgo with gotestsum
* pkg/hubtest: use os.CopyFS()
* lint/refactor: defer, reflectvaluecompare, stylecheck
* do not return an error if we cannot fetch allowlists when starting the appsec
* CI: golangci-lint v2
* hubtests: correct basename check in parser tests
* Support WithUserAgent in cti client
-------------------------------------------------------------------
Sat Jun 7 18:10:19 UTC 2025 - Eric Torres <eric.torres@its-et.me>
- Add randomized delay of 1h to auto hub update timer
- Fix if condition in auto-update script to properly
execute when crowdsec service is running
- Decrease trigger interval for auto update script from one
month to one week
-------------------------------------------------------------------
Sat Apr 19 23:05:01 UTC 2025 - Eric Torres <eric.torres@its-et.me>
- Add script and monthly timer for auto updating items
installed from Crowdsec hub
-------------------------------------------------------------------
Wed Mar 26 21:32:07 UTC 2025 - rrahl0@opensuse.org
- update to version 1.6.8:
* Allowlists: fix range check in LAPI endpoint
- Update to version 1.6.7:
* build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2
* only warn about capi_whitelists_path being deprecated if actually in use
* empty back-merge from release branch
* explicit message for malformed data URL in local items
* Allowlists: fix range check in LAPI endpoint
* revert ActionPlan info/warning to StandardLogger
* fix "reload causes crashing process"
* use replace for coraza instead of renaming the entire package
-------------------------------------------------------------------
Mon Mar 24 17:48:16 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- seperate out the plugins to their own packages
- remove firewall bouncer from the recommends, as it's less needed than first
assumed
-------------------------------------------------------------------
Sun Mar 23 14:20:13 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- fix service on Leap 15.x,where %{_libexecdir} resolves do
/usr/lib, not /usr/libexec
-------------------------------------------------------------------
Fri Mar 21 16:34:13 UTC 2025 - rrahl0@opensuse.org
- Update to version 1.6.6:
* introduction of a centralized allowlists
* Parallel hubtest
* deprecate capi_whitelists_path
* appsec: use CA from client credentials when connecting to LAPI
* lint: gocritic/httpNoBody
* tests: remove modeline
* pkg/cwhub: refact Item.State.(Downloaded | Installed)
* refact: context propagation (apiclient, cticlient...)
* tests: switch context.Background() -> t.Context() from go 1.24
* refact: avoid use of defer calls in loops
* lint: gocritic/typeDefFirst (ensure type definitions come before methods)
* file acquisition: remove redundant logging info
* appsec: support custom CA for lapi
* enhancement: Add additional ssl options to db configuration
* move ParseQuery to expr helpers, add ExtractQueryParam
* enable/disable options for console enroll - make alert context a default
* enhance: add option to disable magic syslog RFC parsers
* add JA4H expr helper
* leaky bucket: reduce log verbosity
* update appsec test runner
* close appsec transactions after processing request
* opensuse sets OSTYPE to linux
* do not attempt to set db log level if no db config
* appsec: less verbose logging for allowlists and headers check
* enhance: Flags now superceed all log levels
* appsec: handle SendAlert() properly for out of band matches
* cscli: review/update argument number checking
* crowdsec: allow -t to work if using appsec and allowlists
* cron: avoid spamming stdout when the hub index is updated
* cscli: allow non-local symlinks to have a different name than hub items
* cscli hub/items: always show action plan; fix --interactive in pipes
* silence "cscli hub update" if noop in cron jobs
* cscli: don't attempt to download data files when url=""
* update dependencies
-------------------------------------------------------------------
Mon Feb 24 02:20:03 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- remove arch_install_post, as it's not needed anymore
-------------------------------------------------------------------
Fri Feb 07 19:37:21 UTC 2025 - rrahl0@opensuse.org
- Update to version 1.6.5:
* cscli: exclude removed commands from generated docs
