All Versions
14
Latest Version
Avg Release Cycle
16 days
Latest Release
28 days ago

Changelog History
Page 1

  • v1.7.8 Changes

    May 11, 2026

    ๐Ÿ†• New Features

    ๐Ÿ‘Œ Improvements

    • WAF: enforce body size limitation (#4355) @blotus
    • ๐Ÿšš Decision stream: move to chunked transfer by default (#4413) @blotus
    • cscli: add --quick flag to enroll command (#4350) @blotus
    • ๐Ÿ”ง propose an alternative, cleaner configuration for appsec-config (#4397) @buixor

    ๐Ÿ› Bug Fixes

    • cscli metrics: don't attempt to create a DB client if there's no DB config (#4451) @blotus
    • ๐Ÿ”Š papi: don't spam logs if chan is closed (#4439) @blotus
    • alerts: use single transaction when creating alert and all related items (#4438) @blotus
    • LAPI: enforce maximum body size for decompression

    Chore / Deps

    • โšก๏ธ build(deps): bump the gomod group across 1 directory with 34 updates (#4453) @dependabot[bot]
    • โšก๏ธ build(deps): bump the github-actions group with 2 updates (#4447) @dependabot[bot]
    • ๐Ÿ— build(deps): bump alpine from 3.21 to 3.23 in /build/docker in the docker group across 1 directory (#4441) @dependabot[bot]
    • โšก๏ธ build(deps): bump the github-actions group with 7 updates (#4443) @dependabot[bot]
    • โšก๏ธ build(deps): bump the uv group in /build/docker/test with 3 updates (#4442) @dependabot[bot]
    • db: add some missing indexes (#4435) @blotus
    • โšก๏ธ Dependencies update (#4412) @blotus
    • โž• add PAPI metrics (#4411) @blotus
    • ๐Ÿ— build(deps): bump github.com/aws/aws-lambda-go from 1.47.0 to 1.54.0 (#4402) @dependabot[bot]
    • ๐Ÿ— build(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#4403) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github.com/google/go-querystring from 1.1.0 to 1.2.0 (#4400) @dependabot[bot]
    • ๐Ÿ— build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 (#4404) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.42.3 to 1.42.25 (#4405) @dependabot[bot]
    • ๐Ÿš€ build(deps): bump release-drafter/release-drafter from 6.4.0 to 7.1.1 (#4381) @dependabot[bot]
    • ๐Ÿ— build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#4388) @dependabot[bot]
    • ๐Ÿ— build(deps): bump schneegans/dynamic-badges-action from 1.7.0 to 1.8.0 (#4393) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#4394) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.33.0 to 4.35.1 (#4395) @dependabot[bot]
    • โšก๏ธ update dependabot config (#4440) @blotus
    • ๐Ÿ— build(deps): bump requests from 2.32.5 to 2.33.0 in /build/docker/test (#4389) @dependabot[bot]
    • ๐Ÿ— build(deps): bump cryptography from 46.0.5 to 46.0.6 in /build/docker/test (#4391) @dependabot[bot]
    • ๐Ÿ— build(deps): bump pygments from 2.19.2 to 2.20.0 in /build/docker/test (#4396) @dependabot[bot]

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.

  • v1.7.8-rc1 Changes

    May 05, 2026

    ๐Ÿ†• New Features

    ๐Ÿ‘Œ Improvements

    • WAF: enforce body size limitation (#4355) @blotus
    • ๐Ÿšš Decision stream: move to chunked transfer by default (#4413) @blotus
    • cscli: add --quick flag to enroll command (#4350) @blotus
    • ๐Ÿ”ง propose an alternative, cleaner configuration for appsec-config (#4397) @buixor

    ๐Ÿ› Bug Fixes

    • cscli metrics: don't attempt to create a DB client if there's no DB config (#4451) @blotus
    • ๐Ÿ”Š papi: don't spam logs if chan is closed (#4439) @blotus
    • alerts: use single transaction when creating alert and all related items (#4438) @blotus

    Chore / Deps

    • โšก๏ธ build(deps): bump the gomod group across 1 directory with 34 updates (#4453) @dependabot[bot]
    • โšก๏ธ build(deps): bump the github-actions group with 2 updates (#4447) @dependabot[bot]
    • ๐Ÿ— build(deps): bump alpine from 3.21 to 3.23 in /build/docker in the docker group across 1 directory (#4441) @dependabot[bot]
    • โšก๏ธ build(deps): bump the github-actions group with 7 updates (#4443) @dependabot[bot]
    • โšก๏ธ build(deps): bump the uv group in /build/docker/test with 3 updates (#4442) @dependabot[bot]
    • db: add some missing indexes (#4435) @blotus
    • โšก๏ธ Dependencies update (#4412) @blotus
    • โž• add PAPI metrics (#4411) @blotus
    • ๐Ÿ— build(deps): bump github.com/aws/aws-lambda-go from 1.47.0 to 1.54.0 (#4402) @dependabot[bot]
    • ๐Ÿ— build(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#4403) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github.com/google/go-querystring from 1.1.0 to 1.2.0 (#4400) @dependabot[bot]
    • ๐Ÿ— build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 (#4404) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.42.3 to 1.42.25 (#4405) @dependabot[bot]
    • ๐Ÿš€ build(deps): bump release-drafter/release-drafter from 6.4.0 to 7.1.1 (#4381) @dependabot[bot]
    • ๐Ÿ— build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#4388) @dependabot[bot]
    • ๐Ÿ— build(deps): bump schneegans/dynamic-badges-action from 1.7.0 to 1.8.0 (#4393) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#4394) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.33.0 to 4.35.1 (#4395) @dependabot[bot]
    • โšก๏ธ update dependabot config (#4440) @blotus
    • ๐Ÿ— build(deps): bump requests from 2.32.5 to 2.33.0 in /build/docker/test (#4389) @dependabot[bot]
    • ๐Ÿ— build(deps): bump cryptography from 46.0.5 to 46.0.6 in /build/docker/test (#4391) @dependabot[bot]
    • ๐Ÿ— build(deps): bump pygments from 2.19.2 to 2.20.0 in /build/docker/test (#4396) @dependabot[bot]

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.

  • v1.7.7 Changes

    March 30, 2026

    CrowdSec 1.7.7 brings 2 major changes:

    • ๐Ÿง On linux, RE2 is now used by default for evaluating regexp in parsers
    • WAF rules can now contain a mix of AND/OR conditions without any limits, giving much greater flexibility when writing new rules

    ๐Ÿง RE2 by default on linux

    ๐Ÿš€ CrowdsSec has supported for a long time using RE2 as the regexp engine, and with this release we make it the default.

