Releases: TheDuffman85/crowdsec-web-ui
Release list
2026.7.6
Changes
- Add TOTP support for password authentication (#351)
- Improve dashboard map performance (#351)
- Improve settings control layout (#351)
- Harden TOTP authentication (#351)
- Use app validation on login form (#351)
- Translate login form (#351)
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.7.62026.7.5
Changes
- Fix replay alert history timestamps (#347)
- Fix search date filters and drilldowns (#347)
- Update star history link (#347)
- Show commit titles in release notes (#347)
- Make release notes resilient to GitHub API failures (#348)
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.7.52026.7.4
2026.7.3
Changes
- Add OIDC scope support and simplify table column configuration (#341)
- Add support for configurable OIDC authorization scopes (
oidcScope) across server and client. - Improve OIDC scope configuration
- Store table columns locally
- Add support for configurable OIDC authorization scopes (
- Fix alert origin column test (#342)
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.7.32026.7.2
Changes
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.7.22026.7.1
Changes
- Enhance API documentation and improve metrics visualization (#324)
- Add child node toggle to metrics
- chore(deps): combine dependabot version bumps
- Adjust AppSec metrics activity bar
- Clarify parser timing event counts
- Clarify AppSec metrics visualization
- Match Dependabot cooldown to pnpm package age
- chore(deps): combine dependabot version bumps (#335)
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.7.12026.6.12
Changes
- Improve README for clearer setup and feature overview (#308)
- Add metrics screenshot to README
- Improve README for clearer setup and feature overview
- Add API docs, improve metrics and configurable OIDC unmatched-user policy (#312)
- Add API documentation
- Refine README description
- Refine metrics response colors
- Improve CrowdSec runtime metrics page
- Add OIDC unmatched user policy
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.6.122026.6.11
CrowdSec Prometheus Metrics
This release adds an optional Metrics page backed by CrowdSec's Prometheus endpoint.
What's New
- Added a dedicated Metrics page for CrowdSec runtime metrics.
- Shows bouncer, machine, parser, AppSec, and whitelist metrics that are not already covered by the alert and decision views.
- Uses the existing global refresh interval, but only refreshes while the Metrics page is open.
- Keeps the Metrics page visible when Prometheus is not configured and shows a setup hint instead.
- Added a General setting to hide the Metrics page from the sidebar.
- Added README documentation for enabling CrowdSec Prometheus metrics with
level: full. - Added translations for the new Metrics UI across all supported languages.
Configuration
Set CROWDSEC_PROMETHEUS_URL to your CrowdSec Prometheus endpoint, for example:
CROWDSEC_PROMETHEUS_URL=http://crowdsec:6060/metricsScreenshot
Changes
- Add optional CrowdSec metrics page (#307)
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.6.112026.6.10
Dashboard Authentication
This release is all about authentication. CrowdSec Web UI now has built-in protection for the browser UI and API routes, plus a new Settings page where authentication and user preferences can be managed from the UI.
New installs start with authentication enabled and show an initial setup flow for creating the first administrator account. Existing installs keep authentication disabled after upgrade unless you explicitly opt in, so current deployments continue working without surprise lockouts.
What's New
- Added a new Settings page for language, refresh interval, authentication, and preferences.
- Added password login, logout, signed sessions, and first-run setup.
- Added passkey registration and passkey login with WebAuthn.
- Added OIDC SSO with configurable issuer, client ID, client secret, group claim, admin groups, and read-only groups.
- Added Settings controls for password changes, passkey management, disabling password login, and OIDC configuration.
- Added admin and read-only access handling for authenticated users.
- Localized the new Settings and authentication copy across all supported UI languages.
- Updated documentation for dashboard authentication, file-backed auth secrets, and upgrade behavior.
- Bumped the local development toolchain to Node.js
24.18.0and pnpm11.9.0.
Upgrade Notes
Existing installs can enable dashboard authentication with:
AUTH_ENABLED=trueTo run without dashboard login, set:
AUTH_ENABLED=falseScreenshot
Changes
- Dashboard Authentication (#304)
- Add settings page for preferences
- Add dashboard authentication
- Show auth disabled hint in settings
- Bump Node and pnpm versions
- Refine password settings controls
- Translate settings authentication section
- Improve settings group editing and toasts
- Add passkey registration modal
- Refresh README screenshots (#305)
- Rename auth enabled environment flag (#306)
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.6.102026.6.8
This release reduces CrowdSec LAPI pressure during active-decision sync by using one lookback request and only splitting the window when a timeout requires it.
It also adds PERMISSION_READ_ONLY=true, an instance-wide safety mode for view-only deployments. The UI now hides enforcement and management actions, and the API rejects write operations like adding/deleting alerts or decisions, clearing cache, changing refresh cadence, and managing notification rules or destinations, while still allowing language preferences, table columns, and marking notifications as read.
Changes
- Reduce active decision alert polling and add read-only permission mode (#303)
- Reduce active decision alert polling
- Add read-only permission mode
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.6.8