v0.0.6-rc2

🚀 Highlights (rc2 + rc1)

• Go 1.25 base images for builds (smaller, faster, up-to-date toolchain).
• Dropped freebsd/riscv64 target from release artifacts.
• Decision type filtering at source and per-request.
• Ubuntu 25.10 install fixes and script updates.
• Dependency refresh and minor tooling cleanup.

What’s Changed (since v0.0.6-rc1 → v0.0.6-rc2)

• Update Go version to 1.25 in Dockerfile by @LaurenceJJones in #118
• Drop platform freebsd/riscv64 by @mmetc in #119

Full Changelog: v0.0.6-rc1...v0.0.6-rc2

---

Previously in v0.0.6-rc1

What’s Changed

• chore/update-py-cstest by @LaurenceJJones in #115
• update dependencies, fix install issue with ubuntu 25.10 by @mmetc in #116
• update install scripts for ubuntu 25.10 by @mmetc in #117
• enhance: Add supported decisions type by @LaurenceJJones in #113

Full Changelog: v0.0.5...v0.0.6-rc1

---

✨ New: Decision type filtering

Limit mirrored blocklists to specific decision types (e.g. ban, captcha) via config or per-request.

Config (YAML)

crowdsec_config:
  # ...
  supported_decisions_types:
    - ban

• Empty/missing list → no type filtering (all types).
• Case-insensitive matching.

Per-request overrides (query param)

• /security/blocklist?supported_decisions_types=ban,captcha
• /security/blocklist?supported_decisions_types=ban&supported_decisions_types=captcha

If omitted, the YAML value applies. To include all types, omit the param and leave the YAML list empty.

Combines with: ipv4only, ipv6only, origin, nosort.

Notes/Internals:

• Uses stdlib slices (no x/exp).
• Removed the "all" special-case—omit the param to include all types.

---

🛠️ Installation & Packaging

• Ubuntu 25.10: install scripts updated and a prior install issue fixed.

---

🔧 Maintenance

• Dependencies updated.
• Python cstest workflow refreshed.
• Go 1.25 in Dockerfile.
• Release artifacts no longer include freebsd/riscv64.

Impact note: The platform drop only affects release artifact availability; runtime behavior for other platforms is unchanged.

v0.0.6-rc1

🚀 Highlights

• Decision type filtering at source and per-request.
• Ubuntu 25.10 install fixes and script updates.
• Dependency refresh and minor tooling cleanup.

What’s Changed

• chore/update-py-cstest by @LaurenceJJones in #115
• update dependencies, fix install issue with ubuntu 25.10 by @mmetc in #116
• update install scripts for ubuntu 25.10 by @mmetc in #117
• enhance: Add supported decisions type by @LaurenceJJones in #113

Full Changelog: v0.0.5...v0.0.6-rc1

---

✨ New: Decision type filtering

Keep your mirrored blocklists limited to specific decision types (e.g., ban, captcha) either via config or per request.

Config (YAML)

crowdsec_config:
  # ...
  supported_decisions_types:
    - ban

• Empty/missing list → no type filtering (all types).
• Case-insensitive matching.

Per-request overrides (query param)

You can override the YAML setting without changing server config:

• /security/blocklist?supported_decisions_types=ban,captcha
• /security/blocklist?supported_decisions_types=ban&supported_decisions_types=captcha

If the parameter is omitted, the YAML value applies.
To get all types, omit the parameter and leave the YAML list empty.

Combines with existing filters

Works alongside ipv4only, ipv6only, origin, nosort.

Notes / Internals

• Uses stdlib slices (no x/exp).
• Removed the previous "all" special-case; simply omit the param to include all types.

---

🛠️ Installation & Packaging

• Ubuntu 25.10: install scripts updated and an install issue fixed to ensure smooth setup on 25.10.

---

🔧 Maintenance

• Dependencies updated.
• Python cstest workflow refreshed.

v0.0.5

What's Changed

GZIP Compression middleware #110

The remediation now checks for incoming accepted encoding types and if the client support GZIP then the response will be compressed.

Example usage:

curl --compressed http://127.0.0.1:4141/security.txt

• CI: golangci-lint v2 by @mmetc in #108
• enhance: Add gzip middleware to compress when a client can accept it by @LaurenceJJones in #110
• enhance: Add proper headers to prompt for basic auth by @LaurenceJJones in #111
• CI: uv+ruff by @mmetc in #109

Full Changelog: v0.0.4...v0.0.5

v0.0.4

What's Changed

• allow to specify 'scopes' in the configuration by @buixor in #93
• Use go 1.22 by @j3n57h0m45 in #96
• update dependencies by @j3n57h0m45 in #97
• refactor mikrotik formatter by @j3n57h0m45 in #98
• Update docker readme by @j3n57h0m45 in #99
• fix functional test (to pass with latest crowdsec image) by @mmetc in #104
• CI: cache pipenv dependencies by @mmetc in #105
• make: remove redundant go version check by @mmetc in #103
• make: remove redundant build flags by @mmetc in #106
• update dependencies by @mmetc in #102
• Implement Juniper SRX formatter by @tony-butchart in #101
• make: report docker platform with --version by @mmetc in #107
• fix generated RouterOS script, clean up template by @j3n57h0m45 in #100

