Crowd 5.1 Upgrade Notes

Here are some important notes on upgrading to Crowd 5.1. To learn about new features, see the release notes.

 アップグレード ノート

次の重要な情報をご確認ください。

Crowd 5.1.0: Critical Security Misconfiguration Vulnerability - CVE-2022-43782

CVE-2022-43782 was addressed in Crowd 4.4.4. No additional actions are needed after the upgrade.

However, we recommend that you review Remote Addresses of the crowd application (Crowd console) and remove addresses that are no longer needed. 

Crowd 5.1.0: Removing algorithms used for password encryption and migrating to the default one

In Crowd 5.1.0, we’ve removed the following algorithms used for password encryption: 

  • DES/CBC/PKCS5Padding

  • DESede/CBC/PKCS5Padding

The following one is still supported:

  • AES/CBC/PKCS5Padding

The removed algorithms will also be automatically migrated to the supported one during upgrade.

If you don’t want to migrate and instead keep using the removed algorithms, start Crowd with the following flag:

-Dcrowd.encryption.upgrade.disabled=true

For more info on password encryption, see Password encryption.

Crowd 5.1.12: Name change from Azure Active Directory to Microsoft Entra ID

Due to Microsoft’s name change from Azure Active Directory (Azure AD) to Microsoft Entra ID, we’ve updated all the references to Azure AD. The changes include:

  • Crowd console UI messages

  • Crowd logs - atlassian-crowd.log

    If you have any integrations of log scanners that rely on the ‘Azure' keyword in a log message, consider updating these to 'Microsoft Entra ID’ to make sure they work correctly after upgrading Crowd.


  • 製品ドキュメント

  • Javadocs

  • REST docs

 サポート対象プラットフォーム

We're deprecating the built-in HSQL 1.x database. In the next version of Crowd, we'll end support for it. The HSQL database will be upgraded to HSQL 2.7.x.

アプリ開発者向けの情報

There aren't any important changes for app developers in this release.

最終更新日 2024 年 9 月 4 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.