Crowd 3.4 Upgrade Notes
Before upgrading to Crowd 3.4, read the following sections to make sure you're aware of all the important changes. We highly recommend that you read about all the new features in the Crowd 3.4 Release Notes.
Active status and backups
While Crowd allows you to locally set the active status of users in directories without proper active status support (eg. OpenLDAP), those changes will not be stored in the backup XML. When restoring from a backup, all of those users will be subsequently reactivated. Crowd versions 3.4.6 and 3.5.1 come with the possibility to export connector users to the backup file, allowing you to preserve the active flag status after a restore. This option however will increase the size of the backup file and may require increasing Crowd’s memory limits.
For this feature to work, new backup files must be generated with the “Backup connector directories” option enabled.
Note regarding SqlServer and internationalized column types
Crowd 3.4.3 includes a fix for - CWD-5358Getting issue details... STATUS , a bug that caused new columns to be created with regular column types (varchar, char, clob, text) instead of internationalized ones (nvarchar, nchar, nclob, ntext), even when the SqlServerIntlDialect Hibernate dialect was specified. Please note that when upgrading from an affected version (3.3.0-3.4.0) Crowd will not migrate columns that were created with incorrect column types. Those columns will have to be migrated manually.
Azure Active Directory timeouts
Crowd 3.4.6 adds the ability to configure request and connection timeouts for Azure Active Directory. Default timeouts will be set on existing Azure AD directories in Crowd when upgrading to Crowd 3.4.6 and 3.5.1.
Known issues & Security considerations
Infinite-authentication-loop in Confluence and Jira
If you’re using SAML authentication with Crowd in Confluence or Jira and you encounter a restricted area in one of these applications, you’ll be redirect to Crowd to authenticate. Once you authenticate in Crowd, you’ll be redirected back to your application. Since you don’t have permissions to access that particular area, the application redirects you again to Crowd this way creating an infinite loop. The Crowd team is currently working on a solution to this issue.
Protection against brute-force attacks
If you’re using an external directory with Crowd, it will protect you against such brute-force attacks as submitting many passwords or passphrases to a log in page. However, for internal directories, there’s no limit for passwords attempts by default. To enable the maximum password attempts, in your directory click the configuration tab and set the maximum password attempts to >0. See Configuring an Internal Directory.
To upgrade Crowd from any of the earlier versions, follow these upgrade instructions.