New Contributors

• @buixor made their first contribution in #93
• @j3n57h0m45 made their first contribution in #96
• @tony-butchart made their first contribution in #101

Full Changelog: v0.0.3...v0.0.4

v0.0.4-rc2

What's Changed

• allow to specify 'scopes' in the configuration by @buixor in #93
• Use go 1.22 by @j3n57h0m45 in #96
• update dependencies by @j3n57h0m45 in #97
• refactor mikrotik formatter by @j3n57h0m45 in #98
• Update docker readme by @j3n57h0m45 in #99
• fix functional test (to pass with latest crowdsec image) by @mmetc in #104
• CI: cache pipenv dependencies by @mmetc in #105
• make: remove redundant go version check by @mmetc in #103
• make: remove redundant build flags by @mmetc in #106
• update dependencies by @mmetc in #102
• Implement Juniper SRX formatter by @tony-butchart in #101
• make: report docker platform with --version by @mmetc in #107
• fix generated RouterOS script, clean up template by @j3n57h0m45 in #100

New Contributors

• @buixor made their first contribution in #93
• @j3n57h0m45 made their first contribution in #96
• @tony-butchart made their first contribution in #101

Full Changelog: v0.0.3...v0.0.4-rc2

v0.0.4-rc1

What's Changed

• use go 1.21.6 by @mmetc in #87
• lint by @mmetc in #90
• revert preventing the build. This will be done pipeline side. by @sabban in #92
• allow to specify 'scopes' in the configuration by @buixor in #93
• Use go 1.22 by @j3n57h0m45 in #96
• update dependencies by @j3n57h0m45 in #97
• refactor mikrotik formatter by @j3n57h0m45 in #98
• Update docker readme by @j3n57h0m45 in #99

New Contributors

• @buixor made their first contribution in #93
• @j3n57h0m45 made their first contribution in #96

Full Changelog: v0.0.3...v0.0.4-rc1

v0.0.3

What’s Changed

• lint (#90) @mmetc
• use go 1.21.6 (#87) @mmetc
• Makefile: use GO macro if set, to check for version (#85) @mmetc
• logging: full standard timestamp with timezone (yyyy-mm-dd) (#86) @mmetc
• update golangci-lint, lint fixes (#84) @mmetc
• add new formatter (#77) @LaurenceJJones
• update dependency on crowdsec, go-cs-bouncer (#83) @mmetc
• use go 1.21.5 (#82) @mmetc
• Release action: fix asset upload (#81) @mmetc
• update dependencies on crowdsec, go-cs-bouncer, go-cs-lib (#80) @mmetc
• force raw output on cscli during install (#79) @mmetc
• fix vendor packaging (#78) @mmetc
• alternate vendor file (xz compression and version number) (#76) @mmetc
• update go version, golangci-lint and test dependencies (#75) @mmetc
• update crowdsec dependency (#74) @mmetc
• Support option "retry_initial_connect" (#73) @mmetc
• Use go 1.20.6 (#72) @mmetc
• CI: run codeql in lint.yml (#70) @mmetc
• cross-platform interrupt handler (#69) @mmetc
• update go.mod to remove dependency from wasm (#71) @mmetc
• add vendor.tgz to release (#68) @mmetc
• Use go 1.20.5 (#66) @mmetc
• test bouncer registration with tls (#65) @mmetc
• update dependencies to crowdsec 1.5.2; allow build with devel version of go (#61) @mmetc
• test tls: allowed ou in client cert (#64) @mmetc
• notify systemd and handle SIGINT/SIGTERM (#62) @mmetc
• respect log permissions if file already exists (#63) @mmetc
• substitute envvars in config file (#34) @mmetc
• use go-cs-lib (#59) @mmetc
• move main entrypoint to cmd/root.go (#58) @mmetc
• deb, rpm: handle api key creation (skip/ignore) with .yaml.local or remote LAPI (#57) @mmetc
• include _bouncer.sh in release tarballs (#56) @mmetc