    ๐ŸŽ CrowdSec has always used the builtin Go regexp package, which is a Go reimplementation of the RE2 library, but with known performance limitations.

    ๐Ÿš‘ The switch to RE2 will bring significantly increased regexp performance (one of the most critical part of CrowdSec) at the cost of slightly longer regexp compilation and higher baseline memory usage.

    Important

    If you encounter any issues with the new regexp engine, you can fallback to the previous Go implementation by setting the feature flag re2_disable_grok_support (see the documentation).

    Other changes

    Other notable changes include:

    • a new kind attribute for alerts used to identify its source (a scenario, a WAF rule, a manual decision creation, ...)
    • a new cscli allowlist import command
    • ๐Ÿ‘Œ support for the HTTP_PROXY environment variable in the notification-http plugin
    • ๐Ÿ›  A resource leak under high load was fixed

    Full changelog

    ๐Ÿ†• New Features

    • โž• add LookupFile and FileMap expr helpers (#4372) @buixor
    • waf rules: allow arbitrary mix of AND and OR conditions (#4358) @blotus

    ๐Ÿ‘Œ Improvements

    • ๐Ÿง enable RE2 support by default on linux (#4386) @blotus
    • cscli allowlists: add import command (#4378) @blotus
    • WAF: expose more transformations from coraza (#4140) @blotus
    • โž• Add new kind alert attribute (#4351) @blotus
    • ๐Ÿ‘‰ Use environment proxy settings for notification-http (#4364) @op3

    ๐Ÿ› Bug Fixes

    • ๐Ÿ‘ allowlists: apply items to existing decisions in batch (#4095) @blotus
    • โœ… waf: fix tests for modsec rules generation (#4385) @blotus
    • ๐Ÿ windows: add file notification plugin in MSI package (#4367) @blotus
    • leakroutine: call cancel after leakroutine returns (#4369) @blotus
    • notification-sentinel: lower-case x-ms-date header for correct HMAC (#4288) @ebirn
    • ๐Ÿšš tests: remove temporary sqlite/plugin files from /tmp/ (#4332) @mmetc
    • ๐ŸŒฒ pkg/apiserver: fix scenario count in debug log (#4333) @mmetc
    • ๐Ÿ”Œ pkg/csplugin: prevent race condition, deadlock (#4294) @mmetc
    • โœ… pkg/acquisitioncontext: minimal fix for data race in tests (#4327) @mmetc
    • โœ… acquisition/file: minimal fix for data race in tests (#4326) @mmetc
    • ๐Ÿ›  fix lint fsutil/freebsd: unnecessary conversion (#4324) @mmetc
    • cscli: consistent status and usage message for unknown subcommands (#4320) @mmetc
    • ๐ŸŒฒ cscli detect: set log type for caddy unit to "syslog" (#4321) @mmetc
    • โœ… CI: add published_at to version.crowdsec.net/latest (#4291) @blotus
    • ๐Ÿ“œ cmd/crowdsec: assign overflow after parsing (#4226) @mmetc
    • waf: format as CRS match only if anomaly score is not 0 (#4230) @blotus

    ๐Ÿ”„ Changes

    • ๐Ÿ— build(deps): bump cryptography from 46.0.3 to 46.0.5 in /build/docker/test (#4298) @dependabot[bot]
    • ๐Ÿ‘Œ support for waf- alias in cscli (#4347) @buixor
    • refact pkg/dumps: reduce complexity (#4209) @mmetc
    • ๐Ÿ‘• lint: refact pkg/dumps for nilaway (#4208) @mmetc
    • ๐Ÿ“œ refact pkg/parser: redundant indirection (#4344) @mmetc
    • ๐Ÿ“œ refact pkg/parser: extract+embed NodeConfig in Node struct (#4343) @mmetc
    • ๐Ÿšš move calls to trace.ReportPanic() on top of goroutines (#4338) @mmetc
    • ๐Ÿ”Œ pkg/csplugin: simplify notification loop; noop with empty queue (#4328) @mmetc
    • ๐Ÿšš pkg/parsers: light refact, remove redundant code (#4213) @mmetc
    • refact cmd/crowdsec: encapsulate cache into alertBuffer (#4300) @mmetc
    • cmd/notification-*: don't provide the same context twice for request (#4316) @mmetc
    • don't flush 127.0.0.1 (#4315) @sabban
    • clipapi: replace tomb with errgroup (#4207) @mmetc
    • ๐Ÿšš refact cmd/crowdsec: remove redundant global variable (#4299) @mmetc
    • ๐Ÿšš refact: remove unused code in crowdsec-cli, apiserver, acquisition, database (#4304) @mmetc
    • refact pkg/leakybucket: trim down redundant Leaky struct fields (#4290) @mmetc
    • ๐Ÿšš pkg/leakybucket: remove global bucketStore, unused parameters + tags (#4286) @mmetc
    • ๐Ÿšš pkg/leakybucket: remove Simulated field from Leaky, keep it in config (#4285) @mmetc
    • pkg/leakybucket: extract BucketSpec from BucketFactory (#4284) @mmetc
    • refact pkg/leakybucket: extract methods from LoadBucket() part 2 (#4282) @mmetc
    • โœ… pkg/leakybucket: refact test loop, more explicit failures in testFile() (#4281) @mmetc
    • refact pkg/leakybucket: extract methods from LoadBucket() (#4279) @mmetc
    • ๐Ÿšฆ pkg/leakybucket: replace Signal chan with explicit read/done chans (#4277) @mmetc
    • pkg/leakybucket: replace waitgroups with single rwlock (#4276) @mmetc
    • pkg/leakybucket: garbage collect: compare float with epsilon (#4275) @mmetc
    • ๐Ÿ”จ pkg/leakybucket: refactor tests (#4272) @mmetc
    • pkg/leakybucket: replace sycn.Map with map + mutex (#4271) @mmetc
    • pkg/leakybucket: replace global counter with call to bucket store (#4273) @mmetc
    • pkg/leakybucket: review README.md (#4274) @mmetc
    • pkg/leakybucket: encapsulate store map + add methods (#4253) @mmetc
    • ๐Ÿšš pkg/leakybucket: remove redundant bool var (#4252) @mmetc
    • ๐Ÿ›  fix hub console side (#4266) @sabban
    • ๐Ÿ”– version workflow fix (#4262) @sabban
    • ๐Ÿ“‡ rename the prod branch to main (#4261) @sabban
    • โž• add version workflow (#4210) @sabban
    • ๐Ÿšš pkg/leakybucket: remove unused global (#4251) @mmetc
    • pkg/leakybucket: pass bucket factories by pointer (#4250) @mmetc
    • pkt/leakybucket: compileScopeFilter() -> ScopeType.CompileFilter() (#4247) @mmetc
    • pkg/leakybucket: rename OverflowFilter -> OverflowProcessor (#4248) @mmetc
    • pkg/leakybucket: rename Buckets -> BucketStore (#4246) @mmetc
    • refact leaky bayesian: method to function, unlock w/defer (#4242) @mmetc
    • pkg/leakybucket: early return (#4244) @mmetc
    • pkg/leakybucket: variable shorthand (#4245) @mmetc
    • ๐Ÿšš pkg/leakybucket: move LeakRoutine to method, rename parameters (#4243) @mmetc
    • โœ… pkg/leakybucket: review bucket validation and tests (#4241) @mmetc
    • ๐Ÿšš refact: remove unnecessary pointers to map, string, mutex (#4212) @mmetc
    • pkg/leakybucket: function to method BucketFactory.LoadBucket() (#4229) @mmetc
    • pkg/leakybucket: BucketType interface, method BucketFactory.Validate() (#4228) @mmetc