* cscli: replace '--yes' option with '--interactive'
* cscli: when prompting, use default in case of EOF instead of going for "no"
* merge from master (dc28ae58dc59e72981ee4724b1c72a79ba586ad8) for 1.6.5
* ignore zero value variables for context
* bucket: avoid crashing on malformed expression (fix #3351)
* fix parsing of noncompliant RFC3339 timestamps missing only a timezone
* acquisition/victorialogs: add new datasource
* fix: use CreatedAt instead of StartAt
* use the actual bucket name when checking for simulation mode
* appsec: do not attempt to deduplicate native modsec rules
* Removed last_heartbeat update in MachineUpdateBaseMetrics
* upgrade coraza to latest version
* README revamp
* remove dependency from github.com/gofrs/uuid
* pkg/cticlient: Add missing field in SmokeItem and FireItem
* cscli: cliconfig - remove global variables and gratuitous pointer
* enhance: Log appsec error on writing response to remediation
* lint: enable errcheck; add allowlist and explicit checks
* lint: gocritic/captLocal (don't capitalize local variables)
* remove commands "cscli config backup/restore"
* test pkg/exprhelpers: explicit message if the tag "expr_debug" is missing
* fix: #2790
* log warning if local items have conflicting names
* feat(cscli): add env variable flag for dashboard setup
* gin: do not use gin context after returning response
* expand env var when loading acquis
* Hubops tests
* build(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0
* build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1
* cscli hub: refact/split files; add some doc/examples
* cscli: restyle table titles; autocomplete "cscli metrics show"
* enhancement: Hubtest respect patterndir option set via config.yaml
* lint: explicit error checks
* enhancement: add logdata to appsec AccumlateTxToEvent
* pkg/cwhub - refact Downloader
* lint: replace type assertions and type switch on errors
* cscli: improved hub management
* Add possibility to configure log format #799
* refactor pkg/leakybucket
* refact pkg/database: clean up code and error messages
* lint/deep-exit: avoid log.Fatal
* loop performance optimizations / 2
* update dependency on docker
* cscli: print errors in plain text with -o json
* lint/deep-exit: avoid log.Fatal
* lint: enable more gocritic checks
* acquisition: add some test and warning for wrong source type
* support dump: generate pprof files with debug=1 to avoid generating an unusable heap dump
* cscli: display expired decisions' expiration time in red
* sigmahq: fix functional test
* loop performance optimizations / 1
* lint: style, autofix
* update golangci-lint to 1.62
* appsec: missing err check when initializing out-of-band engine
* Allow bouncers to share API keys
* make: improve re2/wasm check
* better handle error when sending usage metrics
* Support multiple appsec configs
* context propagation: papi, loki
* fix: Use clientIP when passing coraza
* test for cron dependency for packaging
* enhance: add fedora 41 (40, with provision to upgrade to 41 since there no image so far on vagrant cloud)
* enhance: add opensuse leap 15 vagrant
* fix: Add a check to prevent attempting to load a directory within patterns
* fix: Ansible fedora 40 to use 40
* fix go version for azure pipeline
* add go minor in go.mod
* Add explicit configuration for signals sharing and blocklists pull
* loki: add no_ready_check option
* readme: update bouncers link
* add HTTP datasource
* update checks for wrapped errors
* Alert context appsec
* make: allow build on ubuntu 24.10
* refact cscli: decisions, lapi, bouncers, machines
* make: remove obsolete/redundant parameters
* remove unused code: HandleDeletedDecisions()
* context propagation: OneShotAcquisition(); enable contextcheck linter
* enhance: Remove if log check in one instance that was not needed as the logged items are not resource intensive
* context propagation: appsec, docker, kafka, k8s datasources
* enhance: Check if resp is nil in capi metrics and continue
* wineventlog: add support for replaying evtx files
* avoid deadlock when deleting decisions if PAPI is half configured
* context propagation: StreamingAcquisition()
* context propagation: pkg/csplugin
* Update protobufs
* context propagation: pkg/apiserver
