接続プール プロバイダーが変更されました

As part of our work to resolve some performance issues, we have changed the default connection pool provider from c3p0 to Hikari. An upgrade task will make the required changes. Both c3p0 and Hikari properties will remain in your crowd.cfg.xml file for now. After upgrading, Crowd will continue to use c3p0 until you restart. From that point onwards, it will use Hikari by default. 

If you previously specified a different provider in the hibernate.connection.provider_class property (in crowd.cfg.xml), we won't change your current configuration. However, if, after upgrading, you would like to switch to Hikari, you can update the following in the crowd.cfg.xml file.
 
 

<property name="hibernate.connection.provider_class">org.hibernate.hikaricp.internal.HikariCPConnectionProvider</property> <property name="hibernate.hikari.autoCommit">false</property> <property name="hibernate.hikari.idleTimeout">30000</property> <property name="hibernate.hikari.maximumPoolSize">30</property> <property name="hibernate.hikari.minimumIdle">0</property>

Depending on the database engine used:

Postgres / MySQL
 

<property name="hibernate.hikari.dataSource.tcpKeepAlive">true</property>

Oracle
 

<property name="hibernate.hikari.dataSource.oracle.net.keepAlive">true</property>

SQL Server
 

<property name="hibernate.hikari.dataSource.socketKeepAlive">true</property>

Account Lockout

User accounts are now better protected against brute-force login attacks. With Account Lockout, if someone enters the wrong password too many times in a row, the account is automatically locked — stopping unauthorized access attempts in their tracks.

Here's what you need to know:

• How it works: After a configurable number of failed login attempts, the account is locked and no further logins are allowed until the password is changed.

• What users see: A generic "invalid credentials" message is shown for both wrong passwords and locked accounts, so attackers can't tell whether an account exists or is locked, or invalid credentials were provided.

• How to unlock: Users can reset their own password using the Forgot Password link, or an administrator can reset it for them. Once the password is changed, the failed-attempt counter resets, and the account is ready to use again.

• Important: Locked accounts don't unlock on their own over time — a password change is always required.

Administrators can set the maximum number of allowed failed attempts for Internal directories in the directory settings page.

Unstable LDAP sync mitigation

Crowd can be configured to automatically sync with external LDAP directories. However, in the case of unstable connections Crowd may think users have been deleted when in reality the LDAP connection is just returning the wrong results. Crowd now supports the ability to skip the sync if too many users have been marked for deletion.

To enable this, add this system property where N is the threshold number of users that Crowd will check upon syncing. If more users are marked for deletion than this number, then the sync will fail automatically.

-Dcrowd.sync.user.deletion.threshold=N

サポート対象プラットフォームの変更

The following Database versions have now been deprecated. If you are using any of these, please upgrade to a newer version.

PostgreSQL

Postgres SQL 16 has now been deprecated. The new minimum version is now PostgreSQL 17

For more information, please see: https://www.postgresql.org/support/versioning/

Amazon Aurora for PostgreSQL

Aurora PostgreSQL 16 has now been deprecated. The new minimum version is now Aurora PostgrSQL 17

For more information, please see: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/aurorapostgresql-release-calendar.html

Microsoft SQL Server

MSSQL Server 2019 has now been deprecated. The new minimum version is now MSSQL Server 2022

For more information, please see:  https://learn.microsoft.com/en-us/lifecycle/products/?terms=sql%20server

Oracle データベース

Oracle DB 19c has now been deprecated. The new minimum supported version is now  Oracle AI Database 26ai (rebranded from Oracle 23ai)

For more information, please see: https://support.oracle.com/knowledge/Oracle%20Database%20Products/742060_1.html

Complete list of changes and improvements

Here's a full list of issues resolved in this release:

Crowd 7.2.0 - 15 May, 2026