    Chore / Deps

  • v1.7.7-rc1 Changes

    March 23, 2026

    ๐Ÿ†• New Features

    • โž• add LookupFile and FileMap expr helpers (#4372) @buixor
    • waf rules: allow arbitrary mix of AND and OR conditions (#4358) @blotus

    ๐Ÿ‘Œ Improvements

    • ๐Ÿง enable RE2 support by default on linux (#4386) @blotus
    • cscli allowlists: add import command (#4378) @blotus
    • WAF: expose more transformations from coraza (#4140) @blotus
    • โž• Add new kind alert attribute (#4351) @blotus
    • ๐Ÿ‘‰ Use environment proxy settings for notification-http (#4364) @op3

    ๐Ÿ› Bug Fixes

    • ๐Ÿ‘ allowlists: apply items to existing decisions in batch (#4095) @blotus
    • โœ… waf: fix tests for modsec rules generation (#4385) @blotus
    • ๐Ÿ windows: add file notification plugin in MSI package (#4367) @blotus
    • leakroutine: call cancel after leakroutine returns (#4369) @blotus
    • notification-sentinel: lower-case x-ms-date header for correct HMAC (#4288) @ebirn
    • ๐Ÿšš tests: remove temporary sqlite/plugin files from /tmp/ (#4332) @mmetc
    • ๐ŸŒฒ pkg/apiserver: fix scenario count in debug log (#4333) @mmetc
    • ๐Ÿ”Œ pkg/csplugin: prevent race condition, deadlock (#4294) @mmetc
    • โœ… pkg/acquisitioncontext: minimal fix for data race in tests (#4327) @mmetc
    • โœ… acquisition/file: minimal fix for data race in tests (#4326) @mmetc
    • ๐Ÿ›  fix lint fsutil/freebsd: unnecessary conversion (#4324) @mmetc
    • cscli: consistent status and usage message for unknown subcommands (#4320) @mmetc
    • ๐ŸŒฒ cscli detect: set log type for caddy unit to "syslog" (#4321) @mmetc
    • โœ… CI: add published_at to version.crowdsec.net/latest (#4291) @blotus
    • ๐Ÿ“œ cmd/crowdsec: assign overflow after parsing (#4226) @mmetc
    • waf: format as CRS match only if anomaly score is not 0 (#4230) @blotus

    ๐Ÿ”„ Changes

    • ๐Ÿ— build(deps): bump cryptography from 46.0.3 to 46.0.5 in /build/docker/test (#4298) @dependabot[bot]
    • ๐Ÿ‘Œ support for waf- alias in cscli (#4347) @buixor
    • refact pkg/dumps: reduce complexity (#4209) @mmetc
    • ๐Ÿ‘• lint: refact pkg/dumps for nilaway (#4208) @mmetc
    • ๐Ÿ“œ refact pkg/parser: redundant indirection (#4344) @mmetc
    • ๐Ÿ“œ refact pkg/parser: extract+embed NodeConfig in Node struct (#4343) @mmetc
    • ๐Ÿšš move calls to trace.ReportPanic() on top of goroutines (#4338) @mmetc
    • ๐Ÿ”Œ pkg/csplugin: simplify notification loop; noop with empty queue (#4328) @mmetc
    • ๐Ÿšš pkg/parsers: light refact, remove redundant code (#4213) @mmetc
    • refact cmd/crowdsec: encapsulate cache into alertBuffer (#4300) @mmetc
    • cmd/notification-*: don't provide the same context twice for request (#4316) @mmetc
    • don't flush 127.0.0.1 (#4315) @sabban
    • clipapi: replace tomb with errgroup (#4207) @mmetc
    • ๐Ÿšš refact cmd/crowdsec: remove redundant global variable (#4299) @mmetc
    • ๐Ÿšš refact: remove unused code in crowdsec-cli, apiserver, acquisition, database (#4304) @mmetc
    • refact pkg/leakybucket: trim down redundant Leaky struct fields (#4290) @mmetc
    • ๐Ÿšš pkg/leakybucket: remove global bucketStore, unused parameters + tags (#4286) @mmetc
    • ๐Ÿšš pkg/leakybucket: remove Simulated field from Leaky, keep it in config (#4285) @mmetc
    • pkg/leakybucket: extract BucketSpec from BucketFactory (#4284) @mmetc
    • refact pkg/leakybucket: extract methods from LoadBucket() part 2 (#4282) @mmetc
    • โœ… pkg/leakybucket: refact test loop, more explicit failures in testFile() (#4281) @mmetc
    • refact pkg/leakybucket: extract methods from LoadBucket() (#4279) @mmetc
    • ๐Ÿšฆ pkg/leakybucket: replace Signal chan with explicit read/done chans (#4277) @mmetc
    • pkg/leakybucket: replace waitgroups with single rwlock (#4276) @mmetc
    • pkg/leakybucket: garbage collect: compare float with epsilon (#4275) @mmetc
    • ๐Ÿ”จ pkg/leakybucket: refactor tests (#4272) @mmetc
    • pkg/leakybucket: replace sycn.Map with map + mutex (#4271) @mmetc
    • pkg/leakybucket: replace global counter with call to bucket store (#4273) @mmetc
    • pkg/leakybucket: review README.md (#4274) @mmetc
    • pkg/leakybucket: encapsulate store map + add methods (#4253) @mmetc
    • ๐Ÿšš pkg/leakybucket: remove redundant bool var (#4252) @mmetc
    • ๐Ÿ›  fix hub console side (#4266) @sabban
    • ๐Ÿ”– version workflow fix (#4262) @sabban
    • ๐Ÿ“‡ rename the prod branch to main (#4261) @sabban
    • โž• add version workflow (#4210) @sabban
    • ๐Ÿšš pkg/leakybucket: remove unused global (#4251) @mmetc
    • pkg/leakybucket: pass bucket factories by pointer (#4250) @mmetc
    • pkt/leakybucket: compileScopeFilter() -> ScopeType.CompileFilter() (#4247) @mmetc
    • pkg/leakybucket: rename OverflowFilter -> OverflowProcessor (#4248) @mmetc
    • pkg/leakybucket: rename Buckets -> BucketStore (#4246) @mmetc
    • refact leaky bayesian: method to function, unlock w/defer (#4242) @mmetc
    • pkg/leakybucket: early return (#4244) @mmetc
    • pkg/leakybucket: variable shorthand (#4245) @mmetc
    • ๐Ÿšš pkg/leakybucket: move LeakRoutine to method, rename parameters (#4243) @mmetc
    • โœ… pkg/leakybucket: review bucket validation and tests (#4241) @mmetc
    • ๐Ÿšš refact: remove unnecessary pointers to map, string, mutex (#4212) @mmetc
    • pkg/leakybucket: function to method BucketFactory.LoadBucket() (#4229) @mmetc
    • pkg/leakybucket: BucketType interface, method BucketFactory.Validate() (#4228) @mmetc