v0.0.3-rc6

What’s Changed

• revert preventing the build. This will be done pipeline side. (#92) @sabban
• lint (#90) @mmetc
• use go 1.21.6 (#87) @mmetc
• static build require not to build at package creation time (#89) @sabban
• Makefile: use GO macro if set, to check for version (#85) @mmetc
• logging: full standard timestamp with timezone (yyyy-mm-dd) (#86) @mmetc
• update golangci-lint, lint fixes (#84) @mmetc
• add new formatter (#77) @LaurenceJJones
• update dependency on crowdsec, go-cs-bouncer (#83) @mmetc
• use go 1.21.5 (#82) @mmetc
• Release action: fix asset upload (#81) @mmetc
• update dependencies on crowdsec, go-cs-bouncer, go-cs-lib (#80) @mmetc
• force raw output on cscli during install (#79) @mmetc
• fix vendor packaging (#78) @mmetc
• alternate vendor file (xz compression and version number) (#76) @mmetc
• update go version, golangci-lint and test dependencies (#75) @mmetc
• update crowdsec dependency (#74) @mmetc
• Support option "retry_initial_connect" (#73) @mmetc
• Use go 1.20.6 (#72) @mmetc
• CI: run codeql in lint.yml (#70) @mmetc
• cross-platform interrupt handler (#69) @mmetc
• update go.mod to remove dependency from wasm (#71) @mmetc
• add vendor.tgz to release (#68) @mmetc
• Use go 1.20.5 (#66) @mmetc
• test bouncer registration with tls (#65) @mmetc
• update dependencies to crowdsec 1.5.2; allow build with devel version of go (#61) @mmetc
• test tls: allowed ou in client cert (#64) @mmetc
• notify systemd and handle SIGINT/SIGTERM (#62) @mmetc
• respect log permissions if file already exists (#63) @mmetc
• substitute envvars in config file (#34) @mmetc
• use go-cs-lib (#59) @mmetc
• move main entrypoint to cmd/root.go (#58) @mmetc
• deb, rpm: handle api key creation (skip/ignore) with .yaml.local or remote LAPI (#57) @mmetc
• include _bouncer.sh in release tarballs (#56) @mmetc

v0.0.3-rc5

What’s Changed

• static build require not to build at package creation time (#89) @sabban
• Makefile: use GO macro if set, to check for version (#85) @mmetc
• logging: full standard timestamp with timezone (yyyy-mm-dd) (#86) @mmetc
• update golangci-lint, lint fixes (#84) @mmetc
• add new formatter (#77) @LaurenceJJones
• update dependency on crowdsec, go-cs-bouncer (#83) @mmetc
• use go 1.21.5 (#82) @mmetc
• Release action: fix asset upload (#81) @mmetc
• update dependencies on crowdsec, go-cs-bouncer, go-cs-lib (#80) @mmetc
• force raw output on cscli during install (#79) @mmetc
• fix vendor packaging (#78) @mmetc
• alternate vendor file (xz compression and version number) (#76) @mmetc
• update go version, golangci-lint and test dependencies (#75) @mmetc
• update crowdsec dependency (#74) @mmetc
• Support option "retry_initial_connect" (#73) @mmetc
• Use go 1.20.6 (#72) @mmetc
• CI: run codeql in lint.yml (#70) @mmetc
• cross-platform interrupt handler (#69) @mmetc
• update go.mod to remove dependency from wasm (#71) @mmetc
• add vendor.tgz to release (#68) @mmetc
• Use go 1.20.5 (#66) @mmetc
• test bouncer registration with tls (#65) @mmetc
• update dependencies to crowdsec 1.5.2; allow build with devel version of go (#61) @mmetc
• test tls: allowed ou in client cert (#64) @mmetc
• notify systemd and handle SIGINT/SIGTERM (#62) @mmetc
• respect log permissions if file already exists (#63) @mmetc
• substitute envvars in config file (#34) @mmetc
• use go-cs-lib (#59) @mmetc
• move main entrypoint to cmd/root.go (#58) @mmetc
• deb, rpm: handle api key creation (skip/ignore) with .yaml.local or remote LAPI (#57) @mmetc
• include _bouncer.sh in release tarballs (#56) @mmetc

v0.0.3-rc4

What’s Changed

• update golangci-lint, lint fixes (#84) @mmetc
• add new formatter (#77) @LaurenceJJones
• update dependency on crowdsec, go-cs-bouncer (#83) @mmetc
• use go 1.21.5 (#82) @mmetc
• Release action: fix asset upload (#81) @mmetc
• update dependencies on crowdsec, go-cs-bouncer, go-cs-lib (#80) @mmetc
• force raw output on cscli during install (#79) @mmetc
• fix vendor packaging (#78) @mmetc
• alternate vendor file (xz compression and version number) (#76) @mmetc
• update go version, golangci-lint and test dependencies (#75) @mmetc
• update crowdsec dependency (#74) @mmetc
• Support option "retry_initial_connect" (#73) @mmetc
• Use go 1.20.6 (#72) @mmetc
• CI: run codeql in lint.yml (#70) @mmetc
• cross-platform interrupt handler (#69) @mmetc
• update go.mod to remove dependency from wasm (#71) @mmetc
• add vendor.tgz to release (#68) @mmetc
• Use go 1.20.5 (#66) @mmetc
• test bouncer registration with tls (#65) @mmetc
• update dependencies to crowdsec 1.5.2; allow build with devel version of go (#61) @mmetc
• test tls: allowed ou in client cert (#64) @mmetc
• notify systemd and handle SIGINT/SIGTERM (#62) @mmetc
• respect log permissions if file already exists (#63) @mmetc
• substitute envvars in config file (#34) @mmetc
• use go-cs-lib (#59) @mmetc
• move main entrypoint to cmd/root.go (#58) @mmetc
• deb, rpm: handle api key creation (skip/ignore) with .yaml.local or remote LAPI (#57) @mmetc
• include _bouncer.sh in release tarballs (#56) @mmetc