* lint/revive: check tags on non-exported struct fields
* context propagation: apic, unit tests
* context propagation: don't store ctx in api controller
* Re-generate capi models
* context propagation: pass ctx to UpdateScenario()
* context propagation: pkg/database/alerts
* context propagation: pkg/database/{lock,decision}
* context propagation: pkg/database/bouncers
* context propagation: pkg/database/machines
* remove dependency from pkg/cwversion to pkg/acquisition
* lint/nestif: reduce hubtest complexity
* context propagation: pkg/database/metrics
* context propagation: pkg/database/config
* context propagation: bouncer list
* context propagation: pkg/database/flush
* context propagation: pass context to NewAPIC()
* context propagation: explicit ctx parameter in unit tests
* refact: alerts query
* lint: enable (some) gocritic checks
* enable linters: copyloopvar, intrange
* logs and user messages: use "parse" and "serialize" instead of marshal/unmarshal
* Update go-re2
* context propagation: cscli {capi,lapi,papi}
* refact pkg/database: context propagation (start)
* refact acquisition: build profiles (optionally exclude datasources from final binary)
* refact / split APIServer.Run() method
* fix #3225: info->debug for trigger bucket overflow
* refact cscli - don't export functions if not required
* refact: cscli papi
* refact: pkg/apiclient set and use default user agent
* fix appsec/tls issues by cloning http transport
* tests: prevent "make bats-fixture" to run if instance-data is locked
* enhance: add additional explain options to hubtest
* cscli refact: package clialert, clidecision
* refact: reduce code nesting (acquisition/file, tests)
* update grokky and deps
* cscli refact: package cliitem
* cscli dashboard: exit earlier on docker
* Allow auto registration of machines in LAPI
* enhance: return an error if cscli dashboard is run within a container
* cscli refact: package cli{support, machine, bouncer}
* cscli refact: package 'clihub'
* cscli refact: extract packages ask, clientinfo
* cscli refact: package 'clihubtest'
* cscli hub update: option --with-content to keep embedded items in index; use it in docker
* implement GetFSType on openbsd with the correct statfs struct member
* cscli refact: notifications, simulation, papi, setup
* cscli refact: package 'clicapi', 'clilapi'
* pkg/cwhub: cache control / send etag header from file contents, check with HEAD req
* pkg/cwhub: simpler accessor methods
* cscli refact: package 'cliexplain'
* pkg/cwhub: improve support for k8s config maps with custom items
* cscli refact: package 'cliconsole'
* refact (nestif): reduce complexity of pkg/leakybucket
-------------------------------------------------------------------
Sat Jan 4 22:05:29 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- use for loops, so we have less lines in general
- extract the service file
- patch the config file, in comparison to sed in the spec file
- recommend crowdsec-firewall-bouncer
- fix the zsh completion dir, as the file was in the wrong directory
- add prepare-crowdsec script, so the daemon can actually run after install
-------------------------------------------------------------------
Thu Jan 02 03:07:33 UTC 2025 - rrahl0@opensuse.org
- Update to version 1.6.4:
* Update go-re2
* fix appsec/tls issues by cloning http transport
* update grokky and deps (backport)
* backport: return an error if cscli dashboard is run within a container
* Allow auto registration of machines in LAPI (backport)
* cscli hub update: option --with-content to keep embedded items in index; use it in docker
* implement GetFSType on openbsd with the correct statfs struct member
* pkg/cwhub: cache control / send etag header from file contents, check with HEAD req
* hide geoip related warnings
* add missing ApiKeyAuthorizer to decisions swagger endpoint
* cscli: add option --ignore-missing to "bouncers delete", "machines delete"
* Remove useragent set by RC
* prevent nil deref when loading cti config
* metrics: avoid nil deref with inactive bouncers or malformed response
* command "cscli doc --target /path/to/dir"
* Allow QueryCAPIStatus to return as well enrollment status
* reduce log verbosity, minor CI fixes, lint