    Chore / Deps

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.

  • v1.7.6 Changes

    January 23, 2026

    ๐Ÿ”„ Changes

    ๐Ÿ› Bug Fixes

    • ๐Ÿ“œ cmd/crowdsec: assign overflow after parsing (#4225) @mmetc

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.

  • v1.7.5 Changes

    January 22, 2026

    ๐Ÿ”„ Changes

    • ๐Ÿ replace syscall with unix/windows packages where possible (#3032) @mmetc
    • ๐Ÿ”ง pkg/acquisition: refact configuration validation and tests (#4187) @mmetc
    • โช pkg/acquisition: remove/restore mock datasources after usage (#4190) @mmetc
    • pkg/leakybucket: replace global variables with injected StateDumper (#4197) @mmetc
    • ๐Ÿ“„ pkg/acquisition: method docs, deduplicate module names (#4192) @mmetc
    • ๐Ÿšš errors.Wrapf -> fmt.Errorf, remove dependency on github.com/pkg/errors (#4198) @mmetc
    • โšก๏ธ update golangci-lint 2.8 (#4194) @mmetc
    • ๐Ÿ”Œ notification plugins: readability / dry refact, unnecessary pointers (#4166) @mmetc
    • refact acquisition/appsec: happy path (#4183) @mmetc
    • ๐Ÿšš pkg/acquisition/registry, move datasource registration to avoid dependency (#4189) @mmetc
    • gin middleware: drop closures (#4186) @mmetc
    • โœ… acquisition/journalctl: test cleanup (#4182) @mmetc
    • โœ… cscli hubtest: extract method finalizeRun() (#4181) @mmetc
    • ๐Ÿšš refact cmd/crowdsec: remove globals ParseDump, BucketPourTrack (#4184) @mmetc
    • refact pkg/apiserver: happy path; nil guard (#4180) @mmetc
    • refact pkg/leakybucket: drop closures (#4178) @mmetc
    • cmd/crowdsec: rename pipeline channels (#4175) @mmetc
    • ๐Ÿ— move dir debian, rpm to /build/ (#4174) @mmetc
    • ๐Ÿ‘• refact cmd/crowdsec: remove globals, lint, etc (#4163) @mmetc
    • ๐Ÿ‘• lint: modernize - enable slicessort, stringsseq (#4162) @mmetc
    • appsec: inject dependencies, avoid globals (#4148) @mmetc
    • ๐Ÿ CI: move windows build scripts to ./build/windows (#4145) @mmetc
    • โœ‚ remove obsolete readme (replaced by go generate) (#4164) @mmetc
    • cmd/crowdsec: refact dump.go, loops (#4158) @mmetc
    • ๐Ÿ“œ cmd/crowdsec: refact output.go, pour.go, parse.go (#4157) @mmetc
    • ๐Ÿ“œ refact: drop parserTomb, lpMetricsTomb (#4138) @mmetc
    • โฌ‡๏ธ drop unused method Client.IsMachineRegistered() (#4121) @mmetc
    • ๐Ÿ— CI: build with the tag "nomsgpack" to reduce binary size (#4151) @mmetc
    • ๐Ÿ— move ./docker to ./build/docker (#4130) @mmetc
    • acquisition refact: context-aware OneShot(), for file + journalctl + wineventlog (#4125) @mmetc
    • ๐Ÿ‘• lint: forbidigo (no print or printf in production, prefer fprint) (#4141) @mmetc
    • ๐Ÿ‘• CI: avoid using nolint with revive (#4144) @mmetc
    • ๐Ÿ‘• Lint: add explicit per-linter settings (#4134) @mmetc
    • ๐Ÿณ refact pkg/acquisition: split docker.go (#4065) @mmetc
    • ๐Ÿ“ฆ get rid of tombs in leakybucket package (#4127) @sabban
    • ๐Ÿ”ง refact pkg/acquisition: cloudwatch configuration (#4058) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: kinesis configuration (#4059) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: k8saudit configuration (#4060) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: http configuration (#4061) @mmetc
    • refact heartbeat: context-aware method (#4126) @mmetc
    • pkg/leakybucket refact: unexport, unused, explicit field names (#4123) @mmetc
    • ๐Ÿ— docker build: run builds on large runner (#4120) @blotus

    ๐Ÿ‘Œ Improvements

    • ๐Ÿณ docker datasource schema (#4206) @mmetc
    • ๐Ÿ‘• lint: enable bodyclose (ensure response bodies are closed to avoid leaks) (#4200) @mmetc
    • ๐Ÿ“œ feat: Add ParseKVLax for Flexible Key-Value Parsing (#4007) @LaurenceJJones
    • ๐Ÿ“œ pkg/parser: avoid calling spew unless trace (#4156) @mmetc
    • โœ… leakybucket: reduce error verbosity, test for misconfiguration (#4087) @mmetc
    • ๐Ÿ‘ feat(appsec): support transaction id header for request tracing (#4124) @LaurenceJJones

