v0.12.0

0.12.0 (2026-05-23)

Features

• abuse: rate limits, CrowdSec, and Prometheus observability (1cd6cdd)
• crowdsec: add install script with Docker and native paths (a8598b8)
• forwarding: port maps, deny lists, route geo, and maintenance mode (f081b1f)
• logs: surface CrowdSec drops in log viewer (15ce59f)
• peers: add API fallback when Web Crypto is unavailable on HTTP. (5ac2eae)
• ui: gate Advanced tabs with disabled state and hints (3739696)

Bug Fixes

• abuse: harden review findings and deferred operator gaps (156bcee)
• crowdsec: allow staged Docker install before bouncer key exists. (8477092)
• crowdsec: build local nft bouncer image instead of missing Hub tag. (7f5df91)
• crowdsec: fetch bouncer binary from GitHub releases in Docker build. (ecacaf3)
• crowdsec: prefetch bouncer binary on host for offline Docker build. (550c11e)
• crowdsec: recover from Docker-created acquis.yaml directory trap. (d4ef63f)
• crowdsec: remove RETURN trap that broke install under set -u. (2dd9f1d)
• crowdsec: set LOCAL_API_URL so cscli can reach LAPI in Docker. (ef0bc46)
• crowdsec: start LAPI offline when CrowdSec HTTPS is blocked. (f512781)
• crowdsec: use host network and gitignore local compose configs. (a5cd49b)
• nft: enforce max_conn_per_ip before forward established accept. (a7bcab2)
• nft: meter all UDP packets for udp_per_second limits. (88d3c69)
• nft: use ct count over N-1 for max_conn_per_ip limits. (1474946)
• nft: use inline ct count for max_conn_per_ip limits. (90d5dc7)
• reload: retry nft validate after deleting live EvuProxy tables. (9eb550b)
• reload: stage wg syncconf temp file under /etc/wireguard. (990ac24)
• ui: correct peer crypto fallback API paths. (2b0782d)
• ui: guard peer onboarding copy when clipboard is unavailable. (d6f1dda)