* cscli metrics: explicit message "no bouncer metrics found"
* cscli/hub: don't return error if some file can't be recognized
* Use the new hub api url
* docker: symlink all data files to the staging area
* perf: retrieve unsorted metrics
* LAPI: detailed metrics endpoint
* update table test
* update expr
* allow .index.json to embed item content
* bats: curl helpers to mock log processors and bouncers
* docker: make sure the sqlite db is present before changing GID
* lint: dockerfiles
* refact cscli metrics: fix lines between tables, skip wrapper api
* deps: use go-cs-lib 0.13
* Store alert remediations status in DB
* enhance: add crowdsec user agent to cti do request func
* usage metrics: validate maxLength for some elements
* remove warning "maxopenconns is 0, default to 100"
* tests: increase delta for flaky float comparison
* command "cscli metrics show bouncers"
* revert "db: round created, updated... timestamps to 1 second"
* cscli machines/bouncers: dry helper code and move to cscli
* func tests: update curl wrapper
* update vagrant config for opensuse
* typos
* make: remove redundant go version check
* enhance: Add default_range_remediation
* refact cscli metrics: split stat types to own files
* cscli refact: extract metrics to own package
* cscli refact: extract table wrapper to own package
* command cscli [machines|bouncers] inspect
* lapi detailed metrics: API spec + models
* db refact: drop column machines.status
* fix "cscli [machines|bouncers] delete" autocompletion
* lapi detailed metrics: db schema
* lint: replace "github.com/pkg/errors" in apiserver
* lint: import statement order
* improved tls middleware revocation checks
* lint: replace gocognit with revive
* lint: github.com/pkg/errors -> errors
* lint (intrange)
* lint (copyloopvar)
* config: expand env variables in local_api_credentials.yaml and .yaml.local
* refactor: prefer logrus.WithField over WithFields with a single param
* db: don't set machine heartbeat until first connection
* db: don't set bouncer last_pull until first connection
* enable linter: revive (superfluous-else)
* cscli: refactor hubtests / extract methods run(), coverage()
* Typos
* cscli: fixed some inconsistency in returning errors
* lint: disable redundant linters, update revive configuration and code metrics
* refactor pkg/parser: extract processGrok
* cscli: refactor "cscli setup" to avoid global variable
* refactor context (cscli, pkg/database)
* enhancement: add deprecation notice to cscli dashboard prerun
* enable linter: revive (deep-exit)
* cscli: fix deprecation message for "context delete"
* enable linter: revive (var-declaration)
* enable linter: revive (indent-error-flow)
* enhancement: add other log levels to docker start script and document them
* lint: replace cyclop, gocyclo with revive; basic pkg/hubtest helper
* pkg/cwhub: use explicit context for item install, upgrade
* pkg/cwhub: use explicit context for version check, index update
* enable linter: revive (early-return)
* add: go reference badge
* lint revive(deep-exit): refactor cmd/crowdsec
* enable linter: revive (blank-imports)
* Use cmp.Or from go 1.22
* enable linter "stylecheck"
* fix test 01_cscli by avoiding discrepancies in cscli explain
* refactor "cscli decisions"
* refactor pkg/database, pkg/models
* lint: enable revive/if-return, revive/error-strings
* tests: log.Fatal -> return err
* fix tests in 01_crowdsec.bats for packages testing
* add decently new version of python for centos 7 and 8 for testing
* pkg/database: refactor & rename "soft delete" to "expire"
* lint: revive/useless-break
* enable linter: revive(bool-literal-in-expr)
* cscli: log.Fatal -> return err
* cscli: refactor alerts/console/decisions/setup
* db,lapi: round durations and timestamps to 1 second
* pkg/dumps.DumpTree: split to reduce complexity
* pkg/database: simplify flush agents/bouncers
* db: mark immutable columns / remove unused
* deps: use ent 0.13.1
-------------------------------------------------------------------
Sun Jun 2 09:00:54 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- new package crowdsec (including crowdsec-cli): the open-source
and participative security solution offering crowdsourced
protection against malicious IPs and access to the most advanced
real-world CTI