    ๐Ÿ› Bug Fixes

    • โšก๏ธ update functional tests with time-based-bf (#4217) @mmetc
    • papi: check if decision is allowlisted before adding it (#4196) @blotus
    • โœ… pkg/acquisition: register mock datasource for YAML tests (#4205) @mmetc
    • pkg/acquisition: prevent duplicate send in case of transform error (#4191) @mmetc
    • โœ… CI fix - exit lapi during hub tests; pass container struct reference instead of slice (#4202) @mmetc
    • CAPI: always reuse the stored token (#4201) @blotus
    • ๐Ÿ›  fix #4066: don't prepare the hub in lapi-only containers (#4169) @mmetc
    • ๐Ÿ›  fix #3991 - Acquisition config formatting in bug template (#4170) @mmetc
    • ๐Ÿ›  fix typos in function name, comments and user-facing docs (#4154) @mmetc
    • โœ… refact appsec tests: prevent data race (#3902) @mmetc
    • ๐Ÿ›  fix build issue on freebsd, add cross platform CI build and lint target (#4109) @mmetc

    Chore / Deps

    • ๐Ÿ— build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 (#4195) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.9 to 4.31.10 (#4193) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.6 to 7.2.0 (#4185) @dependabot[bot]
    • โšก๏ธ CI/tests: update bats-*, remove bats-mock (#4172) @mmetc
    • โšก๏ธ deps: update modernc.org/sqlite (#4177) @mmetc
    • โšก๏ธ CI, docker: update yq to v4.50.1 (#4179) @mmetc
    • ๐Ÿ— build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#4167) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 (#4153) @dependabot[bot]
    • โšก๏ธ update expr to 1.17.7 (#4150) @blotus
    • ๐Ÿ— build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4146) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.5 to 7.1.6 (#4147) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 (#4135) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.6 to 4.31.7 (#4116) @dependabot[bot]
    • โšก๏ธ CI: update and/or pin actions with tag comments (#4108) @mmetc
    • โšก๏ธ CI: update golangci-lint to 2.7 (#4110) @mmetc
    • โšก๏ธ make: move ./mk to ./build/mk, update gmsl (#4111) @mmetc

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.

  • v1.7.5-rc1 Changes

    January 19, 2026

    ๐Ÿ”„ Changes

    • ๐Ÿ replace syscall with unix/windows packages where possible (#3032) @mmetc
    • ๐Ÿ”ง pkg/acquisition: refact configuration validation and tests (#4187) @mmetc
    • โช pkg/acquisition: remove/restore mock datasources after usage (#4190) @mmetc
    • pkg/leakybucket: replace global variables with injected StateDumper (#4197) @mmetc
    • ๐Ÿ“„ pkg/acquisition: method docs, deduplicate module names (#4192) @mmetc
    • ๐Ÿšš errors.Wrapf -> fmt.Errorf, remove dependency on github.com/pkg/errors (#4198) @mmetc
    • โšก๏ธ update golangci-lint 2.8 (#4194) @mmetc
    • ๐Ÿ”Œ notification plugins: readability / dry refact, unnecessary pointers (#4166) @mmetc
    • refact acquisition/appsec: happy path (#4183) @mmetc
    • ๐Ÿšš pkg/acquisition/registry, move datasource registration to avoid dependency (#4189) @mmetc
    • gin middleware: drop closures (#4186) @mmetc
    • โœ… acquisition/journalctl: test cleanup (#4182) @mmetc
    • โœ… cscli hubtest: extract method finalizeRun() (#4181) @mmetc
    • ๐Ÿšš refact cmd/crowdsec: remove globals ParseDump, BucketPourTrack (#4184) @mmetc
    • refact pkg/apiserver: happy path; nil guard (#4180) @mmetc
    • refact pkg/leakybucket: drop closures (#4178) @mmetc
    • cmd/crowdsec: rename pipeline channels (#4175) @mmetc
    • ๐Ÿ— move dir debian, rpm to /build/ (#4174) @mmetc
    • ๐Ÿ‘• refact cmd/crowdsec: remove globals, lint, etc (#4163) @mmetc
    • ๐Ÿ‘• lint: modernize - enable slicessort, stringsseq (#4162) @mmetc
    • appsec: inject dependencies, avoid globals (#4148) @mmetc
    • ๐Ÿ CI: move windows build scripts to ./build/windows (#4145) @mmetc
    • โœ‚ remove obsolete readme (replaced by go generate) (#4164) @mmetc
    • cmd/crowdsec: refact dump.go, loops (#4158) @mmetc
    • ๐Ÿ“œ cmd/crowdsec: refact output.go, pour.go, parse.go (#4157) @mmetc
    • ๐Ÿ“œ refact: drop parserTomb, lpMetricsTomb (#4138) @mmetc
    • โฌ‡๏ธ drop unused method Client.IsMachineRegistered() (#4121) @mmetc
    • ๐Ÿ— CI: build with the tag "nomsgpack" to reduce binary size (#4151) @mmetc
    • ๐Ÿ— move ./docker to ./build/docker (#4130) @mmetc
    • acquisition refact: context-aware OneShot(), for file + journalctl + wineventlog (#4125) @mmetc
    • ๐Ÿ‘• lint: forbidigo (no print or printf in production, prefer fprint) (#4141) @mmetc
    • ๐Ÿ‘• CI: avoid using nolint with revive (#4144) @mmetc
    • ๐Ÿ‘• Lint: add explicit per-linter settings (#4134) @mmetc
    • ๐Ÿณ refact pkg/acquisition: split docker.go (#4065) @mmetc
    • ๐Ÿ“ฆ get rid of tombs in leakybucket package (#4127) @sabban
    • ๐Ÿ”ง refact pkg/acquisition: cloudwatch configuration (#4058) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: kinesis configuration (#4059) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: k8saudit configuration (#4060) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: http configuration (#4061) @mmetc
    • refact heartbeat: context-aware method (#4126) @mmetc
    • pkg/leakybucket refact: unexport, unused, explicit field names (#4123) @mmetc
    • ๐Ÿ— docker build: run builds on large runner (#4120) @blotus

    ๐Ÿ‘Œ Improvements

    • ๐Ÿณ docker datasource schema (#4206) @mmetc
    • ๐Ÿ‘• lint: enable bodyclose (ensure response bodies are closed to avoid leaks) (#4200) @mmetc
    • ๐Ÿ“œ feat: Add ParseKVLax for Flexible Key-Value Parsing (#4007) @LaurenceJJones
    • ๐Ÿ“œ pkg/parser: avoid calling spew unless trace (#4156) @mmetc
    • โœ… leakybucket: reduce error verbosity, test for misconfiguration (#4087) @mmetc
    • ๐Ÿ‘ feat(appsec): support transaction id header for request tracing (#4124) @LaurenceJJones

