Announcing CrowdSec 1.4: what’s new?
We are very happy to announce the release of CrowdSec 1.4: Windows support, client authentication via certificates, dynamic decision time, easier configuration and a ton of improvements. Check out what's new in this article.
In our infinite wisdom, we have established that after version 1.3 released earlier this year, it was now time for version 1.4.
🍲 What have we been cooking?
Yes, my fluffy friends: after a few months of Alpha and Beta testing, Windows support is now officially out! It supports essential services (RDP, SMB, Windows firewall, Exchange, SYSMON, IIS), and a firewall bouncer is also available. You can now protect your Windows infrastructures and join the crowd!
Easier and more resilient configuration management
This one was overdue, but better later than never: it is now possible to have alternate .local configuration files that will take precedence over existing configurations and be left untouched by the package manager. You can now overload one or more configuration values and ensure those remain above package upgrades: the package manager is unaware of those files, but CrowdSec will consider them as overriding existent parameters. Configurations supporting this mechanism are config.yaml, local_api_credentials.yaml, simulation.yaml and profiles.yaml.
Client authentication via certificates
Mostly relevant for people that do automated infrastructure provisioning and infrastructure as code, it is now possible to configure agents and bouncers to use certificates to authenticate to the local API. Getting rid of provisioning of API keys for bouncers and Login/Passwords for agents will make CrowdSec’s management within that kind of infrastructure a lot easier.
While on the “machine management” topic, this release brings both a heartbeat feature in the Local API and a “garbage collector” feature, which automatically cleans up inactive agents and bouncers after a while.
Dynamic decision time
After our users heavily insisted on this new feature, we finally incorporated the ability to provide “dynamic” decision duration based on the number of offenses. With duration_expr, you can now ban people for an exponential time and cast them to the drop table for nearly forever.
Overall performance improvement
While performing benchmarks for some users with significant throughput (30k+ EP/s on a single website), we discovered several optimizations that will lead to a decupled performance increase in some resource-intensive setups. We will publish an article very soon covering this topic, no vain teasing!
Better Management of IPV6
This release improves the support for IPV6 and notably brings the ability to ban an IPv6 range automatically when an IP triggers a scenario.
And a ton of other improvements
And there are many other less notable things, but feel free to take a look at the release notes on our GitHub.
As always, your feedback is what drives us forward, so feel free to share it with us. Our Discord is the best place to do so.