Crowd 1.5.1 Release Notes
14 October 2008
The Atlassian Crowd team is delighted to present Crowd 1.5.1.
Crowd 1.5.1 is a recommended upgrade which fixes a parameter injection vulnerability and other issues. Please refer to the security advisory for details of the security vulnerability, risk assessment and mitigation strategies.
When using Crowd for single sign-on (SSO), you can now specify that the 'secure' flag is set on the SSO cookie. This will enforce a secured connection, such as SSL, for all SSO requests. Note that if you set this flag, any applications not using a secure connection will not be able to participate in SSO. Potentially, this may make it impossible to log in to Crowd.
When generating session tokens, Crowd now includes a very large random number as part of the hash value. This makes it more difficult for a malicious third party to impersonate a legitimate Crowd user.
This release also brings a number of improvements to search functionality, particularly for LDAP directories and for Confluence instances integrated with Crowd.
Don't have Crowd 1.5 yet?
Take a look at the new features and other highlights in the Crowd 1.5 Release Notes.