    ๐Ÿ› Bug Fixes

    • papi: check if decision is allowlisted before adding it (#4196) @blotus
    • โœ… pkg/acquisition: register mock datasource for YAML tests (#4205) @mmetc
    • pkg/acquisition: prevent duplicate send in case of transform error (#4191) @mmetc
    • โœ… CI fix - exit lapi during hub tests; pass container struct reference instead of slice (#4202) @mmetc
    • CAPI: always reuse the stored token (#4201) @blotus
    • ๐Ÿ›  fix #4066: don't prepare the hub in lapi-only containers (#4169) @mmetc
    • ๐Ÿ›  fix #3991 - Acquisition config formatting in bug template (#4170) @mmetc
    • ๐Ÿ›  fix typos in function name, comments and user-facing docs (#4154) @mmetc
    • โœ… refact appsec tests: prevent data race (#3902) @mmetc
    • ๐Ÿ›  fix build issue on freebsd, add cross platform CI build and lint target (#4109) @mmetc

    Chore / Deps

    • ๐Ÿ— build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 (#4195) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.9 to 4.31.10 (#4193) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.6 to 7.2.0 (#4185) @dependabot[bot]
    • โšก๏ธ CI/tests: update bats-*, remove bats-mock (#4172) @mmetc
    • โšก๏ธ deps: update modernc.org/sqlite (#4177) @mmetc
    • โšก๏ธ CI, docker: update yq to v4.50.1 (#4179) @mmetc
    • ๐Ÿ— build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#4167) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 (#4153) @dependabot[bot]
    • โšก๏ธ update expr to 1.17.7 (#4150) @blotus
    • ๐Ÿ— build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4146) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.5 to 7.1.6 (#4147) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 (#4135) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.6 to 4.31.7 (#4116) @dependabot[bot]
    • โšก๏ธ CI: update and/or pin actions with tag comments (#4108) @mmetc
    • โšก๏ธ CI: update golangci-lint to 2.7 (#4110) @mmetc
    • โšก๏ธ make: move ./mk to ./build/mk, update gmsl (#4111) @mmetc

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.

  • v1.7.4 Changes

    December 04, 2025

    ๐Ÿ”„ Changes

    • docker: remove CROWDSEC_CONTAINER_ENV (#4085) @mmetc
    • refact cscli: define csconfig.Getter once (#4091) @mmetc
    • refact load/save apic token: dependencies and sentinel errors (#4081) @mmetc
    • ๐Ÿ“ฆ pkg/csplugin: use backoff package to retry notifications (#3944) @mmetc
    • refact pkg/database batching (#3906) @mmetc
    • refact pkg/acquisition: split appsec.go (#4043) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: journalctl configuration (#4057) @mmetc
    • ๐Ÿ‘• lint revive: lower complexity threshold (#4056) @mmetc
    • ๐Ÿ‘• lint: unused parameters / 2 (#4055) @mmetc
    • ๐Ÿ‘• lint: unused parameters (#4049) @mmetc
    • refact pkg/acquisition: split loki.go (#4034) @mmetc
    • ๐Ÿ”Š refact pkg/acquisition: split victorialogs.go (#4037) @mmetc
    • refact pkg/acquisition: split wineventlog.go (#4036) @mmetc
    • refact pkg/acquisition: split s3.go (#4035) @mmetc
    • refact pkg/acquisition: split k8s_audit.go (#4033) @mmetc
    • refact pkg/acquisition: split kinesis.go (#4032) @mmetc
    • refact pkg/acquisition: split kafka.go (#4031) @mmetc
    • refact pkg/acquisition: split cloudwatch.go (#4029) @mmetc
    • refact pkg/acquisition: split http.go (#4030) @mmetc
    • refactg pkg/acquisition: split file.go (#4038) @mmetc
    • refact pkg/acquisition: split syslog.go (#4028) @mmetc
    • papi: explicit context (#3973) @mmetc
    • ๐Ÿšš pkg/csplugin: remove unused function (#4019) @mmetc
    • pkg/types -> new imports pt 4 (#4012) @mmetc
    • pkg/types -> new imports pt 3 (#4014) @mmetc
    • pkg/types -> new imports pt 2 (#4013) @mmetc
    • pkg/types -> new imports pt 1 (#4011) @mmetc
    • ๐ŸŒฒ pkg/types -> pkg/{pipeline,fsutil,enrichment,logging...} (#4006) @mmetc
    • ๐Ÿ‘• CI: enable linter "protogetter" (#3995) @mmetc
    • ๐Ÿ‘• enable linters: unnecessary-format, unused-receiver (#4001) @mmetc
    • ๐Ÿ‘• refact: remove unused struct fields and params / 3; enable linter "unused" (#3334) @mmetc

    ๐Ÿ†• New Features

    • WAF: Add DropRequest helper to block request in hooks (#4016) @blotus

    ๐Ÿ‘Œ Improvements

    • โšก๏ธ pkg/acquisition: update syslog to RestartableStreamer (#4040) @mmetc
    • ๐Ÿ”ง refact logging configuration; add log_media="syslog" (#4045) @mmetc
    • ๐Ÿณ cscli hubtest: better report docker/nuclei errors (#4052) @mmetc
    • ๐Ÿ— build: check make version before running Makefile (#4054) @mmetc
    • pkg/acquisition: refact journalctl datasource and unified retry loop (#4023) @mmetc
    • option api.server.disable_usage_metrics_export (#4021) @mmetc
    • ๐Ÿ— build: optional pure-go sqlite driver (#3908) @mmetc

    ๐Ÿ› Bug Fixes

    • LAPI metrics: don't use empty path as label for LAPI hits metrics (#4106) @blotus
    • ๐Ÿ›  fix accessLogger setup to separate file (#4103) @mmetc
    • ๐Ÿณ docker acquisition: prevent data races (#3956) @mmetc
    • ๐Ÿ›  Fix avoidable prometheus metrics cardinality (#4080) @g00g1
    • ๐Ÿšš loki acquisition: remove forgotten debug print (#4062) @mmetc
    • ๐Ÿ›  fix 2808: show certificate path in "lapi status" (#4053) @mmetc
    • decisionStream: only select required fields from the DB (#4024) @blotus

