Data Center 5.3
Versions

Crowd 5.2 Upgrade Notes

Upgrade Notes

On this page

In this section

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Here are some important notes on upgrading to Crowd 5.2. To learn about new features, see the release notes.

 Upgrade notes

Here's some important information you should know about:

Security improvements

In Crowd 5.2.1, we've added two new credential encoding mechanisms:

Argon2

Directories

Controlled directly from Crowd. It's a directory-wide feature so you can choose it for one directory, without affecting others. Can't be modified after a directory is created.

Advanced Atlassian-Security (PBKDF2-HMAC-SHA512)

Directories, Applications

Controlled by the crowd.advanced.security.password.encoder.enabled system property and disable by default. It's an instance-wide feature so it would affect all directories using Atlassian-Security and all applications.

The mechanism can be modified and is backward compatible. You can enable or disable it by specifying the system property value and restarting Crowd.

Note that it significantly affects performance, because every single hashing operation, like user creation, application login, or user login, takes more resources. Consider scaling up your instance if you want to keep Crowd performance on the same level.

New version of the embedded HSQL database

In Crowd 5.2, we've upgraded the embedded HSQL database from version 1.8.x to 2.7.x.

If you're using the embedded HSQL database, you'll need to complete an additional step (due to HSQL limitations) if you'd like to use the Crowd's automatic upgrade. For details, see Upgrading Crowd via Automatic Database Upgrade.

However, the recommended method for upgrading is using the XML data transfer. For details, see Upgrading Crowd via XML Data Transfer.

Migrating from Log4j 1.x to 2.x

In Crowd 5.2, we’ve started using Log4j 2.x. If you haven’t used any custom logging configuration, you don’t need to take any action – you’ll start using the new version after upgrading.

However, if you customized your logging configuration, you’ll need to migrate it to the new format.

For more info on how to do this, see Migrating a custom logging configuration to Log4j 2.

Upgrading Tomcat connector 

If you customized the Tomcat connector in the server.xml file to be able to use the encrypted password, you can migrate your changes to Crowd 5.2 by adjusting them like in the following example:

Before Crowd 5.2Crowd 5.2

Connector protocols:

com.atlassian.crowd.tomcat.Http11NioProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.Http11Nio2ProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.Http11AprProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.AjpNioProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.AjpNio2ProtocolWithPasswordEncryption
com.atlassian.crowd.tomcat.AjpAprProtocolWithPasswordEncryption

Connector protocols:

com.atlassian.secrets.tomcat.protocol.Http11NioProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.Http11Nio2ProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.Http11AprProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.AjpNioProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.AjpNio2ProtocolWithPasswordEncryption
com.atlassian.secrets.tomcat.protocol.AjpAprProtocolWithPasswordEncryption

Connector attribute name:

encryptionKey

Connector attribute name:

productEncryptionKey

For more information, see Encrypting Tomcat passwords.

 Supported platforms

We're deprecating CrowdID (OpenID server) and the OpenID client. They will be excluded from Crowd distributive in one of the upcoming platform or feature releases of Crowd.

App developers

There aren't any important changes for app developers in this release.

Last modified on Nov 24, 2023

Was this helpful?

Yes
No
Provide feedback about this article

In this section

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.