Crowd 5.3 Release Notes

19 April, 2024

The Crowd team is proud to bring you Crowd 5.3.

Starting from 5.3, new releases of Crowd will be available only to Data Center customers. Learn what this means for you

ハイライト

さらに読む

本リリースに関する重要な情報をアップグレード ノートで確認し、解決済みの課題の完全な一覧をご確認ください。



LDAP synchronization improvements

Crowd 5.3 brings improvements to the synchronization process which will affect both full and incremental synchronization.

  • Synchronization is now much faster
    We’ve improved the speed of full and incremental synchronization. The exact results will depend on the server performance and the performance/latency of the active directory.

  • Synchronization is now using less memory
    Crowd will now avoid duplicating objects that represent a group name or username from the active directory.

  • Synchronization issue with fallback on Microsoft Active Directory is now fixed
    We’ve fixed the issue of adding a group to an active directory while full synchronization was running that would cause the next incremental synchronization to fail and fall back to a full synchronization. This would log warnings "Failed to fetch groups by objectGUID" and "Problems while looking up groups by objectGUID in ActiveDirectory detected, falling back to a full sync".

The feature is turned on by default and will be automatically enabled after updating to Crowd 5.3.

Introducing Software Bill of Materials (SBOMs) in Crowd

Continuing our commitment to providing the most secure products for our customers, we’re introducing Software Bill of Materials (SBOMs) for Crowd.

詳細情報

What is SBOM and why are we adding them?

SBOM is a detailed list or inventory of all the components in a piece of software. These components can include open-source software, proprietary code, libraries, frameworks, and other elements used in the software.

SBOM is essential for ensuring compliance with different regulations and standards; for example, the United States Executive Order on Improving the Nation's Cybersecurity, the European Union NIS 2 Directive and Cyber Resilience Act. It enhances transparency and facilitates a deeper understanding of software components, their versions, dependencies, and updates to their security vulnerabilities.

Furthermore, SBOM can help app developers and admins identify potential security risks, manage licenses, and maintain software more effectively. For example, if a vulnerability is discovered in a specific open-source component, anyone with access to SBOM can quickly check if their software is affected.

How SBOM is generated

We use Syft, an open-source tool, to automatically generate SBOM files during the product build process. Syft scans the code, identifies dependencies, and compiles a JSON file with the results. Syft supports various SBOM formats, with CycloneDX being Atlassian's current choice due to its popularity.

Where to find SBOM

To locate the SBOM, go to the json file located under the crowd-distribution/sbom/ directory.

重要事項

当社の製品スイートではプラグインやコンポーネントを基盤とする複雑なアーキテクチャが採用されているため、フロントエンドのすべての依存関係の可視化は段階的に行われています。現在の SBOM にはこれらの依存関係の一部が含まれています。

CrowdID removal

The end of support of the OpenID server and client was announced in August 2023 and they’re now completely removed from Crowd 5.3. This means that the Crowd distribution will no longer include openid-server-webapp and openid-client-webapp as these contain dependencies with vulnerabilities.

If you’re using these components, you can still use them from old Crowd distributions as a short-term solution. Longterm, we recommend to switch to another OpenID provider.

Migration to REST v2

Crowd 5.3 upgrades to Platform 6.5.5, which requires migration to REST v2. This feature meant substantial changes due to the migration of Crowd classes participating in REST API from Jackson/Jersey v1 to v2. The new implementation works in the same way as the original one.

Non-Marketplace apps upload disabled

Added on 22 April 2024

Starting from Crowd 5.3.0, manual uploads of non-Marketplace apps are disabled by default. Understand how to re-enable manual uploads

Complete list of changes and improvements

Here's a full list of issues resolved in this release:

Crowd 5.3.0 - 10 April 2024

T キー 要約
Loading...
Refresh

Crowd 5.3.1 - 17 May 2024

T キー 要約
Loading...
Refresh

Crowd 5.3.2 - 10 July 2024

T キー 要約
Loading...
Refresh

Crowd 5.3.3 - 14 Aug 2024

This release doesn't include any resolved issues from our public instance, only small fixes and improvements.

Crowd 5.3.4 - 4 September 2024

T キー 要約
Loading...
Refresh

最終更新日 2024 年 9 月 4 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.