    ๐Ÿ“š Documentation

    • ๐Ÿ“„ docs: add public roadmap section to README.md (#4039) @mazzma12

    Chore / Deps

    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.4 to 4.31.6 (#4101) @dependabot[bot]
    • ๐Ÿ‘• build(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#4083) @dependabot[bot]
    • โšก๏ธ Update go-re2 to 1.10.0 (#4020) @blotus
    • ๐Ÿšš waf: remove custom raw body processor and use the upstream one (#4092) @blotus
    • ๐Ÿ— build(deps): bump actions/setup-python from 6.0.0 to 6.1.0 (#4089) @dependabot[bot]
    • โšก๏ธ update go-cs-lib (#4084) @mmetc
    • โšก๏ธ update coraza (#4047) @blotus
    • ๐Ÿ— build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#4077) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 (#4078) @dependabot[bot]
    • ๐Ÿ“œ replace prom2json with native Prometheus parser and context-aware scraping in CLI metrics (#3932) @mmetc
    • ๐Ÿ— build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#4073) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#4069) @dependabot[bot]
    • ๐Ÿ— build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#4064) @dependabot[bot]
    • โšก๏ธ update docker/docker to moby/moby (version docker-v29.0.0) (#4048) @mmetc
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.0 to 4.31.3 (#4051) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 (#4042) @dependabot[bot]
    • ๐Ÿ‘• build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#4041) @dependabot[bot]
    • ๐Ÿ— build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#4025) @dependabot[bot]
    • โšก๏ธ CI: update golangci-lint to 2.6.1 (#4026) @mmetc
    • waf: extract temp state from AppsecRuntimeConfig (#3952) @blotus
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.1 to 7.1.2 (#4009) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#4008) @dependabot[bot]
    • ๐Ÿ— build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4010) @dependabot[bot]

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.

  • v1.7.4-rc2 Changes

    December 03, 2025

    ๐Ÿ”„ Changes

    • docker: remove CROWDSEC_CONTAINER_ENV (#4085) @mmetc
    • refact cscli: define csconfig.Getter once (#4091) @mmetc
    • refact load/save apic token: dependencies and sentinel errors (#4081) @mmetc
    • ๐Ÿ“ฆ pkg/csplugin: use backoff package to retry notifications (#3944) @mmetc
    • refact pkg/database batching (#3906) @mmetc
    • refact pkg/acquisition: split appsec.go (#4043) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: journalctl configuration (#4057) @mmetc
    • ๐Ÿ‘• lint revive: lower complexity threshold (#4056) @mmetc
    • ๐Ÿ‘• lint: unused parameters / 2 (#4055) @mmetc
    • ๐Ÿ‘• lint: unused parameters (#4049) @mmetc
    • refact pkg/acquisition: split loki.go (#4034) @mmetc
    • ๐Ÿ”Š refact pkg/acquisition: split victorialogs.go (#4037) @mmetc
    • refact pkg/acquisition: split wineventlog.go (#4036) @mmetc
    • refact pkg/acquisition: split s3.go (#4035) @mmetc
    • refact pkg/acquisition: split k8s_audit.go (#4033) @mmetc
    • refact pkg/acquisition: split kinesis.go (#4032) @mmetc
    • refact pkg/acquisition: split kafka.go (#4031) @mmetc
    • refact pkg/acquisition: split cloudwatch.go (#4029) @mmetc
    • refact pkg/acquisition: split http.go (#4030) @mmetc
    • refactg pkg/acquisition: split file.go (#4038) @mmetc
    • refact pkg/acquisition: split syslog.go (#4028) @mmetc
    • papi: explicit context (#3973) @mmetc
    • ๐Ÿšš pkg/csplugin: remove unused function (#4019) @mmetc
    • pkg/types -> new imports pt 4 (#4012) @mmetc
    • pkg/types -> new imports pt 3 (#4014) @mmetc
    • pkg/types -> new imports pt 2 (#4013) @mmetc
    • pkg/types -> new imports pt 1 (#4011) @mmetc
    • ๐ŸŒฒ pkg/types -> pkg/{pipeline,fsutil,enrichment,logging...} (#4006) @mmetc
    • ๐Ÿ‘• CI: enable linter "protogetter" (#3995) @mmetc
    • ๐Ÿ‘• enable linters: unnecessary-format, unused-receiver (#4001) @mmetc
    • ๐Ÿ‘• refact: remove unused struct fields and params / 3; enable linter "unused" (#3334) @mmetc

    ๐Ÿ†• New Features

    • WAF: Add DropRequest helper to block request in hooks (#4016) @blotus

    ๐Ÿ‘Œ Improvements

    • โšก๏ธ pkg/acquisition: update syslog to RestartableStreamer (#4040) @mmetc
    • ๐Ÿ”ง refact logging configuration; add log_media="syslog" (#4045) @mmetc
    • ๐Ÿณ cscli hubtest: better report docker/nuclei errors (#4052) @mmetc
    • ๐Ÿ— build: check make version before running Makefile (#4054) @mmetc
    • pkg/acquisition: refact journalctl datasource and unified retry loop (#4023) @mmetc
    • option api.server.disable_usage_metrics_export (#4021) @mmetc
    • ๐Ÿ— build: optional pure-go sqlite driver (#3908) @mmetc

    ๐Ÿ› Bug Fixes

    • ๐Ÿ›  fix accessLogger setup to separate file (#4103) @mmetc
    • ๐Ÿณ docker acquisition: prevent data races (#3956) @mmetc
    • ๐Ÿ›  Fix avoidable prometheus metrics cardinality (#4080) @g00g1
    • ๐Ÿšš loki acquisition: remove forgotten debug print (#4062) @mmetc
    • ๐Ÿ›  fix 2808: show certificate path in "lapi status" (#4053) @mmetc
    • decisionStream: only select required fields from the DB (#4024) @blotus

    ๐Ÿ“š Documentation

    • ๐Ÿ“„ docs: add public roadmap section to README.md (#4039) @mazzma12

    Chore / Deps

    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.4 to 4.31.6 (#4101) @dependabot[bot]
    • ๐Ÿ‘• build(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#4083) @dependabot[bot]
    • โšก๏ธ Update go-re2 to 1.10.0 (#4020) @blotus
    • ๐Ÿšš waf: remove custom raw body processor and use the upstream one (#4092) @blotus
    • ๐Ÿ— build(deps): bump actions/setup-python from 6.0.0 to 6.1.0 (#4089) @dependabot[bot]
    • โšก๏ธ update go-cs-lib (#4084) @mmetc
    • โšก๏ธ update coraza (#4047) @blotus
    • ๐Ÿ— build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#4077) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 (#4078) @dependabot[bot]
    • ๐Ÿ“œ replace prom2json with native Prometheus parser and context-aware scraping in CLI metrics (#3932) @mmetc
    • ๐Ÿ— build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#4073) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#4069) @dependabot[bot]
    • ๐Ÿ— build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#4064) @dependabot[bot]
    • โšก๏ธ update docker/docker to moby/moby (version docker-v29.0.0) (#4048) @mmetc
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.0 to 4.31.3 (#4051) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 (#4042) @dependabot[bot]
    • ๐Ÿ‘• build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#4041) @dependabot[bot]
    • ๐Ÿ— build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#4025) @dependabot[bot]
    • โšก๏ธ CI: update golangci-lint to 2.6.1 (#4026) @mmetc
    • waf: extract temp state from AppsecRuntimeConfig (#3952) @blotus
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.1 to 7.1.2 (#4009) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#4008) @dependabot[bot]
    • ๐Ÿ— build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4010) @dependabot[bot]

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.

