Crowd 5.2 Upgrade Notes

Here are some important notes on upgrading to Crowd 5.2. To learn about new features, see the release notes.

 アップグレード ノート

次の重要な情報をご確認ください。

Security improvements

In Crowd 5.2.1, we've added two new credential encoding mechanisms:

Argon2

ディレクトリ

Controlled directly from Crowd. It's a directory-wide feature so you can choose it for one directory, without affecting others. Can't be modified after a directory is created.

Advanced Atlassian-Security (PBKDF2-HMAC-SHA512)

Directories, Applications

Controlled by the crowd.advanced.security.password.encoder.enabled system property and disable by default. It's an instance-wide feature so it would affect all directories using Atlassian-Security and all applications.

The mechanism can be modified and is backward compatible. You can enable or disable it by specifying the system property value and restarting Crowd.

Note that it significantly affects performance, because every single hashing operation, like user creation, application login, or user login, takes more resources. Consider scaling up your instance if you want to keep Crowd performance on the same level.

New version of the embedded HSQL database

In Crowd 5.2, we've upgraded the embedded HSQL database from version 1.8.x to 2.7.x.

If you're using the embedded HSQL database, you'll need to complete an additional step (due to HSQL limitations) if you'd like to use the Crowd's automatic upgrade. For details, see Upgrading Crowd via Automatic Database Upgrade.

However, the recommended method for upgrading is using the XML data transfer. For details, see Upgrading Crowd via XML Data Transfer.

Migrating from Log4j 1.x to 2.x

In Crowd 5.2, we’ve started using Log4j 2.x. If you haven’t used any custom logging configuration, you don’t need to take any action – you’ll start using the new version after upgrading.

However, if you customized your logging configuration, you’ll need to migrate it to the new format.

For more info on how to do this, see Migrating a custom logging configuration to Log4j 2.

Upgrading Tomcat connector 

If you customized the Tomcat connector in the server.xml file to be able to use the encrypted password, you can migrate your changes to Crowd 5.2 by adjusting them like in the following example:

Before Crowd 5.2Crowd 5.2

Connector protocols:

com.atlassian.crowd.tomcat.Http11NioProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.Http11Nio2ProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.Http11AprProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.AjpNioProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.AjpNio2ProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.AjpAprProtocolWithPasswordEncryption

Connector protocols:

com.atlassian.secrets.tomcat.protocol.Http11NioProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.Http11Nio2ProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.Http11AprProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.AjpNioProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.AjpNio2ProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.AjpAprProtocolWithPasswordEncryption

Connector attribute name:

encryptionKey

Connector attribute name:

productEncryptionKey

For more information, see Encrypting Tomcat passwords.

 サポート対象プラットフォーム

We're deprecating CrowdID (OpenID server) and the OpenID client. They will be excluded from Crowd distributive in one of the upcoming platform or feature releases of Crowd.

アプリ開発者向けの情報

There aren't any important changes for app developers in this release.

最終更新日 2023 年 11 月 24 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.