Crowd 5.0 Upgrade Notes
Here are some important notes on upgrading to Crowd 5.0. To learn about new features, see the release notes.
Crowd 5.0.3: Critical Security Misconfiguration Vulnerability - CVE-2022-43782
CVE-2022-43782 was addressed in Crowd 5.0.3. No additional actions are needed after the upgrade. However, it is recommended to review Remote Addresses of
crowd application (Crowd console) and remove those addresses if no longer needed.
JDBCAppender has been removed (CVE-2022-23305)
Until now, you could use the JDBCAppender to forward the log files to the database. Due to a security vulnerability related to Log4j, we’ve made the decision to no longer support it.
If you’re using JDBCAppender, you’ll need to switch to a different monitoring tool, such as DailyLogAppender.
SOAP API has been removed
Crowd 5.0 doesn’t support SOAP API. If your custom scripts or apps rely on it, you’ll need to migrate to REST API. For more info on how to migrate, see SOAP to REST migration guide.
HTML rendering for email notifications
You can now enable HTML rendering for emails coming from Crowd. For more info, see Creating an email notification template.
Announcements on the login page
You can now inform your users about important changes by displaying an announcement banner on the login page. For more info, see Look and feel.
We've added support for the following databases:
- PostgreSQL 13
- PostgreSQL 14
See Preparing for Crowd 5.0 for any important changes regarding apps.