  • v1.7.4-rc1 Changes

    November 27, 2025

    ๐Ÿ”„ Changes

    • docker: remove CROWDSEC_CONTAINER_ENV (#4085) @mmetc
    • refact cscli: define csconfig.Getter once (#4091) @mmetc
    • refact load/save apic token: dependencies and sentinel errors (#4081) @mmetc
    • ๐Ÿ“ฆ pkg/csplugin: use backoff package to retry notifications (#3944) @mmetc
    • refact pkg/database batching (#3906) @mmetc
    • refact pkg/acquisition: split appsec.go (#4043) @mmetc
    • ๐Ÿ”ง refact pkg/acquisition: journalctl configuration (#4057) @mmetc
    • ๐Ÿ‘• lint revive: lower complexity threshold (#4056) @mmetc
    • ๐Ÿ‘• lint: unused parameters / 2 (#4055) @mmetc
    • ๐Ÿ‘• lint: unused parameters (#4049) @mmetc
    • refact pkg/acquisition: split loki.go (#4034) @mmetc
    • ๐Ÿ”Š refact pkg/acquisition: split victorialogs.go (#4037) @mmetc
    • refact pkg/acquisition: split wineventlog.go (#4036) @mmetc
    • refact pkg/acquisition: split s3.go (#4035) @mmetc
    • refact pkg/acquisition: split k8s_audit.go (#4033) @mmetc
    • refact pkg/acquisition: split kinesis.go (#4032) @mmetc
    • refact pkg/acquisition: split kafka.go (#4031) @mmetc
    • refact pkg/acquisition: split cloudwatch.go (#4029) @mmetc
    • refact pkg/acquisition: split http.go (#4030) @mmetc
    • refactg pkg/acquisition: split file.go (#4038) @mmetc
    • refact pkg/acquisition: split syslog.go (#4028) @mmetc
    • papi: explicit context (#3973) @mmetc
    • ๐Ÿšš pkg/csplugin: remove unused function (#4019) @mmetc
    • pkg/types -> new imports pt 4 (#4012) @mmetc
    • pkg/types -> new imports pt 3 (#4014) @mmetc
    • pkg/types -> new imports pt 2 (#4013) @mmetc
    • pkg/types -> new imports pt 1 (#4011) @mmetc
    • ๐ŸŒฒ pkg/types -> pkg/{pipeline,fsutil,enrichment,logging...} (#4006) @mmetc
    • ๐Ÿ‘• CI: enable linter "protogetter" (#3995) @mmetc
    • ๐Ÿ‘• enable linters: unnecessary-format, unused-receiver (#4001) @mmetc
    • ๐Ÿ‘• refact: remove unused struct fields and params / 3; enable linter "unused" (#3334) @mmetc

    ๐Ÿ†• New Features

    • WAF: Add DropRequest helper to block request in hooks (#4016) @blotus

    ๐Ÿ‘Œ Improvements

    • โšก๏ธ pkg/acquisition: update syslog to RestartableStreamer (#4040) @mmetc
    • ๐Ÿ”ง refact logging configuration; add log_media="syslog" (#4045) @mmetc
    • ๐Ÿณ cscli hubtest: better report docker/nuclei errors (#4052) @mmetc
    • ๐Ÿ— build: check make version before running Makefile (#4054) @mmetc
    • pkg/acquisition: refact journalctl datasource and unified retry loop (#4023) @mmetc
    • option api.server.disable_usage_metrics_export (#4021) @mmetc
    • ๐Ÿ— build: optional pure-go sqlite driver (#3908) @mmetc

    ๐Ÿ› Bug Fixes

    • ๐Ÿณ docker acquisition: prevent data races (#3956) @mmetc
    • ๐Ÿ›  Fix avoidable prometheus metrics cardinality (#4080) @g00g1
    • ๐Ÿšš loki acquisition: remove forgotten debug print (#4062) @mmetc
    • ๐Ÿ›  fix 2808: show certificate path in "lapi status" (#4053) @mmetc
    • decisionStream: only select required fields from the DB (#4024) @blotus

    ๐Ÿ“š Documentation

    • ๐Ÿ“„ docs: add public roadmap section to README.md (#4039) @mazzma12

    Chore / Deps

    • โšก๏ธ Update go-re2 to 1.10.0 (#4020) @blotus
    • ๐Ÿšš waf: remove custom raw body processor and use the upstream one (#4092) @blotus
    • ๐Ÿ— build(deps): bump actions/setup-python from 6.0.0 to 6.1.0 (#4089) @dependabot[bot]
    • โšก๏ธ update go-cs-lib (#4084) @mmetc
    • โšก๏ธ update coraza (#4047) @blotus
    • ๐Ÿ— build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#4077) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 (#4078) @dependabot[bot]
    • ๐Ÿ“œ replace prom2json with native Prometheus parser and context-aware scraping in CLI metrics (#3932) @mmetc
    • ๐Ÿ— build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#4073) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#4069) @dependabot[bot]
    • ๐Ÿ— build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#4064) @dependabot[bot]
    • โšก๏ธ update docker/docker to moby/moby (version docker-v29.0.0) (#4048) @mmetc
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.31.0 to 4.31.3 (#4051) @dependabot[bot]
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 (#4042) @dependabot[bot]
    • ๐Ÿ‘• build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#4041) @dependabot[bot]
    • ๐Ÿ— build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#4025) @dependabot[bot]
    • โšก๏ธ CI: update golangci-lint to 2.6.1 (#4026) @mmetc
    • waf: extract temp state from AppsecRuntimeConfig (#3952) @blotus
    • ๐Ÿ— build(deps): bump astral-sh/setup-uv from 7.1.1 to 7.1.2 (#4009) @dependabot[bot]
    • ๐Ÿ— build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#4008) @dependabot[bot]
    • ๐Ÿ— build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4010) @dependabot[bot]

    Geolite2 notice

    This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

    Installation

    Take a look at the installation instructions.