Crowd 3.4 Upgrade Notes
Before upgrading to Crowd 3.4, read the following sections to make sure you're aware of all the important changes. We highly recommend that you read about all the new features in the Crowd 3.4 Release Notes.
Known issues & Security considerations
Infinite-authentication-loop in Confluence and Jira
If you’re using SAML authentication with Crowd in Confluence or Jira and you encounter a restricted area in one of these applications, you’ll be redirect to Crowd to authenticate. Once you authenticate in Crowd, you’ll be redirected back to your application. Since you don’t have permissions to access that particular area, the application redirects you again to Crowd this way creating an infinite loop. The Crowd team is currently working on a solution to this issue.
Protection against brute-force attacks
If you’re using an external directory with Crowd, it will protect you against such brute-force attacks as submitting many passwords or passphrases to a log in page. However, for internal directories, there’s no limit for passwords attempts by default. To enable the maximum password attempts, in your directory click the configuration tab and set the maximum password attempts to >0. See Configuring an Internal Directory.
To upgrade Crowd from any of the earlier versions, follow these upgrade instructions.